SpaceX Is Building Spy Satellites for US National Reconnaissance Office, Sources

According to sources, Elon Musk’s SpaceX is building a network of hundreds of spy satellites under a classified contract with the US intelligence agency the National Reconnaissance Office (NRO), demonstrating deepening ties between the billionaire entrepreneur’s space company and national security agencies.

The contract is for a powerful new spy system with hundreds of satellites bearing Earth-imaging capabilities that can operate as a swarm in low orbits. If successful, the sources said the program would significantly advance the ability of the US government and military to spot potential targets almost anywhere on the globe quickly.

The sources said that the contract signals growing trust by the intelligence establishment of a company whose owner has clashed with the Biden administration and sparked controversy over the use of Starlink satellite connectivity in the Ukraine war.

The Wall Street Journal reported in February that there was a $1.8 billion classified Starshield contract with an unknown intelligence agency that did not detail the program's purposes. (Joey Roulette and Marisa Taylor / Reuters)

Related: Bloomberg, Quartz, Interesting Engineering, Telegraph, MediaNama

In a filing with the Securities and Exchange Commission, Reddit said that the Federal Trade Commission had opened an inquiry into the social media platform’s sale, licensing, or sharing of its users’ posts and other content to outside organizations for training artificial intelligence models.

“Given the novel nature of these technologies and commercial arrangements, we are not surprised that the FTC has expressed interest in this area,” Reddit wrote in the filing. “We do not believe that we have engaged in any unfair or deceptive trade practice.”

Like many other social media platforms, Reddit has expressed interest in business deals where AI companies pay to access databases of human-written text that AI models can use to refine their ability to converse, answer questions, and produce written work and images on request.

Almost a month ago, Reddit announced a $60 million deal with Google for that purpose. That arrangement will also give Reddit access to Google AI models to improve its internal site search and other features. Reddit declined to comment or answer questions beyond a written statement about the deal.

Reddit is on the cusp of an IPO to sell shares to the public for the first time. The San Francisco-based company filed paperwork that projected a price for its initial public offering valuing the 18-year-old platform at up to $6.4 billion. (Associated Press)

Related: SEC.gov, Wired, Cointelegraph, Axios, The Hill, CNN, CNBC, Neowin, The Hollywood Reporter, Engadget, Wall Street Journal, The Crypto Times, CBS News, Quartz, Bloomberg, Barron’s, TechTimes, Decrypt, The Register, The Decoder, The Hill, Tech Xplore, Bloomberg, The Information

Moldovan national Sandu Boris Diaconu has been sentenced to 42 months in prison for operating E-Root, a major online marketplace that sold access to hacked computers worldwide.

After the federal prison ends, Diaconu (aka utmsandu, sandushell, rootarhive, and WinD3str0y) will also be under supervised release for another three years. The sentence comes after his December guilty plea to one count of conspiracy to commit access device and computer fraud and four counts of possessing 15 or more unauthorized access devices.

​Diaconu was an administrator of the E-Root Marketplace between January 2015 and February 2020. Until it was seized by law enforcement authorities in 2020, this cybercrime market operated across a sprawling network infrastructure. It was designed to shield the identities of its administrators, buyers, and sellers.

Using this platform, buyers could search for RDP and SSH credentials to compromised computer systems, which could be filtered by various criteria, including price, geographic location, internet service provider, and operating system.

Cybercriminals later used the compromised credentials to gain remote unauthorized access to victims' systems and extract or manipulate data.

The E-Root marketplace transactions also used an online payment system dubbed Perfect Money to obfuscate the payment chain.

Moreover, E-Root provided an illicit cryptocurrency exchange service designed to convert Bitcoin, US dollars, and other currencies to Perfect Money and vice versa, a service that has also been seized. (Sergiu Gatlan / Bleeping Computer)

Related: Justice Department, Court Listener, The Record, GBHackers on Security, BankInfoSecurity, Security Affairs

The North American finals of The Apex Legends Global Series have been delayed after two players were hacked mid-match with players strongly advised to take protective measures.

Noyan "Genburten" Ozkose of DarkZero suddenly could see other players through walls, and then Phillip "ImperialHal" Dosen of TSM was given an aimbot.

