All posts tagged: hacked

OpenAI says New York Times ‘hacked’ ChatGPT to build copyright lawsuit

OpenAI says New York Times ‘hacked’ ChatGPT to build copyright lawsuit

OpenAI has asked a federal judge to dismiss parts of the New York Times copyright lawsuit against it, arguing that the newspaper “hacked” its chatbot ChatGPT and other artificial-intelligence systems to generate misleading evidence for the case. OpenAI said in a filing in Manhattan federal court on Monday that the Times caused the technology to reproduce its material through “deceptive prompts that blatantly violate OpenAI’s terms of use.” “The allegations in the Times’s complaint do not meet its famously rigorous journalistic standards,” OpenAI said. “The truth, which will come out in the course of this case, is that the Times paid someone to hack OpenAI’s products.” Representatives for the New York Times and OpenAI did not immediately respond to requests for comment on the filing. The Times sued OpenAI and its largest financial backer Microsoft in December, accusing them of using millions of its articles without permission to train chatbots to provide information to users. The Times is among several copyright owners that have sued tech companies over the alleged misuse of their work in …

UnitedHealth says Change Healthcare hacked by nation state, as pharmacy outages drag on

UnitedHealth says Change Healthcare hacked by nation state, as pharmacy outages drag on

U.S. health insurance giant UnitedHealth Group said Thursday in a filing with government regulators that its subsidiary Change Healthcare was compromised likely by government-backed hackers. In a filing Thursday, UHG blamed the ongoing cybersecurity incident affecting Change Healthcare on suspected nation state hackers but said it had no timeframe for when its systems would be back online. UHG did not attribute the cyberattack to a specific nation or government, or cite what evidence it had to support its claim. A company spokesperson did not respond to a request for comment at the time of writing. Change Healthcare provides patient billing across the U.S. healthcare system. The company processes billions of healthcare transactions annually and claims it handles around one-in-three U.S. patient records, amounting to around a hundred million Americans. The cyberattack began early Wednesday, according to the company’s incident tracker. Change Healthcare has not yet disclosed the specific nature of its cyberattack. Pharmacies across the U.S. are reporting that they are unable to fulfill prescriptions through patients’ insurance due to the ongoing outage at Change …

How 3 Million ‘Hacked’ Toothbrushes Became a Cyber Urban Legend

How 3 Million ‘Hacked’ Toothbrushes Became a Cyber Urban Legend

Documents exclusively obtained by WIRED reveal that AI surveillance software tracked thousands of people using the London Underground to detect crime or unsafe situations. The machine learning software scoured live CCTV footage to spot aggressive behavior, weapons being brandished, and people dodging fares. The documents also detail errors made during the trial—for instance, mistakenly identifying children walking with their parents as fare evaders. Meanwhile, on Wednesday, cryptocurrency tracing firm Chainalysis published a report finding ransomware payments in 2023 reached over $1.1 billion, the highest annual total ever recorded. The record-breaking sum of extorted funds was due to two things: the high number of ransomware attacks and the amount of money that hackers were demanding from victims, many of whom were targeted specifically for their ability to pay and their inability to sustain a prolonged disruption of services. A tech company, notorious for keeping websites with far-right and other extreme content online, was bought last year by a secretive company whose business is to help set up businesses, often in ways that keep details of those …

Microsoft BitLocker encryption hacked by a cheap off-the-shelf Raspberry Pi Pico

Microsoft BitLocker encryption hacked by a cheap off-the-shelf Raspberry Pi Pico

Security researcher Stacksmashing showed how hackers may use a $4 Raspberry Pi Pico to retrieve the BitLocker encryption key from Windows PCs in just 43 seconds, in a YouTube video. The researcher claims that specific attacks can get beyond BitLocker’s encryption by directly accessing the hardware and retrieving the encryption keys kept in the computer’s Trusted Platform Module (TPM) viz the LPC bus. It has been shown that the encryption key requires physical access to the device and some extended know-how or expertise — so this is not an extended threat across the internet. Of course, BitLocker’s reliance on a TPM for security may be its own downfall in this particular escapade. The dedicated Trusted Module, or TPM has a design flaw that the YouTuber took advantage of. In specific setups, Bitlocker depends on an external TPM to store vital data, including the Volume Master Key and Platform Configuration Registers (which are included in certain CPUs). When using an external TPM, the CPU and TPM communicate over an LPC bus to send the encryption keys …

