Tag Archive for: white

How the White House’s AI Executive Order could increase U.S. cyber vulnerabilities

/in


On October 30, the White House released its “Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.” It is a lengthy document, spanning over 30 pages in the Federal Register. But two short portions of the Executive Order (EO) are of particular concern in terms of the cybersecurity vulnerabilities they will create: Under the EO, the government will institute mandatory reporting of information about the “physical and cybersecurity measures taken to protect” model weights associated with certain large AI models, as well as the location and computing power of “large-scale computing cluster[s].”

Reporting requirements

The EO instructs the Department of Commerce to require this reporting within 90 days of the date of the EO. It also instructs the Department of Commerce to develop criteria for what constitutes reportable AI models and computing clusters and provides the following interim criteria:

  • Reportable AI model: “any model that was trained using a quantity of computing power greater than 1026 integer or floating-point operations, or using primarily biological sequence data and using a quantity of computing power greater than 1023 integer or floating-point operations.”
  • Reportable computing cluster: “any computing cluster that has a set of machines physically co-located in a single datacenter, transitively connected by data center networking of over 100 Gbit/s, and having a theoretical maximum computing capacity of 1020 integer or floating- point operations per second for training AI.”

Cybersecurity exposures

The very fact of requiring AI companies to report the “physical and cybersecurity measures taken to protect” model weights will itself undermine the utility of those measures. After all, one of the most basic principles of security is to avoid disclosing too many details of how an asset is protected. A well-protected jewelry store is secure in large part because would-be thieves are left guessing as to the full set of security measures that are in place.

The most sophisticated AI models are the result of enormous investments in both dollars and human effort. Those models have extraordinary economic…

Source…

Vietnam’s ‘white hat’ hackers secure prestigious digital security award

/in


Last month, Viettel Cyber Security (VCS), a unit of Viettel, one of Vietnam’s largest state-owned enterprises, received thrilling news: they emerged as champions in the esteemed cybersecurity competition Pwn2Own Toronto 2023.

At the close of the competition on the evening of October 27, Viettel’s VCS team clinched the championship with an impressive total score of 30 points, earning them the distinguished title of ‘Master of Pwn’ and outpacing competitors by a significant margin of 12.75 points.

The total score was calculated based on successful participation and assigned Master of Pwn points in the competition’s category tables.

Pwn2Own 2023 was hosted by Toronto, Canada from October 24 to 27.

A team of young achievers

The sweet taste of success embraced the 14 young members of the team after three months of relentless dedication, working day and night, and competing fiercely against rivals worldwide.

Perhaps surprising to many, the youngest member, Do Anh Dung, a third-year student from the University of Engineering and Technology under the Vietnam National University-Hanoi, was born in 2003.

Beyond the youthfulness of Dung, the other 13 members of VCS, who achieved significant success at Pwn2Own 2023, are also young. 

Despite their tender age, each team member boasts considerable experience in cybersecurity, cultivated over years of dedicated work.

Even the youngest, Dung, made a noteworthy contribution, securing a victory in one of the competition categories, aiding in the team’s triumph.

On the evening of October 27, VCS secured the final victory, surpassing formidable opponents such as Sea Security from Singapore, Vupen and Synacktiv from France, and last year’s winners Devcore from Taiwan.

Ha Anh Hoang, a VCS team member, told Tuoi Tre (Youth) newspaper that they were informed about the devices they had to compromise only three months before the contest’s opening day.

This meant a tight preparation schedule, including purchasing new devices, exploring their hardware and software, and awaiting the arrival of some tools ordered from abroad, which took up to a month.

Nguyen Xuan Hoang, another team member, acknowledged the presence of…

Source…

The Long Island Press Amplifies a RevBits White Paper that Explores a Devastating 2022 Cyber Hack on the Computer Systems of Suffolk County New York

/in





Mineola, N.Y., United States:
 

RevBits, a cyber security solution company based on Long Island, New York, completed a review of the 2022 Suffolk County, New York, cyber hack that rendered government systems largely inoperable for months, affecting municipal work and citizen interaction with their county government. The RevBits white paper, Suffolk Hack Part of a Chinese Plot?, was recently profiled in a companion piece in the September edition of The Long Island Press.


 

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230919470113/en/


 

One year ago, on September 8, 2022, an anonymous email appeared on the Suffolk County government computer system announcing a devastating hack: unnamed thieves had sized four terabytes of data – some 300 million pages of detailed government information, including highly confidential personal information regarding 26,000 current and former employees as well as banking and personal information related to more than 400,000 people who have received traffic and parking tickets over the past years.


 

The hack brought government systems to a halt: crippling the billion-dollar real estate industry, sideswiping tens of millions of dollars in vital payments to mom-and-pop suppliers and disabled key functions of the county’s 911 emergency system.


 

The RevBits white paper reveals that top US law enforcement and intelligence officials are convinced the intrusion was executed by Chinese government hacking teams as part of Beijing’s drive toward global supremacy by 2049.


 

The white paper, initiated by RevBits CEO David Schiffer, who founded and headed Safe Banking Systems prior to running RevBits, is a veteran of the cyber-world, having intersected with many of the biggest computer cases of the past decades from Kremlin money laundering to security lapses at the FAA. “This hack hits close to home for us – we are a Long Island-based company, and I have been a Long Island resident nearly my whole life,” said Schiffer. “The scourge of state-sponsored hacking needs to be taken seriously by companies but, even…

Source…

FBI was using advanced hacking software despite White House ban

/in


Since November of 2021, US-based companies have been barred from doing business with the NSO Group, an Israeli research firm behind some of the most advanced hacking tools the tech world has ever seen. Come to find out, a New York Times investigation from this past April revealed that a US government agency was actively using a powerful hacking tool from the NSO Group dubbed Landmark.

The White House subsequently launched an investigation and asked the FBI for assistance. Which agency, the White House wanted to know, was operating in defiance of the ban? And believe it or not, the investigation revealed that the agency using Pegasus was the FBI itself. Specifically, the FBI was using the software to track suspected drug cartel members in Mexico.

For what it’s worth, the FBI says the tool was provided to them by a contractor called Riva Networks. According to the FBI, the bureau wasn’t aware of the software’s origins.

The report reads in part:

The F.B.I. now says that it used the tool unwittingly and that Riva Networks misled the bureau. Once the agency discovered in late April that Riva had used the spying tool on its behalf, Christopher A. Wray, the F.B.I. director, terminated the contract, according to U.S. officials.

It is also unclear which, if any, government agencies besides the F.B.I. might have worked with Riva Networks to deploy the spying tool in Mexico. Two people with direct knowledge of the contract said cellphone numbers in Mexico were targeted throughout 2021, 2022 and into this year — far longer than the F.B.I. says the tool was used.

The reason why the NSO Group is precluded from doing business in the US is a long and interesting tale. Put simply, several stories over the past few years revealed that foreign governments with questionable human rights records were using NSO Group hacking tools to “maliciously target” journalists and dissidents. This ultimately prompted the White House to ban American companies from doing any type of…

Source…