Elsewhere online: 

• Canada Revenue Agency has asked Shopify to “backchannel” them data on all Canadian stores for last six years, according to a tweet by founder and CEO Tobias Lutke
• Illinois Hospital, St. Margaret’s Health, Closes Down After Ransomware Attack Led to Financial Spiral
• UPS Data Breach Exposes Customer Information: How to Stay Alert Against SMS Phishing Scams
• Espionage 2.0: North Korean Hackers Unleash Malware with Microphone Wiretapping Capabilities
• New Tactic: Chinese Hackers Utilize DNS over HTTPS to Control Linux Malware

Revolutionizing National Security: Army’s Social Media Surveillance Tech

The U.S. Army Protective Services Battalion, the Pentagon’s underappreciated Secret Service substitute, will protect top military brass. According to Army archives, the organization guards both serving and retired senior military leaders against “assassination, kidnapping, injury or embarrassment.“

The nation’s security apparatus has increased its attention on social media, especially regarding disinformation. Several national security agencies have recently established outposts across the federal government to address the alleged threat.

The Army does not wish to publicize its interest in extensive data collecting, the Protective Services Battalion memo claims. Even though it is publicly available, the redacted version of the contract agreement is labeled as “Controlled Unclassified Information” (CUI) and “FEDCON,” which means it is only for use by federal personnel and contractors.

Read: https://theintercept.com/2023/06/17/army-surveillance-social-media/


The Fediverse’s Anti-Meta Stance: Openness or Insularity?

About a month ago, BlueSky, the decentralized social network protocol spun out by Twitter in 2021, asked users to sign the following “Anti-Meta Fedi Pact“:

“I am an instance admin/mod on the fediverse. by signing this pact, i hereby agree to block any instances owned by meta should they pop up on the fediverse. project92 is a real and serious threat to the health and longevity of fedi and must be fought back against at every possible opportunity.“

The “Project 92” referred to in this message is the name of Instagram’s new up-and-coming Twitter competitor. After Elon Musk bought out Twitter in 2022 and began to make several unpopular changes to the platform, Twitter users have been leaving the platform in droves, headed toward the open-source social media platform Mastodon.

The latter is a “federated” network, i.e., a collection of thousands of social networks run on servers across the world linked by the common Mastodon technology. The Mastodon platform community is known as the “Fediverse.” As a volunteer-run system, the Fediverse does not run on ads. Users sign up for a specific server with its own rules and policies, run by whoever set it up.

Although the Fediverse touts itself as an anti-corporate alternative to social media platforms like Twitter, John Gruber at DaringFireball.net wonders if the site should aim instead to be about pro-openness.

“The idea that administrators of Mastodon/Fediverse instances should pledge to preemptively block Facebook’s imminent Twitter-like ActivityPub service (purportedly named Threads) strikes me as petty and deliberately insular. I don’t like Facebook, the company, and I’ve never seen the appeal of Facebook, the product (a.k.a. “the blue app”). But there are literally billions of good people who use their services. Why cut them off from the open ActivityPub social world? Large swaths of Mastodon seem to relish the fact that it’s confusing how to get started, and that this confusion is keeping Mastodon small,” says Gruber.

Read: https://daringfireball.net/linked/2023/06/19/not-that-kind-of-open


Google Warns Employees Against Entering Confidential Data into AI Chatbots as it Rolls Out New Bard Chatbot Across the World

Google’s parent company, Alphabet Inc. (GOOGL.O), is warning employees against entering confidential data into AI chatbots, including its own Google Bard software, as it simultaneously markets the program around the world. These AI chatbots are human-sounding programs that use so-called generative artificial intelligence to hold conversations with users and answer a myriad of prompts. Human reviewers may read the chats, and researchers have found that similar AI can reproduce data it has absorbed during training, creating a leak risk. Alphabet has also warned its engineers against the direct use of computer code generated by such chatbots.

The concerns show how Google wishes to avoid business harm from the software it launched in competition with ChatGPT. At stake in Google’s race against ChatGPT’s backers, OpenAI and Microsoft Corp (MSFT.O), are billions of dollars of investment and still untold advertising and cloud revenue from new AI programs.

