The Possibilities of GPT-3 from OpenAI Are Being Explored
August 27, 2020
Unsurprisingly, hackers have taken notice of the possibilities presented by OpenAI’s text-generating software. WibestBroker News reports, “Fake Blog Posts Land at the Top of Hacker News.” The post was generated by college student Liam Porr, who found it easy to generate content with OpenAI’s latest iteration, GPT-3, that could fool readers into thinking it had been crafted by a person. Writer John Marley describes the software:
“GPT-3, like all deep learning systems, looks for patterns in data. To simplify, the program has been trained on a huge corpus of text mined for statistical regularities. These regularities are unknown to humans. Between the different nodes in GPT-3’s neural network, they are stored as billions of weighted connections. There’s no human input involved in this process. Without any guidance, the program looks and finds patterns.”
Rather than being unleashed upon the public at large, the software has been released to select researchers in a private beta. Marley continues:
“Porr is a computer science student at the University of California, Berkeley. He was able to find a PhD student who already had access to the API. The student agreed to work with him on the experiment. Porr wrote a script that gave GPT-3 a headline and intro for the blog post. It generated some versions of the post, and Porr chose one for the blog. He copy-pasted from GPT-3’s version with very little editing. The post went viral in a matter of a few hours and had more than 26,000 visitors. Porr wrote that only one person reached out to ask if the post was AI-generated. Albeit, several commenters did guess GPT-3 was the author. But, the community down voted those comments, Porr says.”
Little did the down-voters know. Poor reports he applied for his own access to the tool, but it has yet to be granted. Perhaps OpenAI is not too pleased with his post, he suggests. We wonder whether this blogger received any backlash from the software’s creators.
Cynthia Murrell, August 27, 2020
Insider Threats: Yep, a Problem for Cyber Security Systems
August 20, 2020
The number of cyber threat, security, alerting, and pentesting services is interesting. Cyber security investments have helped cultivate an amazing number of companies. DarkCyber’s research team has a difficult time keeping up with startups, new studies about threats, and systems which are allegedly one step ahead of bad actors. Against this context, two news stories caught our attention. It is too soon to determine if these reports are spot on, but each is interesting.
The first report appeared in Time Magazine’s story “Former CIA Officer Charged With Giving China Classified Information.” China is in the news, and this article reveals that China is or was inside two US government agencies. The story is about what insiders can do when they gather information and pass it to hostile third parties. The problem with insiders is that detecting improper behavior is difficult. There are cyber security firms which assert that their systems can detect these individuals’ actions. If the Time article is accurate, perhaps the US government should avail itself of such a system. Oh, right. The US government has invested in such systems. Time Magazine, at least in my opinion, did not explore what cyber security steps were in place. Maybe a follow up article will address this topic?
The second news item concerns a loss of health related personally identifiable information. The data breach is described in “Medical Data of Auto Accident Victims Exposed Online.” The security misstep allowed a bad actor to abscond with 2.5 million health records. The company responsible for the data loss is a firm engaged in artificial intelligence. The article explains that a PII health record can fetch hundreds of dollars when sold on “the Dark Web.” There is scant information about the security systems in place at this firm. That information strikes me as important.
Several questions come to mind:
- What cyber security systems were in place and operating when these breaches took place?
- Why did these systems fail?
- Are security procedures out of step with what bad actors are actually doing?
- What systemic issues exist to create what appear to be quite serious lapses?
DarkCyber does not have answers to these questions. DarkCyber is becoming increasingly less confident in richly funded, over-hyped, and ever fancier smart security systems. Maybe these whizzy new solutions just don’t work?
Stephen E Arnold, August 20, 2020
Data Loss: An Interesting Number
August 19, 2020
“Over 27 Billion Records Exposed in the First Half of 2020” contains some interesting assertions. One which caught my attention was:
Although reports of data breaches are down 52 percent in the first half of this year, the number of records exposed over the same period has soared to 27 billion.
The write up quotes an expert from Risk Based Security as saying:
“The striking differences between 2020 and prior years brings up many questions,” says Inga Goddijn, executive vice president at Risk Based Security. “Why is the breach count low compared to prior years? What is driving the growth in the number of records exposed? And perhaps most importantly, is this a permanent change in the data breach landscape?”
I am curious as well. Interpol’s August 2020 “Cybercrime: Covid-19 Impact” suggests that cybercrime is chugging along quite nicely.
DarkCyber’s question is:
With hundreds of cyber security firms offering everything from real time AI monitors to old fashioned and expensive humans, bad actors appear to be increasingly successful. How is that Garmin cyber security system working now? Any Amazon S3 buckets compromised recently? Is Self-Key’s statement that “the first quarter of 2020 has been one of the worst in data breach history with over 8 billion records exposed” accurate?
The numbers may be interesting but the question is, “Why are state-of-the-art, artificially intelligence cyber security systems performing in a way that suggests bad actors are experiencing a surfeit of target opportunities?
