Cyber Analysis Group - CyberAGroup - OSINT Darkweb Investigations  - Insider Threat - Crypto - Online threat & exposure - SOCMINT - Canadian

cyberagroup

While perhaps not as dangerous as intentional disinformation, there is an increasing trend in the repetition of misinformation, especially regarding information coming from the Dark web. This problem is being exacerbated by lazy analysis performed by AI, which does very little to verify the accuracy of its sources, suffers from hallucinations, and, in most instances, doesn't provide its sources.

The reporting on the recent breach of Chinese tech company Knownsec, which engages in hostile cyber activity for the PRC state, highlights this growing issue. In almost every case where the leak was reported, the details were replaced by those of a similar but different leak that occurred over a year earlier from the Chinese company i-Soon (Anxun Xinxi). This misinformation was repeated so often that almost no references to the actual Knownsec leak are accurate. Even WIRED magazine regurgitated elements of the i-Soon incident when reporting on the Knownsec leak.

Although verifying information related to the deliberately secretive and obscured Dark web is difficult, in cases like this, where national security is impacted, it is critical to get it right. In this particular
case, it was simple:

By either directly examining the Knownsec sample data that is publicly available or simply performing a basic Google search on the leaked data descriptions, it quickly became evident that much of the information attributed to Knownsec was actually mixed up with data from i-Soon. The overlap includes highly specific i-Soon details such as 95 GB of Indian immigration records, 3 TB of call records from South Korean telecom LG U Plus, and 459 GB of Taiwanese road-planning data. Even particular aspects of the incident, like the leaked data being briefly posted on GitHub before removal, were mistakenly conflated with the i-Soon leak.

Unfortunately, this misinformation now becomes embedded as false truth as a result of its repetition, especially when published by trusted sources like WIRED. One wonders how many reports will be corrected or retracted? Hopefully, my old OSINT colleagues in the intelligence community did their homework before pushing any incorrect Knownsec intelligence forward.

See CyberAGroup's analysis of the Knownsec leak for what is actually known.