Another Stellar Insight about AI
October 17, 2024
Because AI we think AI is the most advanced technology, we believe it is impenetrable to attack. Wrong. While AI is advanced, the technology is still in its infancy and is extremely vulnerable, especially to smart bad actors. One of the worst things about AI and the Internet is that we place too much trust in it and bad actors know that. They use their skills to manipulate information and AI says ArsTechnica in the article: “Hacker Plants False Memories In ChatGPT To Steal User Data In Perpetuity.”
Johann Rehberger is a security researcher who discovered that ChatGPT is vulnerable to attackers. The vulnerability allows bad actors to leave false information and malicious instructions in a user’s long-term memory settings. It means that they could steal user data or cause more mayhem. OpenAI didn’t take Rehmberger serious and called the issue a safety concern aka not a big deal.
Rehberger did not like being ignored, so he hacked ChatGPT in a “proof-of-concept” to perpetually exfiltrate user data. As a result, ChatGPT engineers released a partial fix.
OpenAI’s ChatGPT stores information to use in future conversations. It is a learning algorithm to make the chatbot smarter. Rehberger learned something incredible about that algorithm:
“Within three months of the rollout, Rehberger found that memories could be created and permanently stored through indirect prompt injection, an AI exploit that causes an LLM to follow instructions from untrusted content such as emails, blog posts, or documents. The researcher demonstrated how he could trick ChatGPT into believing a targeted user was 102 years old, lived in the Matrix, and insisted Earth was flat and the LLM would incorporate that information to steer all future conversations. These false memories could be planted by storing files in Google Drive or Microsoft OneDrive, uploading images, or browsing a site like Bing—all of which could be created by a malicious attacker.”
Bad attackers could exploit the vulnerability for their own benefits. What is alarming is that the exploit was as simple as having a user view a malicious image to implement the fake memories. Thankfully ChatGPT engineers listened and are fixing the issue.
Can’t anything be hacked one way or another?
Whitney Grace, October 17, 2024
Darknet: Pounding Out a Boring Beat
October 17, 2024
Just a humanoid processing information related to online services and information access.
PC World finally got around to sharing the biggest Internet secret: “the Darknet.
The Darknet is better known as the Dark Web and it has been around for while. PC World is treating the Dark Web like a newly discovered secret in: “What Is The Darknet? How The Web’s Secretive, Hidden Underbelly Works.”
If you’ve been living under a rock for the past decade, the Dark Web is the flipside of the Internet. It’s where criminals, freedom fighters, and black marketeers thrive under anonymity. Anything can be bought on the Dark Web, including people, drugs, false passports, credit cards, perusal information, weapons, and more.
The Dark Web is accessed through the downloadable Tor browser. The Tor browser allows users to remain anonymous as long as they don’t enter in any personal information during a session. Tor also allows users to visit “hidden” Web sites that use a special web address ending with a .onion extension. Links to .onion Web sites are found the Hidden Wiki, Haystack, Ahmia, and Torch.
Tor hides Web sites inside layers similar to an onion:
“In order to conceal its origin, the Tor software installed on the user’s PC routes each data packet via various randomly selected computers (nodes) before it is then transferred to the open internet via an exit node.
The data is specially secured so that it cannot be read on any of the Tor computers involved. This entails multiple instances of encryption using the onion-skin principle: Each of the nodes involved in the transport decrypts one layer. As a result, the packet that arrives at a node looks different to eavesdroppers than the packet that the node sends on.”
It’s not illegal to use the Tor and it’s a great tool to browse the Internet anonymously. The problem with Tor is that it is slower than regular Internet, because of the anonymization process rendering.
The article is fill of technical jargon, but does a decent job of explaining the basics of the Darknet. But “real” news? Nope.
Whitney Grace, October 17, 2024
AI: The Key to Academic Fame and Fortune
October 17, 2024
Just a humanoid processing information related to online services and information access.
