Weekend Edition 49: Malware, Autistic Hackers, AI & More
Weekend Edition 49: Malware, Big Tech, AI, and More
Smoke Loader Malware
Danish Cloud Companies Smashed by Ransomware Attack
Google Adding MFA to Sensitive Settings
Windows 11 Update Causes Instability (yawn)
Good Guy Apple?
GPT-4 Could Moderate Your Content on Social Media…
SBF on “Bread & Water”
Lapsus$ Cybergang Ringleader in Prison Again
WE 1: Say Hello to Whiffy Recon, the Latest Smoke Loader Payload
Before I get into the new payload, which while creepy enough, is not a common type of attack vector, let’s cover what Smoke Loader is. It is a vehicle which can be used to install other malicious code onto targeted machines. Whiffy Recon, a new payload for the venerable Smoke Loader program, can tap into Google’s geolocation API to triangulate a machine’s approximate location via wifi triangulation. It can poll WiFi networks in range every 60 seconds on Windows machines to give attackers that info. On its own, this is not that big of a deal, but in conjunction with other attack vectors, it could be quite something in terms of monetization for bad actors. It has been spotted in the wild, in the US, UK, Germany, and France. It often comes through phishing attacks, and the payload shows up as wlan.lnk in your user’s startup folder. It is safe to delete if you come across it there.
WE 2: Ransomware Attack Levels Two Danish Cloud Providers
CloudNordic and Azero Cloud got obliterated by a ransomware attack on both of their datacenters. It appears that one system which was recently (sometime last week) physically transferred from one facility to the other had a dormant piece of malware, and when they reconnected the system, the piece of malware activated and set to work in both datacenters, encrypting all of the data on all of those servers and in their infrastructure as well. Ouch. They expect that they won’t have any clients left after this, and understandably so. They should have had better security practices in place to prevent such a horrible breach. It almost makes me wonder if it was something of an inside job, because how would the attackers have breached the server(s) they did initially without some help? Perhaps I’m missing something here, but this doesn’t sit right with me, you guys. What do you think?
WE 3: Google Beefing Up Security Around Email Settings
Gmail looks to be getting more MFA rolled out, now the focus is potentially forcing users to verify themselves when tweaking filtering, forwarding, and IMAP access. This feels invasive, but then Google owns your emails in gmail anyway, so yeah… It makes sense to me that they would want to protect their data from others’ eyes. Forwarding could leave your inbox empty moving forward, if an attacker gets overzealous. Filtering could make it less visible to you in your own account, by setting up folders, and or archiving which obscures your access to your emails… IMAP allows third party apps to retrieve your emails, so an attacker, if this deep in your business, could also set that up and snoop that way, similarly to forwarding. I guess this is a “Good on you, Google” kind of situation. At the same time, my cynic alarms are blaring and my spidey sense is more than tingling. I want to bash Google whenever possible, after all, that is part of my schtick, but I’m torn here. These MFA prompts can be quite irritating, but could help keep you safe from a nosy neighbor, or from a legitimately bad actor snooping on your gmail account.
https://www.pcmag.com/news/google-to-protect-sensitive-gmail-settings-with-a-multi-factor-challenge
WE 4: MS Bones Windows 11 Update, Causes BSODs
To be clear this isn’t ENTIRELY Microsoft’s fault… MSI seems to have released a firmware update bungling Intel 14th-gen support. If you guys haven’t been keeping track, Microsoft recently weeded out a bunch of old, entry-level server chips from the “supported processors” list in Windows 11. The error with these motherboards pops up as a BSOD claiming that your processor is no longer supported in Windows. At this point, the solution is to rollback your updates to before you installed that one for Windows, and Microsoft has pulled those updates from circulation pending further investigation. That was surprisingly quick, since the update in question was just rolled out on August 22. I will update with more info as it is available, for those of you with MSI based 12th or 13th generation Intel systems.
