Businesses

Startup Can Identify Deepfake Video In Real Time (wired.com) 28

An anonymous reader quotes a report from Wired: Real-time video deepfakes are a growing threat for governments, businesses, and individuals. Recently, the chairman of the US Senate Committee on Foreign Relations mistakenly took a video call with someone pretending to be a Ukrainian official. An international engineering company lost millions of dollars earlier in 2024 when one employee was tricked by a deepfake video call. Also, romance scams targeting everyday individuals have employed similar techniques. "It's probably only a matter of months before we're going to start seeing an explosion of deepfake video, face-to-face fraud," says Ben Colman, CEO and cofounder at Reality Defender. When it comes to video calls, especially in high-stakes situations, seeing should not be believing.

The startup is laser-focused on partnering with business and government clients to help thwart AI-powered deepfakes. Even with this core mission, Colman doesn't want his company to be seen as more broadly standing against artificial intelligence developments. "We're very pro-AI," he says. "We think that 99.999 percent of use cases are transformational -- for medicine, for productivity, for creativity -- but in these kinds of very, very small edge cases the risks are disproportionately bad." Reality Defender's plan for the real-time detector is to start with a plug-in for Zoom that can make active predictions about whether others on a video call are real or AI-powered impersonations. The company is currently working on benchmarking the tool to determine how accurately it discerns real video participants from fake ones. Unfortunately, it's not something you'll likely be able to try out soon. The new software feature will only be available in beta for some of the startup's clients.

As Reality Defender works to improve the detection accuracy of its models, Colman says that access to more data is a critical challenge to overcome -- a common refrain from the current batch of AI-focused startups. He's hopeful more partnerships will fill in these gaps, and without specifics, hints at multiple new deals likely coming next year. After ElevenLabs was tied to a deepfake voice call of US president Joe Biden, the AI-audio startup struck a deal with Reality Defender to mitigate potential misuse. [...] "We don't ask my 80-year-old mother to flag ransomware in an email," says Colman. "Because she's not a computer science expert." In the future, it's possible real-time video authentication, if AI detection continues to improve and shows to be reliably accurate, will be as taken for granted as that malware scanner quietly humming along in the background of your email inbox.

Security

Ex-Palantir CISO Dane Stuckey Joins OpenAI To Lead Cybersecurity (securityweek.com) 18

wiredmikey shares a report from SecurityWeek: Dane Stuckey, the former Chief Information Security Officer (CISO) of big data analytics and AI firm Palantir, has joined OpenAI CISO. Stuckey served in senior security roles at Palantir for more than ten years, including 6 plus years as the company's CISO. In his new role, Stuckey said he would be working alongside Matt Knight, Head of Security at OpenAI. "Security is germane to OpenAI's mission," said Stuckey in a post on X. "It is critical we meet the highest standards for compliance, trust, and security to protect hundreds of millions of users of our products, enable democratic institutions to maximally benefit from these technologies, and drive the development of safe AGI for the world."

"I am so excited for this next chapter, and can't wait to help secure a future where AI benefits us all," Stuckey added.
Security

Credit Cards Don't Require Signatures. So Why Do We Still Sign? (msn.com) 136

An anonymous reader shares a report: The big financial moments in life used to be marked with a flourish of a pen. Buying a house. A car. Breakfast. Not anymore. Visa, Mastercard, Discover and American Express dropped the requirement to sign for charges like restaurant checks in 2018. They don't look at our scribbles to verify identity or stop fraud. Taps, clicks and electronic signatures took over the heavy lifting for many everyday purchases -- and many contracts, loan applications and even Social Security forms. The John Hancock was written off as a relic useful mainly to inflate the value of sports memorabilia. But signatures didn't die.

We continue to be asked to sign with ink on paper or using fingers on touch screens at many restaurants, bars and other businesses. And people keep signing card receipts out of habit -- even when there is no blank space for it -- because it feels weird not to, payment networks and retail groups say. "Traditions have this odd way of sticking around," said Doug Kantor, general counsel of the National Association of Convenience Stores. Signatures had been used to verify identity and agree to financial terms for centuries. Banks kept records of customer signatures to check against, but the sheer number of transactions and advancements in technology eventually made that impractical.

