A Shot in the Bot with the IT Privacy and Security Weekly Update for the Week Ending May 7th., 20245/7/2024 Episode 188 - Click the pic to hear the podcast - This week we blast off with a couple of stories that would make movies like Top Gun and Armageddon appear tame in comparison. This just might be where reality surpasses fiction. From there we move to a couple of US healthcare providers that are doing their utmost to help other nation states get familiar with your particulars. One was an actual breach but the other was just dumb. Then we learn about sharing... or… we learn we are sharing, as it seems that almost 50% of Internet traffic is not even of human origin…. and the growing pain of proving we are human! Google updates two factor authentication (2FA) so that you don’t have to worry about sim swaps compromising you and finally things to do to lessen the probability that you might have spyware running on your iPhone. This week’s update is a shot in the bot, but you know what? You’re going to love it! US: AI in the sky https://apnews.com/article/artificial-intelligence-fighter-jets-air-force-6a1100c96a73ca9b7f41cbd6a2753fda The Associated Press reported on a significant development in military aviation involving an F-16 aircraft. During aerial combat tests at high speeds of 550 miles per hour (885.14 kilometers per hour), the aircraft was not piloted by a human but controlled entirely by artificial intelligence (AI). This marks a major advancement comparable to the introduction of stealth technology in the 1990s. The U.S. Air Force is actively embracing AI technology despite it being still in development. They are planning to deploy over 1,000 unmanned AI-enabled warplanes by 2028, representing a pivotal shift in military aviation strategy. The test took place at Edwards Air Force Base in California, renowned for hosting historic aerospace breakthroughs. Here, a new generation of test pilots is training AI systems in classified environments to operate in combat scenarios. U.S. Secretary of the Air Force Frank Kendall attended to witness AI in action and expressed confidence in its future role in air combat. Secretary Kendall emphasized the necessity of AI for national security, citing that not adopting it would pose a security risk. He expressed trust in AI's ability to make critical decisions, including potentially launching weapons in wartime, based on its performance during the flight test. While AI undergoes learning processes using simulator data and real-world flight tests, Kendall assured that human oversight remains integral, especially in scenarios involving weapon deployment. He also highlighted the potential cost savings associated with deploying smaller and more affordable AI-controlled unmanned aircraft. So what's the upshot for you? This is where we think the "go slow" button should be pressed. Yes we understand that nation states are all racing to inject AI into ther military deployments, so there is no way to hit a "go-slow" but this is where the edge of the envelope will be pushed, where the financial packages will incentivize higher risks and where the impact of mistakes will be harshest. Frankly it's one story we wish we were not covering. LEO: AI Finds Nearly 30,000 Unknown Asteroids in Existing Telescope Photos https://petapixel.com/2024/05/03/ai-finds-nearly-30000-unknown-asteroids-in-existing-telescope-photos/ Artificial intelligence (AI) goes beyond generating fake images; it's also used to uncover hidden patterns in data. For astronomers, AI improves image quality and analyzes space photos, aiding in the discovery of asteroids that could pose a threat to Earth. A new AI algorithm called "Tracklet-less Heliocentric Orbit Recovery" (THOR) has identified around 27,500 previously unseen asteroids in existing telescope photos. These asteroids, many located in the asteroid belt between Mars and Jupiter, were missed despite extensive prior searches. Some of these newly discovered asteroids have orbits that could intersect with Earth's path, highlighting the importance of early detection. While none are an immediate threat, the potential for catastrophic impact underscores the significance of ongoing asteroid monitoring efforts. THOR analyzed over 400,000 archival sky images maintained by the National Optical-Infrared Astronomy Research Laboratory (NOIRLab). The algorithm requires five observations of a specific sky area over 30 days to identify asteroids and has the capability to process massive datasets efficiently. The AI's success in asteroid detection isn't limited to specific telescope data; it can be applied to other datasets, making all telescopes more effective in asteroid tracking. So what's the upshot for you? The scientists scaled their algorithm using Google Cloud, whose computational heft and data storage services made it easier for the scientists to test out thousands of orbits of asteroid candidates, It's a change in how astronomy