Amazing.....the AI effect: Nearly 1 Billion Threats a Day

I have to pass on this piece from today's WSJ.  Makes me increasingly wonder when all of my financial savings held in electronic form in the cloud might vanish.....

*********

AI Effect: Amazon Sees Nearly 1 Billion Threats a Day

Amazon.com says it is seeing hundreds of millions more possible cyber threats across the web each day than it did earlier this year, a shift its security chief attributes in part to artificial intelligence.

Just as criminals have embraced AI, Amazon has turned to the technology to drastically scale up its threat-intelligence capabilities.

The company, given its presence online, can now view activity on around 25% of all IP addresses on the internet, it says, between its Amazon Web Services platform, its Project Kuiper satellite program and its other businesses, giving the company a sweeping view of hacker capabilities and techniques.

Amazon’s chief information security officer, CJ Moses, spoke with The Wall Street Journal on how the company is approaching threat intelligence in the AI era.

Prior to his current role, Moses ran security for Amazon Web Services, its cloud business, and before that investigated cybercrime at both the Federal Bureau of Investigation and the Air Force Office of Special Investigations.

Moses outlined how the company has built specialized tools using AI such as graph databases, which track threats and their relationships to each other; how that information has uncovered threats from nation-states that haven’t historically been known to have extensive cyber operations, and how its tools trick hackers into revealing their tactics.

He also discussed Amazon’s recent work with the U.S. Justice Department in taking down the platform used by cybercriminal group Anonymous Sudan to launch attacks on critical infrastructure globally.

This interview has been edited for length and clarity.

WSJ: How many attacks are you seeing these days? C.J. Moses: We’re seeing billions of attempts coming our way. On average, we’re seeing 750 million attempts per day. Previously, we’d see about 100 million hits per day, and that number has grown to 750 million over six or seven months.

WSJ: Is that a sign hackers are using AI? Moses: Without a doubt. Generative AI has provided access to those who previously didn’t have softwaredevelopment engineers to do these things. Now, it’s more ubiquitous, such that normal humans can do things they couldn’t do before because they just ask the computer to do that for them.

We’re seeing a good bit of that, as well as the use of AI to increase the realness of phishing, and things like that. They’re still not there 100%. We still can find errors in every phishing message that goes out, but they’re getting cleaner.

WSJ: Are you applying AI on the defensive side as well? Moses: When you have a large-scale environment, you need a large-scale system. We’ve created what is essentially a graph database that allows us to look at billions of interactions across the environment. That identifies, through machine learning, the things that we should be concerned about, and also the domains we’re seeing that could be problematic based upon past history as well as predictive analysis.

WSJ: What are the other ways you’re learning about hacker tactics? Moses: Probably the most interesting is MadPot. This is essentially a network of honey pots throughout our environment, which we use to glean intelligence from those that are acting on them. So, you have a bunch of semi-vulnerable systems that are presented in different ways, the threat actors act upon them, and then you can learn from their actions.

Once you become smarter, then you can look back at the data that you had from before and say: “Wait a second, we can determine that at this point in time we were seeing these interactions with these systems that now make sense to us.”

Pulling all that information together then gives us, in some cases, attribution.

WSJ: What have you learned from all this? Moses: We’ve definitely have seen an increase of activity globally from threat actors over the last year, or even less. In the last eight months, we’ve seen nationstate actors that we previously weren’t tracking come onto the scene. I’m not saying they didn’t exist, but they definitely weren’t on the radar. You have China, Russia and North Korea, those types of threat actors. But then you start to see the Pakistanis, you see other nation- states. We have more players in the game than we ever did before.

Nation-states that haven’t been active in this space now realize that they have to be, because all of all the big players are. That means that there is more activity, there are more threats, there are more things we have to look for, unfortunately.

WSJ: Amazon was recently credited with providing assistance to the Justice Department in an operation that seized hacking tools belonging to Anonymous Sudan. How are you finding cooperation with the government on threat intelligence today? Moses: It’s working out, it’s better and better, which is a great thing. There were points in time where it didn’t work in the past. Now, we have a lot more people like myself that have been in the government, and are able to speak the same language, or convey the right information so they can be more effective in their jobs.

We worked very effectively together on that particular case. It was a really good example of those of us that have been there knowing exactly what things need to be tied up in a bow, to hand off to the right people, so they could actually do something about it.

There are no more human elites of any sort...

 I want to pass on the conclusion of a great essay by Venkatesh Rao, giving the meanings of several acronyms in parentheses. You should read the entire piece.
 