By the 1980s, charges could be processed electronically. Signatures were still used in cases of fraud or stolen cards. Banks could call merchants and ask them to present a signed receipt. Yet given how easy signatures are to forge, they proved limited as a fraud prevention tool. Now there are more sophisticated ways to determine whether cards are stolen or misused, according to Mark Nelsen, global head of consumer payments at Visa.

Security

Sysadmins Rage Over Apple's 'Nightmarish' SSL/TLS Cert Lifespan Cuts (theregister.com) 293

The Register's Jessica Lyons reports: Apple wants to shorten SSL/TLS security certificates' lifespans, down from 398 days now to just 45 days by 2027, and sysadmins have some very strong feelings about this "nightmarish" plan. As one of the hundreds that took to Reddit to lament the proposal said: "This will suck. My least favorite vendor manages something like 10 websites for us, and we have to provide the certs manually every time. Between live and test this is gonna suck."

The Apple proposal, a draft ballot measure that will likely go up for a vote among Certification Authority Browser Forum (CA/B Forum) members in the upcoming months, was unveiled by the iThings maker during the Forum's fall meeting. If approved, it will affect all Safari certificates, which follows a similar push by Google, that plans to reduce the max-validity period on Chrome for these digital trust files down to 90 days.

... [W]hile it's generally agreed that shorter lifespans improve internet security overall -- longer certificate terms mean criminals have more time to exploit vulnerabilities and old website certificates -- the burden of managing these expired certs will fall squarely on the shoulders of systems administrators. [...] Even certificate provider Sectigo, which sponsored the Apple proposal, admitted that the shortened lifespans "will no doubt prove a headache for busy IT security teams, juggling with lots of certificates expiring at different times."
While automation is often touted as the solution to this problem, sysadmins were quick to point out that some SSL certs can't be automated. "This is somewhat nightmarish," said one sysadmin. "I have about 20 appliance like services that have no support for automation. Almost everything in my environment is automated to the extent that is practical. SSL renewal is the lone achilles heel that I have to deal with once every 365 days."
Security

Cisco Investigates Breach After Stolen Data For Sale On Hacking Forum (bleepingcomputer.com) 9

Longtime Slashdot reader mprindle shares a report from BleepingComputer: Cisco has confirmed to BleepingComputer that it is investigating recent claims that it suffered a breach after a threat actor began selling allegedly stolen data on a hacking forum. [...] This statement comes after a well-known threat actor named "IntelBroker" said that he and two others called "EnergyWeaponUser and "zjj" breached Cisco on October 6, 2024, and stole a large amount of developer data from the company.

"Compromised data: Github projects, Gitlab Projects, SonarQube projects, Source code, hard coded credentials, Certificates, Customer SRCs, Cisco Confidential Documents, Jira tickets, API tokens, AWS Private buckets, Cisco Technology SRCs, Docker Builds, Azure Storage buckets, Private & Public keys, SSL Certificates, Cisco Premium Products & More!," reads the post to a hacking forum. IntelBroker also shared samples of the alleged stolen data, including a database, customer information, various customer documentation, and screenshots of customer management portals. However, the threat actor did not provide further details about how the data was obtained.

AI

National Archives Pushes Google Gemini AI on Employees 19

An anonymous reader shares a report: In June, the U.S. National Archives and Records Administration (NARA) gave employees a presentation and tech demo called "AI-mazing Tech-venture" in which Google's Gemini AI was presented as a tool archives employees could use to "enhance productivity." During a demo, the AI was queried with questions about the John F. Kennedy assassination, according to a copy of the presentation obtained by 404 Media using a public records request.

In December, NARA plans to launch a public-facing AI-powered chatbot called "Archie AI," 404 Media has learned. "The National Archives has big plans for AI," a NARA spokesperson told 404 Media. "It's going to be essential to how we conduct our work, how we scale our services for Americans who want to be able to access our records from anywhere, anytime, and how we ensure that we are ready to care for the records being created today and in the future."

