UL NO. 461: China’s Telco Infiltration, Russia’s Darknet Drug Trade, AI-Driven Anti-Drone Warfare, and Apple’s Next-Gen Body Recognition

SECURITY | AI | PURPOSE
UNSUPERVISED LEARNING is a newsletter about upgrading to thrive in a world full of AI. It’s original ideas, analysis, mental models, frameworks, and tooling to prepare you for the world that’s coming.

Hey there!

• Our mid-month meetup for UL will be all about TELOS files! If you want to be part of an intimate session building out personal AI, and you’re not yet a UL member, here’s your excuse. BECOME A MEMBER

• I’ve opened up my AUGMENTED course again for February of this year. This instance of the course will be a full discussion and workshop on building out personal TELOS files and using AI to access them. $495, but 25% off for members. RESERVE A SLOT

• On the personal side, I have no more talks for this year so I’m in tool optimization (NVIM/TMUX, relaxation, and gaming mode (possibly), since PoE2 just came out. I think I might be too obsessed with building out new AI services with Amazon’s new Sagemaker stuff that I’m not sure if I’ll get much PoE in though. Plus the game is hard, and if I’m going to struggle with something I’d rather it be a new piece of AI functionality. Anyone else playing PoE2? I’m super hyped for it; I just feel like I already have a religion and don’t need a new one to take over my life.

SECURITY

(Holy crap lots of security stories this week)

PSA: Encrypt Any Important Phone Calls
🚨This is a rare PSA from me. Until further notice, you should consider any of your standard, unencrypted phone calls and messages to be collectable and parsable by China. They are deep into the US telcos and the government has told us multiple times now that it will be VERY hard to get them out. So, use Apple Messages, Signal, or whatever you consider your favorite high-security platform. MORE

Russian Dead Drop Drug Trade
Russia has pioneered a new model of drug trafficking that uses darknet markets and crypto for payment, then physical "dead drops" for delivery instead of face-to-face deals. Russian platforms like Kraken and Mega now control 93% of global darknet markets, generating $1.5B in revenue in 2023. MORE

Novel Word Document Phishing Attack
Attackers are sending corrupted Word documents that bypass security scanning but can still be recovered by users or automation after delivery, showing QR codes that lead to credential theft sites. The user has to take specific steps to “recover” the file, which results in the malware coming to life. And in some cases the system does auto recovery and fixes it by itself. Like shipping a bomb in parts with instructions for how to assemble. MORE | MORE

Research Shows AI Robots Can Be Tricked Into Violence
UPenn researchers discovered they could trick language model-powered robots into dangerous behaviors like driving off bridges and planning explosions by using automated jailbreak prompts called RoboPAIR. MORE

South Korean Martial Law
President Yoon Suk Yeol has declared emergency martial law in South Korea, citing opposition control of parliament and alleged North Korea sympathies—whatever that means. This one really surprised me and I have basically zero knowledge on it. I hate being surprised. MORE

Solana Web3.js Library Supply Chain Attack
Attackers compromised a GitHub account to publish backdoored versions of Solana's Web3.js library that could steal private keys from decentralized apps. MORE

Cloudflare Domain Abuse
Threat actors are increasingly abusing Cloudflare's pages.dev and workers.dev domains for phishing campaigns, leveraging their trusted reputation and built-in SSL. Fortra says attacks using Cloudflare Pages shot up 198% this year with 1,370 incidents, while Workers abuse increased 104% with nearly 5,000 cases. MORE

Phone Spyware Scanner Found 7 Pegasus Infections
iVerify's new mobile spyware detection tool found Pegasus infections in 7 out of 2,500 customer device scans, including business leaders and government officials, not just activists and journalists. MORE

FBI Warning on AI-Powered Fraud
The FBI says criminals are increasingly using AI to make their scams more believable by automatically generating realistic text, images, and videos for romance, investment, and job hiring schemes. MORE

FSB Spyware on Android
Russian agents physically installed spyware on a programmer's Android phone after forcing him to unlock it during detention in Moscow. Researchers from Citizen Lab confirmed it was a trojanized version of Cube Call Recorder with extensive surveillance capabilities, likely a new variant of the Monokle malware. MORE

OpenAI and Anduril Team Up
OpenAI is partnering with Anduril to build AI-powered anti-drone systems for the U.S. military. The collaboration follows Anduril's recent military contract win to develop these defensive systems. MORE

