Best Infosec-Related Long Reads for the Week of 12/9/23
Viral Indian influence operation pushes Modi's agenda, Organized pig-butchering scams, Smart TVs track everything you watch, Meta's new privacy-violating smart glasses, Trump's troll army
Metacurity is pleased to offer our free and paid subscribers this weekly digest of the best long-form infosec-related pieces we couldn’t properly fit into our daily crush of news. So tell us what you think, and feel free to share your favorite long reads via email at info@metacurity.com. We’ll gladly credit you with a hat tip. Happy reading!
Covert Indian operation seeks to discredit Modi’s critics in the U.S.
The Washington Post’s Gerry Shih, Clara Ence Morse, and Pranshu Verma uncover a viral, covert Indian influence operation called Disinfo Lab, run by Indian intelligence officer Lt. Col. Dibya Satpathy, to research and discredit foreign critics of Indian Prime Minister Narendra Modi, producing material that is propagated by right-wing Indians and Hindu nationalists for both domestic and international audiences.
The organization’s material is among the most widely circulated by right-wing Indians and Hindu nationalists. Its reports gain global reach, partly because they are spread on social media by high-profile figures with large followings on X, previously known as Twitter, including current and former officials in Modi’s Bharatiya Janata Party, former intelligence and military brass, and a cabinet minister, according to a Washington Post analysis of nearly 100,000 reposts of Disinfo Lab content on X. While it is unclear how many of them, if any, are aware of the Disinfo Lab’s intelligence ties, these top retweeters give the Disinfo Lab a stamp of authority and, some of its targets say, boost its ability to intimidate individuals overseas.
The Disinfo Lab’s activities show how the online propaganda campaigns waged by the [nationalist group] BJP and its allies have been expanding beyond their traditional, domestic aims of shoring up popular support and denigrating opposition parties — and now seek to influence attitudes far beyond India’s borders. Moreover, the organization’s ties to an Indian intelligence officer could blur the line traditionally observed by the country’s security apparatus between operations that serve the strategic interests of India and those that advance the political objectives of the ruling party, analysts said
To catch a catfish
In the New Statesman, Stuart McGurk walks through the heartbreaking stories of pig butchering scams conducted by organized crime groups and their often willingly deluded victims, as uncovered by UK scam specialist Detective Constable Rebecca Mason. (Free registration is required to read up to three articles.)
Mason always worries that romance fraudsters will wipe their phones; it is the obvious thing to do. But often they can’t, “… because they’re going to forget what they said [to victims], because it’s not true. And they’ll be speaking to ten people a day.” A Blackberry seized in the raid contained WhatsApp conversations between Diji, always posing as a young gay man, and more than 70 victims. Like Baldwin, they were all older men – a generation who had grown up stigmatised by their sexuality and were less likely to speak out. Some were married. Unlike Baldwin, they had all been contacted in lockdown, a historic moment that had delivered both the perfect excuse not to meet and an endless supply of lonely souls. Now Mason would have to break the news to them all.
Some said they already knew in their hearts. Some had already broken off contact. Many had reported their suspicions to local police, only to be told there was little they could do. They had given their money willingly, after all. A few continued to send money. When Mason took Diji’s phone to Alan Baldwin to show him the messages he had been sent, he thanked her politely, and resumed his correspondence with Fred Williams via email. Diji was then in custody; the person who responded was most likely Solomon Diji, his brother.
Your Smart TV Knows What You’re Watching
The Markup’s Mohamed Al Elew and Gabriel Hongsdusit walk through how the most popular smart TVs use a kind of ad surveillance technology called automatic content recognition (ACR) that amasses a vast amount of information on what viewers watch to serve them highly targeted ads and offer a guide on how to turn the technology off on three of the most popular smart TV software platforms.
First, a quick primer on the tech: ACR identifies what’s displayed on your television, including content served through a cable TV box, streaming service, or game console, by continuously grabbing screenshots and comparing them to a massive database of media and advertisements. Think of it as a Shazam-like service constantly running in the background while your TV is on.