"Let me cut to the conclusion: There are no more human elites of any sort. In the sense of natural rulers that is. There are certainly all sorts of privileged and entitled types who want the benefits of being elites, but no humans up to the task of actually being elite.

It is only our anthropocentric conceits that lead us to conclude that a complex system like “civilization” must necessarily have a legible “head,” and legible and governable internal processes for staffing that head. Preferably with the Right Sorts of People, People Like Us.

We’re all under the API (Application Programming Interface) in one way or another. What’s more, we have been for a while, since before the rise of modern AI (which just makes it embarrassingly obvious by paving the cowpaths of our subservience to technological modernity).

To know just how little you know about anything, be it car lightbulbs or national constitutions, whatever your degrees say, just ask ChatGPT to explain some deep knowledge areas to you. I don’t care if you’re a qualified automative technician or Elon Musk or clerking for the Supreme Court. Whether you’re failson C-average George W. Bush or a DEI (Diversity-Equity-Inclusion) activist trying to swap out some Greek classics for modern lesbian classics in the canon.

What you don’t know about the world humanity has built up over millennia utterly dwarfs what you think you know. Whatever the source of your elite pretensions, they’re just that — pretensions. Whatever claims you have to being the most natural member of the governing class, it is somewhere between weak to non-existent. Your claim is really about suitability for casting in a governance LARP (Live Action Role-Playing), not aptitude for governing as a natural member of an elite.

Humans do not like this idea. We ultimately like the idea of a designated elite, and legible, just processes for choosing, installing, and removing them that legitimize our own fantasies of worth and agency. We want to believe that yes, we too can be President, and would deserve to be, and do a good job.

The alternative hypothesis is that modern civilization, with its millennia of evolved technological complexity crammed onto the cramped surface of the planet, does not admit any simple, just, and enduring notion of elite that we can use to govern ourselves. The knowledge, aptitudes, and talents required to govern the world are distributed all over, in unpredictable, unfair, constantly shifting, and messy ways. When a lightbulb fails, there is no default answer to the question of how to replace it, and what to do when mistakes are made.

The rise of modern AI is presenting us with seemingly new forms of these questions. Those who yearn for a reliable class of elites, even if they must both revere and fear that class, are predictably trying to cast AIs themselves as the new elites. Those attached to their anthropocentric conceits are trying to figure out cunning schemes to keep some group of humans reliably in charge.

But there is nobody in charge. No elites, natural or not, deserving or undeserving. And it’s been this way for longer than we care to admit.

And this is a good thing. Stop looking for elites, and look askance at anyone claiming to be part of any elite or muttering conspiratorially about any elites. The world runs itself in more complex and powerful ways than they are capable of imagining. To buy into their self-mythologizing and delusions of grandeur is to be blind to the power and complexity of the world as it actually is.

And if you ever need to remind yourself of this, try changing a car headlamp lightbulb."

New protocols for uncertain times.

I want to point to a project launched by Venkatest Rao and others last year: “The Summer of Protocols.”  Some background for this project can be found in his essay “In Search of Hardness”.  Also,  “The Unreasonable Sufficiency of Protocols”  essay by Rao et al. is an excellent presentation of what protocols are about.  I strongly recommend that you read it if nothing else. 

Here is a description of the project: 

Over 18 weeks in Summer 2023, 33 researchers from diverse fields including architecture, law, game design, technology, media, art, and workplace safety engaged in collaborative speculation, discovery, design, invention, and creative production to explore protocols, boadly construed, from various angles.

Their findings, catalogued here in six modules, comprise a variety of textual and non-textual artifacts (including art works, game designs, and software), organized around a set of research themes: built environments, danger and safety, dense hypermedia, technical standards, web content addressability, authorship, swarms, protocol death, and (artificial) memory.

I have read through through Module One for 2003, and it is solid interesting deep dive stuff.  Module 2 is also available. Modules 3-6 are said to be 'coming soon’  (as of 4/4/24, four months into a year that has Summer of Protocols program 2024 already underway, with the deadline for proposals 4/12/24.)

Here is one clip from the “In Search of Hardness” essay:

…it’s only in the last 50 years or so, with the rise of communications technologies, especially the internet and container shipping, and the emergence of unprecedented planet-scale coordination problems like climate action, that protocols truly came into focus as first-class phenomena in our world; the sine qua non of modernity. The word itself is less than a couple of centuries old.

And it wasn’t until the invention of blockchains in 2009 that they truly came into their own as phenomena with their own unique technological and social characteristics, distinct from other things like machines, institutions, processes, or even algorithms.

