A man used AI to bring back his deceased fiancé. But the creators of the tech warn it could be dangerous and used to spread misinformation.

GPT-3 is a computer program that attempts to write like humans.
GPT-3 is a computer program that attempts to write like humans.

  • A man used artificial intelligence (AI) to create a chatbot that mimicked his late fiancé.
  • The groundbreaking AI technology was designed by Elon Musk’s research group OpenAI.
  • OpenAI has long warned that the technology could be used for mass information campaigns.
  • See more stories on Insider’s business page.

After Joshua Barbeau’s fiancé passed away, he spoke to her for months. Or, rather, he spoke to a chatbot programmed to sound exactly like her.

In a story for the San Francisco Chronicle, Barbeau detailed how Project December, a software that uses artificial intelligence technology to create hyper-realistic chatbots, recreated the experience of speaking with his late fiancé. All he had to do was plug in old messages and give some background information, and suddenly the model could emulate his partner with stunning accuracy.

It may sound like a miracle (or a Black Mirror episode), but the AI creators warn that the same technology could be used to fuel mass misinformation campaigns.

Project December is powered by GPT-3, an AI model designed by the Elon Musk-backed research group OpenAI. By consuming massive datasets of human-created text (Reddit threads were particularly helpful), GPT-3 can imitate human writing, producing everything from academic papers to letters from former lovers.

It’s some of the most sophisticated – and dangerous – language-based AI programming to date.

When OpenAI released GPT-2, the predecessor to GPT-3, the group wrote that it can potentially be used in “malicious ways.” The organization anticipated bad actors using the technology could automate “abusive or faked content on social media,” “generate misleading news articles,” or “impersonate others online.”

GPT-2 could be used to “unlock new as-yet-unanticipated capabilities for these actors,” the group wrote.

OpenAI staggered the release of GPT-2, and still restricts access to the superior GPT-3, in order to “give people time” to learn the “societal implications” of such technology.

Misinformation is already rampant on social media, even with GPT-3 not widely available. A new study found that YouTube’s algorithm still pushes misinformation, and the nonprofit Center for Countering Digital Hate recently identified 12 people responsible for sharing 65 percent of COVID-19 conspiracy theories on social media. Dubbed the “Disinformation Dozen,” they have millions of followers.

As AI continues to develop, Oren Etzioni, CEO of the non-profit, bioscience research group, Allen Institute, previously told Insider it will only become harder to tell what’s real.

“The question ‘Is this text or image or video or email authentic?’ is going to become increasingly difficult to answer just based on the content alone,” he said.

Read the original article on Business Insider

Crippling attacks on US gas and meat suppliers expose the dangers of major companies’ reliance on patchwork cybersecurity

colonial pipeline
  • Recent ransomware attacks on key companies have wreaked havoc on US suppliers and consumers.
  • Cybersecurity experts say that while these firms may be large in scale, they’re not necessarily high-tech.
  • Large companies often have a mosaic of IT systems that can make them vulnerable to attack.
  • See more stories on Insider’s business page.

In his Senate testimony during a hearing last week on the Colonial Pipeline cyber attack, CEO Joseph Blount said hackers had penetrated a legacy system that was protected by a single password, rather than multi-factor authentication.

“It was a complicated password – I want to be clear on that – it was not a ‘Colonial123’-type password,” Blount said.

In normal operations, the company, which runs the nation’s largest oil and gas pipeline, uses a more robust authentication process to make remote access more difficult, he added. “We take cybersecurity very seriously.”

But Blount’s testimony also showed that Colonial relies on a variety of different countermeasures to defend its systems – systems that provide more than half the oil and gas consumed by the East Coast. Last month’s ransomware attack on Colonial forced a nearly-week long shutdown of its 5,500 miles of pipeline, causing a ripple effect of gasoline shortages and panic buying across parts of the East Coast.

Colonial is by no means alone. Meatpacking giant JBS was hit with a similar attack, and recently disclosed that it paid $11 million to the hackers. The New York subway system and a Massachusetts ferryboat operator have also recently been targeted.

Indeed, the FBI is now working with more than 90 ransomware victims across a range of critical infrastructure sectors, deputy director Paul M. Abbate said in a press conference on the partial recovery of Colonial’s $4 million ransom payment.