Genburten's hack happened partway through the day's third match. A Twitch clip of the moment shows the words "Apex hacking global series by Destroyer2009 & R4ndom" repeating over chat as he realizes he's been given a cheat and takes his hands off the controls. "I can see everyone!" he says before leaving the match.

ImperialHal was hacked in the game immediately after that. "I have aimbot right now!" he shouts in a clip of the moment before declaring, "I can't shoot." He continued attempting to play out the round, but the match was later abandoned.

The volunteers at the Anti-Cheat Police Department have since issued a PSA announcing, "There is currently an RCE exploit being abused in [Apex Legends]" and that it could be delivered via from the game itself, or its anti-cheat protection. "I would advise against playing any games protected by EAC or any EA titles"” they went on to say.

As for tournament players, they strongly recommended taking protective measures. "It is advisable that you change your Discord passwords and ensure that your emails are secure. also enable MFA for all your accounts if you have not done it yet,” they said, "perform a clean OS reinstall as soon as possible. Do not take any chances with your personal information, your PC may have been exposed to a rootkit or other malicious software that could cause further damage."

The rest of the series has now been postponed "Due to the competitive integrity of this series being compromised," as the official Twitter account announced. They finished by saying, "We will share more information soon." (Jody Macgregor / PC Gamer)

Related: Forbes, TweakTown, Cybernews, eSports, SportsSkeeda, The Star, eGamers World, TechRaptor, r/Cybersecurity

AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a threat actor known as MajorNelson leaked it on a cybercrime forum and claimed it was stolen in a ShinyHunters 2021 breach of the company.

The data includes names, addresses, mobile phone numbers, encrypted date of birth, encrypted social security numbers, and other internal information.

In 2021, ShinyHunters attempted to sell on the RaidForums data theft forum for a starting price of $200,000 and incremental offers of $30,000. The hacker stated they would sell it immediately for $1 million.

AT&T said then that the data did not originate from them and its systems were not breached.

However, BleepingComputer has reviewed the data, and while it cannot confirm that all 73 million lines are accurate, the publication verified some of the data contains correct information, including social security numbers, addresses, dates of birth, and phone numbers.

Other cybersecurity researchers, such as Dark Web Informer and VX-Underground, have confirmed that some data is accurate.

At this point, it's a mystery where the data came from. Still, regardless of where it originated, all signs point to this being data of AT&T customers. (Lawrence Abrams / Bleeping Computer)

Related: Security Affairs, Cybernews, Tech Times, Data Center Dynamics, Restore Privacy

The International Monetary Fund (IMF) said it was continuing to investigate a cyber security incident first detected on Feb. 16 but stressed that the email accounts of top managers were not affected.

A spokesperson for the global lender said 11 IMF email accounts had been compromised in the incident, but they did not include those of IMF Managing Director Kristalina Georgieva or other top officials. The IMF said that all email accounts have since been re-secured.

The IMF said it took remedial action based on the investigation, which was conducted with the help of independent cybersecurity experts. (Andrea Shalal and Kanjyik Ghosh / Reuters)

Related: Bleeping Computer, The Record, Nigerian Tribune, Infosecurity Magazine, IT News, Cyber Daily

US District Judge Vince Chhabria in San Francisco ruled that Apple AirTag stalking victims made sufficient claims for negligence and product liability, allowing a class action lawsuit against Apple to move forward.

About three dozen women and men who filed the suit alleged that Apple was warned of the risks posed by its AirTags. They argued that the company could be legally blamed under California law if the tracking devices were used for misconduct.

In the three claims that survived, the plaintiffs “allege that, when they were stalked, the problems with the AirTag’s safety features were substantial, and that those safety defects caused their injuries,” Chhabria wrote.

Apple had argued that it designed the AirTag with “industry-first” safety measures and shouldn’t be held responsible for misusing the product. (Rachel Graf / Bloomberg)

Related: Engadget, AppleInsider, iThinkDifferent, Gizchina, PCMag, United States District Court, Quartz, 9to5Mac, Benzinga, Livemint, NewsBytes, The Verge

Japanese communications technology giant Fujitsu reported it had discovered malware on multiple work computers and that files containing personal and customer information could have been stolen.

Fujitsu said it took action to isolate the affected computers and enhance system monitoring to prevent further incidents.

Fujitsu is conducting an in-depth investigation to determine the method of malware intrusion and whether any information has been leaked.

