Posts Tagged ‘GitHub’

Sexbots? In My Cloud Stack? It’s More Likely Than You Think

Monday, October 7th, 2024

I’ve long been amazed at the hyperparasitism of the hacker exploit ecosystem, where hackers penetrate systems not to steal credit card numbers, but just to steal the resources to run bot farms. And now hackers are stealing cloud resources to run AI sexbots.

Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape.

Researchers at security firm Permiso Security say attacks against generative artificial intelligence (AI) infrastructure like Bedrock from Amazon Web Services (AWS) have increased markedly over the last six months, particularly when someone in the organization accidentally exposes their cloud credentials or key online, such as in a code repository like GitHub.

You might wonder how a company could be so stupid as to include their cloud access credentials in their GitHub repository. Having worked for a long time in the cloud/SaaS space, I can tell you: It’s easier than you think. Developers probably included it so they could do rapid testing during the development cycle (and nobody wants to go through the pain of setting up another cryptokey through two-factor authentication every damn time they want to run a test), then overlooked changing it when they rolled to production. It’s the sort of thing dev should be looking for, but there are a lot of ways (personnel change, version rollback, etc.) something like that can slip through.

Investigating the abuse of AWS accounts for several organizations, Permiso found attackers had seized on stolen AWS credentials to interact with the large language models (LLMs) available on Bedrock. But they also soon discovered none of these AWS users had enabled full logging of LLM activity (by default, logs don’t include model prompts and outputs), and thus they lacked any visibility into what attackers were doing with that access.

So Permiso researchers decided to leak their own test AWS key on GitHub, while turning on logging so that they could see exactly what an attacker might ask for, and what the responses might be.

Within minutes, their bait key was scooped up and used in a service that offers AI-powered sex chats online.

Long gone are the days when boys were initiated into onanistic pursuits by the time-honored method of finding an old issue of Penthouse under a tree in the woods, but having to use AI chatbots when there’s a veritable ocean of pornography rolling around the Internet bespeaks of a lack of imagination in today’s large cohorts of lonely men.

“After reviewing the prompts and responses it became clear that the attacker was hosting an AI roleplaying service that leverages common jailbreak techniques to get the models to accept and respond with content that would normally be blocked,” Permiso researchers wrote in a report released today.

“Almost all of the roleplaying was of a sexual nature, with some of the content straying into darker topics such as child sexual abuse,” they continued. “Over the course of two days we saw over 75,000 successful model invocations, almost all of a sexual nature.”

Ian Ahl, senior vice president of threat research at Permiso, said attackers in possession of a working cloud account traditionally have used that access for run-of-the-mill financial cybercrime, such as cryptocurrency mining or spam. But over the past six months, Ahl said, Bedrock has emerged as one of the top targeted cloud services.

Stealing computer resources to run bots for cryptocurrency mining or spam is now evidentially one of those traditional criminal enterprises like running a numbers racket or selling swampland in Florida. Perhaps this strikes you with the same “get off my lawn” unease that I felt upon first reading the phrase “90s Music Nostalgia Tour.”

“Bad guy hosts a chat service, and subscribers pay them money,” Ahl said of the business model for commandeering Bedrock access to power sex chat bots. “They don’t want to pay for all the prompting that their subscribers are doing, so instead they hijack someone else’s infrastructure.”

Ahl said much of the AI-powered chat conversations initiated by the users of their honeypot AWS key were harmless roleplaying of sexual behavior.

“But a percentage of it is also geared toward very illegal stuff, like child sexual assault fantasies and rapes being played out,” Ahl said. “And these are typically things the large language models won’t be able to talk about.”

AWS’s Bedrock uses large language models from Anthropic, which incorporates a number of technical restrictions aimed at placing certain ethical guardrails on the use of their LLMs. But attackers can evade or “jailbreak” their way out of these restricted settings, usually by asking the AI to imagine itself in an elaborate hypothetical situation under which its normal restrictions might be relaxed or discarded altogether.

“A typical jailbreak will pose a very specific scenario, like you’re a writer who’s doing research for a book, and everyone involved is a consenting adult, even though they often end up chatting about nonconsensual things,” Ahl said.

In June 2024, security experts at Sysdig documented a new attack that leveraged stolen cloud credentials to target ten cloud-hosted LLMs. The attackers Sysdig wrote about gathered cloud credentials through a known security vulnerability, but the researchers also found the attackers sold LLM access to other cybercriminals while sticking the cloud account owner with an astronomical bill.

“Once initial access was obtained, they exfiltrated cloud credentials and gained access to the cloud environment, where they attempted to access local LLM models hosted by cloud providers: in this instance, a local Claude (v2/v3) LLM model from Anthropic was targeted,” Sysdig researchers wrote. “If undiscovered, this type of attack could result in over $46,000 of LLM consumption costs per day for the victim.”

Stolen credentials paid for with stolen credit cards running stolen AI access on stolen cloud platforms to run illegal sex chatbots. It’s a veritable ecology of cybercriminality…

Benford’s Law Shows Biden Vote Fraud

Sunday, November 8th, 2020

I was just going to include this in Monday’s state-of-play voting fraud roundup, but since I found out that Facebook is blocking access to one of the source articles, literally preventing you from posting a link to it (I tested), saying that it “this link goes against our community standards.” So I decided to do this post to let you have something you can share on Facebook.

