Connect with us

Sci-Tech

Did One Guy Just Stop a Huge Cyberattack?

Published

on

[ad_1]

The internet, as anyone who works deep in its trenches will tell you, is not a smooth, well-oiled machine.

It’s a messy patchwork that has been assembled over decades, and is held together with the digital equivalent of Scotch tape and bubble gum. Much of it relies on open-source software that is thanklessly maintained by a small army of volunteer programmers who fix the bugs, patch the holes and ensure the whole rickety contraption, which is responsible for trillions of dollars in global G.D.P., keeps chugging along.

Last week, one of those programmers may have saved the internet from huge trouble.

His name is Andres Freund. He’s a 38-year-old software engineer who lives in San Francisco and works at Microsoft. His job involves developing a piece of open-source database software known as PostgreSQL, whose details would probably bore you to tears if I could explain them correctly, which I can’t.

Recently, while doing some routine maintenance, Mr. Freund inadvertently found a backdoor hidden in a piece of software that is part of the Linux operating system. The backdoor was a possible prelude to a major cyberattack that experts say could have caused enormous damage, if it had succeeded.

Now, in a twist fit for Hollywood, tech leaders and cybersecurity researchers are hailing Mr. Freund as a hero. Satya Nadella, the chief executive of Microsoft, praised his “curiosity and craftsmanship.” An admirer called him “the silverback gorilla of nerds.” Engineers have been circulating an old, famous-among-programmers web comic about how all modern digital infrastructure rests on a project maintained by some random guy in Nebraska. (In their telling, Mr. Freund is the random guy from Nebraska.)

In an interview this week, Mr. Freund — who is actually a soft-spoken, German-born coder who declined to have his photo taken for this story — said that becoming an internet folk hero had been disorienting.

“I find it very odd,” he said. “I’m a fairly private person who just sits in front of the computer and hacks on code.”

The saga began earlier this year, when Mr. Freund was flying back from a visit to his parents in Germany. While reviewing a log of automated tests, he noticed a few error messages he didn’t recognize. He was jet-lagged, and the messages didn’t seem urgent, so he filed them away in his memory.

But a few weeks later, while running some more tests at home, he noticed that an application called SSH, which is used to log into computers remotely, was using more processing power than normal. He traced the issue to a set of data compression tools called xz Utils, and wondered if it was related to the earlier errors he’d seen.

(Don’t worry if these names are Greek to you. All you really need to know is that these are all small pieces of the Linux operating system, which is probably the most important piece of open-source software in the world. The vast majority of the world’s servers — including those used by banks, hospitals, governments and Fortune 500 companies — run on Linux, which makes its security a matter of global importance.)

Like other popular open-source software, Linux gets updated all the time, and most bugs are the result of innocent mistakes. But when Mr. Freund looked closely at the source code for xz Utils, he saw clues that it had been intentionally tampered with.

In particular, he found that someone had planted malicious code in the latest versions of xz Utils. The code, known as a backdoor, would allow its creator to hijack a user’s SSH connection and secretly run their own code on that user’s machine.

In the cybersecurity world, a database engineer inadvertently finding a backdoor in a core Linux feature is a little like a bakery worker who smells a freshly baked loaf of bread, senses something is off and correctly deduces that someone has tampered with the entire global yeast supply. It’s the kind of intuition that requires years of experience and obsessive attention to detail, plus a healthy dose of luck.

At first, Mr. Freund doubted his own findings. Had he really discovered a backdoor in one of the world’s most heavily scrutinized open-source programs?

“It felt surreal,” he said. “There were moments where I was like, I must have just had a bad night of sleep and had some fever dreams.”

But his digging kept turning up new evidence, and last week, Mr. Freund sent his findings to a group of open-source software developers. The news set the tech world on fire. Within hours, some researchers were crediting him with preventing a potentially historic cyberattack.

“This could have been the most widespread and effective backdoor ever planted in any software product,” said Alex Stamos, the chief trust officer at SentinelOne, a cybersecurity research firm.