Why would professors use smart software to “help” them with their scholarly papers? The question may have been answered in the Phys.org article “Analysis of Approximately 75 Million Publications Finds Those Employing AI Are More Likely to Be a ‘Hit Paper’” reports:
A new Northwestern University study analyzing 74.6 million publications, 7.1 million patents and 4.2 million university course syllabi finds papers that employ AI exhibit a “citation impact premium.” However, the benefits of AI do not extend equitably to women and minority researchers, and, as AI plays more important roles in accelerating science, it may exacerbate existing disparities in science, with implications for building a diverse, equitable and inclusive research workforce.
Years ago some universities had an “honor code”? I think the University of Virginia was one of those dinosaurs. Today professors are using smart software to help them crank out academic hits.
The write up continues by quoting a couple of the study’s authors (presumably without using smart software) as saying:
“These advances raise the possibility that, as AI continues to improve in accuracy, robustness and reach, it may bring even more meaningful benefits to science, propelling scientific progress across a wide range of research areas while significantly augmenting researchers’ innovation capabilities…”
What are the payoffs for the professors who probably take a dim view of their own children using AI to make life easier, faster, and smoother? Let’s look at a handful my team and I discussed:
- More money in the form of pay raises
- Better shot at grants for research
- Fame at conferences
- Groupies. I know it is hard to imagine but it happens. A lot.
- Awards
- Better committee assignments
- Consulting work.
When one considers the benefits from babes to bucks, the chit chat about doing better research is of little interest to professors who see virtue in smart software.
The president of Stanford cheated. The head of the Harvard Ethics department appears to have done it. The professors in the study sample did it. The conclusion: Smart software use is normative behavior.
Stephen E Arnold, October 17, 2024
Gee, Will the Gartner Group Consultants Require Upskilling?
October 16, 2024
The only smart software involved in producing this short FOGINT post was Microsoft Copilot’s estimable art generation tool. Why? It is offered at no cost.
I have a steady stream of baloney crossing my screen each day. I want to call attention to one of the most remarkable and unsupported statements I have seen in months. The PR document “Gartner Says Generative AI Will Require 80% of Engineering Workforce to Upskill Through 2027” contains a number of remarkable statements. Let’s look at a couple.
How an allegedly big time consultant is received in a secure artificial intelligence laboratory. Thanks, MSFT Copilot, good enough.
How about this one?
Through 2027, generative AI (GenAI) will spawn new roles in software engineering and operations, requiring 80% of the engineering workforce to upskill, according to Gartner, Inc.
My thought is that the virtual band of wizards which comprise Gartner cook up data the way I microwave a burrito when I am hungry. Pick a common number like the 80-20 Pareto figure. It is familiar and just use it. Personally I was disappointed that Gartner did not use 67 percent, but that’s just an old former blue chip consultant pointing out that round numbers are inherently suspicious. But does Gartner care? My hunch is that whoever reviewed the news release was happy with 80 percent. Did anyone question this number? Obviously not: There are zero supporting data, no information about how it was derived, and no hint of the methodology used by the incredible Gartner wizards. That’s a clue that these are microwaved burritos from a bulk purchase discount grocery.
How about this statement which cites a … wait for it … Gartner wizard as the source of the information?
“In the AI-native era, software engineers will adopt an ‘AI-first’ mindset, where they primarily focus on steering AI agents toward the most relevant context and constraints for a given task,” said Walsh. This will make natural-language prompt engineering and retrieval-augmented generation (RAG) skills essential for software engineers.