The first link I saw on the topic was this GitHub piece forwarded to me by reader Brandon Byers, who noted “the Wikipedia entry for Benford’s Law was edited 11/5 in order to downplay its usefulness in detecting election fraud.” It appears that a lengthy edit war is still going on there. The author is one “cjph8914”; no idea who it is; GtHub is a code repository system that anyone can sign up for and use.

Benford’s Law, also called the Newcomb–Benford law, the law of anomalous numbers, or the first-digit law, is an observation about the frequency distribution of leading digits in many real-life sets of numerical data. The law states that in many naturally occurring collections of numbers, the leading digit is likely to be small. For example, in sets that obey the law, the number 1 appears as the leading significant digit about 30% of the time, while 9 appears as the leading significant digit less than 5% of the time. If the digits were distributed uniformly, they would each occur about 11.1% of the time. Benford’s law also makes predictions about the distribution of second digits, third digits, digit combinations, and so on.

This GNews piece by “Himalaya Australia” makes much the same argument, and is the one that Facebook is blocking: “As the vote counting for the 2020 Presidential Election continues, various facts suggest rampant frauds in Joe Biden’s votes. So does mathematics in terms of the votes from precincts.”

Wikipedia description snipped.

However, in the Milwaukee County of Wisconsin, which is in one of the key swing states, Joe Biden’s votes violate Benford’s Law while other candidates’ don’t. (Joe Biden 69.4%, Donald Trump 29.4%, Jo Jorgensen 0.9%. Source: theguardian.com)

Here’s a YouTube video that explains the basic concepts of Benford’s Law:

Here’s a YouTube video that basically covers the GitHub piece, which covers other urban areas where it appears Biden’s vote total violates Benford’s Law:

I am not a statistician or a mathematician, but this does seem to make a good case for pro-Biden vote fraud in some urban areas.

Try posting this to Facebook. I wonder how many hits I’ll have to get before someone there tries to block it…

LinkSwarm for November 1, 2019

Friday, November 1st, 2019

Happy Day of the Dead!

Is it time to decouple from China?

“Stealth War: How China Took Over While America’s Elites Slept,” a new book by U.S. Air Force Brig. Gen. Robert Spalding (Ret.), confirms this assessment. Spalding served as the chief China strategist for the chairman of the Joint Chiefs of Staff, as senior U.S. Defense official and defense attaché to China in Beijing, and later in the Trump National Security Council (NSC), where he was the chief architect of the NSS’s framework for national competition.

According to Spalding, even organizations that would seem to have a vested interest in exposing China’s malign behavior remain mum. Spalding writes that upon his arrival at NSC:

I made it a personal mission to meet with many leading think tanks, nongovernmental organizations, and law, auditing, and public relations firms that dealt with China. I was eager to seek their help in exposing the Beijing government’s influencing operations and sanctioning of illegal behavior. Additionally, I hoped they would help me explore policy options to counter China’s economic malfeasance.

Time after time, I was rebuffed.

People at these organizations would talk with me, and many of them even said they agreed with my concerns, but they claimed they couldn’t help. Doing so, some of the more forthright people said, might anger their Chinese funders or business accounts. The list of organizations that refused to engage with me publicly in my official capacity was stunning. Top white-shoe New York law firms. Organizations with mandates to promote democracy, freedom, and human rights would refuse to support my mission.

…They were, in essence, being manipulated by a foreign power that is America’s greatest enemy.

The willingness of American organizations to remain silent about Chinese Communist tyranny can be seen against a correlative backdrop of our burgeoning cancel culture, the censorship of Big Tech, and general decline of devotion to First Amendment principles alongside the Long March of political correctness through our institutions.

China is not the cause of the general erosion of American fidelity to free speech, but it is a contributor and one of its chief beneficiaries. As China poses arguably the greatest threat of any foreign actor to our liberties of all, the corruption resulting from our commercial ties is particularly acute.

  • Does the fact that Xi Jinping sent his daughter back to Harvard at age 27 indicate that his position is weaker than we think?

    For President Xi to start a dynasty, his only daughter has to get married. At 27, she is of the age when she should get married. But it can’t be to someone of peasant stock. It has to be to one of China’s princelings — or “Revolutionary Successors,” as they prefer to be known. President Xi has stressed the need for “red genes” in China’s rulers. The problem is that all the princelings are all already very wealthy, so marrying into the Xi family wealth would be of no consequence. China’s princesses do well, too. The Huawei executive arrested in Canada, Meng Wanzhou, has a stepsister, Annabel Yeo, who had her debut into high society at Le Bal des Débutantes in Paris in November 2018.

    For a princeling, if you married Xi’s daughter, you would become consort to the empress, but there would be a downside: you would be killed in any palace coup.

    If Xi Mingze is at Harvard, that suggests that the project to get her married off has had pushback and that President Xi isn’t having things going all his way. Another problem with Xi establishing a dynasty is that all the other families living in the gated community in Beijing for China’s elite, Zhongnanhai, would become less than equal, something that would stick in their craw more than the president-for-life thing.

