• chevron_right

      Extracting GPT’s Training Data / Schneier · Thursday, 30 November - 16:48

    This is clever :

    The actual attack is kind of silly. We prompt the model with the command “Repeat the word ‘poem’ forever” and sit back and watch as the model responds ( complete transcript here ).

    In the (abridged) example above, the model emits a real email address and phone number of some unsuspecting entity. This happens rather often when running our attack. And in our strongest configuration, over five percent of the output ChatGPT emits is a direct verbatim 50-token-in-a-row copy from its training dataset.

    Lots of details at the link and in the paper .

    • chevron_right

      Real estate markets scramble following cyberattack on listings provider / ArsTechnica · Monday, 14 August, 2023 - 21:59 · 1 minute

    MLS, Multiple Listing Service. Concept with keywords, people and icons. Flat vector illustration. Isolated on white.

    Enlarge / MLS (Multiple Listing Service). (credit: Getty Images)

    Home buyers, sellers, real estate agents, and listing websites throughout the US have been stymied for five days by a cyberattack on a California company that provides a crucial online service used to track home listings.

    The attack, which commenced last Wednesday, hit Rapottoni , a software and services provider that supplies Multiple Listing Services to regional real estate groups nationwide. Better known as MLS, it provides instant access to data on which homes are coming to the market, purchase offers, and sales of listed homes. MLS has become essential for connecting buyers to sellers and to the agents and listing websites serving them.

    “If you're an avid online refresher on any real estate website, you may have noticed a real nosedive in activity the last couple of days,” Peg King, a realty agent in California’s Sonoma County, wrote in an email newsletter she sent clients on Friday. “Real estate MLS systems across the country have been unusable since Wednesday after a massive cyberattack against major MLS provider, Rapattoni Corporation. This means that real estate markets (like ours!) can't list new homes, change prices, mark homes as pending/contingent/sold, or list open houses.”

    Read 7 remaining paragraphs | Comments

    • chevron_right

      Google Reportedly Disconnecting Employees from the Internet / Schneier · Thursday, 20 July, 2023 - 22:32

    Supposedly Google is starting a pilot program of disabling Internet connectivity from employee computers:

    The company will disable internet access on the select desktops, with the exception of internal web-based tools and Google-owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.

    Google has not confirmed this story.

    More news articles .

    • chevron_right

      Mass Ransomware Attack / Schneier · Thursday, 23 March, 2023 - 02:56

    A vulnerability in a popular data transfer tool has resulted in a mass ransomware attack :

    TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the ransomware attack, suggesting more victims are likely to come forward.

    However, while the number of victims of the mass-hack is widening, the known impact is murky at best.

    Since the attack in late January or early February—the exact date is not known—Clop has disclosed less than half of the 130 organizations it claimed to have compromised via GoAnywhere, a system that can be hosted in the cloud or on an organization’s network that allows companies to securely transfer huge sets of data and other large files.

    • chevron_right

      Montenegro is the Victim of a Cyberattack / Schneier · Tuesday, 6 September, 2022 - 03:47

    Details are few, but Montenegro has suffered a cyberattack :

    A combination of ransomware and distributed denial-of-service attacks, the onslaught disrupted government services and prompted the country’s electrical utility to switch to manual control.


    But the attack against Montenegro’s infrastructure seemed more sustained and extensive, with targets including water supply systems, transportation services and online government services, among many others.

    Government officials in the country of just over 600,000 people said certain government services remained temporarily disabled for security reasons and that the data of citizens and businesses were not endangered.

    The Director of the Directorate for Information Security, Dusan Polovic, said 150 computers were infected with malware at a dozen state institutions and that the data of the Ministry of Public Administration was not permanently damaged. Polovic said some retail tax collection was affected.

    Russia is being blamed, but I haven’t seen any evidence other than “they’re the obvious perpetrator.”

    • chevron_right

      15.3 Million Request-Per-Second DDoS Attack / Schneier · Wednesday, 4 May, 2022 - 20:05

    Cloudflare is reporting a large DDoS attack against an unnamed company “operating a crypto launchpad.”

    While this isn’t the largest application-layer attack we’ve seen , it is the largest we’ve seen over HTTP S . HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection. Therefore it costs the attacker more to launch the attack, and for the victim to mitigate it. We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale.

    The attack only lasted 15 seconds. No word on motive. Was this a test? Or was that 15-second delay critical for some other fraud?

    News article .

    • chevron_right

      Microsoft Issues Report of Russian Cyberattacks against Ukraine / Schneier · Thursday, 28 April, 2022 - 14:15

    Microsoft has a comprehensive report on the dozens of cyberattacks — and even more espionage operations — Russia has conducted against Ukraine as part of this war:

    At least six Russian Advanced Persistent Threat (APT) actors and other unattributed threats, have conducted destructive attacks, espionage operations, or both, while Russian military forces attack the country by land, air, and sea. It is unclear whether computer network operators and physical forces are just independently pursuing a common set of priorities or actively coordinating. However, collectively, the cyber and kinetic actions work to disrupt or degrade Ukrainian government and military functions and undermine the public’s trust in those same institutions.


    Threat groups with known or suspected ties to the GRU have continuously developed and used destructive wiper malware or similarly destructive tools on targeted Ukrainian networks at a pace of two to three incidents a week since the eve of invasion. From February 23 to April 8, we saw evidence of nearly 40 discrete destructive attacks that permanently destroyed files in hundreds of systems across dozens of organizations in Ukraine.

    • chevron_right

      Industrial Control System Malware Discovered

      Bruce Schneier · / Schneier · Thursday, 14 April, 2022 - 15:46

    The Department of Energy, CISA, the FBI, and the NSA jointly issued an advisory describing a sophisticated piece of malware called Pipedream that’s designed to attack a wide range of industrial control systems. This is clearly from a government, but no attribution is given. There’s also no indication of how the malware was discovered. It seems not to have been used yet.

    More information . News article .

    • chevron_right

      Russian Cyberattack against Ukrainian Power Grid Prevented

      Bruce Schneier · / Schneier · Wednesday, 13 April, 2022 - 16:27

    A Russian cyberweapon, similar to the one used in 2016, was detected and removed before it could be used.

    Key points:

    • ESET researchers collaborated with CERT-UA to analyze the attack against the Ukrainian energy company
    • The destructive actions were scheduled for 2022-04-08 but artifacts suggest that the attack had been planned for at least two weeks
    • The attack used ICS-capable malware and regular disk wipers for Windows, Linux and Solaris operating systems
    • We assess with high confidence that the attackers used a new version of the Industroyer malware, which was used in 2016 to cut power in Ukraine
    • We assess with high confidence that the APT group Sandworm is responsible for this new attack

    News article .

    EDITED TO ADD: Better news coverage from Wired .