Reports from Cuba: AI facilitates proliferation of fake profiles and Cuba Ransomware ‘Fidel’ virus

14yMedio reports from Havana via Translating Cuba:

Artificial Intelligence Facilitates the Proliferation of Fake Profiles and the ‘Fidel’ Virus of Cuba Ransomware

Image generated by artificial intelligence when asked by this newspaper to describe the work of hackers at the service of the Havana regime.

The American company Mandiant, dedicated to cybersecurity and linked to Google, warned this week that digital groups related to several governments, including Cuba, have intensified their information manipulation campaigns since 2019 as part of a political agenda.

The proliferation of anonymous profiles, the generation of images and videos by artificial intelligence (AI) and the dissemination of false content are some of the activities that characterize the work of these Internet groups, related to the Cuban regime and the governments of Russia, China, Iran, Mexico, Argentina and El Salvador; and, in addition, with organizations from Ethiopia, Indonesia and Ecuador.

Although Mandiant does not reveal to what extent the Cuban regime is involved in the financing of these groups, its report takes as an example one of the false profiles created by a group related to the Government of Havana. The technique, they explain, is the recreation of a digitally altered face to make it look like the profile of a real person.

However, some indications in the image itself – such as posters or AI watermarks that alter the photo – allow us to easily recognize that it’s not a personal profile but a ghost account.

The trick shouldn’t take anyone by surprise. The Cuban regime has a long history of manufacturing false profiles aimed primarily at spreading its official propaganda, attacking opponents and questioning the quality of the independent press. Its presence has been so marked in the virtual debates about the Island, that Internet users have nicknamed these profiles claria, catfish, an invasive species that is raised in several provinces.

For more than a decade, activists have pointed to the University of Computer Sciences in Havana as the origin of these campaigns. Testimonies of graduates of that center confirm the hypothesis that students, among their teaching tasks, must perform hacking and denial of service attacks on dissident sites, and must fill the comment areas with insults or slogans.

The rise of AI in recent months and the potential of this technology in the wrong hands have set off alarms for cybersecurity experts, although they clarify that, for the moment, there have been no highly dangerous “intrusions” among those studied by Mandiant; all were of “limited” impact.

The company has studied the behavior of groups linked to authoritarian governments since 2019, and although it expects that in the coming years the use of AI for malicious purposes will increase, it also says that this point has not yet been reached. The danger lies in AI’s ability to manufacture “realistic content for deceptive purposes.”

On the Cuba Ransomware website, decorated with Cuban “nationalist” motifs, there is an image of Fidel Castro and another of Ernesto Guevara welcoming users.

In addition, with the democratization of this technology, Mandiant points out, it will be increasingly easier to produce content on a large scale and disseminate “specific narratives” with a political focus. Several studies show that, if not addressed critically, images generated with AI have a great “persuasive power” over the audience.

Another of the techniques used is the manipulation of real audios and even the “fabrication” of voices that successfully imitate public figures and attribute false messages to them, one of the favorite strategies of the Russian hacktivists CyberBerkut. This can also have a visual component, whose most famous recent example is the video of the false capitulation of Ukraine, announced by a computerized re-creation of its president, Volodymyr Zelensky, and disseminated by Russia in 2022.

One of the most expansive campaigns, Mandiant details, was the one known as Dragonbridge, whose objective was pro-Chinese propaganda, and its dissemination on more than 30 platforms in 10 different languages. Dragonbridge was born as a mechanism to counteract the impact of the protests in favor of a democratic opening in Hong Kong, in 2019.

Finally, Mandiant warns against the proliferation of malicious programs, for which AI also offers services. One of the viruses that has most attracted the attention of cybersecurity experts in recent years has been the so-called ’Cuba Ransomware’, also known as ’Fidel’.

This Thursday, the blog of the BlackBerry company – the former phone manufacturer now focused on cybersecurity – said that it had discovered “new tools” with which Cuba ransomware has perfected its operations. However, BlackBerry points out that although it has not been able to directly link the evil program called ’Fidel’ to the Havana regime, it has traced the origin of many of its activities to the servers of one of its main allies: Russia.

Discovered in 2019, Cuba Ransomware has been increasing its threat radius. Its objective is, above all, to infect government servers or official U.S. organizations. On its central website, decorated with Cuban “nationalist” motifs, there are images of Fidel Castro and Ernesto “Che” Guevara welcoming users: “This page contains information about companies that do not want to cooperate with us. One part of it is free, the other is for sale. Have fun.”

For several months, the Government of Miguel Díaz-Canel has signed decisive agreements for the development of cyberespionage and digital surveillance on the Island. During his trip to Beijing, in November 2022, the president obtained financing from China to implement several computer security initiatives. Simultaneously, in Havana, a National Working Group on Cybersecurity was created, in charge of Xetid, the technological company of the Armed Forces.

International tension over the collaboration between Beijing and Havana reached its zenith last June, when several Washington officials revealed to The Wall Street Journal that China was about to build an electronic espionage base on the Island.

Officials claimed to have information – although they refused to disclose it – about the location of the base, which would allow China to have a signals intelligence network (sigint) to intercept communications, including emails, phone calls and satellite transmissions.

Both Russia and China, the newspaper warned at the time, are looking for allies geographically close to the United States to implement strategies that recall the peak moments of the Cold War.

Translated by Regina Anavy