The Wall Street Journal reported that that ransomware incidents have tripled in the past year, according to FBI and reports from the private sector. The chief information security officer for pharmaceutical giant Johnson & Johnson, told a WSJ event that her company experiences around 15.5 billion cybersecurity incidents per day.

Experts told Insider that some companies reliance on patchwork cybersecurity systems means there are gaps for hackers to exploit, and that leaves key services and supply chains vulnerable to attack.

“These perpetrators are looking for places where there are sloppy cybersecurity practices,” said Mark Testoni, CEO of SAP’s national security arm, NS2. “Every company has a mosaic of systems, and they might come from a number of manufacturers.”

In other words, a company’s investment in state-of-the-art locks and cameras on its front door could be rendered ineffective if the windows aren’t well-secured too.

Doug Schmidt, a professor of computer science at Vanderbilt University, said the challenge can be especially pronounced when firms acquire or merge with others that continue to depend on legacy systems, like software for a key piece of equipment that will only run on Windows 95.

“A given system may be fairly secure, but when you start connecting it to other systems that it really wasn’t meant to work with, that leaves all kinds of opportunities for neglect, error, and surprise,” he said.

This can be even more problematic in lower-margin, highly consolidated industries like food and some utilities where companies might see cybersecurity more as an expense than an investment, especially for those that don’t perceive themselves to be a target.

“Imagine how it must just be like taking candy from a baby to go and hack these low-margin businesses that are building incrementally, and have very heterogeneous long tails of inadequate, unsecured, chaotic, error-filled legacy information systems,” Schmidt said.

For Testoni, episodes like the recent ransomware attacks underscore the need for a change of mindset among business leaders.

“The most important thing that every company needs to understand is every company is now a technology company,” he said. “They need to think like they’re a technology company, and they have to protect both their digital assets and their physical assets.”

Every incremental improvement helps reduce the overall risk, Testoni said, and will pay dividends later as the world only becomes more heavily networked.

Deputy Attorney General Lisa Monaco echoed that sentiment in her remarks on the Colonial ransom case, calling on corporate and community leaders to “invest the resources now.”

“Failure to do so could be the difference between being secure now – or a victim later,” she said.

Read the original article on Business Insider

Apple’s latest computers are being targeted by a new type of malware – and 30,000 machines are already infected

apple m1 chip
Apple’s M1 chip is the target of a new type of malware.

In November 2020, Apple unveiled a sleight of new computers that were powered by the company’s first-ever in-house silicon: The Apple M1 chip.

By early 2021, it looks like Apple’s line of new computers has already been breached by a malicious set of software nicknamed “Silver Sparrow.” Just shy of 30,000 of Apple’s new computers have already been infected, according to the security firm Red Canary, primarily in the United States, United Kingdom, Canada, France, and Germany.

The infected machines range from the Mac Mini desktop to the latest version of Apple’s laptops. Both the latest MacBook Air and 13-inch MacBook Pro are powered by M1 chips.

Notably, security researchers have yet to observe the Silver Sparrow malware actually doing anything harmful. 

“Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet,” Tony Lambert, an analyst at Red Canary intelligence, wrote in a blog post. “Its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice.”

Though viruses are uncommon on Apple’s computers, a variety of other malicious software impacts Macs. The best way to protect yourself is to use free software from companies like Malwarebytes, which scans your computer and quarantines harmful software.

Got a tip? Contact Insider senior correspondent Ben Gilbert via email (bgilbert@insider.com), or Twitter DM (@realbengilbert). We can keep sources anonymous. Use a non-work device to reach out. PR pitches by email only, please.

Read the original article on Business Insider

Cybersecurity firm Malwarebytes was hacked by ‘Dark Halo,’ the same group that breached SolarWinds last year

computer hack cybercrime
  • SolarWinds hackers attacked cybersecurity firm Malwarebytes, ZDNet reported. 
  • The company’s software remains “safe to use,” the CEO said.
  • Malwarebytes adds to a growing list of firms attacked by the SolarWinds hackers.
  • Visit Business Insider’s homepage for more stories.

The same group that breached IT software company SolarWinds last year has hacked cybersecurity firm Malwarebytes, ZDNet reported, adding to the growing list of major security firms targeted by the group.