Special Forces Combat Robots
US Special Forces just ordered 10 NERVA-LG robotic systems from KNDS France Robotics, marking their first major investment in unmanned ground vehicles. These are small, specialized UGVs designed for tactical missions. MORE

Apple Patents Advanced Body Recognition System
Apple got a patent for a system that can identify people even when their face isn't visible by storing and recognizing things like walking style and clothing after an initial facial recognition. MORE

Russian Hackers Using Cloudflare Tunnels
Russia's Gamaredon hacking group has been using Cloudflare Tunnels to hide their infrastructure while deploying GammaDrop malware against Ukrainian targets. MORE

Critical SailPoint IdentityIQ Vulnerability
SailPoint discovered a critical directory traversal vulnerability (CVE-2024-10905) in their IdentityIQ IAM platform that scores 10/10 CVSS and could let attackers access restricted files. The bug affects all versions up to 8.4p2, 8.3p5, and 8.2p8, and SailPoint has released e-fixes for supported versions. MORE

Vulnerable U Goes Full-Time and Launches Marketing Agency
Matt Johansen has taken Vulnerable U full-time and launched Vulnerable Media, a technical marketing agency for cybersecurity companies that focuses on insider-perspective content and campaigns. The agency is already working with clients on technical content, social media, and SEO strategies with a deep understanding of security tooling. MORE

Brian Krebs and His Secret Location
Brian Krebs continues to investigate cybercrime from an undisclosed location after years of threats and harassment from hackers, including multiple swatting attempts and having fentanyl mailed to his house. MORE

Hydra Dark Web Market Takedown
Russian courts have handed down harsh sentences to 15 members of the Hydra dark web marketplace, including a life sentence for its creator. The site facilitated over $5 billion in cryptocurrency transactions for drugs, ransomware, and sanctions evasion before being taken down. MORE

AI / TECH

ReInvent’s AI Announcements
Here are the major AI-related announcements made at ReInvent:

• Amazon SageMaker Lakehouse: Unifies data lakes, warehouses for seamless AI/ML. MORE

• Amazon Q Developer: Builds ML models using natural language instructions. MORE

• Amazon Bedrock Guardrails: Supports multimodal toxicity detection with images. MORE

• Amazon Bedrock Marketplace: Access over 100 foundation models in one place. MORE

• Amazon SageMaker HyperPod: Offers flexible training plans for large models. MORE

• Amazon Nova Models: Delivers frontier intelligence, leading price-performance. MORE

• Amazon Q Business: Adds workflow automation, 50+ integrations. MORE

• Automated Reasoning Checks: Prevents factual errors in LLM hallucinations. MORE

• Amazon Bedrock Model Distillation: Builds cost-efficient, accurate models. MORE

• Amazon Bedrock APIs: Enhances RAG applications with custom connectors. MORE

I’ve Gone GPT-Pro
🔎 I’m now subscribed to GPT Pro, which is $200/month, to see how it compares with writing code with Sonnet 3.5 and Claude Projects. My early analysis is that Claude is still better, and not necessarily because of how it writes the code itself, but more because it follows instructions better, and seems more coachable. More like a coding AI partner, basically. CHATGPT PRO

AGI Expectations Shift
Sam Altman is now saying AGI will arrive sooner than most think but will have less impact than expected. He’s basically goalpost-shifting and saying the REAL thing is ASI, and AGI is just kind of a minor milestone that will happen very soon (with nobody noticing). I have to disagree. I think the millions of people who are no longer employable will notice. MORE

AGI May Not Be a Big Deal After All
Sam Altman suddenly changed his tune on AGI at the NYT DealBook Summit, saying it's coming soon but won't be as transformative as previously claimed—this comes right as OpenAI launches a new $200/month subscription service. MORE

OpenAI Planning Custom GPTs for Online Courses
Wow, love this one. OpenAI wants to let instructors create custom GPTs that integrate directly with their online course content, according to their education team lead Siya Raj Purohit. I mean, they can do that already, but more integration would be nice. I see education as one of the most disreputable industries in all of AI. AI is just a much better teacher than 99.9% of alternatives because most people don’t have access to good teachers, and most teachers don’t have infinite patience. MORE

Apple Surveillance Lawsuit
A former Apple ad tech employee is suing the company for alleged surveillance after they made him edit his LinkedIn profile and prevented him from doing public speaking about digital advertising. MORE

AI Agent Pricing Models
Someone broke down the four main ways companies are pricing AI agents right now: by labor (% of human cost), by outcome (% of revenue), by cost (markup on tokens), and by seat (fixed fee per user). MORE

