Tag Archive for: GROUP

OpenAI Security Head Suggests ChatGPT Can Decrypt Russian Hacking Group Conversations in Pentagon Event

/in


ChatGPT‘s latest military use proves to be conversation decryption between hackers, as per OpenAI’s head of security, Matthew Knight, in the Pentagon‘s Advantage DoD 2024 event. Knight reportedly explained that the chatbot could decipher a cryptic conversation within a Russian hacking group, first reported by the Washington Post.

As explained by Knight, deciphering the conversation was a task that even their Russian linguist had difficulty with, but he claims that GPT-4 succeeded in doing so. The conversations between the hackers were reportedly in “Russian shorthand internet slang.” The showcase comes as a part of the Pentagon’s AI symposium showcasing viable uses of AI in the military.

Microsoft-Backed OpenAI Hits $80 Billion Valuation in Groundbreaking Deal

(Photo : MARCO BERTORELLO/AFP via Getty Images)
A photo taken on October 4, 2023 in Manta, near Turin, shows a smartphone and a laptop displaying the logos of the artificial intelligence OpenAI research laboratory and ChatGPT robot.

Panel discussions at the symposium feature representatives from well-known tech companies besides OpenAI’s Knight, such as Dr. Scott Papson, Principal Solutions Architect of Amazon Web Services, and Dr. Billie Rinaldi, Responsible AI Division Lead of Microsoft’s Strategic Missions and Technologies Division.

The event proves to be a glimpse into the future uses of AI in the military. One was hinted at by the chief technology officer of Palantir Technologies and Pentagon contractor, Shyam Sankar. Samkar comments that using ChatGPT as a chatbot is a “dead end,” further noting that the technology will likely be used for developers and not for end users. 

Read Also: China, Russia Agree to Coordinate AI Use in Military Technology 

GPT-4 Uses on Military Intelligence

This is not the first time GPT-4’s use for deciphering cryptic messages was discovered, as a Microsoft Study claimed that similar practices have long been employed by state-backed hackers.

The study found that two hacking groups with ties to China are using AI to translate communication with targeted individuals or organizations as well as translate computer jargon and technical publications. 

AI Military Use Concerns

The event also saw industry…

Source…

US offering rewards for information on leaders of ransomware group

/in


The U.S. is offering rewards for information on leaders of the LockBit ransomware group.

LockBit is a syndicate operating since 2019. It accounted for 23 percent of the nearly 4,000 attacks globally last year in which ransomware gangs posted data stolen from victims to extort payment, according to the cybersecurity firm Palo Alto Networks, per The Associated Press.

“The Department of State is announcing reward offers totaling up to $15 million for information leading to the arrest and/or conviction of any individual participating in a LockBit ransomware variant attack and for information leading to the identification and/or location of any key leaders of the LockBit ransomware group,” State Department spokesperson Matthew Miller said in a Wednesday statement.

“Since January 2020, LockBit actors have executed over 2,000 attacks against victims in the United States, and around the world, causing costly disruptions to operations and the destruction or exfiltration of sensitive information,” Miller’s statement continued. “More than $144 million in ransom payments have been made to recover from LockBit ransomware events.”

Miller’s statement follows another announcement by the United Kingdom’s National Crime Agency (NCA) on the disruption of the LockBit group with the help of international law enforcement agencies including the FBI on Tuesday.

NCA Director General Graeme Biggar called the agency’s investigation with other international partners “a ground-breaking disruption of the world’s most harmful cyber crime group.”

“Through our close collaboration, we have hacked the hackers; taken control of their infrastructure, seized their source code, and obtained keys that will help victims decrypt their systems,” Biggar said in an NCA release.

U.S. Attorney General Merrick Garland also said that law enforcement from the U.S. and the U.K. “are taking away the keys to their criminal operation.”

“And we are going a step further — we have also obtained keys from the seized LockBit infrastructure to help victims decrypt their captured systems and regain access to their data,” Garland said in the NCA release. “LockBit is not the first ransomware variant the U.S….