is done." - Click the pic to hear the podcast - US: UnitedHealth and Kaiser pony up the numbers of people affected by their breaches and leaks. https://www.cnbc.com/2024/05/01/unitedhealth-ceo-says-company-paid-hackers-22-million-ransom.html https://www.darkreading.com/cyberattacks-data-breaches/13-4m-kaiser-insurance-members-affected-by-data-leak-to-online-advertisers Two months after hackers broke into Change Healthcare systems stealing and then encrypting company data, it's still unclear how many Americans were impacted by the cyberattack. Last month, Andrew Witty, the CEO of Change Healthcare's parent company UnitedHealth Group (which paid a US$22 Million dollar ransom), said that the stolen files include the personal health information of "a substantial proportion of people in America." On Wednesday, during a House hearing, when Witty was pushed to give a more definitive answer, testifying that the breach impacted "I think, maybe a third [of Americans] or somewhere of that level." Hard on the heels of a significant data theft at UnitedHealth, fellow healthcare behemoth Kaiser Permanente publicly announced a data breach affecting 13.4 million current and former insurance members. Kaiser's systems inadvertently shared patient data with third-party advertisers, including Google, Microsoft, and social platform X, the company said, thanks to the presence of improperly implemented tracking code that Kaiser used to see how its members navigated through its Web and mobile sites. "Certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors," the company said in a media statement. The shared data included names, IP addresses, what pages people visited, whether they were actively signed in, and even the search terms they used when visiting the company's online health encyclopedia. So what's the upshot for you? Between the Kaiser leak and the United Health breach and somewhere, some portion of your PHI (Personal Health information ) is out there. The Kaiser data leak is not technically a breach, more a display of stupidity on the part of Kaiser, but at this point in history, they should be held accountable. - Click the pic to hear the podcast - Global: Humans Now Share the Web Equally With Bots, Report Warns https://www.independent.co.uk/tech/dead-internet-web-bots-humans-b2530324.html A recent report by cybersecurity company Imperva highlights a significant trend: nearly half (49.6%) of all internet traffic in the past year came from bots, a 2% increase compared to the previous year and the highest recorded since tracking began in 2013. This rise in bot activity is driven partly by the use of generative artificial intelligence (AI) and large language models, which companies deploy to gather data from the web and train their systems. These automated bots are becoming more sophisticated and are increasingly utilizing residential internet connections, making them appear more legitimate. The report indicates that in some regions like Ireland, as much as 71% of internet traffic is automated. This shift has led to concerns that the proportion of internet traffic from bots will soon surpass that from humans, prompting organizations to rethink their strategies for building and securing websites and applications. Nanhi Singh, the general manager for application security at Imperva, warns that as more AI-powered tools are introduced, bots are expected to become even more ubiquitous So what's the upshot for you? Overall, the article paints a picture of a rapidly evolving internet landscape where bots are playing an increasingly dominant role. This necessitates a proactive approach from organizations to adapt their security measures and stay ahead of the curve. More importantly it also highlights a landscape where you may be competing with code optimized for certain operations and finding yourself... the loser… Global: Oh good.... Captchas Are Getting Harder https://www.businessinsider.com/not-a-robot-captcha-tests-getting-harder-2024-4?op=1 Captchas that aim to distinguish humans from nefarious bots are demanding more brain power. The companies and Cybersecurity experts who design Captchas have been doing all they can to stay one step ahead of the bad actors figuring out how to crack them. A cottage industry of third-party Captcha-solving firms -- essentially, humans hired to solve the puzzles all day -- has emerged. More alarmingly, so has technology that can automatically solve the more rudimentary tests, such as identifying photos of motorcycles and reading distorted text. "Software has gotten really good at labeling photos," said Kevin Gosschalk, the founder and CEO of Arkose Labs, which designs what it calls "fraud and abuse prevention solutions," including Captchas. "So now enters a new era of Captcha -- logic based." That shift explains why Captchas have started to both annoy and perplex. Users no longer have to simply identify things. They need to identify things and do something