Russia is Poisoning the Internet

AI Spotlight
Russia is poisoning the internet

We know Russia has an affinity for poisoning political dissidents. But they don’t stop there. Now, Russia is deliberately poisoning the Internet. A recent report from NewsGuard found that Russian propaganda is making its way into your chatbot’s output.

But how?

Bad data in, bad data out. Your AI chatbot relies on the data it was trained on. And now with search capabilities, the data it scoops up as it crawls the Internet (much like how Google works). Russia knows this.

With 3.6 million propaganda articles created in 2024, NewsGuard found that for specific prompts, Russian false narratives appeared in Western AI chatbots 33%.

This wasn’t an accident. The non-profit American Sunlight Project (ASP), which focuses on fighting disinformation, stated that Russia built a disinformation network, known as Pravda, which was “custom-built to flood large language models (LLMs) with pro-Russia content.”

Pravda isn’t your average misinformation bot. It’s a beast. Just look at the numbers NewsGuard compiled:

As AI Chatbots like ChatGPT or even Google’s Gemini search results scour the Internet for up-to-date information, they consume articles in their path. Just like random Google searches can take you down rabbit holes, LLMs summarize what they find.

ASP calls the intentional act of gaming the LLMs “LLM Grooming.” Because one must look respectable if they are plotting democracy’s downfall.

New Guard tested ten of the leading chatbots. This included the heavy hitters like ChatGPT, Gemini, Anthropic, and Perplexity. Their research tested questions on 15 false narratives with different prompt styles. They found:

• 10/10 chatbots repeated disinformation from the Pravda network

• 7/10 chatbots cited articles from the Pravda network

Of course, if someone is intentionally looking for conspiracy theories, they will find them online. These findings show how much easier it is for people to fall prey to intentional disinformation on a scale not seen before because the misguided lunatic in the small corner of the Internet doesn’t have a significant presence.

The Internet as we know it is dead. Recent Google and OpenAI reports show nation-states use AI to create fake news articles for disinformation campaigns. With AI-powered automation, 3.6 million fake articles in 2024 can quickly become 36 million fake articles in 2025. The more articles there are, the more likely an LLM will pick them up and the more likely that information will be returned to a user.

Whelp, the Internet had a great run. At least the cat memes will survive…wait…come back cat memes 😢 

Security Deep Dive
Attackers want yo numba

It’s 2025. We have robots that can slam dunk, yet we still use SMS for MFA. Even though we know that SMS for MFA is the least secure option, many people find it difficult to understand why.

A typical conversation goes like this.

Me: You really shouldn’t use SMS for MFA.
Other Person: Why?
Me: Someone can steal your phone number. It’s called a SIM Swap attack.
Other Person: But it’s my phone number.

It’s about this time that most people stop listening and instead start wishing I would stfu because it sounds so unrealistic.

And yes, SMS MFA is better than no MFA. But guess what? Bypassing SMS is a very real threat. And this is why.

Before we get to how, wtf is a SIM? A SIM, or Subscriber Identity Module, stores information necessary to connect to a mobile provider’s cellular network. It can be a physical chip that plugs into your phone or a digital version known as an eSIM. It stores things like:

• International Mobile Subscriber Identity (IMSI), which is a unique identifier for you as a user.

• Integrated Circuit Card Identifier (ICCID), which is a unique identifier for the SIM card.

• Your phone number

Your mobile carrier uses this to ensure you can access their network and track your activity. Normal users sometimes want to change their phones. Instead of physically removing the SIM card and swapping it in for another one, you can make those changes with your mobile carrier. You go through your mobile provider’s app and assign a new device with a new SIM to your account.

Attackers can do the same. They impersonate you and switch your phone number to a device they control.

It’s easy for you to swap SIMs and it’s easy for attackers. Attackers have been known to offer money to mobile provider employees to swap SIMs on the down low.

For the more committed attacker who is more ethical too cheap to pay up, a recent Group-IB blog post shows how they steal yo numba. It comes down to:

1. Phishing websites

2. Social engineering

3. A lil’ bit of both

Attackers only need your mobile app credentials. Yes, you can set up a PIN to prevent this (and you absolutely should), but that’s what social engineering and phishing websites are for. They trick you into taking action on their behalf.

Even if they don’t do a SIM swap, they can still phish you for the SMS code. I have a YouTube video on how attackers do that.

You may still not care enough to get rid of SMS MFA and I don’t blame you. But do me a favor, enable enhanced protection with your mobile provider to help prevent SIM swaps. It would make me very happy. Here are links to majer carriers on how:

Verizon
T-Mobile
AT&T

Security & AI News
What Else is Happening?

🎸 Sony is going to war with deepfakes. They have taken down over 75,000 songs that mimicked its artists. Why does Sony care? Well, Spotify said it paid over $10 billion in royalties in 2024 and they want their money. This raises an interesting question about the future of entertainment and how many songs, movies, etc. will be AI-created. Are we going to see a premium paid for human-generated content?

🗄️ North Korea has been adding malicious Android spyware apps to the Google Play store since 2022. The apps pretend to be helpful utility apps like file managers, but instead steal your text messages, calls, locations, files, and screenshots.

💈 The alleged co-founder of the Garantex cryptocurrency exchange was arrested in India for bad hair dye his role in facilitating the laundering of tens of billions of dollars collected via cyber criminals.

💰️ Scam victims reported $12.5 billion in losses to the FTC in 2024, an increase of $2.5 billion from 2023. Social media played a big part in this, with 70% of victims reporting they were first contacted on social media.