These TVs can capture and identify 7,200 images per hour, or approximately two every second. The data is then used for content recommendations and ad targeting, which is a huge business; advertisers spent an estimated $18.6 billion on smart TV ads in 2022, according to market research firm eMarketer.
For anyone who’d rather not have ACR looking over their shoulder while they watch, we’ve put together a guide to turning it off on three of the most popular smart TV software platforms in use last year. Depending on the platform, turning off ACR took us between 10 and 37 clicks.
How Meta’s New Face Camera Heralds a New Age of Surveillance
The New York Times’ consumer tech reporter Brian X. Chen tested Meta’s just-released $300 Ray-Ban Meta glasses that feature a camera for shooting photos and videos and an array of speakers and microphones for listening to music and talking on the phone, finding them good at capturing slice-of-life moments but also distracting and, more concerningly, a potential privacy violation.
To inform people that they are being photographed, the Ray-Ban Meta glasses include a tiny LED light embedded in the right frame to indicate when the device is recording. When a photo is snapped, it flashes momentarily. When a video is recording, it is continuously illuminated.
As I shot 200 photos and videos with the glasses in public, including on BART trains, on hiking trails and in parks, no one looked at the LED light or confronted me about it. And why would they? It would be rude to comment on a stranger’s glasses, let alone stare at them.
The issue of widespread surveillance isn’t particularly new. The ubiquity of smartphones, doorbell cameras and dashcams makes it likely that you are being recorded anywhere you go. But Chris Gilliard, an independent privacy scholar who has studied the effects of surveillance technologies, said that cameras hidden inside smart glasses would most likely enable bad actors — like the people shooting sneaky photos of others at the gym — to do more harm.
“What these things do is they don’t make possible something that was impossible,” he said. “They make easy something that was less easy.”
Albert Aydin, a Meta spokesman, said the company took privacy seriously and designed safety measures, including a tamper-detection technology, to prevent users from covering up the LED light with tape.
In other mundane situations, the Ray-Ban Meta glasses affected me in strange ways. While I was about to cross a driveway in my neighborhood, I saw a car begin to reverse into it. My immediate reaction was to press the record button in case I needed to capture the driver acting irresponsibly. But he yielded appropriately and I crossed, feeling sheepish.
Inside the Troll Army Waging Trump’s Online Campaign
The New York Times's Ken Bensinger explains how a small circle of video meme-makers, led by little-known podcaster and life coach, have effectively served as a shadow online ad agency for Donald Trump’s presidential campaign “flooding social media with content that lionizes the former president, promotes his White House bid and brutally denigrates his opponents,” that “operates anonymously, adopting the cartoonish aesthetic and unrelenting cruelty of internet trolls.”
Their most vulgar invectives are often aimed at women, particularly those seen as enemies of Mr. Trump. In one video, the former United Nations ambassador Nikki Haley’s face is pasted on the body of a nearly naked woman, who kicks a man with the face of Gov. Ron DeSantis of Florida in the groin. Another depicts Casey DeSantis, the governor’s wife, as a porn star. Women with ties to Mr. DeSantis are often shown with red knees, suggesting they have performed a sex act.
The former president and his inner circle have celebrated the group’s work and helped it reach millions. Dan Scavino, Mr. Trump’s social media adviser; Steven Cheung, the campaign’s spokesman; and Donald Trump Jr. frequently share the memes on their social media accounts.
Since March, Mr. Trump has posted videos made by the team to his Truth Social and Instagram accounts — which have more than 30 million followers combined — at least two dozen times. He tends to share the group’s less crude content, favoring memes that feature him in a positive light.
But Mr. Trump and his campaign have also taken a more active role in the group’s activities, a New York Times review found. Over the past year, he and his campaign have privately communicated with members of the meme team, giving them access and making specific requests for content. In at least one instance, the campaign shared behind-the-scenes footage to be used in videos, according to members of the team.