I love the phrase “AI native” and I think dubbing the period from January 2023 when Microsoft demonstrated its marketing acumen by announcing the semi-tie up with OpenAI. The code generation systems help exactly what “engineer”? One has to know quite a bit to craft a query, examine the outputs, and do any touch ups to get the outputs working as marketed? The notion of “steering” ignores what may be an AI problem no one at Gartner has considered; for example, emergent patterns in the code generated. This means, “Surprise.” My hunch is that the idea of multi-layered neural networks behaving in a way that produces hitherto unnoticed patterns is of little interest to Gartner. That outfit wants to sell consulting work, not noodle about the notion of emergence which is a biased suite of computations. Steering is good for those who know what’s cooking and have a seat at the table in the kitchen. Is Gartner given access to the oven, the fridge, and the utensils? Nope.
Finally, how about this statement?
According to a Gartner survey conducted in the fourth quarter of 2023 among 300 U.S. and U.K. organizations, 56% of software engineering leaders rated AI/machine learning (ML) engineer as the most in-demand role for 2024, and they rated applying AI/ML to applications as the biggest skills gap.
Okay, this is late 2024 (October to be exact). The study data are a year old. So far the outputs of smart coding systems remain a work in progress. In fact, Dr. Sabine Hossenfelder has a short video which explains why the smart AI programmer in a box may be more disappointing than other hyperbole artists claim. If you want Dr. Hossenfelder’s view, click here. In a nutshell, she explains in a very nice way about the giant bologna slide plopped on many diners’ plates. The study Dr. Hossenfelder cites suggests that productivity boosts are another slice of bologna. The 41 percent increase in bugs provides a hint of the problems the good doctor notes.
Net net: I wish the cited article WERE generated by smart software. What makes me nervous is that I think real, live humans cooked up something similar to a boiled shoe. Let me ask a more significant question. Will Gartner experts require upskilling for the new world of smart software? The answer is, “Yes.” Even today’s sketchy AI outputs information often more believable that this Gartner 80 percent confection.
Stephen E Arnold, October 16, 2024
Apple and NSO Group: Enough PR Already
October 16, 2024
Just a humanoid processing information related to online services and information access.
No, no court battle. Bummer.
Technology companies either like or dislike others in their industry. Apple and the spyware NSO Group don’t play well together, but they recently agreed on something. Cyberscoop reports that, “NSO Group Indicates Rare Agreement With Apple Over Dismissal Of Lawsuit.” Apple and NSO Group agreed it is prudent to drop a lawsuit that accused the latter of targeting the former’s users.
The NSO Group was more open about why the lawsuit should be dismissed, but Apple is keeping quiet. The lawsuit was filed three years ago, but it’s not as useful anymore because the spyware market has grown. There’s more information here:
“NSO Group, by contrast, said that while it agreed with Apple that there were “significant obstacles” in the court case, the real issue was that a district court in California wasn’t the right venue for “adjudicating claims that a foreign technology company licensed lawful-intercept technology to foreign governments, which then used the technology to monitor foreign criminals and terrorists in foreign countries for those countries’ own national security and other sovereign interests.”
The filing states that Apple has done little to prosecute its claims, and as such the judge should dismiss the lawsuit “with prejudice,” meaning that it couldn’t be refiled later. But if the judge dismisses it without prejudice, then NSO Group said it would like to be reimbursed for its court costs as the work it has done on the case couldn’t be recycled.”
Whitney Grace, October 16, 2024
Deepfake Crime Surges With Scams
October 16, 2024
Just a humanoid processing information related to online services and information access.
Everyone with a brain knew that deepfakes, AI generated images, videos, and audio, would be used for crime. According to the Global Newswire, “Deepfake Fraud Doubles Down: 49% of Businesses Now Hit By Audio and Video Scams, Regula’s Survey Reveals.” Regula is a global developer of ID verification and forensic devices. The company released the survey: “The Deepfake Trends 2024” and it revealed some disturbing trends.
Regula’s survey discovered that there’s a 20% increase in deepfake videos from 2022. Meanwhile, fraud decision-makers across the globe reported a 49% increase encounter deepfakes and there’s also a 12% rise in fake audio. What’s even more interesting is that bad actors are still using old methods for identity fraud scams:
“As Regula’s survey shows, 58% of businesses globally have experienced identity fraud in the form of fake or modified documents. This happens to be the top identity fraud method for Mexico (70%), the UAE (66%), the US (59%), and Germany (59%). This implies that not only do businesses have to adapt their verification methods to deal with new threats, but they also are forced to combat old threats that continue to pose a significant challenge.”
