It sounds like the beginning of a joke, but these are all the stories that have gone viral over the past 12 months — making international headlines and even some television segments:
- Christmas elves are being thrown into gardens to mark them for violent burglaries.
- Autonomous drones killed their operators when they tried to stop them from completing their mission.
- A massive distributed denial of service (DDoS) attack against an unnamed Swiss (or sometimes Swedish) company involved millions of zombie smart toothbrushes.
They were all false, stemming from various misunderstandings, but spread too quickly and too little factual checking was done to capture the truth. Headlines that were too good to ignore were carried by the media, mostly unchecked and unchecked, for 24 hours before questions arose. Nevertheless, most outlets moved ahead quietly rather than publishing a counterclaim.
deadly drone
This is one of those stories that feels just right – the danger of artificial intelligence (AI) being shown on conflicting parameters, attacks on humans, and poorly specified missions. Isaac Asimov could have written this.
News channels around the world talked about the US Air Force’s simulation in which a drone attacked its operator before being removed from the control tower, killing him. The stories contained a lot of information about the simulation, describing how the test was designed to identify and destroy an enemy installation but that the operator would sometimes countermand commands. Since the drone was rewarded for destroying the installation, it decided that the operator was a nuisance and attacked him, before doing the same to the control tower when he tried to take control.
The only problem was that it never happened. While most stories described it as a simulation, some recounted it as a real event, even though the simulation was never actually run. To its credit, the Army quickly issued a statement saying that no such simulation had taken place, and the truth eventually came out. An Air Force officer made some comments about the scenario at a summit of the Royal Aeronautical Society. They were then published in a blog post by the authors for the society, and were seemingly taken out of context.
It is believed that this was discussed as a tabletop scenario, brainstorming possibilities, rather than a simulation, but without full details it is difficult to establish anything more than that the simulation never took place.
Read: A guide to anti-drone systems: protection from rogue aerial intruders
suspicious gnome
Fast forward a few months and another headline goes viral. From the initial news in a mainstream media, warnings about Christmas elves being dropped into gardens to mark them for later thefts spread internationally in less than a day. It was international news in a dozen languages, from a warning given to a small community by police in North Wales.
Panic spread, but the source was lost because community warnings about the objects were removed. A similar warning was not referenced anywhere on the North Wales Police website, and it was only through internet archives and some investigation that the truth of the story emerged.
At least this time there was a grain of truth. Somehow, possibly the earliest article identified so far carried a warning that it was partly created by AI (it was for a major UK newspaper), by two suspicious individuals in gardens in North Wales at various A community warning about dropping off items was turned into, as the Daily Mail put it, “chilling calling cards that thieves could use to target you.” Impressively they managed to link it to a few more urban legends.
One theory is that people were using the objects to target homes for burglary, returning later to see if they had been removed and were they unaware the home was vacant. . Only one of the items was a Christmas gnome, and as a strategy for identifying targeted homes this seems a stretch, but it cannot be completely ruled out. However, the Christmas Gnome Panic went on for quite a long time, and there has been no update from any of the main media sources behind it to set the record straight.
zombie toothbrush
Again, our headlines are, “Three million smart toothbrushes used in DDoS attack leads to US$3 million loss.”
There’s a clear pattern at this point, and Zombie Botnet Toothbrush hits both of the notes of the other two stories. Shortly after the headlines began, a story broke – from a security researcher at Fortinet to a reporter, who was involved in an article originally written in Swiss German, with small references to the scenario being hypothetical lost in translation. Were. The story broke.
Read: What are DDoS attacks?
As this story spread around the world, garnering more and more headlines, it was picked up and promoted by more and more vendors eager to add their products to prevent such attacks in the future, raising questions in cybersecurity circles. Started asking. One of them was about whether toothbrushes, even smart ones, had Wi-Fi capability, necessary for such an attack (not mentioned in the article, only working over Bluetooth). The second was how everyone had somehow missed a significant and noticeable DDoS attack.
It seemed that it would only take a few hours for the truth to be revealed, but by then it had spread around the world. The fallout is still occurring days later, with concerns that once again the cybersecurity industry is damaging its credibility through such exaggerated and false alarms. Once again, other questions are being asked about the role of the broader media in taking the time to fact-check their stories.
What is worse is that questions are being raised on the role of the seller in all this. The debate is still ongoing, and unlikely to be resolved before a new shiny distraction emerges, but the author of the original story that claimed the attack took place has given his account. Not only are Fortinet’s claims on their part that specific details and numbers were provided regarding the attack, but also that the text of the article with the specific claim of this being the actual case was presented to them before publication, without any objection.
This is a growing issue, and as more and more low-quality content is generated and regurgitated by AI tools to keep the news “fresh,” more and more misinformation is included. Will happen. When marketing teams become complicit, whether through complacency, through inattention or even intentionally, it will continue to grow and damage the credibility of an important industry.
This is a problem we have been facing for decades, and it is becoming even more acute as the speed at which information and misinformation are generated increases. Still, at least it’s a story to set your teeth on.
