Tag Archive for: conversations

OpenAI Security Head Suggests ChatGPT Can Decrypt Russian Hacking Group Conversations in Pentagon Event

/in


ChatGPT‘s latest military use proves to be conversation decryption between hackers, as per OpenAI’s head of security, Matthew Knight, in the Pentagon‘s Advantage DoD 2024 event. Knight reportedly explained that the chatbot could decipher a cryptic conversation within a Russian hacking group, first reported by the Washington Post.

As explained by Knight, deciphering the conversation was a task that even their Russian linguist had difficulty with, but he claims that GPT-4 succeeded in doing so. The conversations between the hackers were reportedly in “Russian shorthand internet slang.” The showcase comes as a part of the Pentagon’s AI symposium showcasing viable uses of AI in the military.

Microsoft-Backed OpenAI Hits $80 Billion Valuation in Groundbreaking Deal

(Photo : MARCO BERTORELLO/AFP via Getty Images)
A photo taken on October 4, 2023 in Manta, near Turin, shows a smartphone and a laptop displaying the logos of the artificial intelligence OpenAI research laboratory and ChatGPT robot.

Panel discussions at the symposium feature representatives from well-known tech companies besides OpenAI’s Knight, such as Dr. Scott Papson, Principal Solutions Architect of Amazon Web Services, and Dr. Billie Rinaldi, Responsible AI Division Lead of Microsoft’s Strategic Missions and Technologies Division.

The event proves to be a glimpse into the future uses of AI in the military. One was hinted at by the chief technology officer of Palantir Technologies and Pentagon contractor, Shyam Sankar. Samkar comments that using ChatGPT as a chatbot is a “dead end,” further noting that the technology will likely be used for developers and not for end users. 

Read Also: China, Russia Agree to Coordinate AI Use in Military Technology 

GPT-4 Uses on Military Intelligence

This is not the first time GPT-4’s use for deciphering cryptic messages was discovered, as a Microsoft Study claimed that similar practices have long been employed by state-backed hackers.

The study found that two hacking groups with ties to China are using AI to translate communication with targeted individuals or organizations as well as translate computer jargon and technical publications. 

AI Military Use Concerns

The event also saw industry…

Source…

Hacker Conversations: Casey Ellis, Hacker and Ringmaster at Bugcrowd

/in


In this edition of Hacker Conversations, SecurityWeek talks to Casey Ellis, founder, chairman and CTO at Bugcrowd – and hacker. Bugcrowd provides a crowdsourced ethical hacking cybersecurity platform, best known for operating bug bounty programs on behalf of individual organizations.

“A hacker,” says Ellis, “is someone who takes the assumptions of a system and tips them upside down to see what falls out. Hackers will learn how a system works, to the extent they can manipulate it into doing things it was never originally intended to do.” That desire is almost a default condition. “When I see a new technology, the first thing I often do is try to get it to misbehave.”

There are several factors in this definition. For example, it is not computer specific – it could apply to almost any engineering technology. Here we are solely discussing the computer hacker variety.

Most importantly, however, the act of hacking is amoral; it is driven by curiosity rather than a desire to do bad things. The process of hacking is neither moral (a good action), nor immoral (a bad action); and the term ‘hacker’ simply describes someone who likes to deconstruct and then reconstruct with additional or different outcomes.

Casey Ellis, founder, chairman and CTO at Bugcrowd
Casey Ellis, founder, chairman and CTO at Bugcrowd

It is the use made of these outcomes, for moral or immoral purposes, that forces us to divide hackers into two camps: the ethical hacker (Whitehat) and malicious hacker (Blackhat). The ethical hacker finds ways in which the system can be manipulated so the developer can prevent the malicious hacker from finding and abusing the same manipulations for his or her own benefit (usually financial or political).

Both schools of hacker have the same skill set. The question then is, why do some become immoral while others remain strictly moral; and yet others flip between the two? This is what we sought to discover in conversation with Casey Ellis. 

