The Robots Have Finally Come for My Job
Could ChatGPT lay waste to millions of professional jobs, including journalists? Not if they figure out their real value.
FBI seizes Genesis Market, a notorious hacker marketplace for stolen logins
U.S. and international law enforcement agencies have seized Genesis Market, a notorious hacker marketplace used to acquire compromised credentials and digital browser fingerprints.
The FBI announced the takedown, dubbed “Operation Cookie Monster,” on Wednesday. Genesis Market domains now display a notice stating that the U.S. law enforcement officials have executed a seizure warrant. “Genesis Market’s domains have been seized by the FBI pursuant to a seizure warrant issued by the United States District Court for the Eastern District of Wisconsin,” the message reads.
In addition to the FBI, the notice says the takedown involved law enforcement agencies from the United Kingdom, Europe, Australia, Canada, Germany, Poland and Sweden.
The operation also saw about 120 people arrested and 200 searches carried out globally. The U.K’s National Crime Agency said it arrested 19 suspected site users, including two men aged 34 and 36, who are being held on suspicion of fraud and computer misuse. A senior FBI official told TechCrunch that arrests have also been made in the United States, but exact numbers were not confirmed.
“This is the biggest operation of its kind. We’re not just going after administrators or taking sites down; we’re going after users on a global scale,” the official said. They added that by obtaining Genesis Market’s computer systems, officials have identified approximately 59,000 users of the marketplace.
The FBI also provided data breach notification website Have I Been Pwned with “millions” of email addresses and passwords from the Genesis Market, which internet users can check to see if they were compromised.
Genesis Market has been active since 2017 as an invitation-only online marketplace that sells stolen credentials, cookies, and digital browser fingerprints gathered from compromised systems. These fingerprints, or “bots,” included IP addresses, session cookies, plugins and operating system details, enabling attackers to impersonate victims’ browsers to access their online banking and subscription services, such as Amazon and Netflix, without needing the victim’s password or two-factor token.
Before its shutdown, Genesis claimed that these browser fingerprints would be kept up to date for as long as it retained access to a compromised device.
“In other words, Genesis customers aren’t making a one-time buy of stolen information of unknown vintage; they’re paying for a de facto subscription to the victim’s information, even if that information changes,” Yusuf Arslan Polat, senior threat researcher at Sophos, said in an analysis of Genesis Market last year.
Even up to its seizure, the number of infected devices for sale on the marketplace was growing in size.
“In 2021, over 20,000 new bots a month were being added to the site,” said Cyril Noel-Tagoe, principal researcher at cybersecurity and bot management company Netacea. “The market was temporarily down in the middle of 2022, however despite this, by March 2023, the number of bots available for sale had grown to over 450,000.”
The FBI said that Genesis Market, since its inception, offered access to data stolen from over 1.5 million compromised computers worldwide containing over 80 million account access credentials. While overall financial losses have not yet been determined, the FBI says Genesis has made at least $8.7 million from the sale of stolen credentials, but noted that complete total losses likely exceed tens of millions of dollars.
According to reports, the now-defunct marketplace has been linked to millions of financially motivated cyber incidents globally. In June 2021, the hackers who breached gaming giant Electronic Arts claimed to gain access to the gaming giant by purchasing a $10 bot from Genesis Market that let them log into a company Slack account.
“As a result of the Genesis Market’s seizure, we expect to see an exodus of sellers and customers to competitor marketplaces,” Noel-Tagoe tells TechCrunch. “There are multiple other illicit marketplaces selling logs and credentials, although not on the scale of the Genesis Market. Alternatively, if a significant core of the Genesis Market administrators evade law enforcement, they may splinter off and create a new version of the site.”
The takedown of Genesis Market comes just weeks after the FBI gained access to the infamous BreachForums hacking forum and arrested a 20-year-old New York man accused of running the site. It also comes after U.S. law enforcement last year announced the takedown of SSNDOB, a notorious marketplace used for trading the personal information — including Social Security numbers — of millions of Americans.
Updated with additional information from the FBI.
FBI seizes Genesis Market, a notorious hacker marketplace for stolen logins by Carly Page originally published on TechCrunch
https://techcrunch.com/2023/04/05/fbi-genesis-market-seized-stolen-logins/
Cubs vs. Reds prediction: Ex-Mets starter will propel Chicago
The Cubs are the picks over the Reds for Stitches on Wednesday.
https://nypost.com/2023/04/05/cubs-vs-reds-prediction-ex-mets-starter-will-propel-chicago/
Cranium launches out of KPMG’s venture studio to tackle AI security
Several years ago, Jonathan Dambrot, a partner at KPMG, was helping customers deploy and develop AI systems when he started to notice certain gaps in compliance and security. According to him, no one could explain whether their AI was secure — or even who was responsible for ensuring that.
“Fundamentally, data scientists don’t understand the cybersecurity risks of AI and cyber professionals don’t understand data science the way they understand other topics in technology,” Dambrot told TechCrunch in an email interview. “More awareness of these risks and legislation will be required to ensure these risks are addressed appropriately and that organizations are making decisions on safe and secure AI systems.”
