The only obvious countermove to this problem is to try putting investigators off the trail by going after targets that aren’t really of interest. But that causes its own issues—raising the volume of activity vastly increases the chances of getting caught—which raises a Catch-22 dilemma for the hackers.
The fingerprints left by the attackers were enough to eventually convince Israeli and American investigators that the Chinese group, not Iran, was responsible. The same hacking group has prior form, having used similar deceptive tactics before. In fact, it may even have hacked the Iranian government itself in 2019, adding an extra layer to the deception.
It is the first example of a large-scale Chinese hack against Israel, and comes in the wake of a set of multi-billion dollar Chinese investments into the Israeli tech industry. They were made as part of Beijing’s Belt and Road Initiative, an economic strategy meant to rapidly expand Chinese influence and reach clear across Eurasia to the Atlantic Ocean. The United States warned against the investments on the grounds that they would be a security threat. The Chinese Embassy in Washington D.C. did not immediately respond to a request for comment.
Misdirection and misattribution
UNC215’s attack on Israel was not particularly sophisticated or successful, but it shows how important attribution—and misattribution—can be in cyberespionage campaigns. Not only does it provide a potential scapegoat for the attack, but it also provides diplomatic cover for the attackers: When confronted with evidence of espionage, Chinese officials regularly attempt to undermine such accusations by arguing that it is difficult or even sometimes impossible to trace hackers.
And the attempt to misdirect investigators raises an even bigger question: How often do false flag attempts fool investigators and victims? Not that often, says Hultquist.
“It’s still fairly rare to see this,” he says. “The thing about these deception efforts is if you look at the incident through a narrow aperture, it can be very effective.”
“It’s very hard to keep the deception going over multiple operations.”
John Hultquist, FireEye
An individual attack may be successfully misattributed, but over the course of many attacks it becomes harder and harder to maintain the charade. That’s the case for the Chinese hackers targeting Israel throughout 2019 and 2020.
“But once you start tying it to other incidents, the deception loses its effectiveness,” Hultquist explains. “It’s very hard to keep the deception going over multiple operations.”
The best known attempt at misattribution in cyberspace was a Russian cyberattack against the 2018 Winter Olympics opening ceremony in South Korea. Dubbed Olympic Destroyer, the Russians attempted to leave clues pointing to North Korean and Chinese hackers—with contradictory evidence seemingly designed to prevent investigators from ever being able to come to any clear conclusion.
“Olympic Destroyer is an amazing example of false flags and attribution nightmare,” Costin Raiu, director of the Global Research and Analysis Team at Kaspersky Lab, tweeted at the time.
Eventually researchers and governments did definitively pin the blame for that incident on the Russian government, and last year the United States indicted six Russian intelligence officers for the attack.
Those North Korean hackers who were initially suspected in the Olympic Destroyer hack have themselves dropped false flags during their own operations. But they were also ultimately caught and identified by both private sector researchers and the United States government who indicted three North Korean hackers earlier this year.
“There’s always been a misperception that attribution is more impossible than it is,” says Hultiquist. “We always thought false flags would enter the conversation and ruin our entire argument that attribution is possible. But we’re not there yet. These are still detectable attempts to disrupt attribution. We are still catching this. They haven’t crossed the line yet.”
The first step to finding out is to catalogue what microbes we might have lost. To get as close to ancient microbiomes as possible, microbiologists have begun studying multiple Indigenous groups. Two have received the most attention: the Yanomami of the Amazon rainforest and the Hadza, in northern Tanzania.
Researchers have made some startling discoveries already. A study by Sonnenburg and his colleagues, published in July, found that the gut microbiomes of the Hadza appear to include bugs that aren’t seen elsewhere—around 20% of the microbe genomes identified had not been recorded in a global catalogue of over 200,000 such genomes. The researchers found 8.4 million protein families in the guts of the 167 Hadza people they studied. Over half of them had not previously been identified in the human gut.
Plenty of other studies published in the last decade or so have helped build a picture of how the diets and lifestyles of hunter-gatherer societies influence the microbiome, and scientists have speculated on what this means for those living in more industrialized societies. But these revelations have come at a price.
A changing way of life
The Hadza people hunt wild animals and forage for fruit and honey. “We still live the ancient way of life, with arrows and old knives,” says Mangola, who works with the Olanakwe Community Fund to support education and economic projects for the Hadza. Hunters seek out food in the bush, which might include baboons, vervet monkeys, guinea fowl, kudu, porcupines, or dik-dik. Gatherers collect fruits, vegetables, and honey.
Mangola, who has met with multiple scientists over the years and participated in many research projects, has witnessed firsthand the impact of such research on his community. Much of it has been positive. But not all researchers act thoughtfully and ethically, he says, and some have exploited or harmed the community.
