American Diplomats to Fight Propaganda … on X
.jpg?sfvrsn=3f72484e_5)
American Diplomats to Fight Propaganda… on X
U.S. Secretary of State Marco Rubio has called for the Department of State to push back against foreign state-backed propaganda and disinformation. Unfortunately for Rubio, he also dismantled the State Department's counter-propaganda office last year. It won't be recreated easily.
When it shut down its counter-propaganda office, the U.S. government essentially left the detection of coordinated disinformation campaigns to private companies, at least some of which either don't care or are actively taking extreme positions: X is now a cesspool of disinformation.
Last week, though, Rubio sent a memo to global U.S. diplomatic posts directing them to launch their own campaigns combatting foreign propaganda. Per The Guardian:
The cable instructs … embassies and consulates to pursue five broad goals: countering hostile messaging, expanding access to information, exposing adversary behavior, elevating local voices who support American interests, and promoting what it calls "telling America's story". Embassies are told to recruit local influencers, academics and community leaders abroad to carry counter-propaganda messaging, an approach designed to make American-funded narratives feel locally organic rather than centrally directed.
Rubio's memo instructs posts to coordinate their work with the Department of Defense's psychological operations unit. We understand the desire for centralized coordination, but the Department of Defense does have very different goals from the State Department.
This week, for example, Politico reported that a CIA disinformation operation was used to distract Iranian forces while the U.S. military was extracting a downed airman who was stranded in Iran. The operation planted information that the airman had already been found and was being extracted out of the country by ground travel.
Despite this operation being credited to the CIA, it is a perfect example of a military deception campaign. It had specific military objectives, was tightly scoped to the area of operations, and it is difficult to imagine it could cause harm to civilian populations.
By contrast, rather than achieve specific objectives within a limited area of operations, the State Department typically wants to support American interests by winning friends and gaining influence globally. Additionally, the Pentagon's psychological operations have not historically been what we'd describe as sterling examples of best practice.
What a shame there isn't already an office in the State Department that could be used to coordinate this work! But back in April of last year, Rubio shut the department's Counter Foreign Information Manipulation and Interference office, saying it had been used to "actively silence and censor the voices of Americans."
The author of this newsletter had dealings with that office's predecessor, the Global Engagement Center. In our experience it was rightly focused on countering foreign interference and funded projects that, among other things, characterized Chinese influence campaigns.
Among the five goals in Rubio's cable were two separate and distinct directives: promote trustworthy information and reveal fakes.
In regard to uncovering fakes, individual embassies are being asked to counter state-backed propaganda and disinformation campaigns that are organized and well funded and have been operating for years. The directive comes at a time when we suspect U.S. embassies already have more than the usual number of diplomatic crises to deal with.
Rubio has helpfully provided suggestions for how diplomats should go about achieving these goals, though. They should use resources such as X's Community Notes and unspecified AI tools.
It is worth mentioning that Community Notes does very little to counter these operations. It is focused on checking facts, rather than identifying and outing the campaigns themselves. A Bloomberg analysis found that Community Notes does not typically work for divisive opinions because, almost by definition, there is no group consensus. As a result, Community Notes has become a target for coordinated inauthentic behavior because if a malicious group can create the appearance of division, a community note does not get published.
X tries to identify and counter campaigns when they reach Community Notes, but prior to Elon Musk becoming CEO, the company had a more ambitious trust and safety agenda. Back then, it would attempt to detect and neuter these organized inauthentic campaigns as soon as they appeared anywhere on the platform.
As for the goal of promoting trustworthy information, the Trump administration has also cut funding to broadcasters such as the Voice of America, Radio Free Asia, and Radio Free Europe. These organizations are run at arms length from the U.S. government, so local audiences could be more receptive to their message than, say, from the State Department when it is being directed to "tell America's story."
We are unsurprised that the U.S. government's image worldwide is taking a serious walloping. In addition to unpopular foreign policy initiatives, it has also left the field wide open for malicious foreign disinformation and propaganda campaigns. Talk about leading with your chin.
In the short term, reinstating the State Department's counter-propaganda programs won't do much to turn around America's messaging problems. Disinformation and propaganda, however, is a game that America's adversaries are playing for the long term.
The State Department has known about this problem for a while. In October 2025, Intelligence Onlinereported that the department was thinking about reactivating some of its counter-propaganda offices. At some point, we expect the U.S. will start, once again, to actively counter these campaigns in an organized, centralized, and more effective way.
Until then, we do have a memo. Diplomats, start filling out your Community Notes.
Lawful Intercept Systems Are Enduring Targets
Chinese cyber espionage groups are targeting America's lawful intercept and surveillance systems. There needs to be a concerted effort to protect them.
Last week, Politico reported that the FBI declared a recent China-linked breach of its systems to be a "major incident" because it poses significant risks to U.S. national security.