Employee chat logs given during the presentation show that National Archives employees are concerned about the idea that AI tools will be used in archiving, a practice that is inherently concerned with accurately recording history. One worker who attended the presentation told 404 Media "I suspect they're going to introduce it to the workplace. I'm just a person who works there and hates AI bullshit." The presentation was given about a month after the National Archives banned employees from using ChatGPT because it said it posted an "unacceptable risk to NARA data security," and cautioned employees that they should "not rely on LLMs for factual information."
Security

New Passkey Specifications Will Let Users Import and Export Them (9to5mac.com) 29

9to5Mac's Filipe Esposito reports: Passkeys were introduced two years ago, and they replace traditional passwords with more secure authentication using a security key or biometrics. To make the technology even better, the FIDO Alliance published on Monday new specifications for passkeys, which ensure a way to let users import and export them. Currently, there's no secure way to move passkeys between different password managers. For example, if you've stored a specific passkey in Apple's Passwords app, you can't simply move it to 1Password, or vice versa. But that will change soon.

As just announced by the FIDO Alliance, the new specifications aim to promote user choice by offering a way to import and export passkeys. The draft of the new specifications establishes the Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF) formats for transferring not only passkeys, but other types of credentials will also be supported. The new formats are encrypted, which ensures that credentials remain secure during the process. For comparison, most password managers currently rely on CSV files to import and export credentials, which is much less secure.

Windows

Lots of PCs Are Poised To Fall Off the Windows 10 Update Cliff One Year From Today (arstechnica.com) 177

One year from today, on October 14, 2025, Microsoft will stop releasing security updates for PCs that are still running Windows 10. From a report: Organizations and individuals will still be able to pay for three more years of updates, with prices that go up steadily each year (Microsoft still hasn't provided pricing for end users, only saying that it will release pricing info "closer to the October 2025 date.") But for most PCs running Windows 10, the end of the line is in sight.
Security

National Public Data, the Hacked Data Broker That Lost Millions of Social Security Numbers and More, Files For Bankruptcy (techcrunch.com) 28

An anonymous reader shares a report: A Florida data broker that lost hundreds of millions of Social Security numbers and other personally identifiable information in a data breach earlier this year, has filed for Chapter 11 bankruptcy protection as the company faces a wave of litigation.

Jericho Pictures, the parent company of the hacked data broker National Public Data, told a Florida bankruptcy court that it was unlikely to be able to repay its debtors or address its anticipated liabilities and class-action lawsuits, including paying "for credit monitoring for hundreds of millions of potentially impacted individuals." In its initial filing, Jericho Pictures' owner, Salvatore Verini, said the company "faces substantial uncertainty facing regulatory challenges by the Federal Trade Commission and more than 20 states with civil penalties for data breaches."

Open Source

'Open Source Royalty and Mad Kings' (hey.com) 88

WordPress.org has seized control of WP Engine's Advanced Custom Fields plugin, renaming it "Secure Custom Fields" and removing commercial elements, according to WordPress co-founder Matt Mullenweg. The move, justified by alleged security concerns and linked to ongoing litigation between WP Engine and Automattic, marks an unprecedented forcible takeover in the WordPress ecosystem.

David Heinemeier Hansson, creator of Ruby on Rails and co-founder and chief technology officer of Basecamp-maker 37signals, opines on the situation: For a dispute that started with a claim of "trademark confusion", there's an incredible irony in the fact that Automattic is now hijacking users looking for ACF onto their own plugin. And providing as rational for this unprecedented breach of open source norms that ACF needs maintenance, and since WPE is no longer able to provide that (given that they were blocked!), Automattic has to step in to do so. I mean, what?!

Imagine this happening on npm? Imagine Meta getting into a legal dispute with Microsoft (the owners of GitHub, who in turn own npm), and Microsoft responding by directing GitHub to ban all Meta employees from accessing their repositories. And then Microsoft just takes over the official React repository, pointing it to their own Super React fork. This is the kind of crazy we're talking about.

Weaponizing open source code registries is something we simply cannot allow to form precedence. They must remain neutral territory. Little Switzerlands in a world of constant commercial skirmishes.

And that's really the main reason I care to comment on this whole sordid ordeal. If this fight was just one between two billion-dollar companies, as Automattic and WPE both are, I would not have cared to wade in. But the principles at stake extend far beyond the two of them.

Using an open source project like WordPress as leverage in this contract dispute, and weaponizing its plugin registry, is an endangerment of an open source peace that has reigned decades, with peace-time dividends for all. Not since the SCO-Linux nonsense of the early 2000s have we faced such a potential explosion in fear, doubt, and uncertainty in the open source realm on basic matters everyone thought they could take for granted.