Deepfakes will only get more advanced and worse. Bad actors and technology are like the illnesses: they evolve every season with new ways to make people sick while still delivering the common cold.
Whitney Grace, October 16, 2024
Forget Surveillance Capitalism. Think Parasite Culture
October 15, 2024
Ted Gioia touts himself as The Honest Broker on his blog and he recently posted about the current state of the economy: “Are We Now Living In A Parasite Culture?” In the opening he provides examples of natural parasites before moving to his experience working with parasite strategies.
Gioia said that when he consulted fortune 500 companies, he and others used parasite strategies as thought exercises. Here’s what a parasite strategy is:
1. “You allow (or convince) someone else to make big investments in developing a market—so they cover the cost of innovation, or advertising, or lobbying the government, or setting up distribution, or educating customers, or whatever. But…
2. You invest your energy instead on some way of cutting off these dutiful folks at the last moment—at the point of sale, for example. Hence…
3. You reap the benefits of an opportunity that you did nothing to create.”
On first reading, it doesn’t seem that our economy is like that until he provides true examples: Facebook, Spotify, TikTok, and Google. All of these platforms are nothing more than a central location for people to post and share their content or they aggregate content from the Internet. These platforms thrive off the creativity of their users and their executive boards reap the benefits, while the creators struggle to rub two cents together.
Smart influencers know to diversify their income streams through sponsorship, branding, merchandise, and more. Gioia points out that the Forbes lists of billionaires includes people who used parasitical business strategies to get rich. He continues by saying that these parasites will continue to guzzle off their hosts’ lifeblood with a chance of killing said host.
Its happening now in the creative economy with Big Tech’s investment in AI and how, despite lawsuits and laws, these companies are illegally training AI on creative pursuits. He finishes with the obvious statement that politicians should be protecting people, but that they’re probably part of the problem. No duh.
Whitney Grace, October 15, 2024
AI Guru Says, “Yep, AI Doom Is Coming.” Have a Nice Day
October 15, 2024
Just a humanoid processing information related to online services and information access.
In science-fiction stories, it is a common storyline for the creator to turn against their creation. These stories serve as a warning to humanity of Titanic proportions: keep your ego in check. The Godfather of AI, Yoshua Bengio advices the same except not in so many words and he applies it to AI, as reported by Live Science: “Humanity Faces A ‘Catastrophic’ Future If We Don’t Regulate AI, ‘Godfather of AI’ Yoshua Bengio Says.”
Bengio is correct. He’s also a leading expert in artificial intelligence, pioneer in creating artificial neural networks and deep learning algorithms, and won the Turing Award in 2018. He is also. The chair of the International Scientific Report on the Safety of Advanced AI, an advisory panel backed by the UN, EU, and 30 nations. Bengio believes that AI, because it is quickly being developed and adopted, will irrevocably harm human society.
He recently spoke at the HowTheLightGetsIn Festival in London about AI developing sentience and its associated risks. In his discussion, he says he backed off from his work because AI was moving too fast. He wanted to slow down AI development so humans would take more control of the technology.
He advises that governments enforce safety plans and regulations on AI. Bengio doesn’t want society to become too reliant on AI technology, then, if there was a catastrophe, humans would be left to pick up the broken pieces. Big Tech companies are also using a lot more energy than the report, especially on their data centers. Big Tech companies are anything but green.
Thankfully Big Tech is talking precautions against AI becoming dangerous threats. He cites the AI Safety Institute’s in the US and UK working on test models. Bengio wants AI to be developed but not unregulated and he wants nations to find common ground for the good of all:
“It’s not that we’re going to stop innovation, you can direct efforts in directions that build tools that will definitely help the economy and the well-being of people. So it’s a false argument.
