Tag Archive for: They’re

Hackers can read private AI-assistant chats even though they’re encrypted

/in


Hackers can read private AI-assistant chats even though they’re encrypted

Aurich Lawson | Getty Images

AI assistants have been widely available for a little more than a year, and they already have access to our most private thoughts and business secrets. People ask them about becoming pregnant or terminating or preventing pregnancy, consult them when considering a divorce, seek information about drug addiction, or ask for edits in emails containing proprietary trade secrets. The providers of these AI-powered chat services are keenly aware of the sensitivity of these discussions and take active steps—mainly in the form of encrypting them—to prevent potential snoops from reading other people’s interactions.

But now, researchers have devised an attack that deciphers AI assistant responses with surprising accuracy. The technique exploits a side channel present in all of the major AI assistants, with the exception of Google Gemini. It then refines the fairly raw results through large language models specially trained for the task. The result: Someone with a passive adversary-in-the-middle position—meaning an adversary who can monitor the data packets passing between an AI assistant and the user—can infer the specific topic of 55 percent of all captured responses, usually with high word accuracy. The attack can deduce responses with perfect word accuracy 29 percent of the time.

Token privacy

“Currently, anybody can read private chats sent from ChatGPT and other services,” Yisroel Mirsky, head of the Offensive AI Research Lab at Ben-Gurion University in Israel, wrote in an email. “This includes malicious actors on the same Wi-Fi or LAN as a client (e.g., same coffee shop), or even a malicious actor on the Internet—anyone who can observe the traffic. The attack is passive and can happen without OpenAI or their client’s knowledge. OpenAI encrypts their traffic to prevent these kinds of eavesdropping attacks, but our research shows that the way OpenAI is using encryption is flawed, and thus the content of the messages are exposed.”

Source…

Just Because You Don’t See Hackers, Doesn’t Mean They’re Not In Your Network

/in


David Schiffer is the CEO of RevBits and formerly of Safe Banking Systems (SBS). RevBits develops cybersecurity software for organizations.

An enterprise trying to protect its digital resources from hackers is in some ways like a ship trying to avoid an iceberg. What you see above the waterline may appear unscathed from malware, ransomware and the fileless breaches we read about every day. However, underneath may lurk malicious activity and dozens, if not hundreds of hacking attempts that at some point will successfully breach business operations.

While the enterprise tries to navigate what it can easily view on the surface, bad actors may have already penetrated the corporate network, lying in wait for the opportune time to unleash their payload.

Cybersecurity must be as agile as today’s workforce. It must ensure continuous and consistent protection and an optimal user experience, regardless of where users and devices are located. Disparate, siloed technologies with different configuration and management dashboards cobbled together create security gaps, visibility blind spots, and slow mitigation and recovery.

From a security standpoint, the massive base of the iceberg represents the amount of cybersecurity risk organizations face as they expand their computing perimeter. It also characterizes the growing amount of network and security device sprawl organizations adopt to protect their business resources and data. Just as difficult as it is to navigate around the unseen part of an iceberg, planning and navigating the security technology required to support an enterprise has many of its own challenges.

When It Comes To Cybersecurity, You Can Never Be Too Safe

Organizations that have a culture based upon “it’s always been done this way” are vulnerable due to their lack of vigilance. This mentality can establish a reluctance to change, placing them in a position of unnecessary risk. Those who deploy diverse security products often become complacent, thinking they’re fully protected from cybersecurity incidents.

The money involved in ransomware demands is growing the attraction to this type of cyberattack. The entry of organized crime and state-sponsored…

Source…

They Fled Ukraine to Keep Their Cyber Startup Alive. Now, They’re Hacking Back.

/in


Dozens of employees at Ukrainian cybersecurity startup Hacken fled their war-torn country and found refuge about 2,000 miles away in Portugal. Since then, they have managed to keep their business alive and are now supporting cyber operations against Russia.

The company moved its main office from Kyiv to Lisbon, with stops in between, mirroring the drastic measures taken by millions of Ukrainians seeking to escape danger and preserve their livelihoods while the Kremlin wreaks havoc. For Hacken Chief Executive Dmytro Budorin, keeping his business going in the fast-growing market for cryptosecurity meant urging his workers to flee before the bombs began to fall.

“How will I feel, how will I look into the eyes of my employees, if we had the opportunity, had the money, understood that something can go wrong, and we didn’t do at least something to try to get everybody out?” he said.

Hacken CEO Dmytro Budorin in Lisbon with his children, Rimma and Roman.



Photo:

Anastasiya Budorin

Hacken, a five-year-old company that tests blockchain-based projects for security flaws, employs about 80 auditors, developers and other crypto specialists. Many contribute to the war effort by finding vulnerabilities in Ukrainian and Russian computer systems and reporting the information to Kyiv’s Ministry of Digital Transformation or National Security and Defense Council, Mr. Budorin, 35, said.

Hacken’s Liberator application, which allows users to lend computing power to distributed denial-of-service attacks against Russian propaganda sites, counts more than 100,000 downloads. The company is also contributing to targeted efforts against Russian businesses, including an attempt to pressure the suppliers of Russian military footwear manufacturers, Mr. Budorin said.

Non-state actors supporting both sides of the conflict have exchanged fire mostly via low-impact cyberattacks. Those hitting Russian targets have met with little scrutiny despite pushes by Washington and Brussels in recent years to set international…

Source…

SecureWorks : 3 Cybersecurity Basics and Why They’re Essential

/in


Cybersecurity, believe it or not, is one of the most important issues of our time. That’s because:

  • Digital technology has become pervasive, touching every aspect of our personal, economic, cultural, and political lives.
  • This pervasiveness has resulted in a virtually infinite threat surface that extends from the device on your wrist to the biggest, gnarliest datacenters on the planet.
  • Criminals are always going to commit crime.
  • Due to our connectedness, a breach anywhere is a threat to businesses everywhere.

Unfortunately, the media has done an inadequate job of framing the cybersecurity issue. For one thing, news organizations only cover cybersecurity when some new global threat emerges, or worse yet – after a significant breach has occurred. This skewed coverage gives the false impression that the only thing we have to worry about-and defend ourselves against-is the next high-profile zero-day exploit.

That, of course, is untrue. Most breaches are far more mundane. As they say, it’s not the lion you have to worry most about in the jungle. It’s the mosquitoes.

Even worse may be the way hackers are portrayed in movies and on TV. If you only learn about cybersecurity through popular entertainment, you probably believe that hackers are evil geniuses capable of sliding past even DoD-quality cyber defenses with a single torrent of lightning keystrokes-which means you’re basically helpless against their inexorable brilliance.

This is also patently untrue. Most hacking is literally that: hacking. Cybercrime is mostly brute force trial-and-error perpetrated by bad actors who often don’t need to have Hollywood-level hacking skills, but have learned that with enough time and effort they can earn a decent living stealing stuff.

Our cyber defenses-both individual and collective-thus depend, to a large degree, on simply making life harder for hackers. After all, hackers have the same constraints of time, budget, and payoff. In fact, I’ll go even further and say…

Source…