Well, well, well… Good job, Microsoft. You managed to roll out an update that directly caused BSODs for some of your users, given, only a small segment of the user base, but then you quickly did the right thing. Perhaps due to the negative press they’ve been getting lately in the face of terrible security policies which have finally affected the wrong people? What do you guys think? Are they feeling as though they are on the hot seat, here?
https://www.pcmag.com/news/microsoft-released-a-windows-11-update-thats-causing-pcs-to-bsod
WE 5: Good Guy Apple?
Wait a minute… Did I just write that? Yes I did. Apple is finally starting to cave to the right-to-repair movement after having loudly opposed it in every possible way for 10 years. They fought hard against this in California and in other places, but now, as other states have passed similar consumer rights legislation, California is poised to do the same, and even the trillion dollar behemoth with the damaged fruit on its products is realizing that it is no longer worth fighting it. Wow. This is a HUGE feather in the caps of people like Louis Rossmann and so many others who have advocated and lobbied for these sorts of bills around the country and the world. Right to repair is fundamental, as I see it, and is why I so strongly encourage everyone to learn Linux and move away from the Big Tech options. I believe that everyone should be able to do basic repair on their computers and phones without needing someone like Rossmann or even myself to help them. But I digress, let’s take a look at this bill, shall we? (if you’s like to do so, here is a link to the Bill itself: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202320240SB244 and to analysis of it: https://leginfo.legislature.ca.gov/faces/billAnalysisClient.xhtml?bill_id=202320240SB244) It sounds like a solid step in the right direction to me, but I’m no lawyer. Is it perfect? No. Too many fingers are in the pie, here, including Apple’s. Some basics on it run like so: if your device is worth between $50 and $99.99, those tools, parts, and documents would need to be available for three years. If it is worth $99.99 or more, then tools, parts, and docs would need to be available for seven years. Aside from that, Apple is requiring some slightly shady things be included:
The bill does not require security features to be disabled on devices.
The issue I have with this bit is that sometimes, such as in situations involving something like TPM, where there are moments when the security measures actually prevent repair attempts for devices in question.
The focus remains on manufacturers to supply the tools, parts, and documentation to enable repairs by authorized repair channels.
Ok, this works, but still keeps too much control in the hands of these mega corporations. I understand that they are concerned about things like corporate espionage and the like, but if an outlet like iFixit is able to produce parts which allow more people to service their phones more readily because the price isn’t so high, it seems like this is an all around win for consumers.
Repair providers must disclose if they are using non-genuine or used parts.
Makes perfect sense. I want to know what kind of parts are being put into my device, not just the bottom line. I want to have options, rather than being forced into something.
Prospective application that allows manufacturers to build new products that comply with the proposal.
I get why they want this. I do, however, this strikes me as too much control, after all, we consumers BOUGHT these devices, didn’t we? I also am uncomfortable with empowering the government to police much more than they already do, otherwise I would say that like the EU, we should FORCE compliance. There is a part of me that wants to say that anyway, though, just out of spite toward Apple et al. What do you guys think? Am I off base, here, or right on target?
https://www.pcmag.com/news/apple-pledges-support-for-californias-right-to-repair-act
WE 6: They’re Finally Telling Us About This…
Tell me we haven’t had some sort of short-bus quality AI moderating leftist social media for a while now. I’m waiting… Convince me. Well, now we are supposed to look, and gasp, and wonder, and fear this new Frankenstein’s monster we have created. GPT4 will be put to work parsing and enforcing content moderation policies very soon. Who knows, maybe this will actually be a reasonable usecase for this generative AI. I doubt it. Too much bias and too much snowflakitis, as my wife would say.
First, the moderation policies are draconian in many places. Don’t get me wrong, I understand the dynamics of these being ostensibly private enterprises, and the owners/operators have the right to refuse service to anyone (thank you, Apu) , but then they shouldn’t bill themselves as “public squares” or say ANYTHING about freedom of speech in their literature, marketing, or policies, other than qualifying what they mean by freedom of speech. If they make it painfully clear what they consider “ok” speech, then adhere to their standards, no matter who is availing themselves of the provided platform, then fine. They can do whatever they want. They have not done that in the least. Their rules and policies are almost always so full of legalese that no average human being could read and comprehend them fully without something like a Black’s Law Dictionary at hand… Not only that, but these rules seem to change with the wind, so they don’t dare to spell it out fully at any given time, for the public to see. This, as I have said in the past, is unfair and capricious of them. I don’t know that I would want them to become like a utility, with that much more government oversight and embeddedness. The truth is that I do not have a solid solution for the problem, but will shout from the rooftops until the world hears and starts to work it out.
