Share This

Showing posts with label Internet. Show all posts
Showing posts with label Internet. Show all posts

Friday 28 July 2023

Musk’s Starlink lands in Malaysia

Just landed: Starlink announced its arrival in Malaysia with a photo of its electronic phased array antenna set against a backdrop of the Petronas Twin Towers in Kuala Lumpur. — @Starlink/Twitter


PETALING JAYA: Starlink’s satellite-based broadband service is now available in Malaysia, following the Prime Minister’s virtual meeting with Elon Musk on July 14.

This makes Malaysia the 60th country to be served by the Musk-owned satellite constellation.

The service, which doesn’t come with a contract, requires users to self-install the hardware and purchase the starter kit.

Customers can try out its service for 30 days and return the hardware for a full refund if they are not satisfied with it.

In an announcement on July 20, Communications and Digital Minister Fahmi Fadzil said that Malaysia issued the licence to allow Starlink to provide Internet services locally.

He added that the government is prepared to cooperate with satellite communication firms such as Starlink to achieve 100% Internet coverage in populated areas.

However, Dr Sean Seah, Malaysian Space Industry Corporation (Masic) pro tem deputy president, is concerned that Starlink’s entry could put local companies at a disadvantage.

"Furthermore, currently Malaysia has achieved more than 96% nationwide Internet connectivity coverage (Malaysia Stats Dept 2022) with services from Malaysian companies without Starlink."

"Chances must be given to local companies that have invested billions, before bringing in Starlink to compete with them," he said.

He also claimed that Malaysia may be exposed and risks being under "surveillance" or "profiling" by Starlink satellites, adding that they are also "not owned, controlled, or regulated" by Malaysian regulators and law enforcement, and Starlink has been given a "special exemption" to operate in Malaysia as a 100% foreign-owned entity.

"This may lead to national sovereignty issues," Seah said in a statement.

Starlink’s Starlink Kit comes with an electronic phased array antenna with a base suited for ground installation, a WiFi router and cables.

The standard version, which Starlink recommends for “residential users and everyday Internet applications” costs RM2,300.

The high-performance kit, which is priced at RM11,613, is recommended for “power users and enterprise applications”.

Starlink claimed that the high-performance kit offers improved weather resistance, three times better speeds at temperatures above 35°C and better visibility, especially in areas with unavoidable obstructions.

Starlink’s Internet plan offers up to 100Mbps (megabits per second) download speed and costs RM220 monthly.

Customers will also have to pay an additional RM100 for shipping and handling fees, with delivery times expected to be between one and two weeks.

Datuk Seri Anwar Ibrahim held a discussion with Musk on July 14, welcoming the company’s decision to invest in Malaysia, which includes launching Tesla EVs and Starlink.

In an online report, Anwar said that he has ordered 40 Starlink sets for schools, colleges and universities.

Source link

Related posts:

Malaysia on right track to be EV power house

Wednesday 22 February 2023

How to prepare for cyber risks


Minimising the chances of attacks Cyber threats are evolving and escalating at an alarming rate for asset-intensive industries such as the energy sector.

ARE organisations only concerned with undertaking the right measures to mitigate cyber risk after they have been cyberattacked?

This may be the case in most situations but the more important question to ask is – what are the cybersecurity controls that should be considered by organisations?

The answer is straightforward – the controls that have the biggest impact on reducing the likelihood or the impact of a successful cyberattack.

Cyber risk is generally defined as the threat to the system, the system’s vulnerability and the resulting consequences. 

Therefore, to successfully protect information technology (IT) and operational technology (OT) systems, companies must understand the tactics, techniques and procedures (TTPS), which threat actors use to achieve their desired objective.

Here are several examples of well documented cyberattacks on critical national infrastructure over the past two decades:

In 2010, arguably, the most sophisticated cyberattack was executed on an Iranian uranium enrichment facility that exposed the weakness of cybersecurity controls and vulnerability of OT environments.

The STUXNET worm was designed specifically to target these environments which allowed the threat actor to exploit and disrupt production operations causing downtime and business impact.

STUXNET was the eureka moment for the energy and manufacturing industries that OT environments can be breached and what impact it can have on their business, human lives, environment and economies.

Unfortunately, it was also an eureka moment for threat actors too. OT cyberattacks surged rapidly and suddenly the attack techniques from threat actors, in terms of creativity and smartness of achieving their malicious objectives, evolved since then.

In 2015, Ukraine was hit by another massive cyberattack that shut off power at 30 substations and left millions of people without electricity for up to six hours. SCADA equipment was rendered inoperable and power restoration had to be completed manually, which further delayed restoration efforts.

So how was this achieved – must have been very sophisticated? Actually, not.

Spear phishing was used to introduce the Blackenergy malware that exploited the macros in excel-based documents on computer systems at the plants. Meaning that the threat actors did nothing different than using known TTPS for cyberattacks on IT environments.

The same exploitation tools were used to find user credentials to escalate their privileges to move laterally in the network or to send malicious commands to disrupt plant operations.

The 2015 cyberattack seemed like an experiment as barely a year later the Ukraine Power Grid was attacked again and this time the capital city Kiev went dark, breakers tripped in a large number of substations.