The breach was first disclosed in early March and relates to a sensitive system containing information about law enforcement targets. A notice sent to Congress said that while the affected system was unclassified, it contained "law enforcement sensitive information, including returns from legal process … and personally identifiable information pertaining to subjects of FBI investigations."
The notice continued that the hackers had accessed the FBI's infrastructure after making their way through a commercial internet service provider.
This is just the latest in a string of hacks targeting these types of systems.
Salt Typhoon, the Chinese hacker group that has been on a tear compromising U.S. and global telecommunications companies, has also had its sights on lawful intercept systems. Our understanding, based on careful parsing of reports from the 2024 hacks, is that the group compromised portals that telecos used to track lawful intercept requests. But it was not in a position to control the lawful intercept systems themselves.
Assuming we are correct, that means that in both the 2024 Salt Typhoon breaches and more recent FBI hacks Chinese hackers were able to access information about who was being targeted for lawful interception by authorities. Even though this doesn't enable further collection, it is still a huge deal for U.S. national security.
Simply knowing who was subject to federal requests for wiretaps would be a gold mine for China. The knowledge could be used to adjust their espionage or transnational repression efforts. If their agent was being surveilled, for example, they could slam on the brakes to avoid being caught red-handed. No wiretap in sight? It’s full steam ahead.
In the Salt Typhoon breaches of 2024, the hackers are believed to have targeted the calls and metadata of about 40 people including members of the Harris campaign, then-former President Trump, and his vice presidential nominee, JD Vance.
Possibly having intercepted Trump's phone calls is a huge deal, but there are pretty straightforward mitigations for this kind of telecommunications, infrastructure-based collection, like using encrypted messaging apps such as Signal. That's even the official U.S. government advice.
There is, however, no equivalent easy-to-implement mitigation for lawful intercept systems.
The Salt Typhoon targeting of these systems was discovered back in late 2024, but there was no in-depth report detailing exactly what happened or appropriate countermeasures to take. In March this year, Congress was notified of the breach of the FBI's system.
Chinese hackers are engaged in an ongoing, persistent campaign to target lawful intercept systems. The best time to secure them would clearly have been before the Chinese hacked them. But rather than continue a steady-as-she-goes approach when the Chinese are obviously having some success, the time for a concerted defensive rethink is now. Let's hope we get it.
Three Reasons to Be Cheerful This Week:
- Anthropic's Project Glasswing: AI company Anthropic has given over 40 tech companies pre-release access to its new Mythos Preview model, which looks to be really very good at finding zero-days. The idea is to give them a head start on identifying and fixing vulnerabilities before models this capable are released more publicly. The access comes with $100 million in usage credits.
- U.S. spyware maker sentenced: Bryan Fleming, the American founder of pcTattletale spyware, was convicted of the making, selling, and advertising of unlawful spyware. Fleming was sentenced to time served and a $5,000 fine.
- Germany doxxes ransomware kingpin: Daniil Maksimovich Shchukin was a key member of both the REvil and GandCrab groups according to the German Federal Criminal Police, the BKA. Krebs on Security has further coverage.
Risky Biz Talks
In our latest "Between Two Nerds" discussion, Tom Uren and The Grugq discuss how Iran's cyber forces have been used during the ongoing war so far.
From Risky Bulletin:
Cybercrime losses passed $20 billion last year: Americans have lost almost $21 billion to cybercrime last year, more than in any other year since the FBI began tracking cybercrime data 25 years ago, the FBI said in its yearly Internet Crime Report [PDF].
Investment scams were again the top category in terms of losses, with $8.6 billion reported stolen, and almost $6.2 billion of that sum being stolen as cryptocurrency.
Cyber-enabled fraud accounted for 85 percent of last year's losses, or almost $17.7 billion.
Investment scams has been the category with the biggest reported losses in the report since 2022, with total losses rising every year, so it's no surprise here, and anyone watching the information security space was anticipating this result.
New Cambodian law will put scam compound operators in prison for life: The Cambodian government passed a new law last week that introduces big fines and heavy prison sentences for the operators and workers of cyber scam compounds.
The new bill passed unanimously in the National Assembly and Senate and was sent to the country's king to be signed into law. It comes after major international pressure from both China and the U.S. for the local government to crack down on its sprawling cyber scam ecosystem.
The law introduces tiered penalties depending on a suspect's roles in the scam operation, such as if they acted alone or as part of a larger cybercrime syndicate.
Russia will revoke licenses for unruly ISPs: The Russian government will tighten operating requirements for internet service providers in an effort to kill small neighborhood providers.
The new requirements will include higher license fees, larger minimum operational capital, and mandatory deployment of the FSB's SORM traffic interception equipment.
According to reports from Izvestia and RBC, the new proposed rules would give the Russian Ministry of Digital Development, Communications, and Mass Media the power to revoke licenses without a court order for those who fail to comply.