Stephen E Arnold, August 19, 2020
Quantexa: Awash in Cash
August 13, 2020
As the COVID-19 pandemic continues to spread, crime has not stopped. Instead of illegal activities taking place in person, bad actors have moved their activities online. Cybersecurity experts discovered that the pandemic has also made bad actors more desperate and are willing to take more risks online. Inventiva explains with the rise of risky cyber crimes, cybersecurity companies are seeing huge investments such as: “Quantexa Raises $64.7M To Bring Big Data Intelligence To Risk Analysis And Investigations.”
Quantexa is a UK-based company that designed a Contextual Decision Intelligence. Machine learning platform that analyzes data points to track criminal activity and build better profiles of companies’ customer base. Quantexa recently raised $64.7 million in Series C fundraising. The funds will be used to develop further tools for cybersecurity and expand Quantexa into other continents.
Quantexa has done work for banks and other businesses in the financial industry. The company hopes the fundraising infusion will set them up with work in the government/public sector and insurance companies.
Quantexa founder and CEO Vishal Marria said he created the company, because he encountered many challenges with investigations while he was an Ernst & Young executive director. He noticed that when potential bad actors were investigated, only small pieces of information were used. Marria thought of a better way, so he designed AL algorithms and used big data to find the bigger picture:
“As an example, typically, an investigation needs to do significantly more than just track the activity of one individual or one shell company, and you need to seek out the most unlikely connections between a number of actions in order to build up an accurate picture. When you think about it, trying to identify, track, shut down and catch a large money launderer (a typical use case for Quantexa’s software) is a classic big data problem.”
This sector of cybersecurity continues to grow and similar companies to Quantexa are also fundraising with investors.
Pieces of information always point to a larger puzzle. It begs the question how bad actors were caught in the past.
Whitney Grace, August 13, 2020
TikTok: Exploiting, Exploited, or Exploiter?
August 12, 2020
I read “TikTok Tracked Users’ Data with a Tactic Google Banned.” [Note: You will have to pay to view this article. Hey, The Murdoch outfit has to have a flow of money to offset its losses from some interesting properties, right?]
The write up reveals that TikTok, the baffler for those over 50, tricked users. Those lucky consumers of 30 second videos allegedly had one of their mobile devices ID numbers sucked into the happy outfit’s data maw. Those ID numbers — unlike the other codes in mobile devices — cannot be changed. (At least, that’s the theory.)
What can one do with a permanent ID number? Let us count some of the things:
- Track a user
- Track a user
- Track a user
- Obtain information to pressure a susceptible person into taking an action otherwise not considered by that person?
I think that covers the use cases.
The write up states with non-phone tap seriousness, a business practice of one of the Murdoch progeny:
The identifiers collected by TikTok, called MAC address, are most commonly used for advertising purposes.
Whoa, Nellie. This here is real journalism. A MAC address is shorthand for “media access control.” I think of the MAC address as a number tattooed on a person’s forehead. Sure, it can be removed… mostly. But once a user watches 30-second videos and chases around for “real” information on a network, that unique number can be used to hook together otherwise disparate items of information. The MAC is similar to one of those hash codes which allow fast access to data in a relational structure or maybe an interest graph. One can answer the question, “What are the sites with this MAC address in log files?” The answer can be helpful to some individuals.
There are some issues bubbling beneath the nice surface of the Murdoch article; for example:
- Why did Google prohibit access to a MAC address, yet leave a method to access the MAC address available to those in the know? (Those in the know include certain specialized services support US government agencies, ByteDance, and just maybe Google. You know Google. That is the outfit which wants to create a global seismic system using every Android device who owner gives permission to monitor earthquakes. Yep, is that permission really needed? Ho, ho, ho.)
- What vendors are providing MAC address correlations across mobile app content and advertising data? The WSJ is chasing some small fish who have visited these secret data chambers, but are there larger, more richly robust outfits in the game? (Yikes, that’s actually going to take more effort than calling a university professor who runs a company about advertising as a side gig. Effort? Yes, not too popular among some “real” Murdoch reporters.)
- What are the use cases for interest graphs based on MAC address data? In this week’s DarkCyber video available on Facebook at this link, you can learn about one interesting application: Targeting an individual who is susceptible to outside influence to take an action that individual otherwise would not take. Sounds impossible, no? Sorry, possible, yes.
To summarize, interesting superficial coverage but deeper research was needed to steer the writing into useful territory and away from the WSJ’s tendency to drift closer to News of the World-type information. Bad TikTok, okay. Bad Google? Hmmmm.