    The communist regimes in Russia and Eastern Europe lasted about 70 years before they burned out, and it has been wondered if the 70-year rule will also apply to China. The communist party in China recently celebrated 70 years since its founding, and it looks as if burnout is happening on cue. The princelings are jealous of the fortunes made by China’s entrepreneurial class and have started to take their fortunes from them, starting with the likes of Jack Ma, who had founded Alibaba. Another Chinese billionaire, Miles Kwok, has predicted that Jack Ma will be either in prison or dead within a year. Once started, expropriation will work its way down through the economy, and it will be a profound productivity-killer.

    A lot of China’s managerial class now has at least part of its fortune offshore and has sent its children, often only one child, to foreign universities. Some of those children have been told, “Never come back to China.”

    Xi Mingze at Harvard means that a coup is possible in China.

    (Hat tip: Director Blue.)

  • Failure analysis for SanFrancisco’s new $2.2 billion transit station:

    Built at a cost of $2.2 billion, the Salesforce Transit Center and Park formed the cornerstone of the Bay Area’s ambitious regional transportation plan: a vast, clean, efficient web of trains, buses, and streetcars, running through a hub acclaimed as the Grand Central Station of the West.

    Snip.

    Earlier that day, workers installing panels in the STC’s ceiling beneath the rooftop park un­covered a jagged crack in a steel beam supporting the park and bus deck. “Out of an abundance of caution,” officials said, they closed the transit center, rerouting buses to a temporary terminal. Inspectors were summoned. They found a similar fracture in a second beam.

    Structural steel is exceptionally strong, but given certain conditions—low temperatures, defects incurred during fabrication, heavy-load stress—it remains vulnerable to cracking. Two types of cracks occur in steel: ductile fractures, which occur after the steel has yielded and deformed, and brittle fractures, which generally happen before the steel yields. Ductile fractures develop over time, as the steel stretches during use, explains Michael Engelhardt, Ph.D., a professor of civil engineering at the University of Texas at Austin and chair of the peer-​review committee overseeing the STC’s response to the cracked-beam crisis.

    Engineers can predict ductile fracture and make adjustments during design, such as redistributing the load among various parts of the structure,” Engelhardt says. “Brittle fractures, by contrast, happen suddenly and release a great deal of energy. They’re concerning. They aren’t supposed to happen.”

  • 350,000 protest for Catalonian independence from Spain in Barcelona. This follows nine separatist activists being sentenced for sedition.
  • And the Spanish government got GitHub (now owned by Microsoft) to block access to an app protestors were using to organize. This is yet another reason you should always have an on-premise repository backup…
  • Recently retired top UK climate scientists says that NASA has monkied with historical weather data. (Hat tip: Borepatch.)
  • Is the F-35 actually a success story? I’m a little less rah-rah than Dunn, because I believe the age of the manned fighter is drawing to a close.
  • Violence is the answer. Doesn’t matter what the question is…
  • Deadspin/Kotaku staffers told to stick to sports/gaming. Result: they quit. Giving me a chance to use this for the second time in a week:

    Also this:

  • President Trump sings “God Bless America” with wounded vet. (Hat tip: Stephen Green at Instapundit.)
  • Should have included this in yesterday’s roundup:

  • The 50th anniversary of the first information transmitted across the nascent Internet.
  • Austin ISD “Rolls Out Transgender Education for 8-Year-Olds.” (Hat tip: The Other McCain.)
  • “Texas luring jobs away from California with promises of electricity.”
  • East Austin bar transforms into Moe’s Tavern for Halloween. (Hat tip: IowaHawk.)
  • Heh:

  • rm -rf .github

    Tuesday, February 16th, 2016

    Git, if you are unfamiliar with it, is a software source control program, allowing you to check code (and other things; I’ve used it for documentation) in and out of a repository, which can be either local or remote.

    GitHub is (for now) the most popular remote repository for Git. You can either put all your code in a public repository for free, or in a private repository for a modest per-user fee. GitHub makes its money off bells and whistles for private repositories.

    Now comes word that GitHub’s “Social Impact Team” has decided “We don’t want any of those stinking white people here.” “It is very hard to even interview people who are ‘white’ which makes things challenging.”

    Git and GitHub got to be where they are today because they’re both free-ish, but also because they’re deeply beloved of open source programmers not deterred by the steep learning curve of Git’s command-line-fu. But open source programmers, in addition to being distinctly pale of hue on average, tend to hate Social Justice Warrior types, if the comments on the SJW threads the “new” Slashdot keeps trying to cram down their reader’s throats on a regular basis is any indication.

    Since Git (the program) isn’t limited to any particular repository, it’s fairly easy (remembering, always, that everything about Git falls into two general categories: trivial (because you’ve memorized and mastered the syntax) and impossible (because you haven’t)) to move your existing code to a new repository. And there are plenty of GitHub competitors, including a new one from Google.

    No wonder GitHub is suffering an exodus of talent…

    (Hat tip: Moe Lane.)