However, this time the threat actors also jammed the utility’s call centres to prevent customers from reporting the outage by launching Telephone Denial of Service (TDOS) attack.

The approach was more sophisticated as the threat actors directly manipulated the SCADA systems using CRASHOVERRIDE – the first known malware specifically designed to target the power grids directly around the globe with the ability to wipe or delete files, disable processes like malware protection and even the software from OT vendors.

This was another eureka moment – national power grids are not safe from threat actors either.

One of the most concerning cyberattacks was in 2017 where the TRITON malware targeted the specific safety critical Programable Logic Controller’s (PLCS) in the Middle East. The function of these PLCS is to protect plants and people from disasters caused by mechanical failure.

In 2018, advanced persistent threat attacks on industrial environments continued to rise, and industrial espionage increased.

After 2019, there was a drastic increase in ransomware activities in OT environments including the manufacturing, water treatment and pipeline industries.

Recently, Cybersecurity and Infrastructure Security Agency launched the Cross-sector Cybersecurity Performance Goals as a prioritised subset of IT and OT cybersecurity practices, aimed at meaningfully reducing risks to critical national infrastructures and the community it supports.

These cybersecurity controls are not meant to be the only considerations for organisations. The purpose is to form the foundation to protect IT and OT infrastructures against cyberattacks as part of the defence-in-depth cybersecurity strategy.

These are some of the logical first steps to consider:

User account security

User accounts are generally one of the first gateways for threat actors to gain access to the network to establish a foothold and move laterally. On the surface, this may seem simple but maintaining user account security hygiene has been a long-standing challenge for many organisations.

Here are the suggested foundational controls that should be considered:

> enable the detection of unsuccessful user login attempts

> change all default passwords and implement multi-factor authentication

> update the minimum password strength > separate user and privilege accounts > enforce unique user credentials (not just email addresses as commonly used)

> revoke the credentials of departing employees.

Device security

Device security are measures taken to secure computing devices (hardware and software) from cyber threats but also to maintain service continuity.

Here are the suggested foundational controls that should be considered:

> approval process for new hardware and software deployment

> the disablement of macros by default > maintaining an up-to-date asset inventory

> prohibiting the connection of unauthorised devices

> documenting device configurations.

Data security

The purpose is to protect sensitive and confidential data from unauthorised access, theft, loss and destruction.

Here are the suggested foundational controls that should be considered:

> strong and agile encryption

> enable log collection

> secure storage of the said logs.

Governance and training

A strong governance structure is a key success factor for any cybersecurity strategy and operations to manage cyber risks effectively and to ensure adequate protection of data and systems.

Here are the suggested foundational controls that should be considered:

> appointment and empowerment of a single leader to be accountable for cybersecurity

> a single leader to be responsible for Ot-specific cybersecurity

> basic cybersecurity training for all employees and third parties

> OT specific cybersecurity training for OT managers and operators

> establish an effective relationship between IT and OT cybersecurity to improve the response effectiveness for OT cyber incidents.

Vulnerability management

To reduce the likelihood of threat actors exploiting known vulnerabilities in IT and OT systems, the following foundational controls should be considered:

> mitigate known vulnerabilities

> gather vulnerability intelligence by security researchers and enable the researchers to submit discovered weaknesses or vulnerabilities faster

> blacklisting of exploitable services on the Internet

> limit OT connections to public Internet > conduct third-party validation of control effectiveness.

Supply chain/third party

To ensure the integrity and reliability of supplier products and services the following foundational controls should be considered:

> establish supplier cybersecurity requirements

> immediate disclosure of known cybersecurity incidents and vulnerabilities to enable rapid response.

Detection, response and recovery

Here are the suggested foundational controls that should be considered:

> capability to detect relevant threats and TTPS

> a comprehensive response and recovery plan (including appropriate back-ups) in place helps organisations be prepared for the inevitable security incidents that will occur and ensures that they have the processes and resources in place to minimise the impact and recover effectively.

Network segmentation

Network segmentation reduces the likelihood of threat actors accessing the OT network after compromising the IT network and vice versa.

Here are the suggested foundational controls that should be considered:

> segment IT and OT networks

> segment safety critical systems form other systems

> segmentation of temporarily connected devices

> segmentation of wireless communications

> segmentation of devices connected via untrusted networks/internet.

Email security

By implementing effective email security measures, organisations can reduce the risks from common email-based threats and ensure the confidentiality and integrity of email communications.

Here are the suggested foundational controls that should be considered:

> Email encryption

> Email account authentication

> and email filtering.

In conclusion, cyber threats are evolving and escalating at an alarming rate for asset-intensive industries such as the energy sector.

Strengthening the cybersecurity foundations are imperative to build a defence-indepth model that would reduce the chances of cyberattacks and safeguard IT and OT environments.

By JACO BENADIE Jaco Benadie is partner, Ernst & Young Consulting Sdn Bhd. The views expressed here are the writer’s own. 

Source link

 

Related:

 

Exclusive: Hacker group with members from Europe, North America found to have launched cyberattacks against China

Chinese cybersecurity experts have exposed a hacker group, with its core members coming from Europe and North America, which has been launching sustained cyberattacks against China as its primary target, posing a serious threat to the country's cybersecurity and data security, the Global Times learned from a Beijing-based cybersecurity lab on Sunday. 