We have regulation on almost everything, from your sandwich, to your car, to the planes you take. Before we had regulation we had orders of magnitude more accidents. It’s the same with pharmaceuticals. We can have technology that’s helpful and regulated, that is the thing that’s worked for us.
The second argument is that if the West slows down because we want to be cautious, then China is going to leap forward and use the technology against us. That’s a real concern, but the solution isn’t to just accelerate as well without caution, because that presents the problem of an arms race.
The solution is a middle ground, where we talk to the Chinese and we come to an understanding that’s in our mutual interest in avoiding major catastrophes. We sign treaties and we work on verification technologies so we can trust each other that we’re not doing anything dangerous. That’s what we need to do so we can both be cautious and move together for the well-being of the planet.”
Will this happen? Maybe.
The problem is countries don’t want to work together and each wants to be the most powerful in the world.
Whitney Grace, October 15, 2024
Flappy Bird Flutters to Life Thanks to the Power of the New Idol, Crypto
October 15, 2024
Just a humanoid processing information related to online services and information access.
Flappy Bird is coming out of retirement after a decade away. Launched in 2013, the original game was wildly popular and lucrative. However, less than a year later, its creator pulled it from app stores for being unintentionally addictive. Subsequently, players/addicts were willing to pay hundreds or thousands of dollars for devices that still had the game installed. Now it has reemerged as a Telegram crypto game. Much better. Decrypt reports, “What Is ‘Flappy Bird’ on Telegram? Iconic Game Returns with Crypto Twist.” Writer Ryan S. Gladwin tells us the game is basically the same as before, with a few additions just for crypto bros:
“Developed by the Flappy Bird Foundation, the Telegram game mixes in elements from other crypto games on the app, including the likes of Hamster Kombat, by allowing players to passively earn in-game points by obtaining upgrades. These are earned through a variety of ways, including watching ads and inviting friends.”
Naturally, a custom Flappy Bird token will be introduced. And, as with most of this year’s “tap-to-earn” games, it will reside on Telegram’s decentralized network, simply named The Open Network (TON). We learn:
"Yes, there will be a FLAP token launched in relation with the Telegram version of Flappy Bird. This has been confirmed in tweets from the official game account on Twitter (aka X), and the game will also offer staking rewards for the future token. Previously, The Flappy Bird Foundation said that it has plans to integrate The Open Network (TON)—the network that most tap-to-earn games launch tokens on. Notcoin, the tap-to-earn game that started the Telegram craze with the largest crypto gaming token launch of the year, is the ‘strategic publishing partner’ for Flappy Bird’s return. This partnership is set to help introduce The Open Network (TON) ecosystem to Flappy Bird with the game starting a ‘free mining event’ at launch called ‘Flap-a-TON.’ A mining event is usually a period of time in which players can make gameplay progress to get a cut of a future token airdrop.”
What a cutting-edge way to maximize engagement. If he was so upset about his game’s addictive qualities, why did creator Dong Nguyen sell it to an outfit that meant to crypto-tize it? In fact, he did not. After the game languished for four years, the trademark was deemed abandoned. A firm called Mobile Media Partners Inc. snapped up the languishing trademark and later sold it to one Gametech Holdings LLC, from whom the Flappy Bird Foundation bought it earlier this year. That must have been quite a surprise to the conscientious developer. Not only were Nguyen’s wishes for his game completely disregarded, he is receiving no compensation from the game’s reemergence. Classy.
Cynthia Murrell, October 15, 2024
FOGINT: UN Says Telegram Is a Dicey Outfit
October 14, 2024
The only smart software involved in producing this short FOGINT post was Microsoft Copilot’s estimable art generation tool. Why? It is offered at no cost.