Power

Solar Power Brought by Volunteers to Hurricane Helene's Disaster Zone (apnews.com) 74

Bobby Renfro spent $1,200 to buy a gas-powered electricity generator for a community resource hub he set up in a former church near hurricane-struck Asheville, North Carolina. He's spending thousands more on fuel, reports the Associated Press — though he's just one of many. Right now over 500,000 people are without power in Florida, according to the PowerOutage.us project — with more than 9,000 in Georgia, and over 17,000 in North Carolina" Without it, they can't keep medicines cold or power medical equipment or pump well water. They can't recharge their phones or apply for federal disaster aid... Residents who can get their hands on gas and diesel-powered generators are depending on them, but that is not easy. Fuel is expensive and can be a long drive away. Generator fumes pollute and can be deadly. Small home generators are designed to run for hours or days, not weeks and months.

Now, more help is arriving. Renfro received a new power source this week, one that will be cleaner, quieter and free to operate. Volunteers with the nonprofit Footprint Project and a local solar installation company delivered a solar generator with six 245-watt solar panels, a 24-volt battery and an AC power inverter. The panels now rest on a grassy hill outside the community building. Renfro hopes his community can draw some comfort and security, "seeing and knowing that they have a little electricity." The Footprint Project is scaling up its response to this disaster with sustainable mobile infrastructure. It has deployed dozens of larger solar microgrids, solar generators and machines that can pull water from the air to 33 sites so far, along with dozens of smaller portable batteries.

With donations from solar equipment and installation companies as well as equipment purchased through donated funds, the nonprofit is sourcing hundreds more small batteries and dozens of other larger systems and even industrial-scale solar generators known as "Dragon Wings."

Privacy

Privacy Advocates Urge 23andMe Customers to Delete Their Data. But Can They? (sfgate.com) 45

"Some prominent privacy advocates are encouraging customers to pull their data" from 23andMe, reports SFGate.

But can you actually do that? 23andMe makes it easy to feel like you've protected your genetic footprint. In their account settings, customers can download versions of their data to a computer and choose to delete the data attached to their 23andMe profile. An email then arrives with a big pink button: "Permanently Delete All Records." Doing so, it promises, will "terminate your relationship with 23andMe and irreversibly delete your account and Personal Information."

But there's another clause in the email that conflicts with that "terminate" promise. It says 23andMe and whichever contracted genotyping laboratory worked on a customer's samples will still hold on to the customer's sex, date of birth and genetic information, even after they're "deleted." The reason? The company cites "legal obligations," including federal laboratory regulations and California lab rules. The federal program, which sets quality standards for laboratories, requires that labs hold on to patient test records for at least two years; the California rule, part of the state's Business and Professions Code, requires three. When SFGATE asked 23andMe vice president of communications Katie Watson about the retention mandates, she said 23andMe does delete the genetic data after the three-year period, where applicable...

Before it's finally deleted, the data remains 23andMe property and is held under the same rules as the company's privacy policy, Watson added. If that policy changes, customers are supposed to be informed and asked for their consent. In the meantime, a hack is unfortunately always possible. Another 23andMe spokesperson, Andy Kill, told SFGATE that [CEO Anne] Wojcicki is "committed to customers' privacy and pledges to retain the current privacy policy in force for the foreseeable future, including after the acquisition she is currently pursuing."

An Electronic Frontier Foundation privacy lawyer tells SFGate there's no information more personal than your DNA. "It is like a Social Security number, it can't be changed. But it's not just a piece of paper, it's kind of you."

He urged 23andMe to leave customers' data out of any acquisition deals, and promise customers they'd avoid takeover attempts from companies with bad security — or with ties to law enforcement.
The Military

Mystery Drones Swarmed a US Military Base for 17 Days. Investigators are Stumped (msn.com) 133

The Wall Street Journal reports on a "suspicious fleet of unidentified aircraft... as many as a dozen or more" that appeared in Virginia 10 months ago "over an area that includes the home base for the Navy's SEAL Team Six and Naval Station Norfolk, the world's largest naval port." The article notes this was just 10 months after the U.S. shot down a Chinese spy balloon...