 

 

Related posts:

 

THE FIGHT AGAINST CYBERCRIME IN FINANCIAL SERVICES

China captures powerful US NSA cyberspy tool

 

Tuesday 14 February 2023

Lies, racism and AI: IT experts point to serious flaws in ChatGPT

 


 ChatGPT may have blown away many who have asked questions of it, but scientists are far less enthusiastic. Lacking data privacy, wrong information and an apparent built-in racism are just a few of the concerns some experts have with the latest 'breakthrough' in AI. — Photo: Frank Rumpenhorst/dpa

BERLIN: ChatGPT may have blown away many who have asked questions of it, but scientists are far less enthusiastic. Lacking data privacy, wrong information and an apparent built-in racism are just a few of the concerns some experts have with the latest 'breakthrough' in AI.

With great precision, it can create speeches and tell stories – and in just a matter of seconds. The AI software ChatGPT introduced late last year by the US company OpenAI is arguably today's number-one worldwide IT topic.

But the language bot, into which untold masses of data have been fed, is not only an object of amazement, but also some scepticism.

Scientists and AI experts have been taking a close look at ChatGPT, and have begun issuing warnings about major issues – data protection, data security flaws, hate speech, fake news.

"At the moment, there's all this hype," commented Ruth Stock-Homburg, founder of Germany's Leap in Time Lab research centre and a Darmstadt Technical University business administration professor. "I have the feeling that this system is scarcely being looked at critically."

"You can manipulate this system"

ChatGPT has a very broad range of applications. In a kind of chat field a user can, among others, ask it questions and receive answers. Task assignments are also possible – for example on the basis of some fundamental information ChatGPT can write a letter or even an essay.

In a project conducted together with the Darmstadt Technical University, the Leap in Time Lab spent seven weeks sending thousands of queries to the system to ferret out any possible weak points. "You can manipulate this system," Stock-Homburg says.

In a recent presentation, doctoral candidate and AI language expert Sven Schultze highlighted the weak points of the text bot. Alongside a penchant for racist expressions, it has an approach to sourcing information that is either erroneous or non-existent, Schultze says. A question posed about climate change produced a link to an internet page about diabetes.

"As a general rule the case is that the sources and/or the scientific studies do not even exist," he said. The software is based on data from the year 2021. Accordingly, it identifies world leaders from then and does not know about the war in Ukraine.

"It can then also happen that it simply lies or, for very specialised topics, invents information," Schultze said.

Sources are not simple to trace

He noted for example that with direct questions containing criminal content there do exist security instructions and mechanisms. "But with a few tricks you can circumvent the AI and security instructions," Schultze said.

With another approach, you can get the software to show how to generate fraudulent emails. It will also immediately explain three ways that scammers use the so-called "grandchild trick" on older people.

ChatGPT also can provide a how-to for breaking into a home, with the helpful advice that if you bump into the owner you can use weapons or physical force on them.

Ute Schmid, Chair of Cognitive Systems at the Otto Friedrich University in Bamberg, says that above all the challenge is that we can't find out how the AI reaches its conclusions. "A deeper problem with the GPT3 model lies in the fact that it is not possible to trace when and how which sources made their way into the respective statements," she said.

Despite such grave shortcomings, Schmidt still argues that the focus should not just concern the mistakes or possible misuse of the new system, the latter prospect being students having their homework or research papers written by the software. "Rather, I think that we should ask ourselves, what chances are presented us with such AI systems?"

Researchers in general advocate how AI can expand – possibly even promote – our competencies, and not limit them. "This means that in the area of education I must also ask myself – as perhaps was the case 30 years ago with pocket calculators – how can I shape education with AI systems like ChatGPT?"

Data privacy concerns

All the same, concerns remain about data security and protecting data. "What can be said is that ChatGPT takes in a variety of data from the user, stores and processes it and then at a given time trains this model accordingly," says Christian Holthaus, a certified data protection expert in Frankfurt. The problem is that all the servers are located in the United States.

"This is the actual problem – if you do not succeed in establishing this technology in Europe, or to have your own," Holthaus said. In the foreseeable future there will be no data protection-compliant solution. Adds Stock-Homburg about European Union data protection regulations: "This system here is regarded as rather critical."

ChatGPT was developed by OpenAI, one of the leading AI firms in the US. Software giant Microsoft invested US$1bil (RM4.25bil) in the company back in 2019 and recently announced plans to pump further billions into it. The concern aims to make ChatGPT available to users of its own cloud service Azure and the Microsoft Office package.

"Still an immature system"

Stock-Homburg says that at the moment ChatGPT is more for private users to toy around with – and by no means something for the business sector or security-relevant areas. "We have no idea how we should be deal with this as yet still immature system," she said.

Oliver Brock, Professor of Robotics and Biology Laboratory at the Technical University Berlin, sees no "breakthrough" yet in AI research. Firstly, development of AI does not go by leaps and bounds, but is a continuing process. Secondly, the project only represents a small part of AI research.