If it had gone undetected, Mr. Stamos said, the backdoor would have “given its creators a master key to any of the hundreds of millions of computers around the world that run SSH.” That key could have allowed them to steal private information, plant crippling malware, or cause major disruptions to infrastructure — all without being caught.

(The New York Times has sued Microsoft and its partner OpenAI on claims of copyright infringement involving artificial intelligence systems that generate text.)

Nobody knows who planted the backdoor. But the plot appears to have been so elaborate that some researchers believe only a nation with formidable hacking chops, such as Russia or China, could have attempted it.

According to some researchers who have gone back and looked at the evidence, the attacker appears to have used a pseudonym, “Jia Tan,” to suggest changes to xz Utils as far back as 2022. (Many open-source software projects are governed via hierarchy; developers suggest changes to a program’s code, then more experienced developers known as “maintainers” have to review and approve the changes.)

The attacker, using the Jia Tan name, appears to have spent several years slowly gaining the trust of other xz Utils developers and getting more control over the project, eventually becoming a maintainer, and finally inserting the code with the hidden backdoor earlier this year. (The new, compromised version of the code had been released, but was not yet in widespread use.)

Mr. Freund declined to guess who might have been behind the attack. But he said that whoever it was had been sophisticated enough to try to cover their tracks, including by adding code that made the backdoor harder to spot.

“It was very mysterious,” he said. “They clearly spent a lot of effort trying to hide what they were doing.”

Since his findings became public, Mr. Freund said, he had been helping the teams who are trying to reverse-engineer the attack and identify the culprit. But he’s been too busy to rest on his laurels. The next version of PostgreSQL, the database software he works on, is coming out later this year, and he’s trying to get some last-minute changes in before the deadline.

“I don’t really have time to go and have a celebratory drink,” he said.



[ad_2]

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Sci-Tech

The Paris Olympics’ One Sure Thing: Cyberattacks

Published

on

[ad_1]

In his office on one of the upper floors of the headquarters of the Paris Olympic organizing committee, Franz Regul has no doubt what is coming.

“We will be attacked,” said Mr. Regul, who leads the team responsible for warding off cyberthreats against this year’s Summer Games in Paris.

Companies and governments around the world now all have teams like Mr. Regul’s that operate in spartan rooms equipped with banks of computer servers and screens with indicator lights that warn of incoming hacking attacks. In the Paris operations center, there is even a red light to alert the staff to the most severe danger.

So far, Mr. Regul said, there have been no serious disruptions. But as the months until the Olympics tick down to weeks and then days and hours, he knows the number of hacking attempts and the level of risk will rise exponentially. Unlike companies and governments, though, who plan for the possibility of an attack, Mr. Regul said he knew exactly when to expect the worst.

“Not many organizations can tell you they will be attacked in July and August,” he said.

Worries over security at major events like the Olympics have usually focused on physical threats, like terrorist attacks. But as technology plays a growing role in the Games rollout, Olympic organizers increasingly view cyberattacks as a more constant danger.

The threats are manifold. Experts say hacking groups and countries like Russia, China, North Korea and Iran now have sophisticated operations capable of disabling not just computer and Wi-Fi networks but also digital ticketing systems, credential scanners and even the timing systems for events.

Fears about hacking attacks are not just hypothetical. At the 2018 Pyeongchang Winter Olympics in South Korea, a successful attack nearly derailed the Games before they could begin.

That cyberattack started on a frigid night as fans arrived for the opening ceremony. Signs that something was amiss came all at once. The Wi-Fi network, an essential tool to transmit photographs and news coverage, suddenly went down. Simultaneously, the official Olympics smartphone app — the one that held fans’ tickets and essential transport information — stopped functioning, preventing some fans from entering the stadium. Broadcast drones were grounded and internet-linked televisions meant to show images of the ceremony across venues went blank.