One enduring problem, says Mangola, is that scientists have tended to come and study the Hadza without properly explaining their research or their results. They arrive from Europe or the US, accompanied by guides, and collect feces, blood, hair, and other biological samples. Often, the people giving up these samples don’t know what they will be used for, says Mangola. Scientists get their results and publish them without returning to share them. “You tell the world [what you’ve discovered]—why can’t you come back to Tanzania to tell the Hadza?” asks Mangola. “It would bring meaning and excitement to the community,” he says.
Some scientists have talked about the Hadza as if they were living fossils, says Alyssa Crittenden, a nutritional anthropologist and biologist at the University of Nevada in Las Vegas, who has been studying and working with the Hadza for the last two decades.
The Hadza have been described as being “locked in time,” she adds, but characterizations like that don’t reflect reality. She has made many trips to Tanzania and seen for herself how life has changed. Tourists flock to the region. Roads have been built. Charities have helped the Hadza secure land rights. Mangola went abroad for his education: he has a law degree and a master’s from the Indigenous Peoples Law and Policy program at the University of Arizona.
Over the last couple of decades, scientists have come to realize just how important the microbes that crawl all over us are to our health. But some believe our microbiomes are in crisis—casualties of an increasingly sanitized way of life. Disturbances in the collections of microbes we host have been associated with a whole host of diseases, ranging from arthritis to Alzheimer’s.
Some might not be completely gone, though. Scientists believe many might still be hiding inside the intestines of people who don’t live in the polluted, processed environment that most of the rest of us share. They’ve been studying the feces of people like the Yanomami, an Indigenous group in the Amazon, who appear to still have some of the microbes that other people have lost.
But there is a major catch: we don’t know whether those in hunter-gatherer societies really do have “healthier” microbiomes—and if they do, whether the benefits could be shared with others. At the same time, members of the communities being studied are concerned about the risk of what’s called biopiracy—taking natural resources from poorer countries for the benefit of wealthier ones. Read the full story.
—Jessica Hamzelou
Eric Schmidt has a 6-point plan for fighting election misinformation
—by Eric Schmidt, formerly the CEO of Google, and current cofounder of philanthropic initiative Schmidt Futures
The coming year will be one of seismic political shifts. Over 4 billion people will head to the polls in countries including the United States, Taiwan, India, and Indonesia, making 2024 the biggest election year in history.
Generative AI’s ability to harness customer data in a highly sophisticated manner means enterprises are accelerating plans to invest in and leverage the technology’s capabilities. In a study titled “The Future of Enterprise Data & AI,” Corinium Intelligence and WNS Triange surveyed 100 global C-suite leaders and decision-makers specializing in AI, analytics, and data. Seventy-six percent of the respondents said that their organizations are already using or planning to use generative AI.
According to McKinsey, while generative AI will affect most business functions, “four of them will likely account for 75% of the total annual value it can deliver.” Among these are marketing and sales and customer operations. Yet, despite the technology’s benefits, many leaders are unsure about the right approach to take and mindful of the risks associated with large investments.
Mapping out a generative AI pathway
One of the first challenges organizations need to overcome is senior leadership alignment. “You need the necessary strategy; you need the ability to have the necessary buy-in of people,” says Ayer. “You need to make sure that you’ve got the right use case and business case for each one of them.” In other words, a clearly defined roadmap and precise business objectives are as crucial as understanding whether a process is amenable to the use of generative AI.
The implementation of a generative AI strategy can take time. According to Ayer, business leaders should maintain a realistic perspective on the duration required for formulating a strategy, conduct necessary training across various teams and functions, and identify the areas of value addition. And for any generative AI deployment to work seamlessly, the right data ecosystems must be in place.
Ayer cites WNS Triange’s collaboration with an insurer to create a claims process by leveraging generative AI. Thanks to the new technology, the insurer can immediately assess the severity of a vehicle’s damage from an accident and make a claims recommendation based on the unstructured data provided by the client. “Because this can be immediately assessed by a surveyor and they can reach a recommendation quickly, this instantly improves the insurer’s ability to satisfy their policyholders and reduce the claims processing time,” Ayer explains.
All that, however, would not be possible without data on past claims history, repair costs, transaction data, and other necessary data sets to extract clear value from generative AI analysis. “Be very clear about data sufficiency. Don’t jump into a program where eventually you realize you don’t have the necessary data,” Ayer says.
The benefits of third-party experience
Enterprises are increasingly aware that they must embrace generative AI, but knowing where to begin is another thing. “You start off wanting to make sure you don’t repeat mistakes other people have made,” says Ayer. An external provider can help organizations avoid those mistakes and leverage best practices and frameworks for testing and defining explainability and benchmarks for return on investment (ROI).
Using pre-built solutions by external partners can expedite time to market and increase a generative AI program’s value. These solutions can harness pre-built industry-specific generative AI platforms to accelerate deployment. “Generative AI programs can be extremely complicated,” Ayer points out. “There are a lot of infrastructure requirements, touch points with customers, and internal regulations. Organizations will also have to consider using pre-built solutions to accelerate speed to value. Third-party service providers bring the expertise of having an integrated approach to all these elements.”
