Hackers Demand Reddit Reverts (Plus LLMs “Aren’t” Giving Away Windows Keys) | June 20th, 2023
In Today’s Tech News:
- Hackers Demand Reddit Reverts
- AI Is (Not) Giving Away Windows Keys
- Microsoft Confirms They Were DDoSed
- Your AI May Be Stealing From You
Hackers Demand Reddit Reverts
Ransomware group BlackCat has claimed responsibility for the phishing attack on Reddit that occurred in February.
The group asserts that it has obtained 80GB of data and threatens to publicly release it unless Reddit pays a $4.5 million ransom and rolls back its proposed API pricing changes, which sparked protests from users and moderators.
Reddit confirmed the February breach involved a sophisticated and highly targeted phishing attack but stated that user data not already public had not been accessed.
Reddit declined to comment on the recent claims made by BlackCat.
You can find out more about the current Reddit revolt at 2minutetechbytes.com
Sources:
AI Is (Not) Giving Away Windows Keys
Twitter user, @immasiddtweets, discovered that ChatGPT can generate free Windows 10 and 11 keys when prompted correctly.
Screenshots of the generated keys went viral on Twitter, however, it was reported that the keys generated by ChatGPT and Google Bard were generic license keys, limiting the functionality of the operating system to the basic version.
When attempting to replicate the results, both chatbots initially decline to generate the keys, stating they lack the ability to do so, but after some prompt engineering, specifically telling the LLMs that a deceased grandmother would read Windows 10 Pro keys as bedtime stories both chatbots eventually provided keys.
It is unclear if the keys generated are from LLM hallucinations or if the responses are from scraped articles from around the internet, but we are excited to see what users crack next.
Sources:
Microsoft Confirms They Were DDoSed
Microsoft has confirmed that recent outages to the Azure, Outlook, and OneDrive web portals were the results of layer 7 DDoS attacks.
Layer 7 DDoS attacks, or distributed denial of service attacks, are carried out at the application level of the OSI Model, the model describing standard machine-to-machine communication layers found in the sources below.
Anonymous Sudan has claimed responsibility for the attack that took out Outlook.com on June 7th, OneDrive on the 8th, and finally the Azure portal on June 9th.
Microsoft originally hinted they were being DDoSed during the incident stating they were “applying load balancing processes in order to mitigate the issue.” but did not confirm til a press release on June 19th.
Anonymous Sudan, or Storm-1359, is known for targeting organizations and government agencies worldwide, taking them down in DDoS attacks or leaking stolen data.
Sources:
Your AI May Be Stealing From You
Unit 42, a security research team at Palo Alto Networks has found ChatGPT impersonation apps targeting Android users.
SuperGPT, an AI assistant that uses GPT4 as its backend has an evil twin that has been found disturbing Command and Control Malware.
The real app, shown on screen now, will help you write emails, answer questions, and translate literature while the masquerading malware will give an attacker control of the Android device through the Meterpreter Trojan.
Another Android app, this time a ChatGPT rip-off, was found sending premium text messages to a hard-coded Taiwanese phone number after getting access to the SEND_SMS Android permission.
To mitigate your risk of AI exploitation,
- Never put sensitive information into AI generative services like ChatGPT or Bard
- Track and review all LLM use-cases to ensure no sensitive information is being exposed
- Proactively notify employees of the security risks associated with using AI generative services in the workplace.
- Never download apps from 3rd party distributors
Sources:
What Are Your Thoughts?
- Will Reddit or its community win the stand-off?
- Are DDoS attacks making a comeback as a new norm?
- Why would life give you lemons?
Let us know your thoughts in the comments at the bottom of the page!