But the ceremony went ahead, and so did the Games. Dozens of cybersecurity officials worked through the night to repel the attack and to fix the glitches, and by the next morning there was little sign that a catastrophe had been averted when the first events got underway.

Since then, the threat to the Olympics has only grown. The cybersecurity team at the last Summer Games, in Tokyo in 2021, reported that it faced 450 million attempted “security events.” Paris expects to face eight to 12 times that number, Mr. Regul said.

Perhaps to demonstrate the scale of the threat, Paris 2024 cybersecurity officials use military terminology freely. They describe “war games” meant to test specialists and systems, and refer to feedback from “veterans of Korea” that has been integrated into their evolving defenses.

Experts say a variety of actors are behind most cyberattacks, including criminals trying to hold data in exchange for a lucrative ransom and protesters who want to highlight a specific cause. But most experts agree that only nation states have the ability to carry out the biggest attacks.

The 2018 attack in Pyeongchang was initially blamed on North Korea, South Korea’s antagonistic neighbor. But experts, including agencies in the U.S. and Britain, later concluded that the true culprit — now widely accepted to be Russia — deliberately used techniques designed to pin the blame on someone else.

This year, Russia is once again the biggest focus.

Russia’s team has been barred from the Olympics following the country’s 2022 invasion of Ukraine, although a small group of individual Russians will be permitted to compete as neutral athletes. France’s relationship with Russia has soured so much that President Emmanuel Macron recently accused Moscow of attempting to undermine the Olympics through a disinformation campaign.

The International Olympic Committee has also pointed the finger at attempts by Russian groups to damage the Games. In November, the I.O.C. issued an unusual statement saying it had been targeted by defamatory “fake news posts” after a documentary featuring an A.I.-generated voice-over purporting to be the actor Tom Cruise appeared on YouTube.

Later, a separate post on Telegram — the encrypted messaging and content platform — mimicked a fake news item broadcast by the French network Canal Plus and aired false information that the I.O.C. was planning to bar Israeli and Palestinian teams from the Paris Olympics.

Earlier this year, Russian pranksters — impersonating a senior African official — managed to get Thomas Bach, the I.O.C. president, on the phone. The call was recorded and released earlier this month. Russia seized on Mr. Bach’s remarks to accuse Olympic officials of engaging in a “conspiracy” to keep its team out of the Games.

In 2019, according to Microsoft, Russian state hackers attacked the computer networks of at least 16 national and international sports and antidoping organizations, including the World Anti-Doping Agency, which at the time was poised to announce punishments against Russia related to its state-backed doping program.

Three years earlier, Russia had targeted antidoping officials at the Rio de Janeiro Summer Olympics. According to indictments of several Russian military intelligence officers filed by the United States Department of Justice, operatives in that incident spoofed hotel Wi-Fi networks used by antidoping officials in Brazil to successfully penetrate their organization’s email networks and databases.

Ciaran Martin, who served as the first chief executive of Britain’s national cybersecurity center, said Russia’s past behavior made it “the most obvious disruptive threat” at the Paris Games. He said areas that might be targeted included event scheduling, public broadcasts and ticketing systems.

“Imagine if all athletes are there on time, but the system scanning iPhones at the gate has gone down,” said Mr. Martin, who is now a professor at the Blavatnik School of Government at the University of Oxford.

“Do you go through with a half-empty stadium, or do we delay?” he added. “Even being put in that position where you either have to delay it or have world-class athletes in the biggest event of their lives performing in front of a half-empty stadium — that’s absolutely a failure.”

Mr. Regul, the Paris cybersecurity head, declined to speculate about any specific nation that might target this summer’s Games. But he said organizers were preparing to counter methods specific to countries that represent a “strong cyberthreat.”

This year, Paris organizers have been conducting what they called “war games” in conjunction with the I.O.C. and partners like Atos, the Games’ official technology partner, to prepare for attacks. In those exercises, so-called ethical hackers are hired to attack systems in place for the Games, and “bug bounties” are offered to those who discover vulnerabilities.