Source…

After years of losing, it’s finally feds’ turn to troll ransomware group

/in


After years of losing, it’s finally feds’ turn to troll ransomware group

Getty Images

After years of being outmaneuvered by snarky ransomware criminals who tease and brag about each new victim they claim, international authorities finally got their chance to turn the tables, and they aren’t squandering it.

The top-notch trolling came after authorities from the US, UK, and Europol took down most of the infrastructure belonging to Lockbit, a ransomware syndicate that has extorted more than $120 million from thousands of victims around the world. On Tuesday, most of the sites Lockbit uses to shame its victims for being hacked, pressure them into paying, and brag of their hacking prowess began displaying content announcing the takedown. The seized infrastructure also hosted decryptors victims could use to recover their data.

The dark web site Lockbit once used to name and shame victims, displaying entries such as "press releases," "LB Backend Leaks," and "LockbitSupp You've been banned from Lockbit 3.0."
Enlarge / The dark web site Lockbit once used to name and shame victims, displaying entries such as “press releases,” “LB Backend Leaks,” and “LockbitSupp You’ve been banned from Lockbit 3.0.”

this_is_really_bad

Authorities didn’t use the seized name-and-shame site solely for informational purposes. One section that appeared prominently gloated over the extraordinary extent of the system access investigators gained. Several images indicated they had control of /etc/shadow, a Linux file that stores cryptographically hashed passwords. This file, among the most security-sensitive ones in Linux, can be accessed only by a user with root, the highest level of system privileges.

Screenshot showing a folder named
Enlarge / Screenshot showing a folder named “shadow” with hashes for accounts including “root,” “daemon,” “bin,” and “sys.”

Other images demonstrated that investigators also had complete control of the main web panel and the system Lockbit operators used to communicate with affiliates and victims.

Screenshot of a panel used to administer the Lockbit site.
Enlarge / Screenshot of a panel used to administer the Lockbit site.
Screenshot showing chats between a Lockbit affiliate and a victim.
Enlarge / Screenshot showing chats between a Lockbit affiliate and a victim.

The razzing didn’t stop there. File names of the images had titles including: “this_is_really_bad.png,” “oh dear.png,” and “doesnt_look_good.png.” The seized page also teased the upcoming doxing of LockbitSupp, the moniker of the main…

Source…

Going from defense to offense against China’s Volt Typhoon APT group

/in


What do the Super Bowl and cybersecurity have in common?

To win the big games, teams need both offense and defense. On Jan. 31, the U.S. Government did just that when they disrupted the KV Botnet used by China-sponsored Volt Typhoon.

For far too long, cybersecurity has been considered “preventive” or “reactive.” The industry was developed around defending and protecting assets. The concept of active defense gained interest, but it was misinterpreted and thought of instead as hacking back.

The National Institute of Standards and Technology (NIST) has defined active cyber defense as “synchronized, real-time capability to discover, detect, analyze, and mitigate threats and vulnerabilities.” Active defense still means playing defense.

So, how do we go on offense? As an industry, our approach has become littered with legal pitfalls, significant risks and a lack of ongoing capability. Military organizations are uniquely designed to create and sustain long-term offensive cyberspace operations. As sexy and enticing as that sounds, it’s restricted to operations against foreign adversaries and nation-states as a matter of law. But that’s not the only option we have for a good offense.

Enter the FBI

The FBI operates as the primary federal investigative organization tasked with responding to cyberattacks and intrusions. We are now witnessing the rise of offensive cyber operations by a domestic law enforcement agency that has demonstrated a significant ability to identify, penetrate, and dismantle criminal and nation-state networks. What once was an anomaly has matured to become a standard part of the investigative arsenal available to actively engage and disrupt transnational criminal groups and nation-state actors.

In November 2022, I had the opportunity to participate in a panel discussion with the FBI Supervisory Special Agent, who led the investigation into the takedown of the Hive ransomware group. What was striking for me was how far the FBI had come since the days 23 years prior when I spent a year conducting in-service training for their Computer Analysis Response Team: CART. The student had become the master.

The dismantling of Hive was directed at a transnational criminal group,…

Source…