But ChatGPT might be regarded as a breakthrough in another area – the interface between humans and the internet. "The way in which, with a great deal of computing effort, these huge amounts of data from the internet are made accessible to a broad public intuitively and in natural language can be called a breakthrough," says Brock. – dpa    

By Oliver Pietschmann, Christoph Dernbach

Source link

 

Related posts:

 

  H ow Scientists Predict Where Earthquakes Will Strike Next The pair of earthquakes that hit Turkey and Syria this week left the region .
 
  OpenAI, which Elon Musk helped to co-found back in 2015, is the San Francisco-based startup that created ChatGPT. The company opened Ch...
 

 Microsoft is rolling out an intelligent chatbot to live alongside Bing’s search results, putting AI that can summarise web pages, synthesis...

Monday 7 November 2022

China's cyberspace whitepaper highlights cooperation, 'fundamentally different' from US' proposition

 

 cyberspace Photo:VCG 

China's State Council Information Office issued a white paper titled "Jointly Build a Community with a Shared Future in Cyberspace," which is fundamentally different from the US' earlier release "Declaration for the Future of the Internet," as China advocates that cyberspace is the common home of humankind instead of creating division and confrontation by ideology.

The Office released the white paper during a news conference on Monday morning in Beijing, which introduces the achievements of China's Internet development and governance practices over the past decade and puts forward the Chinese proposition of building a community with a shared future in cyberspace.

As problems of unbalanced development, unsound rules and unreasonable order in the cyberspace are becoming increasingly prominent and cyber hegemony poses a new threat to world peace and development, effective solutions and joint efforts are needed to address the problems, officials said.

China's white paper is fundamentally different from the US and its partners' joint release "Declaration for the Future of the Internet," said Qi Xiaoxia, director general of the Bureau of International Cooperation of the Cyberspace Administration during Monday's news conference.

The "Declaration for the Future of the Internet" attempts to impose its own standards on others, draw ideological lines in the cyberspace, draw "small circles," create division and confrontation and violate international rules, Qi said. These actions have seriously undermined the unity of the internet family and affected the stable development of the global internet.

In the US' vision, it has abandoned multilateral platforms such as the UN and is keen to form various exclusive cliques instead, in an attempt to draw ideological lines and undermine the global rules of Internet governance by touting its unilaterally-defined principles, trying to create an exclusive bloc in the name of democracy, Chinese Foreign Ministry spokesperson Zhao Lijian said in May.

Instead, China advocates openness, cooperation, tolerance and mutual understanding, he said.

"We believe that cyberspace is the common home of humankind, and that the future of cyberspace should be in the hands of all countries in the world, not by a single country or a few countries."

China advocates that the UN play the role of the main channel in the international governance of cyberspace, and that the international community adhere to the principles of common consultation, construction and sharing, strengthen cooperation and jointly develop international rules for cyberspace, Qi said.

China is willing to deepen cooperation with countries around the world, promote the reform and construction of the global internet governance system, she said.

However, contrary to China's vision of mutual benefit, there are many restrictions on the development of Chinese companies in some countries while they are actively exploring the international market.

"Chinese enterprises have carried out international research and development cooperation, and provided a large number of safe, reliable, high-quality and inexpensive products and services to the world, which are widely welcomed," Qi said.

"Chinese enterprises have actively fulfilled their corporate social responsibility and provided a large number of employment opportunities for the countries and regions where they operate."

Qi pointed out that the reason is clear for the development restrictions of some Chinese enterprises including Huawei in overseas market.

"On the pretext of 'national security,' certain countries have abused export control measures to maliciously block and suppress Chinese enterprises, which undermines the legitimate rights and interests of Chinese enterprises and causes serious disruptions to the stability of the global industrial supply chain," she said.

The Chinese government opposes politicization of technical issues and abuse of state power to suppress and curb other countries' enterprises by any means in violation of market economy principles and international economic and trade rules, said the white paper.

Besides, Qi denied that China's cybersecurity build-up would affect foreign companies' operations in China.

"Such worries are totally unnecessary," Qi said, responding to a question raised by a foreign reporter. "What is foreseeable is that China's open door will only get wider."

Data show that the number of foreign-funded enterprises in China has exceeded 1 million, which shows that foreign enterprises are very confident in China's business environment. The Chinese government has always been committed to creating a market-oriented, rule-of-law business environment, encouraging more enterprises to operate and develop in accordance with the law, and treating both Chinese and foreign enterprises equally, Qi said. 

Source link

RELATED ARTICLES
 

 Related posts:

 

  Mengtian lab module successfully launched. Graphic: Xu Zihe/GT China Space Station completes T-shape basic structure assembl...
 
  GPS / China says BeiDou navigation satellite system is completely function now      Live: China issues The White Paper on China's Be...

Tuesday 2 August 2022

Scammers getting smarter now and so should we

 

 

Scammers keep getting bolder and bolder with their extortion methods. From impersonating landlords to illegal debt collection tactics, there is no shortage of ways scammers will try to separate you from your money. Be aware of these five red flags when getting on the phone, checking your email, or using social media. This can help you avoid getting trapped in a conversation with a scammer in the first place.

 

Whether it’s through email, text, phone calls or direct messages, scams seem to be everywhere on the internet. Not all scams are obvious and many specifically target small business owners. Learn how to recognize a scam, protect your business and know what to do if you become a victim of a scam.