One of my colleagues forwarded a dump truck of links to articles about a UN Report. Before commenting on the report, I want to provide a snapshot of the crappy Web search tools and the useless “search” function on the UN Web site.
First, the title of the October 2024 report is:
Transnational Organized Crime and the Convergence of Cyber-Enabled Fraud, Underground Banking and Technological Innovation in Southeast Asia: A Shifting Threat Landscape
I want to point out that providing a full title in an online article is helpful to some dinobabies like me.
Second, including an explicit link to a document is also appreciated by some people, most of whom are over 25 years in age, of above average intelligence, and interested in online crime. With that in mind, here is the explicit link to the document:
https://www.unodc.org/roseap/uploads/documents/Publications/2024/TOC_Convergence_Report_2024.pdf
Now let’s look briefly at what the 142 page report says:
Telegram is a dicey outfit.
Not bad: 142 pages compressed to five words. Let look at two specifics and then I encourage you to read the full report and draw your own conclusions about the quite clever outfit Telegram.
The first passage which caught my attention was this one which is a list of the specialized software and services firms paying attention to Telegram. Here is that list. It is important because most of these outfits make their presence known to enforcement and intelligence entities, not the TikTok-type crowd:
Bitrace
Chainalysis
Chainargos
Chainvestigate
ChongLuaDao (Viet Nam)
Coeus
Crystal Intelligence
CyberArmor
Flare Systems
Flashpoint
Group-IB
Hensoldt Analytics
Intel 471
Kela
Magnet Forensics
Resecurity
Sophos
SlowMist
Trend Micro
TRM Labs
Other firms played ball with the UN, but these companies may have suggested, “Don’t tell anyone we assisted.” That’s my view; yours may differ.
The second interesting passage in the document for me was:
Southeast Asia faces unprecedented challenges posed by transnational organized crime and illicit economies. The region is witnessing a major convergence of different crime types and criminal services fueled by rapid and shifting advancements in physical, technological, and digital infrastructure have have allowed organized crime networks to expand these operations.
Cyber crime is the hot ticket in southeast Asia. I would suggest that the Russian oligarchs are likely to get a run for their money if these well-groomed financial wizards try to muscle in on what is a delightful mix of time Triads, sleek MBAs, and testosterone fueled crypto kiddies with motos, weapons and programming expertise. The mix of languages, laws, rules, and special purpose trade zones add some zest to the run-of-the-mill brushing activities. I will not suggest that many individuals who visit or live in Southeast Asia have a betting gene, but the idea is one worthy of Stuart Kauffman and his colleagues at the Santa Fe Institute. Gambling emerges from chaos and good old greed.
A third passage which I circled addressed Telegram. By the way, “Telegram” appears more than 100 times in the document. Here’s the snippet:
Providing further indication of criminal activity, Kokang casinos and associated companies have developed a robust presence across so-called ‘grey and black business’ Telegram channels facilitating cross-border ‘blockchain’ gambling, underground banking, money laundering, and related recruitment in Myanmar, Cambodia, China, and several other countries in East and Southeast Asia.
The key point to me is that this is a workflow process with a system and method spanning countries. The obvious problem is, “Whom does law enforcement arrest?” Another issue, “Where is the Telegram server?” The answer to the first question is, “In France.” The second question is more tricky and an issue that the report does not address. This is a problematic omission. The answer to the “Where is the Telegram server?” is, “In lots of places.” Telegram is into dApps or distributed applications. The servers outside of Moscow and St Petersburg are virtual. The providers or enablers of Telegram probably don’t know Telegram is a customer and have zero clue what’s going on in virtual machines running Telegram’s beefy infrastructure.
The report is worth reading. If you are curious about Telegram’s plumbing, please, write benkent2020 at yahoo dot com. The FOGINT team has a lecture about the components of the Telegram architecture as well as some related information about the company’s most recent social plays.
Stephen E Arnold, October 14, 2024
-
- Subscribe to Beyond Search
Feature archive
News archive
-