Second, I do not trust OpenAI and their overlords at Microsoft and Blackrock & Vanguard group (remember that together, those firms/ funds own about 1/4 of Microsoft, and Microsoft bought OpenAI last year, not long before ChatGPT was unleashed on the world). I think that their biases are hard to the Left, which is not what we need right now. I do not think that it is possible for a human to exist without biases, therefore anything we create will wind up inherently biased in some way, shape, or form. Chasing the holy grail of “neutrality” or “objectivity” is laudable, but is unobtainable, just as perfection is, this side of heaven. That said, do you think that it is reasonable to expect either of those things?
For these reasons, I do not see a bright future for AI moderation of internet content. It is a nice, fluffy thought for about 10 seconds, until we realize how ugly we have a tendency to be as humans, and how that has to affect any LLM we may create to power something like GPT-4. What do you guys think?
WE 7: SBF on “Bread & Water” in Jail
The former “king of crypto” has found himself in prison once again after violating the terms of his bail agreement by tampering with witnesses, among other things. His lawyer is claiming that lack of adequate food is limiting his ability to prepare for his October court date. They are claiming that the bureau of prisons is not providing appropriate vegan food for him, but not only that, they are not staying on top of his Adderall and Emsam to treat his ADHD and depression, respectively. I shouldn’t laugh at this, but it is hard not to. All he would have had to do was keep his nose clean until the trials, but he couldn’t manage that, so now he’s in jail again, and whining about conditions. Poor baby. If you can’t handle doing the time, you shouldn’t have done the crime(s) you’ve been accused of. True, our justice system is allegedly based on the notion of, “Innocent until proven guilty”, but only if you are an elite or an ally or brownnoser of the elite. However, if you stand up to them, you seem to get run out on a rail. See: Donald J. Trump. I digress, though, health, whether physical or mental, is crucial to maintain, and is a human right for inmates. We cannot go back to how it was back in the old days, when prisoners got next to nothing, starved, and did not get adequate care. I could launch into a big tirade on this issue, but I won’t.
https://www.bbc.com/news/business-66589797
WE 8: Lapsus$ Cyber Gang *Mostly* Behind Bars
These autistic kids went on a few hacking sprees and were really good. Makes sense that autists would be excellent at pattern recognition, as that is most of what is necessary to be a good hacker or developer. These kids hacked some really huge companies, like Nvidia, Uber, and Rockstar Games. These were the ones who leaked all of that stuff on GTA 6 a couple of years ago. They even hit Microsoft itself. Their first attack was more or less a ransom attack on a couple of British telco providers, who did not give them the $4 million they requested, but the kids did make about $100k through stealing crypto from the crypto accounts they breached via stealing sim card data. They were arrested, but continued hacking away, hitting Nvidia in February of 2022, they spammed, phished, and managed to get access to the company’s data. The main kid even got doxxed and had to be moved into a motel to keep him and his family safe. Later, he broke his bail conditions by buying a Fire Stick, smart phone, keyboard, and mouse. Can’t seem to help himself at this point. During that time was when he/they (the gang) hit the rest of the bigger US based companies mentioned earlier. I’m sorry, as wrong as this is, it makes me laugh. These mega-corporations, with their billions, if not trillions of dollars in revenue can’t manage to defend themselves against some determined, autistic kids. That is sad. Pitiful, really. We need to do better. Digital hygiene and a little discernment go a long way to limiting attack surfaces, but as long as people assume that they are safe and wouldn’t be targeted in an attack, they won’t change their practices, and will continue being “low-hanging fruit”.