Being forearmed with knowledge is key to not falling prey to well-trained scammers

 Arm yourself with knowledge to identify a swindler

RIGHT before my eyes, I witnessed my friend falling for a classic Macau scam over the phone.

The call from a “government official” had him hooked. Frantically, I gestured to my friend to end the call but he was like a man possessed.

Someone on the other end of the line, claiming to be a government official, informed my worried friend that he had been implicated in a crime of sorts and the only way to escape the consequences was to transfer his money into a “safe account”.

After 45 minutes on the phone, he sent RM5,000 to one such bank account, and this happened on his pay day!

Recalling the incident, my friend said the caller was so convincing and believable that it was hard to cut the line.

This incident came to mind when the long arm of the law finally caught up with Tedy Teow, the founder of MBI (Mobility Beyond Imagination) well-known for its superlative money-making scheme.

He was detained in Thailand about a week ago and is believed to be wanted for questioning over several money-laundering cases in a few countries.

From what I could tell, the news failed to generate much interest on the ground, especially in Penang where the scheme used to have a large number of followers.

It could be that many of his victims were resigned to the fact that their money was as good as gone, even though Teow got arrested.

I have many acquaintances who put money into MBI. A few earned some returns. Most did not.

Now, it is “successful” Macau scams that are dominating the chatter in coffeeshops, offices, watering holes and messaging groups.

Indeed, teachers, engineers, doctors and even a politician were among the prized scalps of these so-called officers from banks or government and law enforcement agencies.

In May, a businessman from Port Dickson with a net worth of over Rm100mil lost a record Rm21mil in one such scam after he allegedly revealed his bank Transaction Authorisation Code (TAC) numbers to a “bank official”.

A sizeable number of scam victims were retirees who lost their hard-earned savings.

As pointed out in one news report, these scammers actually go through a month-long boot camp conducted by professional trainers before they are sent out for con jobs.

Psychology, negotiation skills, the art of persuasion, they learn it all.

They go through gauntlets of role-playing, with one being the “victim” and the other the scam caller, all under the watchful eyes of the trainers.

It has become challenging these days for lawmen to outfox the syndicates which have members even sitting for exams before being certified competent enough to man scam call centres.

And now we hear of increasing cases of dubious bank transfers: money being unknowingly transferred out of savings and fixed deposit accounts after victims were said to have downloaded phone apps.

Protect yourself by not downloading apps from dubious sites!

Then there are the online lovers to whom the lonely give their money even though they have never met face to face.

For those not in the know, this actually happens gradually.

First, the amounts asked for are small. These are quickly returned with a small but appreciable profit. Only after trust is established will the scammer ask for the big amounts.

The situation has never been more urgent as there are still victims who fall prey to such tactics almost on a daily basis.

If you get a call from a scammer, stay calm and rightfully hesitate when asked to reveal your personal banking and user login details.

In the course of a true fraud investigation, government and law enforcement agencies will not transfer calls among themselves. Bank Negara will not transfer your calls to Bukit Aman and vice versa, and never call back the number that was given.

Remember, the police will never threaten to arrest you over the phone; they prefer to do it face to face.

And if it’s a pre-recorded message, just hang up.

Most importantly, if you are a law-abiding citizen who has done nothing wrong, there is indeed nothing to fear. 

By TAN SIN CHOW

sctan@star.com.my
              
 
Related posts:
 
CLICK TO ENLARGE Entrepreneur, philanthropist, get-rich-quick ‘hero’ wanted in M’sia and China He lorde
 