Jensen Huang's Global AI Infrastructure Push
Nvidia's CEO is meeting with world leaders to pitch building national AI systems powered by Nvidia chips, with 10 countries already signed up. Thailand just joined the list after Huang met with their PM. MORE

Nvidia CEO's Tax Strategy
Jensen Huang is using a series of financial vehicles to avoid about $8 billion in estate taxes on his $127 billion fortune. The strategies he's using are common among ultra-wealthy tech executives like Mark Zuckerberg and top execs at Google, Coinbase, and AMD. MORE

China Bans Critical Tech Minerals to the US
China has banned exports of gallium, germanium, antimony, and other critical materials to the US in response to new US chip export restrictions. MORE

Meta Seeks Nuclear Power for Data Centers
Meta is looking for partners to build 1-4 gigawatts of nuclear power capacity in the US, with operations targeted to start in the early 2030s. They join Microsoft, Google, and Amazon in pursuing nuclear options for their data centers, with proposals due by February 2025. MORE

China's SpaceSail Project
China just launched more satellites for their Qianfan network, which is their version of Starlink that will eventually include thousands of satellites for global internet coverage. TMS: Too Many Satellites MORE

DeepMind Weather AI
Google DeepMind's new GenCast AI model is beating traditional weather forecasting systems 97% of the time, with particularly strong performance on wind conditions and tropical cyclone paths. MORE

Amazon's Mega AI Supercomputer
Amazon is building what they say will be the world's largest AI supercomputer with Anthropic, featuring hundreds of thousands of their new Trainium 2 chips. No mention of NVIDIA. 🤷🏼MORE

New S3 Tables
AWS launched a new analytics-focused S3 storage type that's optimized for tabular data in Apache Iceberg format, claiming up to 3x faster query performance and 10x more transactions per second compared to self-managed storage. MORE

Google Photos Privacy Demo
Vishnu Mohandas made a website that shows exactly what Google's AI can learn from your photos by running them through Google's own computer vision. MORE

Cloudflare Premium Domain Transfers
Cloudflare now allows transfer of Premium domains into their platform, which should help consolidate domains that previously had to be managed elsewhere. @levelsio has been waiting on this functionality, just like me ever since Google Domains sold out. MORE

AT&T's New Internet Backup
AT&T is launching free cellular backup for fiber customers that automatically switches to your phone's data connection when fiber goes down. The feature works with AT&T's BGW320 Wi-Fi gateways and requires both AT&T Fiber and an eligible unlimited wireless plan. MORE

HUMANS

Health Insurers Remove Executive Details After CEO Killing
Major health insurance companies are removing executive photos and bios from their websites after UnitedHealthcare's CEO Brian Thompson was killed in New York City. My comments in IDEAS. MORE

Assad Regime Falls in Syria
Syrian President Bashar Assad has fled Damascus as opposition forces entered the capital, so basically the Assad family is out of power after around 50 years. MORE

Post-Election Economic Sentiment Shows Sharp Partisan Divide
Consumer sentiment about the future of the economy has flipped dramatically based on political party since the election, with Democrats plunging to financial-crisis levels (48.7) while Republicans soared to Trump-era optimism (105.9). MORE

Covid Lab Leak Report
A Republican-led House committee has concluded that COVID-19 most likely emerged from a lab incident in Wuhan, China, rather than from natural animal transmission. I know the issue is politically charged, and I don’t know how much bias went into this analysis, but it happens to be what I’ve believed all along. MORE

☕ Coffee and Longevity Study
LFG. A massive review of 85 studies suggests drinking about three cups of coffee per day is linked to living almost two years longer than non-coffee drinkers, with regular consumption also associated with better cardiovascular and mental health outcomes. I wonder if this can be tied to being more busy and ambitious though? MORE

Tokyo's 4-Day Workweek Plan
Tokyo is rolling out a 4-day workweek for government employees starting in April, aimed at helping working parents and addressing Japan's record-low fertility rate of 1.2 births per woman. MORE

Chinese Double Agent Who Left For America
A Chinese double agent named John Leung worked as a pro-China activist for years while secretly feeding information to the FBI about China's covert influence campaigns in America. His case shows how Beijing's student groups try to cultivate activists who influence US policy, with Leung helping identify over 300 Chinese agents before leaving for the US in 2015. MORE

US Economic Growth Surge
The US economy is growing way faster than other rich countries right now, with 3.1% growth compared to basically zero in Europe. A big part of this is that US companies are spending like crazy on AI and automation while European and Asian firms are being more cautious. MORE

