Weekly Axis Of Easy #295
Last Week’s Quote was “What lies behind us and what lies before us are tiny matters compared to what lies within us,” was by Ralph Waldo Emerson. No one got it.
This Week’s Quote: “Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive.” By ???
THE RULES: No searching up the answer, must be posted at the bottom of this post, in the comments section.
The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.
In this issue:
- Facebook censors Pulitzer Prize winner’s critique of US involvement in Nord Stream Pipeline attack
- According to Latest Citizen Lab Report, Israeli Spyware Maker NSO Group Deployed at Minimum 3 New “Zero-Click” Exploits Against iPhones in 2022
- New Palo Alto Networks Report Shows Rising Trend in Threat Actors Who Are Adopting Web3 IPFS Technology
- Independent Security Analyst Uncovers Critical Security Vulnerability that Could Lead to ChatGPT Account TakeOver
- Matt Taibbi is leaving Twitter after CEO Elon Musk’s recent changes made the platform unusable
- OpenAI’s hunger for data is coming back to bite it
- ICANN/Verisign Proposal Would Allow Any Government To Seize Domain Names
- AoE GPT Hallucinates totally wrong report
- Recent Microsoft Defender Update Rolls Out a Confusing New Hardware Stack Protection Feature
- Russian Attackers Received Warnings from UK
- Binance Seeks Court Subpoena to Find Alleged GitHub Source Code Leaker
- Researchers at CheckPoint Research (CPR) Publish Advisory Notice Against New Raspberry Robin Evasion Techniques
- Rise in attacks on Cisco routers are observed
In an apparent conflict of interest, Facebook is censoring Pulitzer Prize-winning author Seymour Hersh’s report on how the US, with the aid of the Norwegian government, destroyed Russia’s Nord Stream pipelines. Instead of allowing Hersh’s article to be shared on the platform, Facebook is instead slapping a warning label on the article’s link with the following disclaimer: “False information. Checked by independent fact-checkers.” The fact-checkers in question, however, are far from independent, as they lead back to sources from the Norwegian government-owned media company NRK, which has a clear self-interest in censoring the story.
By censoring the story with bad faith, “fact check,” Facebook is ensuring that the truth of the US involvement in destroying the Nord Stream pipeline does not reach a much wider audience. This is yet another example of how the “fact checker industrial complex” serves to censor legitimate information in exchange for state media control.
Journalist Michael Shellenberger, who first noticed the issue when he tried to post Hersh’s article on Facebook, is quoted as follows: “Whether Hersh is wrong or right, his reporting should be debated publicly, not censored. Facebook’s actions are antithetical to America’s tradition of free and open debate and its rejection of secretive, authoritarian censorship.“
According to new findings by Citizen Lab, the Israeli spyware maker NSO Group deployed at minimum 3 new “zero-click” exploits against iPhones in 2022. It did so to penetrate through Apple’s defenses and deploy the Pegasus, a sophisticated cyber weapon capable of extracting sensitive information stored in a device (including messages, locations, photos, and call logs) in real time. Pegasus is typically used to target iPhones using zero-click and/or zero-day exploits.
The interdisciplinary lab based at the University of Toronto reports: “NSO Group customers widely deployed at least three iOS 15 and iOS 16 zero-click exploit chains against civil society targets around the world.” Although NSO Group’s spyware has been marketed as a tool to combat crimes such as terrorism and child sexual abuse, it has also been illegally used to spy on human rights activists, journalists, and democracy advocates by authoritarian governments.
This exact misuse of Pegasus software led the US government to block NSO Group from its trade list in 2021. The company has also been sued by Apple for targeting its users. A report emerged in July 2022 that the spyware was used against Thai activists during the country’s pro-democracy protests in October and November of that year. Pegasus has also targeted Centro PRODH, which represents victims of the Mexican Army’s extrajudicial killings and disappearances in June 2022, as well as human rights defenders from the Human Rights Commission (HRC).
In 2022, analysts from Unit 42 observed the rampant adoption of the InterPlanetary File System (IPFS) with malicious intent. IPFS is a Web3 technology that decentralizes and distributes files and other data stored in a peer-to-peer network. The third iteration of the World Wide Web (also referred to as Web3) emphasizes decentralization using blockchain technology.
By using Web3, users are able to protect their data from censorship and manipulation without the intervention of a central authority. With decentralization, individuals are able to control and own their own content, which can be posted without fear of a government or technology company removing it. Cybercriminals, however, can also exploit these same benefits. Decentralization and distribution of IPFS content make it very difficult to identify and remove malicious content.
From the last quarter of 2021 through the last quarter of 2022, Palo Alto Networks detected an increase of 893% in IPFS traffic. According to VirusTotal, attacks increased by 27,000% over the same period. Unit 42 analyzed the threat campaigns during this period and found that phishing, credential theft, malware distribution, and general adoption by threat actors were all part of these campaigns.