A Startup Allegedly ‘Hacked the World.’ Then Came the Censorship—and Now the Backlash

A Startup Allegedly ‘Hacked the World.’ Then Came the Censorship—and Now the Backlash

Even so, a little more than two weeks after publishing its investigation into Appin Technology, on December 5, Reuters complied with the Indian court’s injunction, removing its story. Soon, in a kind of domino effect of censorship, others began to take down their own reports about Appin Technology after receiving legal threats based on the same injunction. SentinelOne, the cybersecurity firm that had helped Reuters in its investigation, removed its research on an Appin Technology subsidiary’s alleged hacking from its website. The Internet Archive deleted its copy of the Reuters article. The legal news site Lawfare and cybersecurity news podcast Risky Biz both published analyses based on the article; Risky Biz took its podcast episode down, and Lawfare overwrote every part of its piece that referred to Appin Technology with Xs. WIRED, too, removed a summary of Reuters’ article in a news roundup after receiving Appin Training Centers’ threat. Aside from the injunction that Appin Training Centers has used to demand publishers censor their stories, Appin cofounder Rajat Khare has separately sent legal threats to …

HPE says it was hacked by Russian group behind Microsoft email breach

HPE says it was hacked by Russian group behind Microsoft email breach

Hewlett Packard Enterprise said on Wednesday that its cloud-based email system was compromised by Midnight Blizzard, a Russia-linked hacking group that recently broke into Microsoft’s corporate network. In a filing with the U.S. Securities and Exchange Commission, the enterprise tech giant said it was notified on December 12 that Midnight Blizzard, also known as APT29 or Cozy Bear, had breached its cloud-based email environment. Midnight Blizzard is a notorious hacking group that is widely believed to be sponsored by the Russian government. It has been linked to a number of high-profile attacks, including the infamous SolarWinds attack in 2020 and the 2016 breach of the Democratic National Committee. HPE said an internal investigation has since determined that the Russia-backed hacking group “accessed and exfiltrated data” from a “small percentage” of HPE mailboxes starting in May 2023. HPE spokesperson Adam R. Bauer told TechCrunch that the “sophisticated” attackers “leveraged a compromised account to access internal HPE email boxes in our Office 365 email environment.” The company said in its SEC filing that the breach is likely related …

Security News This Week: US Agencies Urged to Patch Ivanti VPNs That Are Actively Being Hacked

Security News This Week: US Agencies Urged to Patch Ivanti VPNs That Are Actively Being Hacked

A major coordinated disclosure this week called attention to the importance of prioritizing security in the design of graphics processing units (GPUs). Researchers published details about the “LeftoverLocals” vulnerability in multiple brands and models of mainstream GPUs—including Apple, Qualcomm, and AMD chips—that could be exploited to steal sensitive data, such as responses from AI systems. Meanwhile, new findings from the cryptocurrency tracing firm Chainalysis show how stablecoins that are tied to the value of the US dollar were instrumental in cryptocurrency-based scams and sanctions evasion last year. The US Federal Trade Commission reached a settlement earlier this month with the data broker X-Mode (now Outlogic) over its sale of location data gathered from phone apps to the US government and other clients. While the action was hailed by some as a historic privacy win, it also illustrates the limitations of the FTC and the US government’s data privacy enforcement power and the ways in which many companies can avoid scrutiny and consequences for failing to protect consumers’ data. The US internet provider Comcast Xfinity may …

Microsoft Executives’ Emails Hacked by Group Tied to Russian Intelligence

Microsoft Executives’ Emails Hacked by Group Tied to Russian Intelligence

An elite hacking group sponsored by Russian intelligence gained access to the emails of some of Microsoft’s senior executives beginning in late November, the company disclosed in a blog post and regulatory filing on Friday. Microsoft said it had discovered the intrusion a week ago and was still investigating. The hackers appeared to focus on combing through Microsoft’s corporate email accounts to look for information related to the hacking group, which Microsoft’s researchers called Midnight Blizzard. The hackers looked through emails from Microsoft’s senior leadership team as well as employees in cybersecurity, legal and other groups, and took some emails and attachments, the company said. The company, which had worked with cybersecurity firms and governments to investigate previous attacks by the hacking group, did not name the executives whose emails were targeted. The Russian Foreign Intelligence Service has run the hacking group since at least 2008, according to the U.S. Cybersecurity and Infrastructure Security Agency. The group is known by a variety of nicknames, including Cozy Bear, the Dukes and A.P.T. 29, and has been …