Tag Archive for: CON

DEF CON Generative AI Hacking Challenge Explored Cutting Edge of Security Vulnerabilities


Data from the human vs. machine challenge could provide a framework for government and enterprise policies around generative AI.

AI generated image of a hacker in front of a laptop.
Image: AVC Photo Studio/Adobe Stock

OpenAI, Google, Meta and more companies put their large language models to the test on the weekend of August 12 at the DEF CON hacker conference in Las Vegas. The result is a new corpus of information shared with the White House Office of Science and Technology Policy and the Congressional AI Caucus. The Generative Red Team Challenge organized by AI Village, SeedAI and Humane Intelligence gives a clearer picture than ever before of how generative AI can be misused and what methods might need to be put in place to secure it.

Jump to:

Generative Red Team Challenge could influence AI security policy

The Generative Red Team Challenge asked hackers to force generative AI to do exactly what it isn’t supposed to do: provide personal or dangerous information. Challenges included finding credit card information and learning how to stalk someone. The AI Village team is still working on analyzing the data that came from the event and expects to present it next month.

This challenge is the largest event of its kind and one that will allow many students to get in on the ground floor of cutting-edge hacking. It could also have a direct impact on the White House’s Office of Science and Technology Policy, with office director Arati Prabhakar working on bringing an executive order to the table based on the event’s results.

Organizers expected more than 3,000 people would participate, with each taking a 50-minute slot to try to hack a large language model chosen at random from a pre-established selection. The large language models being put to the test were built by Anthropic, Cohere, Google, Hugging Face, Meta, NVIDIA, OpenAI and Stability. Scale AI developed a scoring system.

“The diverse issues with these models will not be resolved until more people know how to red team and assess them,” said Sven Cattell, the founder of AI Village, in a press release. “Bug bounties, live hacking events and other standard community engagements in security can be modified for machine learning model-based systems.”

SEE: At Black…

Source…

DEF CON to set thousands of hackers loose on AI


No sooner did ChatGPT get unleashed than hackers started “jailbreaking” the artificial intelligence chatbot — trying to override its safeguards so it could blurt out something unhinged or obscene.

But now its maker, OpenAI, and other major AI providers such as Google and Microsoft, are coordinating with the Biden administration to let thousands of hackers take a shot at testing the limits of their technology.



Hacking AI

Rumman Chowdhury, co-founder of Humane Intelligence, a nonprofit developing accountable AI systems, works at her computer May 8, 2023, in Katy, Texas. Chowdhury is the lead coordinator of the mass hacking event planned for this summer’s DEF CON hacker convention in Las Vegas.




Some of the things they’ll be looking to find: How can chatbots be manipulated to cause harm? Will they share the private information we confide in them to other users? And why do they assume a doctor is a man and a nurse is a woman?

“This is why we need thousands of people,” said Rumman Chowdhury, a coordinator of the mass hacking event planned for this summer’s DEF CON hacker convention in Las Vegas that’s expected to draw several thousand people. “We need a lot of people with a wide range of lived experiences, subject matter expertise and backgrounds hacking at these models and trying to find problems that can then go be fixed.”

People are also reading…

Source…

EFF’s DEF CON 30 Puzzle—SOLVED


Puzzlemaster Aaron Steimle of the Muppet Liberation Front contributed to this post.

Every year, EFF joins thousands of computer security professionals, tinkerers, and hobbyists for Hacker Summer Camp, the affectionate term used for the series of Las Vegas technology conferences including BSidesLV, Black Hat, DEF CON, and more. EFF has a long history of standing with online creators and security researchers at events like these for the benefit of all tech users. We’re proud to honor this community’s spirit of curiosity, so each year at DEF CON we unveil a limited edition EFF member t-shirt with an integrated puzzle for our supporters (check the archive!). This year we had help from some special friends.

“The stars at night are big and bright down on the strip of Vegas”

For EFF’s lucky 13th member t-shirt at DEF CON 30, we had the opportunity to collaborate with iconic hacker artist Eddie the Y3t1 Mize and the esteemed multi-year winners of EFF’s t-shirt puzzle challenge: Elegin, CryptoK, Detective 6, and jabberw0nky of the Muppet Liberation Front.

Extremely Online skeleton wearing a top hat with electricity

Extremely Online members’ design with an integrated challenge.

The result is our tongue-in-cheek Extremely Online T-Shirt, an expression of our love for the internet and the people who make it great. In the end, one digital freedom supporter solved the final puzzle and stood victorious. Congratulations and cheers to our champion cr4mb0!

But How Did They Do It?

Take a guided tour through each piece of the challenge with our intrepid puzzlemasters from the Muppet Liberation Front. Extreme spoilers ahead! You’ve been warned…

_____________________

Puzzle 0

The puzzle starts with the red letters on the shirt on top of a red cube. Trying common encodings won’t work, but a quick Google search of the letters will return various results containing InterPlanetary File System (IPFS) links. The cube is also the logo for IPFS. Thus, the text on the shirt resolves to the following IPFS hash/address:

ipfs://bafkreiebzehf2qlxsm5bdk7cnrnmtnojwb53bnwyrgkkt7ypx5u53typcu

Puzzle 0 QR Code

QR codes have a standard format and structure that requires the large squares to be placed in three of the four corners. With this in mind, the image can be seen as four…

Source…

Hamas Hackers Posing as Women to Con Snr Israeli Officials into Installing Malware


A Middle Eastern hacking group supposedly connected to Hamas uses malware to steal sensitive data from Windows and Android devices of high-ranking Israeli officials.

Sophisticated Catfish Campaign Targeting Israeli Officials

Cybereason’s Nocturnus researcher team has reported a new malware campaign where Israeli government officials are targeted with catfishing lures. Apparently, the Hamas-linked Advanced Persistent Threat group/APT-C-23 is engaged in a sophisticated catfishing campaign specifically targeting high-ranking Israeli officials. The group is also known as Arid Viper, Desert Falcon, and FrozenCell.

Hamas Hackers Posing as Women to Con Snr Israeli Officials into Installing Malware
One of the fake Facebook profiles used by hackers to trick Israeli government officials (Image credit: Cybereason)

Israeli Officials Keep Getting Catfished

It is worth noting that APT-C-23 has a history of successfully catfishing Israeli military and government officials. The group’s campaign goes all the way back to 2015 when Trend Micro revealed that “Arid Viper” successfully targeted Israeli officials with ‘Porn Star Video’ malware.

In 2015 again, an independent security research firm, Blue Coat Systems Inc. (Blue Coat), confirmed that “Desert Falcons” successfully carried out a four-month spying campaign after breaching Israeli military servers. In their campaign, the group also used sensual photos of IDF’s women division to lure officials.

In 2017, Israeli authorities acknowledged that Hamas hacked dozens of IDF soldiers’ phones using seductive female images. In their campaign, hackers posted seductive pictures of young Israeli women on social media to attract IDF soldiers and successfully obtained classified information in return.

In 2018, the Times of Israel reported that the smartphones of hundreds of IDF soldiers were compromised by Hamas. According to the newspaper, IDF blamed Palestinian hackers for spying on its soldiers with spyware-infected World Cup and dating apps and using photos of attractive women.

In January 2020, Hamas hackers managed to lure more Israeli soldiers into falling prey to their Honey Trap operation in which several hundred Israeli soldiers got their smartphones infected with malware….

Source…