After watching the drones — some "roughly 20 feet long and flying at more than 100 miles an hour" — there were weeks of meetings where "Officials from agencies including the Defense Department, Federal Bureau of Investigation and the Pentagon's UFO office joined outside experts to throw out possible explanations as well as ideas about how to respond..." Federal law prohibits the military from shooting down drones near military bases in the U.S. unless they pose an imminent threat. Aerial snooping doesn't qualify, though some lawmakers hope to give the military greater leeway...

Drone incursions into restricted airspace was already worrying national-security officials. Two months earlier, in October 2023, five drones flew over a government site used for nuclear-weapons experiments. The Energy Department's Nevada Nuclear Security Site outside Las Vegas detected four of the drones over three days. Employees spotted a fifth. U.S. officials said they didn't know who operated the drones in Nevada, a previously unreported incursion, or for what reason. A spokeswoman said the facility has since upgraded a system to detect and counter drones...

Over 17 days, the [Virginia] drones arrived at dusk, flew off and circled back... They also were nearly impossible to track, vanishing each night despite a wealth of resources deployed to catch them. Gen. Glen VanHerck, at the time commander of the U.S. Northern Command and the North American Aerospace Defense Command, said drones had for years been spotted flying around defense installations. But the nightly drone swarms over Langley [Air Force base], he said, were unlike any past incursion...

Analysts learned that the smaller quadcopters didn't use the usual frequency band available for off-the-shelf commercial drones — more evidence that the drone operators weren't hobbyists.

"Langley officials canceled nighttime training missions, worried about potential collisions with the drone swarm, and moved the F-22 jet fighters to another base... On December 23, the drones made their last visit."

But toward the end of the article, it notes that "In January, authorities found a clue they hoped would crack the case." It was a student at the University of Minnesota named Fengyun Shi — who was reported flying a drone on a rainy morning near a Virginia shipyard that builds nuclear submarines and aircraft carriers. Their drone got stuck in a tree, and ended up with federal investigators who found "Shi had photographed Navy vessels in dry dock, including shots taken around midnight. Some were under construction at the nearby shipyard." On Jan. 18, federal agents arrested Shi as he was about to board a flight to China on a one-way ticket. Shi told FBI agents he was a ship enthusiast and hadn't realized his drone crossed into restricted airspace. Investigators weren't convinced. but found no evidence linking him to the Chinese government. They learned he had bought the drone on sale at a Costco in San Francisco the day before he traveled to Norfolk. U.S. prosecutors charged Shi with unlawfully taking photos of classified naval installations, the first case involving a drone under a provision of U.S. espionage law. The 26-year-old Chinese national pleaded guilty and appeared in federal court in Norfolk on Oct. 2 for sentencing. Magistrate Judge Lawrence Leonard said he didn't believe Shi's story — that he had been on vacation and was flying drones in the middle of the night for fun. "There's significant holes," the judge said in court.

"If he was a foreign agent, he would be the worst spy ever known," said Shi's attorney, Shaoming Cheng. "I'm sorry about what happened in Norfolk," Shi said before he was sentenced to six months in federal prison.

But "U.S. officials have yet to determine who flew the Langley drones or why..."

"U.S. officials confirmed this month that more unidentified drone swarms were spotted in recent months near Edwards Air Force Base, north of Los Angeles."
Stats

C Drops, Java (and Rust) Climb in Popularity - as Coders Seek Easy, Secure Languages (techrepublic.com) 108

Last month C dropped from 3rd to 4th in TIOBE's ranking of programming language popularity (which tries to calculate each language's share of search engine results). Java moved up into the #3 position in September, reports TechRepublic, which notes that by comparison October "saw relatively little change" — though percentages of search results increased slightly. "At number one, Python jumped from 20.17% in September to 21.9% in October. In second place, C++ rose from 10.75% in September to 11.6%. In third, Java ascended from 9.45% to 10.51%..."

Is there a larger trend? TIOBE CEO Paul Jansen writes that the need to harvest more data increases demand for fast data manipulation languages. But they also need to be easy to learn ("because the resource pool of skilled software engineers is drying up") and secure ("because of continuous cyber threats.") King of all, Python, is easy to learn and secure, but not fast. Hence, engineers are frantically looking for fast alternatives for Python. C++ is an obvious candidate, but it is considered "not secure" because of its explicit memory management. Rust is another candidate, although not easy to learn. Rust is, thanks to its emphasis on security and speed, making its way to the TIOBE index top 10 now. [It's #13 — up from #20 a year ago]

The cry for fast, data crunching languages is also visible elsewhere in the TIOBE index. The language Mojo [a faster superset of Python designed for accelerated hardware like GPUs]... enters the top 50 for the first time. The fact that this language is only 1 year old and already showing up, makes it a very promising language.

