Law enforcement agencies in the United States, United Kingdom, and Australia this week named a Russian national as the person behind LockBitSupp. LockBitSupp is the pseudonym of the leader of the LockBit ransomware group, which the US claims is responsible for extracting $500 million from victims. Dmitry Yuryevich Khoroshev has been sanctioned and indicted in the United States on 26 criminal charges, which combined could result in a sentence of 185 years in prison. That is if he is arrested and successfully prosecuted, which is extremely rare for a suspect living in Russia.
Elsewhere in the world of cybercrime, WIRED's Andy Greenberg interviewed representatives of the Russian Cyber ​​Army. The Russian Cyber ​​Army is a hacking group that targets water utilities in the United States and Europe and is said to have ties to the notorious Russian military hacking squad known as Sandworm. The response from the Russian Cyber ​​Army was littered with pro-Kremlin talking points and some bizarre confessions.
FBI Deputy Director Urges FBI Officials to Continue Using Massive Foreign Surveillance Database to Search Communications of 'American Persons', Fights Failed for Search to Require Privacy and Freedoms sparked outrage from its defenders. . Section 702 of the Foreign Intelligence Surveillance Act requires that “subjects” of a surveillance program be based outside the United States, but if any of the parties are involved, the texts of people in the United States; Communications that can be included in the 702 database, including emails and phone calls, are foreign. An amendment that would have required the FBI to obtain warrants for 702 searches of Americans failed by a tie vote earlier this year.
This week, security researchers uncovered an attack on VPNs that forces some or all of a user's web traffic to be routed outside an encrypted tunnel, defeating the entire reason for using a VPN. . The attack, called “TunnelVision,” affects almost all VPN applications, and researchers say this attack has been possible since 2022, which has already been done by malicious attackers. It means it may have been used.
That's not all. Every week, we round up security and privacy news that we haven't covered in detail ourselves. Click on the heading to read the full text. And stay safe outside.
According to Microsoft, Microsoft has developed an offline-generated AI model specifically designed to process top-secret information for U.S. intelligence agencies. bloomberg. This system is based on his GPT-4 and is isolated from the internet and can only be accessed through networks dedicated to the US government. said William Chappell, Microsoft's chief technology officer for strategic mission and technology. bloomberg In theory, approximately 10,000 people could access the system.
Spy agencies are keen to leverage the power of generative AI, but these systems typically rely on online cloud services for data processing, raising concerns about the potential for sensitive information to be inadvertently leaked. Masu. However, Microsoft insists that the models it has created for the US government are “clean”, meaning they can read files without learning and prevent sensitive information from being integrated into the platform. . Bloomberg noted that this is the first time a major large-scale language model operates completely offline.
Sky News reported this week that the UK Ministry of Defense was the target of a major cyberattack on a third-party payroll system. On Tuesday, British Defense Secretary Grant Shapps informed MPs that the pay records of around 270,000 current and former military personnel, including his home address, had been accessed in a cyberattack. He also cannot rule out “state involvement,” he said.
The government has not announced the countries involved, but Sky News reported that the Chinese government is suspected of being involved. China's Ministry of Foreign Affairs denied the allegations, saying in a statement that it “resolutely opposes and combats all forms of cyber-attacks” and “rejects the political use of this issue to defame other countries.” Ta.
According to the report, payroll company Shared Services Connected knew about the breach for months before reporting it to the government. guardian.
The U.S. Marine Corps Special Operations Command (MARSOC) is testing a robotic dog that can be equipped with an artificial intelligence-enabled gun system. Onyx Industries, a maker of AI gun systems, told reporters at the National Defense Council this week that about two of the MARSOC robot dogs developed by Ghost Robotics were used in its weapon systems, The War Zone reported. He admitted that he was equipped with.
MARSOC clarified in a statement to The War Zone that the robot dog is “under evaluation” and has not yet been deployed in the field. They noted that weapons are just one possible use for the technology, which could also be used for surveillance and reconnaissance. MARSOC stressed that it is fully compliant with U.S. Department of Defense policy regarding autonomous weapons.
The US Marine Corps previously experimented with a robot dog equipped with a rocket launcher.
Days after hackers posted on BreachForums offering to sell the data of nearly 50 million Dell customers, the company began notifying customers about the data breach on its corporate portal. According to an email sent to affected people, the leaked data includes names, addresses, and information about purchased hardware. “Relevant information does not include financial or payment information, email addresses, phone numbers, or other sensitive customer information,” the email to affected customers said. .