It's Not the First Time Our Country or World Has Unraveled
But This Time, the
Unraveling Is Happening At Light Speed
From time to time, I suffer from what is best called "clinical depression." Depression is as much a disease, as is cancer or covid. The causes of depression can originate from an organic pathology. Or, as is in my case, the origins of one's depression can also be situational. As such, I try very hard to avoid depressing situations. Today, few things are as depressing as what's in the news.
The purpose of this blog has always been news aggregation, but with a specific focus. To aggregate the news, however, one must first collect some news. For me, in the final months of 2023, news aggregation had become literally sickening. So, like a drunk coming off a bad bender, for my own health, I had to curtail my news consumption — and, thus, any commentary thereof.
The news developed a certain toxicity in the wake of the events of October 7, 2023. Regardless of any other exigencies surrounding the Israeli/Palestinian conflict, the sheer madness and degree of brutality of the attacks were simply unthinkable in our modern world. That said, Israel's response, too, seemed from another age. No matter the brutality inflicted, Gaza is not Nazi Germany; Gaza City is not Dresden. Now, lost in this cycle of violence, is any concern for the fate of those taken hostage by Hamas, or by whomever. It seems more than likely those hostages' lives are now lost and no longer bargaining chips in any negotiations that can lead to a ceasefire by Israel. Now, it seems like death and destruction is happening simply for its own sake. Or, this war continues simply to ensure the political survival of Benjamin Netanyahu.
Except for a commentary on the war in Europe, wherein I tried to remind readers that history shows that European wars tend to quickly devolve into bloody and seemingly endless conflicts, I did not focus in this blog too much on world events unrelated to cyberattacks. Nonetheless, in the face of such inhumanity, so many other parochial issues that have been the subjects of this blog came to seem trivial, indeed. Simply put, I became speechless. Nevertheless, Time, as they say, still marches on.
The primary focus of this blog has always been computer technology and cyber security. Here, too, the news surrounding these two topics also became, at least to me, plain sickening by year's end. In fact, the two main stories in IT through out 2023, Artificial Technology and Cyber Security, had morphed into one story. Like has happened over the years in IT in general, the explosive growth in AI that ramped up in the last half of 2023, has lead malicious actors to turn these tools of human genius, imagination, and creativity into weapons of war — the cyber war, that is.
A long standing debate within IT has been "open-source" software applications versus "closed-source" software. For those readers who are not familiar with the two terms, we will let Bing define the debate.
Open-source software (OSS) is computer software that is released under a license in which the copyright holder grants users the rights to use, study, change, and distribute the software and its source code to anyone and for any purpose. It is developed in a decentralized and collaborative way, relying on peer review and community production⁴. This contrasts with proprietary or closed source software applications, which are sold to end users by the creator or copyright holder, and cannot be edited, enhanced or redistributed except as specified by the copyright holder.
The security implications of open-source software seem self-evident to me, and always has. In 2020, SC Magazine reported that "Twenty-six open-source projects hosted on GitHub repositories were found to be infected with malware and capable of serving up weaponized code to potential developers in a potential supply chain attack." Ars Techica reported in 2021 on such a cyber attack of an open-source repository.
Open source packages downloaded an estimated 30,000 times from the PyPI open source repository contained malicious code that surreptitiously stole credit card data and login credentials and injected malicious code on infected machines.
The threats to open-source repositories continue. January 11, 2024, Recorded Future, reported on "the frequent abuse" of open-software stored at GitHub.
... the frequent abuse of GitHub's services by cybercriminals and advanced persistent threats (APTs) for various malicious infrastructure schemes. These include payload delivery, dead drop resolving (DDR), full command-and-control (C2), and exfiltration. GitHub's popularity among threat actors lies in its ability to allow them to blend in with legitimate network traffic, making detection and attribution challenging for defenders.
Always after the fact and the horses having left the barn, on January 12, 2024, The Hacker News reported that another open-source repository had become a locus for cyberattacks, although possibly mitigated by patching the exploited vulnerabilities. "GitLab has released security updates to address two critical vulnerabilities, including one that could be exploited to take over accounts without requiring any user interaction." Cold comfort, I am sure, to some fledging software developer who may now be forced to recode his or her newest wiz bang application.