Hackers have previously targeted sports organizations with malicious emails, fictional personas, stolen passwords and malware. Since last year, new hires at the Paris organizing committee have undergone training to spot phishing scams.

“Not everyone is good,” Mr. Regul said.

In at least one case, a Games staff member paid an invoice to an account after receiving an email impersonating another committee official. Cybersecurity staff members also discovered an email account that had attempted to impersonate the one assigned to the Paris 2024 chief, Tony Estanguet.

Millions more attempts are coming. Cyberattacks have typically been “weapons of mass irritation rather than weapons of mass destruction,” said Mr. Martin, the former British cybersecurity official.

“At their worst,” he said, “they’ve been weapons of mass disruption.”

[ad_2]

Source link

Continue Reading

Sci-Tech

'Bad at almost everything': AI wearable panned by reviewers

Published

on

[ad_1]

A new AI-fuelled gadget has fallen foul of the tech world’s expectations.

[ad_2]

Source link

Continue Reading

Sci-Tech

Microsoft Makes High-Stakes Play in Tech Cold War With Emirati A.I. Deal

Published

on

[ad_1]

Microsoft on Tuesday plans to announce a $1.5 billion investment in G42, an artificial intelligence giant in the United Arab Emirates, in a deal largely orchestrated by the Biden administration to box out China as Washington and Beijing battle over who will exercise technological influence in the Gulf region and beyond.

Under the partnership, Microsoft will give G42 permission to sell Microsoft services that use powerful A.I. chips, which are used to train and fine-tune generative A.I. models. In return, G42, which has been under scrutiny by Washington for its ties to China, will use Microsoft’s cloud services and accede to a security arrangement negotiated in detailed conversations with the U.S. government. It places a series of protections on the A.I. products shared with G42 and includes an agreement to strip Chinese gear out of G42’s operations, among other steps.

“When it comes to emerging technology, you cannot be both in China’s camp and our camp,” said Gina Raimondo, the Commerce Secretary, who traveled twice to the U.A.E. to talk about security arrangements for this and other partnerships.

The accord is highly unusual, Brad Smith, Microsoft’s president, said in an interview, reflecting the U.S. government’s extraordinary concern about protecting the intellectual property behind A.I. programs.

“The U.S. is quite naturally concerned that the most important technology is guarded by a trusted U.S. company,” said Mr. Smith, who will take a seat on G42’s board.

The investment could help the United States push back against China’s rising influence in the Gulf region. If the moves succeed, G42 would be brought into the U.S. fold and pare back its ties with China. The deal could also become a model for how U.S. firms leverage their technological leadership in A.I. to lure countries away from Chinese tech, while reaping huge financial awards.

But the matter is sensitive, as U.S. officials have raised questions about G42. This year, a congressional committee wrote a letter urging the Commerce Department to look into whether G42 should be put under trade restrictions for its ties to China, which include partnerships with Chinese firms and employees who came from government-connected companies.

In an interview, Ms. Raimondo, who has been at the center of an effort to prevent China from obtaining the most advanced semiconductors and the equipment to make them, said the agreement “does not authorize the transfer of artificial intelligence, or A.I. models, or GPUs” — the processors needed to develop A.I. applications — and “assures those technologies can be safely developed, protected and deployed.”

While the U.A.E. and United States did not sign a separate accord, Ms. Raimondo said, “We have been extensively briefed and we are comfortable that this agreement is consistent with our values.”

In a statement, Peng Xiao, the group chief executive of G42, said that “through Microsoft’s strategic investment, we are advancing our mission to deliver cutting-edge A.I. technologies at scale.”

The United States and China have been racing to exert technological influence in the Gulf, where hundreds of billions of dollars are up for grabs and major investors, including Saudi Arabia, are expected to spend billions on the technology. In the rush to diversify away from oil, many leaders in the region have set their sights on A.I. — and have been happy to play the United States and China off each other.