While the investigation is ongoing, the company has proactively contacted individuals and customers potentially affected by this incident to inform them of the situation. (Balaji / GBHackers on Security)

Related: Fujitsu

A vulnerable autistic man, Diogo Santos Coelho, is pleading with the UK government to block his extradition to the US on cybercrime charges, where he faces a 52-year sentence for alleged offending that began when he was a child.

Diogo Santos Coelho, who has been assessed as at very high risk of suicide, said he had been groomed and exploited online by adults from the age of 14 into committing the alleged crimes, which relate to the website RaidForums.

Coelho is accused of being the administrator of RaidForums, which was described in court as “a marketplace for individuals to buy and sell stolen databases” with about 10bn stolen records.

Both the US and Portugal have issued extradition requests for the 24-year-old, leaving the decision on which one to pick in the hands of the security minister, Tom Tugendhat, although an appeal against the US request is waiting to be heard.

The alleged crimes were committed when Coelho was in the UK and Portugal, while the victims are said to be global.

Coelho, a Portuguese national, cooperated with the Portuguese authorities. He is prepared to face justice there but said he could not imagine spending years in prison in the US without any support. He said his siblings could not afford to visit him there, while his mother is in hospital in London with Huntington’s disease. (Haroon Siddique / The Guardian)

Related: Daily Mail

Binance-incubated content generation platform NFPrompt said it suffered a hack, leading to losses of some funds by users and the treasury, with the US FBI stepping in to help NFPrompt seize the hackers.

The hackers illegally accessed funds on NFPrompt, including a portion of the NFP treasury and ecosystem fund. NFPrompt’s announcement notes that they also managed to hack the wallets of NFP’s contract administrators.

Shortly after discovering the attack, NFPrompt transferred all of NFP’s smart contract ownerships to new addresses to cut off the attack vector. According to the platform, NFP tokens and other assets on NFPrompt are now “SAFU.”

NFPrompt advised users not to accept NFPs from untrusted sources and only trade the token on reputable centralized exchanges (CEX) until further notice regarding the incident.

The platform has started cooperating with several partner CEXs to pause deposits during the investigation and has urged decentralized exchanges (DEX) to halt all liquidity pool activities involving NFP temporarily. Some CEXs were also alerted to freeze all transactions associated with the hackers. (Helen Partz / Cointelegraph)

Related: Protos, crypto.news, Crypto News, CoinGape, Coinspeaker, Web3IsGoingJustGreat

Krishna Okhandiar, the founder of Remilia and Milady, who is also known as Charlotte Fang, is reportedly claiming to have been hacked following the transfer of $1 million of Ether and nonfungible tokens (NFTs) to a wallet engaged in asset liquidation.

Remilia is the decentralized autonomous organization (DAO) behind the Milady Maker NFT collection. Milady is a collection of 10,000 anime profile picture NFTs designed by Fang.

Although the precise method of the purported hack is unclear, blockchain security company PeckShield pointed out a prior transaction from the Remilia treasury wallet to the wallet implicated in the draining. (Amaka Nwaokocha / Cointelegraph)

Related: crypto.news, Coinpedia, Unchained, Web3IsGoingJustGreat

Mozaic FI, a major player in the crypto world, experienced an insider theft of around $2 million in cryptocurrency from its vaults, with a Mozaic FI developer exploiting a loophole in the security system to access the private keys of a core team member’s data.

Web 3 security firm Cybers Alerts said that Mozaic_Fi’s lax access control on the Arbitrum network paved the way for this hack. The thief stole $2.1 million, funneling it straight to the MEXC exchange.

Mozaic performed a speedy resolution of the exploit after being notified by its security counterparts, including Hypernative and others. As the funds were tracked back and forth among exchanges, it was known that 90% of funds were transferred to centralized exchange MEXC and the remaining to Binance, after which the CEX froze them. (Qadir AK / Coinpedia)

Related: Web3IsGoingJustGreat

New Zealand media and entertainment company MediaWorks confirmed that hackers breached a database containing information from 2.5 million individuals who entered its online competitions, and the hackers are demanding a ransom of US$500 (NZ$820) in cryptocurrency from one of the victims of the data leakage.

According to the 14 March post, a forum user called OneERA has “stolen” 2,461,180 sets of data from MediaWorks.