with that information -- move a puzzle piece, rotate an object, find the specter of a number hidden in a roomscape. Compounding this bewilderment is the addition to the mix of generative AI images, which creates new objects difficult for robots to identify but baffles humans who just want to log in. "Things are going to get even stranger, to be honest, because now you have to do something that's nonsensical," Gosschalk said. "Otherwise, large multi-modal models will be able to understand." So what's the upshot for you? If you hate Captchas as much as we do, the though of spending more of your hard earned minutes with them is just stultifying. Global: Google tweaks 2fa setup https://www.theverge.com/2024/5/6/24150354/google-workspace-2fa-easier-phone-number Google is streamlining the process of setting up two-factor authentication (2FA). Instead of entering your phone number first to enable 2FA, you can now add a "second step method" to your account such as an authenticator app or a hardware security key to get things set up. This should make it safer to turn on 2FA, as it lets you avoid using less secure SMS verification. You can choose to enter a time-based one-time passcode through apps like Google Authenticator, or you can follow the steps to link a hardware security key. So what's the upshot for you? The removal of the option to send a text to your phone makes 2FA a safer proposition and is a solid security move on Google's part. Global: Apple’s iPhone Spyware Problem Is Getting Worse. Here’s What You Should Know https://www.wired.com/story/apple-iphone-spyware-101/ In April, Apple notified iPhone users in 92 countries about spyware targeting their devices. The spyware, known as LightSpy, aims to compromise iPhones remotely and gather private information like location data and recordings of voice over IP calls. While Blackberry researchers link this spyware to China, Apple disputes this claim. Spyware poses a significant threat, especially in Southern Asia, targeting specific groups like journalists and government workers. Mercenary spyware attacks are complex and costly, making them challenging to detect. Apple's Lockdown Mode feature offers protection against such attacks, but users must remain cautious. To safeguard against spyware and zero-click exploits: - Update Regularly: Keep devices updated to patch known vulnerabilities. - Restart Daily: Regularly restarting your device can disrupt persistent infections. - Disable Vulnerable Features: Consider disabling iMessage and FaceTime if you suspect being targeted. - Use Secure Sources: Install apps from verified sources and enable multifactor authentication. - Monitor for Signs: Watch for unusual battery drain or high data usage. - Seek Help: Contact digital security helplines for assistance if you suspect an infection. - Activate Security Features: Utilize Apple's Lockdown Mode to limit device vulnerability. So what's the upshot for you? Think of this as a health and exercise plan... for your phone. So to recap: This week we blasted off with a story about AI being used in US jet fighters flying at over 550 MPH /885.14 KPH. This isn’t the “Stealth” Jamie Foxx & Jessica Biel movie, this is real. Military has some of the most urgent use cases for AI and some with the largest repercussions if it’s not done right. After that we “saw” how AI could take the drudgery-work out of deep space astronomy, we realized it revealed some things that we might have wished we didn’t see.. like asteroids headed straight at Earth. From there we found out that UnitedHealth recently lost one third of the US populations’ personal healthcare information (PHI) to hackers while Kaiser was busy giving the PHI of seventeen million people to Google, Microsoft and X to resell to advertisers. Our next two stories provided insight into just how crowded the Internet is getting and suggest that by this time next year bots will account for more traffic than people will. How do you determine which are people and which are bots? By making people suffer ever more invasive Captcha puzzles. Is there a solution? We hope so because if we have to select any more sets of steps, or click on any more of the correct species puzzles authenticating ourselves may just not be worth it. We ended this week’s update with a couple of phone related stories; Google dropping SMS (texts to your phone) as the default 2FA authentication method and some steps you or any high risk individual can take to lessen the likelihood that your iPhone has been compromised. And that’s what we call a shot in the bot! Our quote of the week – "We all have a responsibility. Simple things, turn your phone off every night for five minutes. Do that every 24 hours, do it while you’re brushing your teeth." – Anthony Albanese, Australian Prime Minister. That's it for this week. Stay safe, stay secure, brush your teeth, reboot the phone, mind the bot, and we'll see you in se7en! Leave a Reply. |