Malwarebytes said hackers used a weakness in the Azure Active Directory and malicious Office 365 applications to breach the company’s internal systems, according to ZDNet. The company said the situation was not related to the SolarWinds’ breach, as Malwarebytes doesn’t use any of their systems. 

The SolarWinds hack last year was a “supply chain attack” that led to breaches at US government agencies and other businesses. SolarWinds, FireEye, Microsoft, CrowdStrike and now Malwarebytes have all been targeted by UNC2452/Dark Halo, a group US agencies have said the Russian government is behind. 

Read more: Top federal cybersecurity experts explain why the SolarWinds cyberattack is such a big deal – and why it’s too soon to declare cyberwar

Malwarebytes was not immediately available for Insider’s request for comment.

Malwarebytes learned of the breach on December 15 from the Microsoft Security Response Center and has since investigated the matter. The company’s CEO Marcin Kleczynski told ZDNet the hacker only gained access to a limited subset of internal company emails and added that the “software remains safe to use.”

Read the original article on Business Insider

Here’s a list of the US agencies and companies that were reportedly hacked in the suspected Russian cyberattack

hacker person keyboard cyber security
The full extent of the attack is not yet known.

  • Thousands of companies and US government agencies were at risk of being spied on for months following a sweeping cyberattack reportedly carried out by Russian hackers.
  • The full extent of the attack is not yet known, but the list of victims is said to include the Department of Homeland Security and the Pentagon, among others.
  •  Read below for a list of the government agencies and firms that have reportedly been breached.
  • Visit Business Insider’s homepage for more stories.

A massive cyber attack reportedly executed by a Russian intelligence agency put thousands of companies and US government agencies at risk of being spied on or having data stolen for up to nine months.

The software firm SolarWinds was breached earlier this year when hackers broke into its system and inserted malicious code into one of its software platforms. Customers who updated their software from March to June added the malware to their networks, giving the hackers a backdoor into their systems.

SolarWinds has hundreds of thousands of clients across the globe, including government agencies and most Fortune 500 companies. The company said up to 18,000 of its customers downloaded the software update that contained the malicious code.

Investigating the extent of the cyberattacks may take years, but some organizations have already emerged as compromised, meaning the hackers had potential access to their networks. But it will take long-term investigations for some firms and agencies to determine what data, if any, were stolen or manipulated.

Here’s a list of the major US agencies and firms that were reportedly breached:

Department of State

The State Department is among the US agencies said to have been breached, The Washington Post first reported. Russians had also hacked into part of the department’s system in 2014.

Department of Homeland Security

Reuters first reported the breach at the Department of Homeland security, the agency responsible for cybersecurity, border security, and, recently, the distribution of the coronavirus vaccine. The department’s Cybersecurity and Infrastructure Security Agency also oversaw the secure presidential election last month.

National Institutes of Health

The Post also reported the National Institutes of Health, housed in the Department of Health and Human Services, was also compromised. Reports emerged in the summer that the SVR, a Russian intelligence agency, had targeted the COVID-19 vaccine research.

The Pentagon

Parts of the Pentagon, the headquarters of the Department of Defense, were breached, an unnamed US official reportedly told The New York Times. The official said the extent of the attack was unknown.

Department of Energy

Politico reported the Energy Department, including its National Nuclear Security Administration, was subject to the cyber attack. In a statement, a spokesperson said the breach was “isolated to business networks only,” and did not impact national security functions of the department, which includes managing the nuclear weapons stockpile.

Department of the Treasury

The Treasury Department, which manages national finances, was among the first confirmed breaches of the federal government, Reuters reported. Hackers were reportedly spying on internal emails, but the extent of the attack is still unknown.

Department of Commerce

The Commerce Department was also one of the first agencies to have confirmed a breach. Sources told Reuters hackers also appeared to be spying on department emails.

State and local governments

Sources told Bloomberg that up to three state governments were hit by the attack, though they did not name which states. The Intercept reported that the network of the city of Austin, Texas was also breached.

Microsoft

Microsoft confirmed Thursday it was compromised in the cyberattack. Reuters initially reported the breach may have made the tech giant’s customers vulnerable, but Microsoft denied this. The company said there is no evidence its products or customer data were targeted.

FireEye

FireEye, one of the world’s leading cybersecurity firms, announced on December 8 that its systems had been hacked by a nation-state, marking the first discovery of the sweeping cyberattack.

Read the original article on Business Insider