“Guys, we have stolen 2,461,180 New Zealand citizens’ data from mediaworks.co.nz,” the forum post said. “We plan to sell this data, so please contact us as soon as possible if you’re interested.”

The poster goes on to describe the data in some detail, saying that it includes “names, home addresses, mobile numbers, email addresses, dates of birth, home phone numbers, user postal codes, user genders, UserIds.” The data also includes answers from questionnaires, “some citizens’ videos and music materials,” and “some voting and election details.”

According to the post, the data may relate to the reality-based TV series The Block NZ, specifically between 2017 and 2020.

One man, who did not wish to be named, said he had received an email, purportedly from the hackers. He said it had been sent to almost 100 other addresses from an allegedly hacked account. (David Hollingworth / Cyber Daily and Soumya Bhamidipati / RNZ)

Related: MediaWorks, The Rock, New Zealand Herald, Newshub, RNZ, New Zealand Herald

Researchers from Ben-Gurion University in Israel have devised an attack that deciphers AI assistant responses with surprising accuracy.

The technique exploits a side channel in all major AI assistants except Google Gemini. It then refines the fairly raw results through large language models specially trained for the task.

The attack can allow an adversary to infer the specific topic of 55 percent of all captured responses, usually with high word accuracy. The attack can deduce responses with perfect word accuracy 29 percent of the time.

“Currently, anybody can read private chats sent from ChatGPT and other services,” Yisroel Mirsky, head of the Offensive AI Research Lab at Ben-Gurion University in Israel, said. “This includes malicious actors on the same Wi-Fi or LAN as a client (e.g., same coffee shop), or even a malicious actor on the Internet—anyone who can observe the traffic. The passive attack can happen without OpenAI or the client's knowledge. OpenAI encrypts their traffic to prevent these kinds of eavesdropping attacks, but our research shows that the way OpenAI is using encryption is flawed, and thus the content of the messages are exposed.”

Because AI assistants talk with a distinct style and repeat certain phrases, it’s possible to identify patterns found in the token sequence and thus decipher the entire text contextually. This is akin to a known plaintext attack, where an adversary knows some part of a plaintext and can use it in combination with the corresponding ciphertext to decrypt the entire message.

The researchers found that it’s possible to teach LLMs to perform this attack by training them to translate token sequences into text using example chats available on the Internet. Since the first sentence in an AI's response tends to be more stylistic and predictable than those that follow, the researchers refined their results by using one LLM that specializes in deducing the first sentence of a response and another that’s optimized for inferring inner sentences given the context of previous sentences.

The researchers have made two proposals to mitigate the effectiveness of their attack. The first is to follow Google’s example and stop sending packets one at a time. The other is to apply “padding,” a technique that adds random amounts of spaces to packets so they all have a fixed length equal to the largest possible packet. (Dan Goodin / Ars Technica)

Related: Arxiv.org, Futurism, TechRadar, TechTimes

Researchers from the University of Washington, the University of Illinois Urbana-Champaign, Western Washington University, and the University of Chicago have demonstrated that anyone with a passing familiarity with the sort of ASCII art featured in 1980s tech-based movies like Wargames can fool LLMs into breaking their own safety rules.

ASCII art consists of pictures pieced together from the 95 printable (out of a total of 128) characters defined by the ASCII Standard from 1963. Think of some of the screen images in 1983's Wargames or Tron. In this particular jailbreak, text-based art is used to "mask" prompts that the LLMs’ safety fine-tuning would otherwise flag.

With their “Art Prompt” jailbreak, the researchers focused on the words within a given prompt that may trigger rejections from an LLM's safety systems. It produces a set of cloaked prompts by visually encoding the identified words using ASCII art. These cloaked prompts can induce unsafe behaviors from the victim LLM.

The researchers have tested this jailbreak within five leading LLMs: GPT-3.5, GPT-4, Gemini, Claude, and Llama2, and shown that all struggle to recognize prompts disguised as ASCII art.

The jailbreak only requires black-box access to the LLMs and can "effectively and efficiently induce undesired behaviors" from all five models tested. The researchers state that this vulnerability arises because current defenses within LLMs are semantics-based.