Stephen E Arnold, August 12, 2020
Spear Fishing: The Key to the Garmin Ransomware Attack
August 11, 2020
DarkCyber is not too keen on widely disseminated explanations of criminal procedures. “How to’s” may provide the equivalent of a jail house education to some. The article “Crypto-Ransomware in Action: A Closer Look at the WastedLocker Hijack of Garmin” explains the attack on the an outfit specializing geo-technology. Think GPS in consumer gizmos, aircraft, and vehicle. The write up quotes Kaspersky, a security outfit with some interesting allegations clinging to its shirt tails, as noting:
“This incident only highlights that there is a growing trend of targeted crypto-ransomware attacks against large corporations—in contrast to the more widespread and popular ransomware campaigns of the past, like WannaCry and NotPetya. While there are fewer victims, these targeted attacks are typically more sophisticated and destructive. And there is no evidence to suggest that they will decline in the near future. Therefore, it’s critical that organizations stay on alert and take steps to protect themselves.” [Fedor Sinitsyn, security expert at Kaspersky]
Additional details on the attack are available in the technical analysis on the Kaspersky Web site at this link. The write up includes screenshots and code samples. The details include this statement:
It uses a “classic” AES+RSA cryptographic scheme which is strong and properly implemented, and therefore the files encrypted by this sample cannot be decrypted without the threat actors’ private RSA key. The Garmin incident is the next in a series of targeted attacks on large organizations involving crypto-ransomware. Unfortunately, there is no reason to believe that this trend will decline in the near future.
DarkCyber agrees. Jail house learning?
Stephen E Arnold, August 11, 2020
Me Too, Me Too: Password Matching
August 7, 2020
Digital Shadows, founded in 2011, offered its Searchlight service. Terbium Labs, founded in 2013, offers its Matchlight services. Enzoic, founded in 2016, offered its password matching service. Scattered along the information highway are other cyber security firms offering variations on looking for compromised information on the Regular Web, the Dark Web, and in any other online source which the crawlers can reach. I mention these companies and their similar matching services because DarkCyber spotted “LogMeIn Introduces New Lastpass Security Dashboard and Dark Web Monitoring, Delivering a Complete Command Center for Managing Digital Security.” The write up states:
In addition to displaying weak and reused passwords, the new Security Dashboard now gives all LastPass users, regardless of tier, a full picture of their online security, providing complete control over their digital life and peace of mind that accounts are protected.
What’s interesting is that the capability to perform this type of LastPass check has been around for many years. Progress. People seeing the “light”? Some bad actors simply brute force passwords because many individuals prefer passwords from this list. The fact that strong passwords are not widely used contributes to bad actors’ success.
Stephen E Arnold, August 7, 2020
European Union: Yes, Russia Warrants Some Attention
August 4, 2020
With so many smart people wrestling with the Google and cage fighting with England, I was surprised to read “EU, in First Ever Cyber Sanctions, Hits Russian Intelligence.” The allegedly accurate write up states:
Four members of Russia’s GRU military intelligence agency were singled out. The EU accuses them of trying to hack the wifi network of the Netherlands-based Organization for the Prohibition of Chemical Weapons, which has probed the use of chemical weapons in Syria. The 2018 attack was foiled by Dutch authorities.
In addition, two individuals described as “Chinese nationals” found themselves in the sanction target area.
There are several ways to look at this action. First, the Google is a bigger deal than the EU’s friend to the East. Second, the Brexit fishing rights thing distracted EU officials from mere intelligence and trans-national security matters. Third, maybe someone realized that cyber espionage and cyber attacks are something to think about. A couple of years or more seems pretty snappy compared to other EU projects.
Stephen E Arnold, August 3, 2020
IBM Discloses Iranian Hacking: Was Watson on the Job?
July 30, 2020
We spotted an interesting nugget of information in “Iran-Linked Hackers Mistakenly Leak Videos of Their Operations in Action: Report.”
The story reveals that:
IBM’s X-Force security team acquired about five hours of video footage of hacking operations by APT35, a hacking group linked to the Iranian government…
Where did the video originate? The answer: Iran.
The IBM researchers got a hold of the footage due to “a misconfiguration of security settings on a virtual private cloud server they’d observed in previous APT35 activity,” the report said, adding that the files were uploaded to the exposed server over a few days in May, just as IBM was monitoring the machine. The APT35 hackers recorded their operations to demonstrate to junior team members how to handle hacked accounts, according to the report. The videos show the hackers how to download the contents of compromised Gmail and Yahoo Mail accounts.
The report does not mention Watson. Interesting.
Stephen E Arnold, July 29, 2020
Digital Shadows: Cyber Monitoring Inside
July 29, 2020
DarkCyber has pointed out in this blog and in the DarkCyber video news programs that cyber security generates hyperbole. Funding sources pump in cash. Companies buy not one cyber security system; big and mid-sized outfits buy news ones with each change of security professionals.
Why?
Most of the cyber security systems focus on what happened in the past. However, bad actors — some well funded by low profile operators — focus on the here and now.
Not surprisingly, competing claims, pricing plays, and fearful prospects keep the wheel spinning.
“Digital Shadows Announces Integration with Atlassian Jira” indicates that the stealthy Digital Shadows has moved inside an issue tracking and project tracking platform. Presumably the “SearchLight Inside” deal will deliver better security to Jira users. Will this tie up boost Atlassian stock?
DarkCyber assumes that other Dark Web and cyber threat indexing services will pursue similar “inside” deals.
The real test comes when licensees of these “inside” cyber threat solutions demonstrate they can avoid Garmin- and Twitter-type security breaches.
Stephen E Arnold, July 29, 2020
-
- Subscribe to Beyond Search
Feature archive
News archive
-