The independent security analyst and bug hunter, Nagli, recently uncovered a critical security vulnerability in ChatGPT which, if exploited, allows attackers to gain complete control of any ChatGPT user’s account. Since its release in November, ChatGPT has played a central role across a wide spectrum of innovations, yet the software’s security system continues to evolve. Ever since various security researchers reported a variety of bugs on ChatGPT’s system, the Microsoft-backed OpenAI has recently decided to launch its very own bug bounty program. Nagli’s discovery of the Web Cache deception attack on the ChatGPT Account Takeover, which allows attackers to do ATOs (Account TakeOvers) inside the application, is one such reported security flaw.
In 2017, Omer Gil introduced Web cache deception as a new attack vector at the BlackHat USA conference. Using this attack, an attacker can make a web server store a web cache by sending a URL with an invalid type of file, such as CSS, JPG, or PNG.This non-existent URL is spread to victims when they click on the link in various private or public chat forums. The attacker can then later retrieve these various pieces of sensitive information from the URL. Luckily, OpenAI rectified the issue within a few hours of its report.
Elon Musk’s relationship with “Twitter Fields” lead writer Matt Taibbi ended over Musk’s feud with Substack. Musk blocked interactions on tweets with Substack links after Substack launched a Twitter-like feature called Substack Notes. Because Taibbi publishes most of his writing on Substack, the two had a disagreement over the issue that led to Taibbi leaving the Bird app.
Taibbi expressed his discontent to Must directly, stating that if Twitter was going to label Substack’s writers work unsafe and not allow them to share their articles, he couldn’t endorse the CEO’s actions by using the platform. According to the ex-Rolling Stones journalist, Musk answered his text messages with a furious question: “So you want Substack to kill Twitter?” The disagreement ended with Taibbi’s Twitter Files threads being disabled and with Musk unfollowing Taibbi, and accusing him of supporting “a company that wants to kill Twitter.”
“In doing all this, Elon immolated the last remnants of any reputation he had as a free speech advocate and gave immeasurable success to the assorted David Brocks, AOCs, and Renee DiRestas, who view him as an antichrist.” said Taibbi in the latest issue of his Meet the Censored series. “All can now point to his outbursts of cartoon censorship and argue that individual eccentric CEOs are the real danger to free expression, not squads of executives working in oligopolistic secrecy with the FBI, DHS, and ten million Pentagon-funded Centers for Securing Whatever.“
In his article, the author states he has “nothing against” Musk and will always be grateful for the internal communications he provided Taibbi with from Twitter’s previous administration. “But he’s as high as Snoop in a weather balloon if he thinks banning commercial rivals is going to solve Twitter’s problems,” Taibbi added. “The whole thing’s really a shame.”
OpenAI’s Hunger For Data Is Coming Back To Bite It
The European Union’s privacy protection rules (GDPR) have found problems with how OpenAI gathers information to train ChatGPT. Apparently it just vacuums up information from anywhere.
At this point Italy has temporarily banned OpenAI and given them until April 30th to comply with the law delete or ask for permission to use the data or face fines or a permanent ban.
Other countries are also investigating how OpenAI collects data.
Where is that AI ethics department Microsoft disbanded when you need it? As we reported back in issue #290, could have caused these consequences.
No matter where we look, things seem to be spiralling towards censorship. The domain industry seems to be no exception.
ICANN regulates global domain name policy. Verisign is in control of .com and .net domains.
As domain policy expert (and easyDNS client) George Kirikos observes:
“Either by design, or unintentionally, they’ve proposed allowing any government in the world to cancel, redirect, or transfer to their control applicable domain names! This is an outrageous and dangerous proposal that must be stopped. While this proposal is currently only for .NET domain names, presumably they would want to also apply it to other extensions like .COM as those contracts come up for renewal.”
The offending text can be found buried in an appendix. The article highlights it clearly.The upside is, the proposed changes are still open for public comment.
George follows this space so closely, so watch his blog or follow him on Twitter for developments.
AoE GPT Hallucinates totally wrong report
Recent Microsoft Defender Update Rolls Out a Confusing New Hardware Stack Protection Feature
Russian Attackers Received Warnings from UK
Binance Seeks Court Subpoena to Find Alleged GitHub Source Code Leaker
Researchers at CheckPoint Research (CPR) Publish Advisory Notice Against New Raspberry Robin Evasion Techniques
Rise in attacks on Cisco routers are observed
Previously on #AxisOfEasy
If you missed the previous issues, they can be read online here:
- April 17th, 2023: TikTok Facing £12.7M Fine From ICO For Regulatory Issues For The Use Of Children’s Data
- April 10th, 2023: Clearview AI Admits To Nearly 1 Million Uses By US Law Enforcement
- April 3rd, 2023: Online Safety Bill Introduces Mass Surveillance, Leaves Citizens’ E2E Encrypted Messages Vulnerable To Criminal And Foreign Activity
- March 27th, 2023: 291: Chinese Budget Shopping App, Pinduoduo, Temporarily Suspended On Google Play Store Over Malware Concerns
- March 20th, 2023: Microsoft AI Ethics Department Disbanded Amidst Industry Warnings