Although the U.A.E. is an important U.S. diplomatic and intelligence partner, and one of the largest buyers of American weapons, it has increasingly expanded its military and economic ties with China. A portion of its domestic surveillance system is built on Chinese technology and its telecommunications work on hardware from Huawei, a Chinese supplier. That has fed the worries of U.S. officials, who often visit the Persian Gulf nation to discuss security issues.

But U.S. officials are also concerned that the spread of powerful A.I. technology critical to national security could eventually be used by China or by Chinese government-linked engineers, if not sufficiently guarded. Last month, a U.S. cybersecurity review board sharply criticized Microsoft over a hack in which Chinese attackers gained access to data from top officials. Any major leak — for instance, by G42 selling Microsoft A.I. solutions to companies set up in the region by China — would go against Biden administration policies that have sought to limit China’s access to the cutting-edge technology.

“This is among the most advanced technology that the U.S. possesses,” said Gregory Allen, a researcher at the Center for Strategic and International Studies and a former U.S. defense official who worked on A.I. “There should be very strategic rationale for offshoring it anywhere.”

For Microsoft, a deal with G42 offers potential access to huge Emirati wealth. The company, whose chairman is Sheikh Tahnoon bin Zayed, the Emirates’ national security adviser and the younger brother of the country’s ruler, is a core part of the U.A.E.’s efforts to become a major A.I. player.

Despite a name whimsically drawn from “The Hitchhiker’s Guide to the Galaxy,” in which the answer to the “ultimate question of life” is 42, G42 is deeply embedded in the Emirati security state. It specializes in A.I. and recently worked to build an Arabic chatbot, called Jais.

G42 is also focused on biotechnology and surveillance. Several of its executives, including Mr. Xiao, were associated with a company called DarkMatter, an Emirati cyber-intelligence and hacking firm that employs former spies.

In its letter this year, the bipartisan House Select Committee on the Chinese Communist Party said Mr. Xiao was connected to an expansive network of companies that “materially support” the Chinese military’s technological advancement.

The origins of Tuesday’s accord go back to White House meetings last year, when top national security aides raised the question with tech executives of how to encourage business arrangements that would deepen U.S. ties to firms around the world, especially those China is also interested in.

Under the agreement, G42 will cease using Huawei telecom equipment, which the United States fears could provide a backdoor for the Chinese intelligence agencies. The accord further commits G42 to seeking permission before it shares its technologies with other governments or militaries and prohibits it from using the technology for surveillance. Microsoft will also have the power to audit G42’s use of its technology.

G42 would get use of A.I. computing power in Microsoft’s data center in the U.A.E., sensitive technology that cannot be sold in the country without an export license. Access to the computing power would likely give G42 a competitive edge in the region. A second phase of the deal, which could prove even more controversial and has not yet been negotiated, could transfer some of Microsoft’s A.I. technology to G42.

American intelligence officials have raised concerns about G42’s relationship to China in a series of classified assessments, The New York Times previously reported. Biden administration officials have also pushed their Emirati counterparts to cut the company’s ties to China. Some officials believe the U.S. pressure campaign has yielded some results, but remain concerned about less overt ties between G42 and China.

One G42 executive previously worked at the Chinese A.I. surveillance company Yitu, which has extensive ties to China’s security services and runs facial-recognition powered monitoring across the country. The company has also had ties to a Chinese genetics giant, BGI, whose subsidiaries were placed on a blacklist by the Biden administration last year. Mr. Xiao also led a firm that was involved in 2019 in starting and operating a social media app, ToTok, that U.S. intelligence agencies said was an Emirati spy tool used to harvest user data.

In recent months, G42 has agreed to walk back some of its China ties, including divesting a stake it took in TikTok owner ByteDance and pulling out Huawei technology from its operations, according to U.S. officials.

Edward Wong contributed reporting.

[ad_2]

Source link

Continue Reading
Advertisement

Trending

Copyright © 2024 World Daily Info. Powered by Columba Ventures Co. Ltd.