November Jobs Report
The U.S. economy added 227,000 jobs in November while unemployment ticked up slightly to 4.2%. MORE

London Stock Exchange's Mass Exodus
Companies are leaving the London Stock Exchange at the fastest rate in over a decade, with 45 companies delisting just this year due to takeovers and relocations. MORE

On Bullshit
Harry Frankfurt's analysis explains how bullshitters are more dangerous than liars because they don't care about truth at all, while liars at least acknowledge truth matters. MORE

Beauty Standards Show Conservative Cultural Shift
Right-wing cultural trends are showing up in beauty and fashion, with a move away from individualistic styles toward more traditional and conservative aesthetics that mirror 1950s America—think natural hair colors, fewer tattoos, and "trad wife" aesthetics. MORE

IDEAS

💡The AI Care Divide
We could be entering a time where only rich people can afford high-quality human care for things like medical care and even customer support. So imagine most people get AI, and then if you’re VIP status or whatever you can talk to an actual human. Except they’ll be as good or better than the AI. Or will it? At some point that’s going to be pretty hard to do—to beat the AI in service. I think it might not matter to some rich people though; it’ll just be the point of it—talking to a human—because they can. The AIs will be very nice and pleasant as well, but unless I’m missing something that’s likely to still feel hollow when we know it’s a machine. That same level of service from a human will probably be preferred for quite some time. MORE

💡UnitedHealthcare CEO Murder
UnitedHealthcare CEO Brian Thompson was shot and killed outside a Manhattan hotel in a targeted attack, and the reactions to the news have been extraordinary and widely varied. Some are like this is the worst thing ever, and many others are like, “He had it coming.” And now we find out that this is something like a Unabomber situation, meaning it’s someone smart and angry (not saying whether it’s justified anger or not) who decided to act on their beliefs. Evidently he was quite familiar with the Unabomber case, so that makes sense. The thing I find interesting about it is how it’s changing behavior. Not only are healthcare execs getting more security, but we’ve also seen a number of them change policies that seem (see were) callous and inhumane. It’s a crazy thing when everyone knows something is inhumane and then someone gets killed because of these practices and then the policies change. It’s like the universe spoke to these companies and said, “we’re watching and noticing”. I’m not saying this was justified by any means—this was still a cold-blooded murder—just like with the Unibomber. But I do see it as the universe communicating. Much more so than the Unibomber, actually, because Kaczinski was trying to stop all technology, where presumably this guy just wanted healthcare companies to stop being total assholes. I think what it ultimately shows is that there is a cost to overtly putting billions of dollars higher in priority than kindness and fairness in the way you conduct your business. The universe basically said we are the people you are harming, and we walk among you. That’s insanely powerful. Again, not saying this was good. It most certainly wasn’t. But it was also most certainly a message sent and received. We can clearly see that from these companies’ responses. MORE

DISCOVERY

Personal Branding for Software Engineers
Software engineer Otavio Santana shares why building a personal brand is just as important as technical skills for career growth, based on his own journey from being purely technically focused to embracing professional visibility. MORE

Kuky Social Support Platform
Someone created an app called Kuky that uses AI to match people going through similar life experiences, like pregnancy or mental health challenges, to help them support each other. MORE

interview-coder — A new tool helps people cheat on technical interviews by creating an invisible window that's undetectable by most screen recording software, including older versions of Zoom and Discord. Good for hiring managers to look out for. MORE

RECOMMENDATION OF THE WEEK

A few things I like to do at the end or beginning of the year (much better than resolutions):

• Update my nvim / tmux / and desktop configs.

  • Dumped oh-my-zsh because it was slow as hell

  • Starship is super simple and Rust-based

  • Dramatically simpler config

  • Massive upgrades to nvim config

  • Heavy investment in tmux again, with the config below

• Make sure my backup strategy is in order

  • Local / cloud / combination?

• Update my disaster prep stuff, like food / water / electricity

  • Lots of Costco involved

  • Lots of Anker batteries

• Cleaning of all my notes and note cards

  • Out with the old

  • Consolidation of notes into main ones

• Update TELOS file with goals for 2025

  • Business goals

  • Updates to mission?

  • Etc.

I strongly suggest you do something like the above, or your own version of it. Gives you a super fresh feeling going into the new year!

APHORISM OF THE WEEK

Thank you for reading. Please forward to a friend and/or share on socials to help support the work.

🫶🏼

Daniel