So it only follows that if anybody can take code from a repository and alter that code for malicious purposes, then malicious actors will do so. This schism in application development has now overtaken discussions in the Artificial Intelligence field. In an article by David Evan Harris titled, "Open-Source AI Is Uniquely Dangerous But the regulations that could rein it in would benefit all of AI," and was published January 12, 2024 in IEEE Spectrum, the author distinguishes between secured AI applications like ChatGPT and Google's Bard, and unsecured AI applications, most notably Meta’s (Facebook) Llama 2. Evans notes that although Meta published its 27-page “Responsible Use Guide,” a clone of Llama 2, dubbed, Llama 2 Uncensored, was released.
Evans succinctly summarized the inherent risks associated with unsecure AI in a single sentence. "The threat posed by unsecured AI systems lies in the ease of misuse." And the author clearly details the specific risks of unsecured AI.
They are particularly dangerous in the hands of sophisticated threat actors, who could easily download the original versions of these AI systems and disable their safety features, then make their own custom versions and abuse them for a wide variety of tasks.
Evans then offers two specific examples of how unsecured AI might endanger us all. "Unsecured AI also has the potential to facilitate production of dangerous materials, such as biological and chemical weapons."
These reports of the dark side of AI emerged as the new technology took off throughout 2023. An article by Axios, published June 16, 2023, titled "Another AI threat: The next pandemic," was cited by Evans in his recent piece. In less than 12 months, AI went from that new technology that will revolutionize every human endeavor from medicine to manufacturing to vacation planning quickly became just one more Horseman of our oncoming technological Apocalypse.
I had seen this movie up close and personal for far too many years as computer and networking technology went from making it easy to share data to the medium through which the critical infrastructure technology we all depend on for our daily lives is morphed into a weapon of mass destruction that threatens entire populations. December 23, 2023, writing in Government Technology, author Dan Lohrmann, in his piece titled, "2023’s Dark Horse Cyber Story: Critical Infrastructure Attacks," details the many cyberattacks on critical infrastructure sites worldwide that had occurred in 2023.
It all became more than with which I could cope. For over 20 years, I have been telling anyone who would listen that malware and hacking, if not checked in any meaningful way, would cause our computer technology that we all rely for so many everyday activities would eventually implode on itself. But so few cared. Too many consumers and water systems operators alike think patching is more trouble than it is worth. By the end of 2023, the relentless attacks on all IT systems became overwhelming, not only for the industry itself, but for me personally. Furthermore, there wasn't really anything relevant that I could add.
Finally, there is what I call, "The Trump Show." I cannot recall a time in our nation when an entire political party became the platform for one single person to proclaim that his objective is to be an American Dictator. The debates between parties in this country generally centered around the policies of candidates. The parties were the platforms for these candidates to espouse candidates' policies and also to persuade voters to support those policies. It is anathema to the very idea of republican government that a campaign is based solely on the desire of man to seek revenge on his opponents. As America's second president, John Adams, famously wrote in 1776: "the very definition of a Republic, is an Empire of Laws, and not of men." It is only logical to say, that given that famous quote of Adams, whenever a government becomes the instrument of one person, then that government ceases to be a republic. And the news reports thereof simply sickened me.
Comedienne Lily Tomlin is quoted as saying, "No matter how cynical you get, it is impossible to keep up." That describes perfectly what was my state of mind in the final weeks of 2023. As last year came to a close, everywhere I looked, all that could be seen was death and destruction. I had to ask myself, "What could I possibly add to these discussions that would in any way seem relevant?" My answer was nothing. Yet, the web stats showed that people the world over still visited the site, albeit in diminishing numbers. I decided I owed those readers an explanation for my absence from the public discourse. Also, I needed to prove to myself that, even though my brain is sometimes clouded over with depression, I could still develop a theme, and then aggregate relevant news that would illustrate the theme.
It's not so easy to this as before; and is harder work for me. For which, despite my efforts, I do not get paid. Nevertheless, as the late Senator Edward Kennedy said in a far different context: "For all those whose cares have been our concern, the work goes on, the cause endures, the hope still lives, and the dream shall never die."
And what is that dream? Technology that is safe to use, and performs as advertised. And a nation that is safe to live in, and performs as it should for the benefit of the greatest number of its citizens. I don't think neither those two things are impossible. But, on the other hand, it does seem like our collective clock is ticking down.
Gerald Reiff
| Back to Top | ← previous post | next post → |
| If you find this article of value, please help keep the blog going by making a contribution at GoFundMe or Paypal | ||