Tuesday 15 March 2022

China captures powerful US NSA cyberspy tool

Cybersecurity. Photo: VCG `'Trojan horse' controls global equipment

China captured a spy tool deployed by the US National Security Agency, which is capable of lurking in a victim's computer to access sensitive information and was found to have controlled global internet equipment and stole large amounts of users' information, according to a report the Global Times obtained from the National Computer Virus Emergency Response Center exclusively on Monday.
`
According to the report, the Trojan horse, "NOPEN," is a remote control tool for Unix/Linux computer systems. It is mainly used for stealing files, accessing systems, redirecting network communication, and viewing a target device's information.
`
Through technical analysis, the center believes that the "NOPEN" Trojan horse is characterized by complex technology, comprehensive functions and strong concealment, which can fit a variety of processor architectures and operating systems. It can also collaborate with other cyber weapons and is a typical tool used for cyber espionage.
`
The report came after the NSA was exposed to have been launching cyberattacks against 47 countries and regions for a decade, with Chinese government departments, high-tech companies and military-related institutes among the key targets. Under the surveillance of the NSA, the privacy and sensitive information of hundreds of millions of people around the world were exposed, like "running around naked."
`
Photo: Courtesy of National Computer Virus Emergency Response Center
Photo: Courtesy of National Computer Virus Emergency Response Center
`
Cybersecurity experts told the Global Times that once the Trojan was planted into a victim's computer, it would become a "lurker" waiting for the "code" and opening the "vault door" for hackers. The Trojan also could turn a victim's computer into a bridge tower, allowing hackers to go deeper into the group where the victim works and grasp the company's information.
`
According to the center's report, the "NOPEN" can remotely control most existing network servers and terminals, which can be manually implanted by attackers, or cyberattack platforms by the NSA. It can execute a variety of instructions such as information theft and destruction.
`
Evidence shows that the NSA used the "NOPEN" Trojan horse to control a large number of internet devices around the world and steal user privacy data, which has caused inestimable losses.
`
According to internal NSA documents leaked by hacking group Shadow Brokers, "NOPEN" is one of the powerful weapons used by the NSA's Tailored Access Operations (TAO) to attack and steal secrets.
`
"As the research and development arm of the world's top military power, the NSA cannot develop weapons that rust in their arsenals," a Chinese cybersecurity expert told the Global Times on condition of anonymity. "The international community has learned from the PRISM scandal that the US military intelligence agency has been conducting network monitoring and cybertheft of countries around the world for a long time, and these cyber weapons are an important means of its implementation of network monitoring."
`
In April 2017, the Shadow Brokers released a large number of cyberattack tools developed by the NSA. As the NSA is affiliated with the US Department of Defense, the tools are widely believed to be used for military purposes as "cyber weapons."
`
For example, on May 12, 2017, the worldwide WannaCry ransomware used EternalBlue, a computer exploit developed by the NSA to attack unpatched computers, which brought serious damage and data loss to many enterprises and individuals, according to media reports. The incident enabled the international community to witness for the first time the terrible power of cyber weapons, but such weapons of mass destruction are only the tip of the iceberg in the NSA's vast arsenal.
`
"The vast majority of the NSA's arsenal consists of stealth fighters and submarines that can easily attack victims without theirknowledge," the anonymous expert said, noting that the "NOPEN" Trojan horse is the main weapon of the NSA's arsenal.
`
The expert said the center's report sounds an alarm to the world as there are likely a large number of undetected victims online, who face long-term and serious cybersecurity risks. The leakage and proliferation of these cyber weapons further aggravate the increasingly severe network security situation, seriously endanger the overall security of the cyberspace, turning military confrontation in cyberspace into a "zero-sum" game.

 Source link

RELATED ARTICLES
 

 

China criticizes US' inconsistency on Taiwan question at Yang-Sullivan meeting as US ...

China's top diplomat Yang Jiechi met with US National Security Advisor Jake Sullivan in the Italian capital of Rome on ..

.

Monday 3 January 2022

ONGOING CYBER THREATS

 

 

After years of data breaches exposing individuals’ personal information, cyberthieves will increasingly use that information to attack businesses in 2022, according to the Identity theft resource Centre’s predictions for the coming year.

` “We also tracked a record number of data breaches and a steady flow of new victims of unemployment benefits identity fraud long after the enhanced benefits ended,” said eva Velasquez, president and CEO of Identity theft resource Centre.

` Velasquez anticipates an increase this year in the number of people who have been victims of identity theft multiple times. And she warned of particular risk ahead as people change how they pay for things.

` “Look for cybercriminals to take advantage of the shift to alternative digital payment methods, such as payment apps, digital wallets and peer-to-peer services,” Velasquez said.

` With cryptocurrency becoming increasingly popular, scammers will find new ways to steal from consumers, according to the resource centre, which is a US nonprofit that tracks data compromises and provides free assistance to victims.

` The centre’s predictions for 2022 include:

  • ` l An accelerated shift from identity theft to use of already stolen personal information and credentials to commit identity fraud and attack businesses.
  • ` l Consumers may shift away from some online transactions and email communications due to the increasing problem of phishing, which is when cybercriminals use a fraudulent email or website to masquerade as a legitimate business or person.
  • ` l the effects of pandemicrelated fraud will continue into 2024, with some fraud cases taking years to resolve and unemployment compensation fraud efforts likely becoming permanent.
  • ` l ransomware, when hackers use malicious software to infect and lock a computer network and demand demand money to restore access, may surpass phishing as the top cause of data breaches.
  • ` l Supply chain attacks, which is when malware infects a single organisation that is linked to multiple others, will become more common.
  • ` l Single incident attacks will impact greater numbers of individuals, including social media account takeovers that victimise followers and networks.


` “All of these trends point toward increases in identity fraud that will change consumer behaviours, revictimisation rates and pandemicrelated identity crimes for years to come,” Velazquez said.

` “We expect to see these types of cyberattacks and who they target continue to evolve as they did in 2021.”

` The resource centre called for wider consumer education efforts and improved data protection. the number of publicly reported data compromises was already higher last year than in all of 2020. the centre’s third quarter report shows that as of Sept 30, 2021, data compromises rose by nearly 17% over all of 2020. the report found that nearly 281.5 million people were victims last year. there were 1,291 data compromise events in 2021, compared to 1,108 in all of 2020. the record is 1,529 in 2017.

` In November, the resource centre released data showing that 16% of 1,050 US adult consumers surveyed took no action after receiving a data breach notice, according to the survey by the resource centre and Dig.works, a consumer research company.

` Fewer than one-third of survey respondents had frozen their credit at one time for any reason and only 3% did so after receiving a data breach notice, the survey found. 