Google’s caution also reflects what’s becoming a security standard for corporations, namely, to warn personnel about using publicly available chat programs. A growing number of businesses around the world have set up guardrails on AI chatbots, among them Samsung (005930.KS), Amazon.com (AMZN.O), and Deutsche Bank (DBKGn.DE), the companies told Reuters. Apple (AAPL.O), which did not return requests for comment, reportedly has as well.

Google is currently rolling Bard out to more than 180 countries in 40 different languages as a springboard for creativity, its warnings extending to its code suggestions. Google told Reuters it has had detailed conversations with Ireland’s Data Protection Commission and is addressing regulators’ questions after a Politico report Tuesday that the company was postponing Bard’s EU launch this week pending more information about the chatbot’s impact on privacy.

Read:
https://www.reuters.com/technology/google-one-ais-biggest-backers-warns-own-staff-about-chatbots-2023-06-15/


Unveiling the FBI’s Use of Stingray Technology: Implications for Privacy and Civil Liberties

State and local police continue to exchange silence for access to powerful phone-tracking tools lent out by the Federal Bureau of Investigation, according to new United States Government documents obtained by the American Civil Liberties Union. Documents reveal that police departments frequently agree to drop charges against defendants suspected of violent crimes to protect the technology’s trade secrets.

It is known that the gadget comes in a variety of variations, some of which may launch attacks that are more advanced and intrusive than others. Some enable operators to listen in on calls, while others compel devices to carry out unauthenticated commands that break encryption or degrade the connection to a less robust network.

Because of the seriousness of the crimes that are often involved in situations where police bother to use them, the prospect of prosecutors dropping cases just to prevent news from spreading about the use of an already-known gadget is particularly alarming. According to records obtained by the ACLU, for instance, police asked the FBI for technological support in May 2020 while conducting a manhunt for a person with gang ties who was wanted for many homicides. In response to that request, an FBI official responded, “This is a serious crime and a good use of our assistance abilities.“

Read: https://www.wired.com/story/fbi-cell-site-simulator-stingray-secrecy/


Group-IB Cybersecurity Researchers Discover 100,000 Hacked ChatGPT Accounts from India, Pakistan, and Brazil

A cybersecurity firm based in Singapore, Group-IB, reported that over 100,000 login credentials for OpenAI’s ChatGPT artificial intelligence chatbot were leaked onto the dark web. The theft of these credentials began in June 2022 and reached its peak in May 2023 with 26,802 stolen logins.

The Raccoon Infostealer malware was used to orchestrate the theft. Victims download the malware after receiving a phishing email. Once their device is infected, the malware collects login credentials, history, and cookies saved in web browsers. According to Group-IB, this can also include information from crypto wallets.

Group-IB recommends that users update their passwords and enable two-factor authentication to protect their accounts. OpenAI has also pledged $1 million towards AI cybersecurity initiatives to help prevent similar incidents from happening in the future.

Read: https://decrypt.co/145856/hackers-leak-over-100000-chatgpt-credentials-dark-web


Elsewhere Online:

Canada Revenue Agency has asked Shopify to “backchannel” them data on all Canadian stores for last six years, according to a tweet by founder and CEO Tobias Lutke
Read: https://twitter.com/tobi/status/1672401899394416641?s=61&t=3QWnjEAZ7VWE-AAX_–28A


Illinois Hospital, St. Margaret’s Health, Closes Down After Ransomware Attack Led to Financial Spiral
Read: https://www.cpomagazine.com/cyber-security/ransomware-attack-linked-to-permanent-shut-down-of-illinois-hospital-st-margarets-health-in-spring-valley/

UPS Data Breach Exposes Customer Information: How to Stay Alert Against SMS Phishing Scams
Read: https://www.bleepingcomputer.com/news/security/ups-discloses-data-breach-after-exposed-customer-info-used-in-sms-phishing/


Espionage 2.0: North Korean Hackers Unleash Malware with Microphone Wiretapping Capabilities
Read: https://www.securityweek.com/north-korean-hackers-caught-malware-with-microphone-wiretapping-capabilities/

New Tactic: Chinese Hackers Utilize DNS over HTTPS to Control Linux Malware
Read: https://www.bleepingcomputer.com/news/security/chinese-hackers-use-dns-over-https-for-linux-malware-communication/

 Previously on #AxisOfEasy