In the last 12 months three languages also fell from the top ten:
  • PHP (dropping from #8 to #15)
  • SQL (dropping from #9 to #11)
  • Assembly language (dropping from #10 to #16)

AI

LLM Attacks Take Just 42 Seconds On Average, 20% of Jailbreaks Succeed (scworld.com) 79

spatwei shared an article from SC World: Attacks on large language models (LLMs) take less than a minute to complete on average, and leak sensitive data 90% of the time when successful, according to Pillar Security.

Pillar's State of Attacks on GenAI report, published Wednesday, revealed new insights on LLM attacks and jailbreaks, based on telemetry data and real-life attack examples from more than 2,000 AI applications. LLM jailbreaks successfully bypass model guardrails in one out of every five attempts, the Pillar researchers also found, with the speed and ease of LLM exploits demonstrating the risks posed by the growing generative AI (GenAI) attack surface...

The more than 2,000 LLM apps studied for the State of Attacks on GenAI report spanned multiple industries and use cases, with virtual customer support chatbots being the most prevalent use case, making up 57.6% of all apps.

Common jailbreak techniques included "ignore previous instructions" and "ADMIN override", or just using base64 encoding. "The Pillar researchers found that attacks on LLMs took an average of 42 seconds to complete, with the shortest attack taking just 4 seconds and the longest taking 14 minutes to complete.

"Attacks also only involved five total interactions with the LLM on average, further demonstrating the brevity and simplicity of attacks."
Microsoft

Microsoft's Take On Kernel Access and Safe Deployment After CrowdStrike Incident (securityweek.com) 45

wiredmikey writes: As the dust settles following the massive Windows BSOD tech outages caused by CrowdStrike in July 2024, the question is now, how do we prevent this happening again? While there was no current way Microsoft could have prevented this incident, the OS firm is obviously keen to prevent anything similar happening in the future. SecurityWeek talked to David Weston, VP enterprise and OS security at Microsoft, to discuss Windows kernel access and safe deployment practices (or SDP).
Former Ukranian officer Serhii "Flash" Beskrestnov created a Signal channel where military communications specialists could talk with civilian radio experts, reports MIT's Technology Review. But radio communications are crucial for drones, so... About once a month, he drives hundreds of kilometers east in a homemade mobile intelligence center: a black VW van in which stacks of radio hardware connect to an array of antennas on the roof that stand like porcupine quills when in use. Two small devices on the dash monitor for nearby drones. Over several days at a time, Flash studies the skies for Russian radio transmissions and tries to learn about the problems facing troops in the fields and in the trenches.

He is, at least in an unofficial capacity, a spy. But unlike other spies, Flash does not keep his work secret. In fact, he shares the results of these missions with more than 127,000 followers — including many soldiers and government officials — on several public social media channels. Earlier this year, for instance, he described how he had recorded five different Russian reconnaissance drones in a single night — one of which was flying directly above his van... Drones have come to define the brutal conflict that has now dragged on for more than two and a half years. And most rely on radio communications — a technology that Flash has obsessed over since childhood. So while Flash is now a civilian, the former officer has still taken it upon himself to inform his country's defense in all matters related to radio...

Flash has also become a source of some controversy among the upper echelons of Ukraine's military, he tells me. The Armed Forces of Ukraine declined multiple requests for comment, but Flash and his colleagues claim that some high-ranking officials perceive him as a security threat, worrying that he shares too much information and doesn't do enough to secure sensitive intel... [But] His work has become greatly important to those fighting on the ground, and he recently received formal recognition from the military for his contributions to the fight, with two medals of commendation — one from the commander of Ukraine's ground forces, the other from the Ministry of Defense...

And given the mounting evidence that both militaries and militant groups in other parts of the world are now adopting drone tactics developed in Ukraine, it's not only his country's fate that Flash may help to determine — but also the ways that armies wage war for years to come.