– Journal-news, Hamilton, Ohio/tribune News Service

Crypto cybercrime set to surge in 2022

 

Cybercrime in 2022 – be aware | The Star

2021 Cyber Threat Report - 2021 Global Threat Report


 

Related posts:

 

Hackers in your heads, Cybercriminals preying on gullible


`

Bitcoins, Cryptocurrencies under fire

  

 

Vital to know your rights when get arrested; comments on social media not be a serious crime

Monday 11 January 2021

Invasion of the web trackers

Here’s how you can thwart websites from tracking your every movement.

 

THERE are several reasons that your Windows 10 PC is overrun by web trackers, bits of software code that follow you online to help marketers learn more about you.

The money trail

Nearly all commercial websites use them to create an elaborate profile of your tastes and habits, a profile that the websites can use themselves or sell to others.

Your online movements are tracked by cookies (bits of code left in your web browser), Google and Facebook tracker software (that follows you even when you aren’t on their websites), session recorders (that record everything you do on a website), key-loggers (that record what you type into text boxes on a website, even if you don’t submit anything), beacons (invisible objects in a web page that record how many times you viewed that page) and “fingerprinting” (a record of the technical details of your computer that can be used to identify you.)

While privacy advocates are aware of web trackers, most people aren’t. As a result, web tracking keeps expanding.

A recent study showed that 87% of the most popular websites now track your movements, whether you sign in to the website or not (see tinyurl.com/yyy5qyas).

You can view the web trackers on any website at tinyurl.com/y2em59e6.

Also, Windows 10 may indeed attract more web tracker software, because it collects more personal information about you than earlier versions of Windows did.

Microsoft shares some of that information with advertisers.

Throw it off track

Until recently, web browsers didn’t offer much protection against web tracking.

The latest versions of the four most popular browsers – Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari – have improved (but not perfect) anti-tracking features.

A reviewer of the latest Safari browser reported that it blocked 90 web trackers in five minutes of online activity.

But be sure your browser’s anti-tracking features are turned on.

Also, adjust the privacy settings in Windows 10.

The Windows 10 settings you may want to change include the “advertising ID” (monitors your online travels for advertisers), “location tracking” (helps advertisers localise what they promote to you), “Timeline” (keeps track of what you’re doing so that you can switch from one PC to another without interruption) and Cortana, the Windows 10 digital assistant (monitors your location, email, contacts, and calendar, and keeps a record of every “chat” you’ve had with Cortana).

You can also add more anti-tracking add-ons to your web browser.

Top-rated add-ons include Duckduckgo Privacy Essentials, Privacy Badger and Ghostery. – Star Tribune/tribune News Service - By STEVEN ALEXANDER

Trying to stop the invasion of the web trackers | Star Tribune

 

How cookies can track you (Simply Explained)



https://youtu.be/wefD2N-GWUo

Have you ever wondered how websites and apps track you on the net? Why do other websites show you advertisements from Amazon about exactly the product you looked at before? How does online tracking work? We explain to you how Google, Facebook and Co track you on the Internet. What is your opinion about online tracking? Write it in the comments... 

 

What Google & Co know about you | Online Tracking

 


https://youtu.be/iB9l56j4mg8 

 

Tech Q&A: Trying to stop the invasion of the web trackers ...

 

How to stop your emails from being tracked - The Verg


Related post:

BLOCKCHAIN beyond Bitcoin

Monday 14 September 2020

Educated yet amoral: GPT-3 AI capable of writing books sparks awe

An AI technology has won praise for its ability to generate coherent stories, novels and even computer code. — AFP Relaxnews





An artificial intelligence (AI) technology made by a firm co-founded by billionaire Elon Musk has won praise for its ability to generate coherent stories, novels and even computer code but it remains blind to racism or sexism.

GPT-3, as Californian company OpenAI’s latest AI language model is known, is capable of completing a dialogue between two people, continuing a series of questions and answers or finishing a Shakespeare-style poem.

Start a sentence or text and it completes it for you, basing its response on the gigantic amount of information it has been fed.

This could come in useful for customer service, lawyers needing to sum up a legal precedent or for authors in need of inspiration.

While the technology is not new and has not yet learnt to reason like a human mind, OpenAI’s latest offering has won praise for the way its text resembles human writing.

“It is capable of generating very natural and plausible sentences,” says Bruce Delattre, an AI specialist at data consulting agency Artefact.

“It’s impressive to see how much the model is able to appropriate literary styles, even if there are repetitions.”

GPT-3 is also capable of finding precise responses to problems, such as the name of an illness from a description of symptoms.

It can solve some mathematical problems, express itself in several languages, or generate computer code for simple tasks that developers have to do but would happily avoid.

Delattre tells AFP it all works thanks to “statistical regularities”.

“The model knows that a particular word (or expression) is more or less likely to follow another.”  

Billions of web pages

Amine Benhenni, scientific director at AI research and development firm Dataswati, tells AFP that “the big difference” compared to other systems is the size of the model.

GPT-3 has been fed the content of billions of web pages that are freely available online and all types of pieces of written work.

To give an idea of the magnitude of the project, the entire content of online encyclopaedia Wikipedia represents just 3% of all the information it has been given.

As such, it does not need to be retrained to perform tasks, as previous models did, when a new subject is introduced like medicine, law or the media.