The motivating factors between the ethical and unethical hacker are many and varied. They could come from a personal moral compass; the vagaries and conflicts with and within national and international law; the hacker’s economic and cultural background; and social pressures…

Source…

Hacker Conversations: Alex Ionescu – SecurityWeek

/in


In this edition of Hacker Conversations, SecurityWeek talks to Alex Ionescu, a world-renowned cybersecurity expert who has combined a career as a business executive with that of a security researcher. 

The goal of Hacker Conversations is to talk to cybersecurity researchers to better understand how they fit into and operate within the cybersecurity ecosphere. 

Ionescu is currently technical director, platform operations and research at Canada’s Communications Security Establishment (which has responsibility for foreign signals intelligence and communications security, protecting government networks, and being the nation’s technical authority for cybersecurity and information assurance).

Before that, he was VP of endpoint engineering at CrowdStrike, and is the co-author of the last two editions of the Windows Internals series. He talked to SecurityWeek for this series on his experience as an independent security researcher.

“The cliché answer,” says Ionescu, “is ‘curiosity’. It’s more complex than this; but basically, it is an insatiable need to know how things work, and why they work.” One thing it doesn’t need is a desire for fame and fortune. A lot of fame and a degree of fortune can be obtained (and we’ll meet researchers in this series who have done just that), but it is the exception.

Alex Ionescu
Alex Ionescu

It’s the process that must appeal. “You could spend years researching something and, in the end, it amounts to nothing more than knowledge gained. It’ll have no value beyond that,” he continued. “So, you must have that curiosity that makes you say at the end of the day ‘Oh, I’m glad I learned something that I can share.’ If you’re in it just for fame or just for money, it’s going to be disappointing quite quickly, because you generally don’t get there; or get there very rarely.”

This introduces two further personality traits that will benefit the researcher: patience and the lack of ego. Patience goes together with curiosity – neither work very well on their own. Research can be long and slow, so patience is necessary to keep going.

Ego is bound up with another characteristic – a desire to share what is discovered. There are…

Source…

CISO Conversations: HP and Dell CISOs Discuss the Role of the Multi-National Security Chief

/in


HP and Dell Technologies are two of the world’s largest international computer manufacturers. Their CISOs, Joanna Burkey (HP) and Kevin Cross (Dell), both manage security teams comprising many hundreds of people, and are responsible for corporate security across multiple jurisdictions. The role of CISO is different for a multinational corporation compared to a national company.

Reporting and budget

Historically, the CISO reports to the CIO, and this remains the most common reporting structure. Not all CISOs agree with this because of the inherent conflict of interest between IT and security. Both Burkey and Cross believe it is right for some companies, but wrong for others.

There’s no one size fits all solution to the hierarchy issue, says Burkey. “Every company has a different culture and different value prop; and it is these that determine the right location for the CISO.”

Cross has a very similar view. “There is no right or wrong answer to this,” he says. “It is dependent on the company culture and the business landscape how things should best be structured.” Supporting this, he notes that Dell’s structure is slightly unusual. “I report to a chief security officer who reports to general counsel, who reports to the CEO.” A stronger than usual integration with Legal could be considered important for a firm working across multiple jurisdictions with different privacy and data security requirements.

Joanna Burkey, CISO at HP
Joanna Burkey, CISO at HP

Budget is always an issue for any CISO – getting sufficient funds to do what is important. One of the weaknesses in having the CISO report to the CIO is that it is still common for the security budget to be taken as a percentage of the IT budget. But security has grown beyond IT alone. 

“Cybersecurity is a strategic horizontal in most enterprises,” comments Burkey. “Cyber is important everywhere and it is really important that the funding model and the financial partnerships for cyber span the enterprise.”

Achieving this is complex and governed by the individual business landscape. “I’ve seen different models that can work,” she continued. “Budget could be received from a single source, such as the CFO or CTO, but…

Source…