He's also written guides on building cheap anti-drone equipment...
China

Who's Winning America's 'Tech War' With China? (wired.com) 78

In mid-2021 Ameria's National Security Advisor set up a new directorate focused on "advanced chips, quantum computing, and other cutting-edge tech," reports Wired. And the next year as Congress was working on boosting America's semiconductor sector, he was "closing in on a plan to cripple China's... In October 2022, the Commerce Department forged ahead with its new export controls."

So what happened next? In a phone call with President Biden this past spring, Xi Jinping warned that if the US continued trying to stall China's technological development, he would not "sit back and watch." And he hasn't. Already, China has answered the US export controls — and its corresponding deals with other countries — by imposing its own restrictions on critical minerals used to make semiconductors and by hoovering up older chips and manufacturing equipment it is still allowed to buy. For the past several quarters, in fact, China was the top customer for ASML and a number of Japanese chip companies. A robust black market for banned chips has also emerged in China. According to a recent New York Times investigation, some of the Chinese companies that have been barred from accessing American chips through US export controls have set up new corporations to evade those bans. (These companies have claimed no connection to the ones who've been banned.) This has reportedly enabled Chinese entities with ties to the military to obtain small amounts of Nvidia's high-powered chips.

Nvidia, meanwhile, has responded to the US actions by developing new China-specific chips that don't run afoul of the US controls but don't exactly thrill the Biden administration either. For the White House and Commerce Department, keeping pace with all of these workarounds has been a constant game of cat and mouse. In 2023, the US introduced the first round of updates to its export controls. This September, it released another — an announcement that was quickly followed by a similar expansion of controls by the Dutch. Some observers have speculated that the Biden administration's actions have only made China more determined to invest in its advanced tech sector.

And there's clearly some truth to that. But it's also true that China has been trying to become self-sufficient since long before Biden entered office. Since 2014, it has plowed nearly $100 billion into its domestic chip sector. "That was the world we walked into," [NSA Advisor Jake] Sullivan said. "Not the world we created through our export controls." The United States' actions, he argues, have only made accomplishing that mission that much tougher and costlier for Beijing. Intel CEO Pat Gelsinger estimated earlier this year that there's a "10-year gap" between the most powerful chips being made by Chinese chipmakers like SMIC and the ones Intel and Nvidia are working on, thanks in part to the export controls.

If the measure of Sullivan's success is how effectively the United States has constrained China's advancement, it's hard to argue with the evidence. "It's probably one of the biggest achievements of the entire Biden administration," said Martijn Rasser, managing director of Datenna, a leading intelligence firm focused on China. Rasser said the impact of the US export controls alone "will endure for decades." But if you're judging Sullivan's success by his more idealistic promises regarding the future of technology — the idea that the US can usher in an era of progress dominated by democratic values — well, that's a far tougher test. In many ways, the world, and the way advanced technologies are poised to shape it, feels more unsettled than ever.

Four years was always going to be too short for Sullivan to deliver on that promise. The question is whether whoever's sitting in Sullivan's seat next will pick up where he left off.

The Military

The Radio-Obsessed Civilian Shaping Ukraine's Drone Defense (technologyreview.com) 42

Former Ukranian officer Serhii "Flash" Beskrestnov created a Signal channel where military communications specialists could talk with civilian radio experts, reports MIT's Technology Review. But radio communications are crucial for drones, so... About once a month, he drives hundreds of kilometers east in a homemade mobile intelligence center: a black VW van in which stacks of radio hardware connect to an array of antennas on the roof that stand like porcupine quills when in use. Two small devices on the dash monitor for nearby drones. Over several days at a time, Flash studies the skies for Russian radio transmissions and tries to learn about the problems facing troops in the fields and in the trenches.

He is, at least in an unofficial capacity, a spy. But unlike other spies, Flash does not keep his work secret. In fact, he shares the results of these missions with more than 127,000 followers — including many soldiers and government officials — on several public social media channels. Earlier this year, for instance, he described how he had recorded five different Russian reconnaissance drones in a single night — one of which was flying directly above his van... Drones have come to define the brutal conflict that has now dragged on for more than two and a half years. And most rely on radio communications — a technology that Flash has obsessed over since childhood. So while Flash is now a civilian, the former officer has still taken it upon himself to inform his country's defense in all matters related to radio...