Dambrot’s perception led him to pitch KPMG Studio, KPMG’s internal accelerator, on funding and incubating a software startup to solve the challenges around AI security and compliance. Along with two other co-founders, Felix Knoll (a “growth leader” at KPMG Studio) and Paul Spicer (a “product owner” at KPMG), and a team of about 25 developers and data scientists, Dambrot spun out the business — Cranium.
To date, Cranium, which launches out of stealth today, has raised $7 million in venture capital from KPMG and SYN Ventures.
“Cranium was built to discover and provide visibility to AI systems at the client level, provide security reporting and monitoring, and create compliance and supply chain visibility reporting,” Dambrot continued. “The core product takes a more holistic view of AI security and supply chain risks. It looks to address gaps in other solutions by providing better visibility into AI systems, providing security into core adversarial risks and providing supply chain visibility.”
To that end, Cranium attempts to map AI pipelines and validate their security, monitoring for outside threats. What threats, you ask? It varies, depending on the customer, Dambrot says. But some of the more common ones involve poisoning (contaminating the data that an AI’s trained on) and text-based attacks (tricking AI with malicious instructions).
Cranium makes the claim that, working within an existing machine learning model training and testing environment, it can address these threats head-on. Customers can capture both in-development and deployed AI pipelines, including associated assets involved throughout the AI life cycle. And they can establish an AI security framework, providing their security and data science teams with a foundation for building a security program.
“Our intent is to start having a rich repository of telemetry and use our AI models to be able to identify risks proactively across our client base,” Dambrot said. “Many of our risks are identified in other frameworks. We want to be a source of this data as we start to see a larger embedded base.”
That’s promising a lot — particularly at a time when new AI threats are emerging every day. And it’s not exactly a brand-new concept. At least one other startup, HiddenLayer, promises to do this, defending models from attacks ostensibly without the need to access any raw data or a vendor’s algorithm. Others, like Robust Intelligence, CalypsoAI and Troj.ai, offer a range of products designed to make AI systems more robust.
Cranium is starting from behind, without customers or revenue to speak of.
The elephant in the room is that it’s difficult to pin down real-world examples of attacks against AI systems. Research into the topic has exploded, with more than 1,500 papers on AI security published in 2019 on the scientific publishing site Arxiv.org, up from 56 in 2016, according to a study from Adversa. But there’s little public reporting on attempts by hackers to, for example, attack commercial facial recognition systems — assuming such attempts are happening in the first place.
For what it’s worth, SYN managing partner Jay Leek, an investor in Cranium, thinks there’s a future in AI robustness. It goes without saying that of course he would, given he’s got a stake in the venture. Still, in his own words:
“We’ve been tracking the AI security market for years and have never felt the timing was right,” he told TechCrunch via email. “However, with recent activity around how AI can change the world, Cranium is launching with ideal market conditions and timing. The need to ensure proper governance around AI for security, integrity, biases and misuse has never been more important across all industries. The Cranium platform instills security and trust across the entire AI lifecycle, ensuring enterprises achieve the benefits they hope to get from AI while also managing against unforeseen risks.”
Cranium currently has around 30 full-time employees. Assuming business picks up, it expects to end the year with around 40 to 50.
Cranium launches out of KPMG’s venture studio to tackle AI security by Kyle Wiggers originally published on TechCrunch
Commentary: The best theater in L.A. right now? It’s in Pasadena
Pasadena Playhouse’s producing artistic director, Danny Feldman, has proved that growth is still possible in a time of spiraling crisis for American theater.
Choreographers’ work in film and TV often goes uncredited. A new guild aims to change that
The newly formed Choreographers Guild, now accepting members, is setting standards for compensation, credit, copyright and education for choreographers.
https://www.latimes.com/entertainment-arts/story/2023-04-05/choreographers-guild-opens-membership
How your phone learned to see in the dark
Open up Instagram at any given moment and it probably won’t take long to find crisp pictures of the night sky, a skyline after dark or a dimly lit restaurant. While shots like these used to require advanced cameras, they’re now often possible from the phone you already carry around in your pocket.
https://www.cnn.com/2023/04/05/tech/smartphone-night-photography/index.html
Trump calls on Republicans to ‘defund’ Department of Justice, FBI
The fiery rebuke came after Judge Juan Merchan reportedly warned the real estate mogul about his social media rants.
https://nypost.com/2023/04/05/trump-calls-on-gop-to-defund-department-of-justice-fbi/
A deep dive on the Jets’ current roster — and what they still need to add this offseason
Free agency is slowing down and draft season is heating up, which makes it the perfect time to evaluate what the Jets have on their roster and what they still need.
https://nypost.com/2023/04/05/what-jets-current-roster-says-about-what-they-still-need/
AWS and Microsoft in UK crosshairs as Ofcom mulls cloud market investigation
U.K. regulator Ofcom is preparing to refer the local cloud infrastructure market for an in-depth investigation, with the practices of Amazon and Microsoft in particular firmly in focus.