Give it just a handful of examples of a task to do, such as completing a sentence, and it will then know how to complete any sentence it is given, no matter what the subject – a so-called “few-shot” language model.

“It’s amazingly powerful if you know how to prime the model well,” Shreya Shankar, an AI-specialised computer scientist, said on Twitter after having used GPT-3.

“It’s going to change the ML (machine learning) paradigm.”

Despite the hype, however, GPT-3 is only 10th on the SuperGLUE benchmark that measures the language-understanding of algorithms.

And that’s because some users demonstrated that when asked absurd questions, the model responds with senseless answers.

For instance, developer Kevin Lacker asked: “How many eyes does the sun have?”

“The sun has one eye,” it responded, Lacker wrote on his blog.

Fake reviews, fake news

Claude de Loupy, co-founder of French startup Syllabs that specialises in automated text creation, says the system lacks “pragmatism”.

Another major problem is that it replicates without a second thought any stereotype or hate speech fed during its training period, and can quickly become racist, anti-semitic or sexist.

As such, experts interviewed by AFP felt GPT-3 was not reliable enough for any sector needing to rely on machines, such as robo-journalism or customer services.

It can however be useful, like other similar models, for writing fake reviews or even mass-producing news stories for a disinformation campaign.

Concerned about “malicious applications of the technology”, OpenAI, which was co-founded in 2015 by Musk who has since left, and is financed by Microsoft among others, chose not to release the previous version of the model, GPT-2, in February 2019.

Originally a non-profit, OpenAI then became a “capped profit” company, which means investors get a capped return.

And in June, the firm changed tack and opened its GPT-3 model to commercial use, allowing for user feedback.

A step Claude de Loupy says could yield big profits.

There is “no doubt that the amount of text generated by AI is about to explode on the Web”. – AFP

Source link

GPT 3 Demo and Explanation - An AI revolution from OpenAI



Half Ideas - Startups and Entrepreneurship 
4.89K subscribers

GPT 3 can write poetry, translate text, chat convincingly, and answer abstract questions. It's being used to code, design and much more. I'll give you a demo of some of the latest in this technology and some of how it works.

GPT3 comes from a company called OpenAI. OpenAI was founded by Elon Musk and Sam Altman (former president of Y-combinator the startup accelerator). OpenAI was founded with over a Billion invested to collaborate and create human-level AI for the benefit of society.

GPT 3 has been developed for a number of years. One of the early papers published was on Generative Pre-Training. The idea behind generative pre-training (GPT) is that while most AI's are trained on labeled data, there's a ton of data that isn't labeled. If you can evaluate the words and use them to train and tune the AI it can start to create predictions of future text on the unlabeled data. You repeat the process until predictions start to converge.

The newest GPT is able to do a ton. Some of the demos include: 
 - GPT 3 demo of how to design a user interface using AI
- GPT 3 demo of how to code a react application using AI
- GPT 3 demo of an excel plug-in to fill data using AI
- GPT 3 demo of a search engine/answer engine using AI
- GPT3 demo of command line auto-complete from English to shell commands


And more. I've posted all the embedded tweets and videos on my site:
https://gregraiz.com/gpt-3-demo-and-e...

You can also follow me on twitter here:
https://www.twitter.com/graiz

The paper on Language Models are Few-Shot Learners is available to read:
 https://arxiv.org/abs/2005.14165

Caption author 英语爸爸
(Chinese (China))






https://youtu.be/G6Z_S6hs29s
https://youtu.be/cpWEXQkpBFQ
 https://youtu.be/tsuxlU5IwuA


OpenAI GPT-3: Beginners Tutorial



OpenAI has released GPT-3, a state-of-the-art language model made up of 175 billion parameters. In this video, I'll create a simple tutorial on how you can use OpenAI's API to use the GPT-3 model.

The previous OpenAI GPT model that is GPT-2 had 1.5 billion parameters and was the biggest model back then. GPT-3 can write poetry, translate text, chat convincingly, and answer abstract questions.

Link to Shreya's Repo :  https://github.com/shreyashankar/gpt3...

Link to the Notebook :  https://github.com/bhattbhavesh91/gpt...

Link to Request for API Access :  https://lnkd.in/eUTisGR

If you do have any questions with what we covered in this video then feel free to ask in the comment section below & I'll do my best to answer those.

If you enjoy these tutorials & would like to support them then the easiest way is to simply like the video & give it a thumbs up & also it's a huge help to share these videos with anyone who you think would find them useful.

Please consider clicking the SUBSCRIBE button to be notified for future videos & thank you all for watching.

You can find me on:

Blog - http://bhattbhavesh91.github.io

Twitter -  https://twitter.com/_bhaveshbhatt

GitHub - https://github.com/bhattbhavesh91

Medium -  https://medium.com/@bhattbhavesh91

#GPT3 #NLP



 
Read more: 

Will GPT-3's AI make writers obsolete? - without bullshit




Related posts:


Global AI collaboration to fight pandemic, revive economies

The future is AI technology




Developing AI specialists through collaboration

 

 

AI Superpowers: China, Silicon Valley, and the New World Order; Singapore tries its own path in clash