Flash has also become a source of some controversy among the upper echelons of Ukraine's military, he tells me. The Armed Forces of Ukraine declined multiple requests for comment, but Flash and his colleagues claim that some high-ranking officials perceive him as a security threat, worrying that he shares too much information and doesn't do enough to secure sensitive intel... [But] His work has become greatly important to those fighting on the ground, and he recently received formal recognition from the military for his contributions to the fight, with two medals of commendation — one from the commander of Ukraine's ground forces, the other from the Ministry of Defense...

And given the mounting evidence that both militaries and militant groups in other parts of the world are now adopting drone tactics developed in Ukraine, it's not only his country's fate that Flash may help to determine — but also the ways that armies wage war for years to come.

He's also written guides on building cheap anti-drone equipment...
Crime

Halcyon Announces Anti-Ransomware Protection for Enterprise Linux Environments (linux-magazine.com) 14

Formed in 2021 by cybersecurity professionals (and backed by high-powered VCs including Dell Technologies Capital), Halcyon sells an enterprise-grade anti-ransomware platform.

And this month they announced they're offering protection against ransomware attacks targeting Linux systems, according to Linux magazine: According to Cynet, Linux ransomware attacks increased by 75 percent in 2023 and are expected to continue to climb as more bad actors target Linux deployments... "While Windows is the favorite for desktops, Linux dominates the market for supercomputers and servers."
Here's how Halcyon's announcement made their pitch: "When it comes to ransomware protection, organizations typically prioritize securing Windows environments because that's where the ransomware operators were focusing most of their attacks. However, Linux-based systems are at the core of most any organization's infrastructure, and protecting these systems is often an afterthought," said Jon Miller, CEO & Co-founder, Halcyon. "The fact that Linux systems usually are always on and available means they provide the perfect beachhead for establishing persistence and moving laterally in a targeted network, and they can be leveraged for data theft where the exfiltration is easily masked by normal network traffic. As more ransomware operators are developing the capability to target Linux systems alongside Windows, it is imperative that organizations have the ability to keep pace with the expanded threat."

Halcyon Linux, powered through the Halcyon Anti-Ransomware Platform, uniquely secures Linux-based systems offering comprehensive protection and rapid response capabilities... Halcyon Linux monitors and detects ransomware-specific behaviors such as unauthorized access, lateral movement, or modification of critical files in real-time, providing instant alerts with critical context... When ransomware is suspected or detected, the Halcyon Ransomware Response Engine allows for rapid response and action.... Halcyon Data Exfiltration Protection (DXP) identifies and blocks unauthorized data transfers to protect sensitive information, safeguarding the sensitive data stored in Linux-based systems and endpoints...

Halcyon Linux runs with minimal resource impact, ensuring critical environments such as database servers or virtualized workloads, maintain the same performance.

And in addition, Halcyon offers "an around the clock Threat Response team, reviewing and responding to alerts," so your own corporate security teams "can attend to other pressing priorities..."
Privacy

Casio Confirms Customer Data Stolen In Ransomware Attack (bleepingcomputer.com) 11

Casio confirmed it suffered a ransomware attack earlier this month, resulting in the theft of personal and confidential data from employees, job candidates, business partners, and some customers. Although customer payment data was not compromised, Casio warns the impact may broaden as the investigation continues. BleepingComputer reports: The attack was disclosed Monday when Casio warned that it was facing system disruption and service outages due to unauthorized access to its networks during the weekend. Yesterday, the Underground ransomware group claimed responsibility for the attack, leaking various documents allegedly stolen from the Japanese tech giant's systems. Today, after the data was leaked, Casio published a new statement that admits that sensitive data was stolen during the attack on its network.

As to the current results of its ongoing investigation, Casio says the following information has been confirmed as likely compromised:

- Personal data of both permanent and temporary/contract employees of Casio and its affiliated companies.
- Personal details related to business partners of Casio and certain affiliates.
- Personal information of individuals who have interviewed for employment with Casio in the past.
- Personal information related to customers using services provided by Casio and its affiliated companies.
- Details related to contracts with current and past business partners.
- Financial data regarding invoices and sales transactions.
- Documents that include legal, financial, human resources planning, audit, sales, and technical information from within Casio and its affiliates.

Slashdot Top Deals