Separately, a team of researchers from Meta, UCL, and Oxford has outlined a method to strengthen safeguards within LLMs by "rainbow teaming," which focuses on the robustness of the semantic end itself.

Their work sees adversarial prompt generation as a quality-diversity problem. It uses open-ended search to generate prompts to uncover a model's vulnerabilities across various domains, including safety, question answering, and cybersecurity.

Implementing Rainbow Teaming requires three essential building blocks: 1) A set of feature descriptors that specify the dimensions of diversity (e.g., “Risk Category” or “Attack Style”); 2) A mutation operator to evolve adversarial prompts and 3) a preference model that ranks adversarial prompts based on their effectiveness.

The Rainbow Teaming framework has only been tested on the Llama-2 Chat model, according to the researchers. However, it has a 90% attack success rate across Model sizes. (Azania Imtiaz Patel / The Stack)

Related: Arxiv.org, Arxiv.org, Tom’s Hardware, Ars Technica

Researchers at IBM and VU Amsterdam have developed a new attack called GhostRace that exploits speculative execution mechanisms in modern computer processors to bypass checks in operating systems against what are known as race conditions.

The attack leverages a vulnerability (CVE-2024-2193) that the researchers found affecting Intel, AMD, ARM, and IBM processors. It works against any operating system, hypervisor, and software that implements synchronization primitives or integrated controls against race conditions.

As the researchers explain in their paper, a race condition can arise when two or more processes, or threads, try to access a shared computing resource, such as memory locations or files, at the same time. It's a common cause of data corruption and vulnerabilities that lead to memory information leaks, unauthorized access, denial of service, and security bypasses.

To mitigate against the issue, operating system vendors have implemented what are known as speculative primitives in their software that control and synchronize access to shared resources. The primitives, which go by names such as "mutex" and "spinlock," ensure that only one thread can access or modify a shared resource.

IBM and VU Amsterdam researchers discovered a way to bypass these mechanisms by targeting speculative execution or out-of-order processing features in modern processors. Speculative execution involves a processor predicting the outcome of certain instructions and executing them ahead of time instead of executing them in the order received.

The goal is to speed up processing time by having the processor work on subsequent instructions while waiting for the results of previous instructions.

The researchers have informed all major hardware vendors of their discovery, and the vendors have notified all affected operating systems and hypervisor vendors. All the vendors acknowledged the issue. (Jai Vijayan / Dark Reading)

Related: Vusec.net, Vusec.net, Tom’s Hardware, Security Week, AMD

Researchers Alireza Taheritajar and Reza Rahaeimehr from Augusta University demonstrated a new acoustic side-channel attack on keyboards that can deduce user input based on their typing patterns, even in poor conditions, such as noisy environments.

Though the method achieves an average success rate of 43%, significantly lower than other methods presented in the past, it does not require controlled recording conditions or a specific typing platform, making it more applicable in real-world attacks.

The attack leverages the distinctive sound emissions of different keystrokes and the typing pattern of users captured by specialized software to gather a dataset.

It is crucial to gather some typing samples from the target so that specific keystrokes and words can be correlated with sound waves. The researchers said the text could be captured through malware, malicious websites or browser extensions, compromised apps, cross-site scripting, or compromised USB keyboards.

The target's typing may be recorded using a concealed microphone near them or remotely using compromised devices in proximity, such as smartphones, laptops, or smart speakers.

The captured dataset includes typing samples under various conditions, so multiple typing sessions must be recorded, which is crucial for the attack's success. However, the researchers say the dataset doesn't have to be particularly large.

The dataset is then used to train a statistical model that produces a comprehensive profile of the target's typing patterns based on the time intervals between keystrokes. (Bill Toulas / Bleeping Computer)

Related: Arxiv.org

Best Thing of the Day: Straight From the Horse’s Mouth

Recorded Future’s Dina Temple-Raston, Sean Powers, and Jade Abdul-Malik held a conversation with LockBitSupp, the purported leader of the LockBit ransomware gang, which was taken down by an international law enforcement operation in February, who said he got lazy and felt like he had been hunted but said that it is impossible to stop him.

Worst Thing of the Day: When All Else Fails, Crying Censorship Works

Donald Trump and his allies have succeeded in allowing election misinformation and disinformation to run rampant online with a well-financed campaign to characterize any efforts to point out election lies as “censorship.”

Closing Thought