Protocols are engineered hardness, and in that, they’re similar to other hard, enduring things, ranging from diamonds and monuments to high-inertia institutions and constitutions.

But modern protocols are more than that. They’re not just engineered hardness, they are programmable, intangible hardness. They are dynamic and evolvable. And we hope they are systematically ossifiable for durability. They are the built environment of digital modernity.”

Origins of our current crises in the 1990s, the great malformation, and the illusion of race.

I'm passing on three clips I found most striking from David Brooks, recent NYTimes Sydney awards column:

I generally don’t agree with the arguments of those on the populist right, but I have to admit there’s a lot of intellectual energy there these days. (The Sidneys go to essays that challenge readers, as well as to those that affirm.) With that, the first Sidney goes to Christopher Caldwell for his essay “The Fateful Nineties” in First Things. Most people see the 1990s as a golden moment for America — we’d won the Cold War, we enjoyed solid economic growth, the federal government sometimes ran surpluses, crime rates fell, tech took off.

Caldwell, on the other hand, describes the decade as one in which sensible people fell for a series of self-destructive illusions: Globalization means nation-states don’t matter. Cyberspace means the material world is less important. Capitalism can run on its own without a countervailing system of moral values. Elite technocrats can manage the world better than regular people. The world will be a better place if we cancel people for their linguistic infractions.

As Caldwell sums it up: “America’s discovery of world dominance might turn out in the 21st century to be what Spain’s discovery of gold had been in the 16th — a source of destabilization and decline disguised as a windfall.”

***************** 

In “The Great Malformation,” Talbot Brewer observes that parenthood comes with “an ironclad obligation to raise one’s children as best one can.” But these days parents have surrendered child rearing to the corporations that dominate the attention industry, TikTok, Facebook, Instagram and so on: “The work of cultural transmission is increasingly being conducted in such a way as to maximize the earnings of those who oversee it.”

He continues: “We would be astonished to discover a human community that did not attempt to pass along to its children a form of life that had won the affirmation of its elders. We would be utterly flabbergasted to discover a community that went to great lengths to pass along a form of life that its elders regarded as seriously deficient or mistaken. Yet we have slipped unawares into precisely this bizarre arrangement.” In most societies, the economy takes place in a historically rooted cultural setting. But in our world, he argues, the corporations own and determine the culture, shaping our preferences and forming, or not forming, our conception of the good.

*****************

It’s rare that an essay jolts my convictions on some major topic. But that happened with one by Subrena E. Smith and David Livingstone Smith, called “The Trouble With Race and Its Many Shades of Deceit,” in New Lines Magazine. The Smiths are, as they put it, a so-called mixed-race couple — she has brown skin, his is beige. They support the aims of diversity, equity and inclusion programs but argue that there is a fatal contradiction in many antiracism programs: “Although the purpose of anti-racist training is to vanquish racism, most of these initiatives are simultaneously committed to upholding and celebrating race.” They continue: “In the real world, can we have race without racism coming along for the ride? Trying to extinguish racism while shoring up race is like trying to put out a fire by pouring gasoline on it.”

I’ve heard this argument — that we should seek to get rid of the whole concept of race — before and dismissed it. I did so because too many people I know have formed their identity around racial solidarity — it’s a source of meaning and strength in their lives. The Smiths argue that this is a mistake because race is a myth: “The scientific study of human variation shows that race is not meaningfully understood as a biological grouping, and there are no such things as racial essences. There is now near consensus among scholars that race is an ideological construction rather than a biological fact. Race was fashioned for nothing that was good. History has shown us how groups of people ‘racialize’ other groups of people to justify their exploitation, oppression and annihilation.”

The promise and pitfalls of the metaverse for science

A curious open-sourse bit of hand waving and gibble-gabble about the metaverse. I pass on the first two paragraphs and links to its references.

Some technology companies and media have anointed the metaverse as the future of the internet. Advances in virtual reality devices and high-speed connections, combined with the acceptance of remote work during the COVID-19 pandemic, have brought considerable attention to the metaverse as more than a mere curiosity for gaming. Despite substantial investments and ambitiously optimistic pronouncements, the future of the metaverse remains uncertain: its definitions and boundaries alternate among dystopian visions, a mixture of technologies (for example, Web3 and blockchain) and entertainment playgrounds.

As a better-defined and more-coherent realization of the metaverse continues to evolve, scientists have already started bringing their laboratories to 3D virtual spaces, running experiments with virtual reality and augmenting knowledge by using immersive representations. We consider how scientists can flexibly and responsibly leverage the metaverse, prepare for its uncertain future and avoid some of its pitfalls.