The news comes some six months after Ofcom first revealed it was kickstarting a market study into the £15 billion U.K. cloud market.
It’s worth noting that Ofcom’s consultation, which involves soliciting stakeholder feedback from across the cloud industry, is only at its halfway point. But Ofcom said that it has “provisionally identified” practices that make it more difficult for businesses to switch between cloud providers, or even use multiple providers, which is why it is “proposing” to refer the U.K. cloud services market to the Competition and Markets Authority (CMA) for a formal investigation.
“We’ve done a deep dive into the digital backbone of our economy, and uncovered some concerning practices, including by some of the biggest tech firms in the world,” Fergal Farragher, Ofcom’s director responsible for the market study, said in a press release. “High barriers to switching are already harming competition in what is a fast-growing market. We think more in-depth scrutiny is needed, to make sure it’s working well for people and businesses who rely on these services.”
Friction
The crux of the problem, according to Ofcom, is that Amazon, Microsoft, and Google collectively account for more than 80% of cloud revenues in the U.K., and they may enforce policies, fees, and other restrictions that make it difficult for other smaller providers to gain traction. These include so-called “egress fees,” which are often opaque fees that cloud companies charge whenever a company transfers data out of the cloud and moves it elsewhere — this is often seen as an unscrupulous means to lock customers in, as the costs are typically higher than what it costs to transfer data into, or within, a single provider’s cloud.
Elsewhere, Ofcom also points to issues around interoperability, whereby the big cloud firms create their products so that they don’t play nicely with competing providers — this can put a considerable resource-drain on companies looking to adopt a hybrid cloud approach. Related to this, Ofcom also says that the big cloud vendors often offer “committed spend discounts,” which while reducing the customers’ costs, also encourages them to stick with a single vendor even if better alternatives may exist.
Ofcom notes in its initial findings:
These market features can make it difficult for some existing customers to bargain for a good deal with their provider. There are indications this is already causing harm, with evidence of cloud customers facing significant price increases when they come to renew their contracts.
From 2018 to 2021, the “others” category in the U.K. cloud market fell from 30% to 19%, while in tandem the so-called big-three “hyperscalers” gained significant market share, or remained around the same. Microsoft has actually seen the biggest growth, rising from 17% to 25% over the four-year period, while Google jumped from 12% to 16% market share. AWS, meanwhile, has fallen marginally from 41% to 40%, but remains by far the single biggest cloud provider.
Market share of supply by revenue in UK public cloud infrastructure services market Image Credit: Ofcom / Synergy Research Group
While all three of the big-name cloud players are part of its focus, Ofcom’s report seems to pinpoint AWS and Microsoft specifically, given that they reportedly account for cloud revenue spend of between 60% and 70% between them.
Moreover, Ofcom is quick to stress that its focus lies not so much on competition at the signing-up stage, it’s more about how difficult things become to switch after a company has signed up. The report notes:
We provisionally find that there is evidence of active competition for new customers, and that some customers are likely to have some bargaining power when first migrating to the cloud. However, once a customer makes its initial choice of cloud provider, their bargaining power is reduced, and the balance of power shifts to the initial cloud provider – most often AWS or Microsoft.
Dark cloud
Across the water in mainland Europe, a similar episode has also been unfolding. Cloud Infrastructure Services Providers in Europe (CISPE), a not-for-profit trade association, filed an antitrust complaint against Microsoft back in November, alleging that Microsoft was using its dominance in business software to tether its customers to Azure. It’s worth noting that Amazon’s AWS is a member of CISPE, and AWS has a clear interest in trying to stymie any gains Microsoft makes on its lucrative cloud business.
However, other smaller players in the cloud space, including France’s OVHcloud, have also been making noises about Microsoft’s practices to European regulators, with reports emerging last week that Microsoft was close to agreeing a deal to placate them — prompting Google, of all companies, to accuse Microsoft of anti-competitive practices.
In response to today’s announcement from Ofcom, CISPE Secretary General Francisco Mingorance said that it’s “clear that Ofcom recognises the potential for Microsoft’s unfair software licensing practices to distort competition in the cloud market,” a statement that conveniently ignores CISPE-member AWS’s involvement in Ofcom’s initial market study.
“More and more customers, competitors and regulators are waking up to the ways in which Microsoft continues to distort fair competition in the cloud,” Mingorance said. “Private deals are unlikely to solve these sector-wide issues. Based on the mounting evidence, it is important that both national and EU authorities open formal investigations into Microsoft’s unfair software licensing practices as an urgent competition issue.”
Ofcom’s market study is still at its halfway point, and is subject to additional feedback based on Ofcom’s provisional findings, with stakeholders given a firm May 17, 2023 date to submit responses. The final report and recommendations is expected “no later than” October 5.
AWS and Microsoft in UK crosshairs as Ofcom mulls cloud market investigation by Paul Sawers originally published on TechCrunch