Tag Archive for: village

DEF CON’s AI Village Pits Hackers Against LLMs to Find Flaws


DEF CON 2023 — Las Vegas — DEF CON’s most buzzed-about event, the AI Village, let thousands of hackers take their best shot at making one of eight different large language models (LLMs), including Google, and Open AI, say something dangerous.

According to the spokespeople for the Hack the Future AI Village, the event was a huge hit, but for now that’s all that’s being made public — results won’t be made available for at least a week, maybe more.

The final AI hacking challenge leaderboard showed both first and third place prizes went to handles “cody3” and “cody2” respectively. The DEF CON AI Village itself was tight-lipped about any details about the winner, or even the prizes, but reports identified the person behind both top-three AI Village contest entries as Stanford masters computer science student Truc Cody Ho, adding he entered a total of five times in the competition.

More details about the hacking competition results are forthcoming, according to Avijit Ghosh, one of the authors compiling them.

We will be going through the anonymized data and finding patterns of vulnerabilities that participants discovered during the challenge and produce a report that will hopefully help ML and security researchers gain better insights into LLMs and policymakers make more informed regulations about AI,” Ghosh says.

While he won’t answer questions directly about any of the winning LLM hacks, Ghosh says he was able to use the LLMs to generate discriminatory code, credit card numbers, misinformation, and more.

Another of the event’s organizers, Jutta Williams, has a day job as Reddit’s senior director and global head of privacy and assurance; and on the side, is the founder of Humane-Intelligence, a nonprofit that provides safety, ethical, and other guidance for companies providing consumers with AI products.

Historic Turnout For Event

Williams touted the event as the “largest LLM red teaming to date.”

All told, Williams said the AI Village attracted 2,240 hackers over the course of DEF CON 31 and explained the goal was to make one of its LLMs “do something unsavory.” That could mean generating misinformation, or using just the right question to prompt the chatbot to do something illegal —…

Source…

Android Phones Shipping with Pre-Installed Malware – Global Village Space


Trend Micro, a cybersecurity research firm, has discovered a supply chain attack that has infected millions of Android devices with infostealer malware before they even leave the factory. The majority of the affected devices are budget smartphones, but the attack has also spread to smartwatches, smart TVs, and other smart devices. Senior Trend Micro researcher Fyodor Yarochkin and his colleague Zhengyu Dong spoke about this issue at a conference in Singapore, noting that the root of the problem lies in the fierce competition among original equipment manufacturers.

The issue stems from the fact that smartphone makers are not building all of the components themselves. For example, firmware is being built by third-party firmware suppliers. However, as the price of mobile phone firmware continued to drop, the providers were unable to charge money for their products. As a result, Yarochkin explained, the products started coming with an unwanted extra in the form of “silent plugins.” Trend Micro found dozens of firmware images looking for malicious software and 80 different plugins. Some plugins were part of a wider “business model” that was sold on dark web forums and even marketed on mainstream social media platforms and blogs.

These plugins are capable of stealing sensitive information from the device, stealing SMS messages, taking control of social media accounts, using the devices for ad and click fraud, abusing traffic, and more. One of the more serious problems is a plugin that allows the buyer to take full control of a device for up to five minutes and use it as an “exit node.”

Trend Micro says that close to nine million devices worldwide are affected by this supply chain attack, the majority of which are located in Southeast Asia and Eastern Europe. The researchers did not name the perpetrators, but they did mention China a few times.

This supply chain attack is a worrying development in the world of cybersecurity. It highlights the need for companies to be vigilant when it comes to their supply chains and to ensure that all components are thoroughly vetted before they are used in their products. It also underscores the importance of using…

Source…

Meta warns of ChatGPT malware on Facebook – Global Village Space


AI Tools: The New Weapon for Malware Attacks

Artificial Intelligence (AI) has become a buzzword in the tech industry, and it seems that everyone is obsessed with it, including hackers. In a recent security report released by Facebook’s parent company, Meta, the company’s security team has been tracking new malware threats that weaponize the current AI trend.

Meta claims that it has discovered “around ten new malware families” that are using AI chatbot tools like OpenAI’s popular ChatGPT to hack into users’ accounts. One of the more pressing schemes, according to Meta, is the proliferation of malicious web browser extensions that appear to offer ChatGPT functionality. Users download these extensions for Chrome or Firefox, for example, in order to use AI chatbot functionality. Some of these extensions even work and provide the advertised chatbot features. However, the extensions also contain malware that can access a user’s device.

According to Meta, it has discovered more than 1,000 unique URLs that offer malware disguised as ChatGPT or other AI-related tools and has blocked them from being shared on Facebook, Instagram, and Whatsapp. Once a user downloads malware, bad actors can immediately launch their attack and are constantly updating their methods to get around security protocols. In one example, bad actors were able to quickly automate the process which takes over business accounts and provides advertising permissions to these bad actors.

Meta says it has reported the malicious links to the various domain registrars and hosting providers that are used by these bad actors. However, this is just the tip of the iceberg. Hackers are constantly evolving their tactics and using AI tools to make their attacks more sophisticated and harder to detect.

The use of AI in malware attacks is not new. In fact, it has been around for some time now. Hackers have been using machine learning algorithms to create more effective malware that can evade traditional security measures. They can also use AI to automate their attacks, making them faster and more efficient.

One of the most significant risks associated with AI-powered malware is that it can learn and…

Source…

Is Louisiana’s ID Verification Mandate a Step in the Wrong Direction? – Global Village Space


It was recently announced that Louisiana had introduced legislation that requires users of adult websites to show identification to access the pages. This has stirred up plenty of questions about how much authority governments can have over the policing of the internet.

Aside from the ethical debates surrounding the news, it also feels like this is a step backward. Technology is moving forward rapidly, and improved methods of authentication are already emerging. A more sensible solution could be to jump on the growing trend of biometric technology for accessing websites.

What is the Louisiana Mandate?

PIA reported that lawmakers in Louisiana have decided to implement a new rule for accessing adult websites. In a push to ensure that children don’t encounter content that could be damaging to them, internet users in the state will now be required to use their personal identification credentials to log on.

Experts have noted how other countries, including the UK, Australia, and Germany, have all attempted similar measures in the past. None of these worked. In fact, collecting IDs for age verification can have serious knock-on effects when it comes to data privacy.

This highlights how there’s a need for more modern approaches to authentication that are in line with the advancing technological world. Biometrics has already started to creep in on devices and some sites. However, they haven’t become widespread or used as an alternative to traditional identification methods yet.

How Far Away are We From Ubiquitous Biometrics?

According to Grand View Research, the global biometrics market will be worth around $60 billion by 2025. It is growing at a rate of 20.4 percent each year, and this is being driven by the increased demand for enhanced security methods.

Issues Arising from Biometrics

For the technology to become used for logging onto all sites and devices, internet users need to have the reassurance that their data won’t be sold or lost to third parties.

Like it or not, biometric technology is on the way, and some people believe that it is a great step forward. There’s no doubt, though, that western countries will need to learn how to cope with these challenges. There…

Source…