Hacker steals AI design details from OpenAI

A hacker infiltrated OpenAI’s internal messaging systems last year, stealing details about the design of its AI technologies, according to Reuters’ sources familiar with the matter. The breach involved discussions on an online forum where employees exchanged information about the latest AI developments. Crucially, the hacker needed access to the systems where OpenAI builds and houses its AI.

OpenAI, backed by Microsoft, did not publicly disclose the breach, as no customer or partner information was compromised. Executives briefed employees and the board but did not involve federal law enforcement, believing the hacker had no ties to foreign governments.

In a separate incident, OpenAI reported disrupting five covert operations that aimed to misuse its AI models for deceptive activities online. The issue raised safety concerns and prompted discussions about safeguarding advanced AI technology. The Biden administration plans to implement measures to protect US AI advancements from foreign adversaries. At the same time, 16 AI companies have pledged to develop the technology responsibly amid rapid innovation and emerging risks.

US Department of Justice charges Russian hacker in cyberattack plot against Ukraine

The US Department of Justice has charged a Russian individual for allegedly conspiring to sabotage Ukrainian government computer systems as part of a broader hacking scheme orchestrated by Russia in anticipation of its unlawful invasion of Ukraine.

In a statement released by US prosecutors in Maryland, it was disclosed that Amin Stigal, aged 22, stands accused of aiding in the establishment of servers used by Russian state-backed hackers to carry out destructive cyber assaults on Ukrainian government ministries in January 2022, a month preceding the Kremlin’s invasion of Ukraine.

The cyber campaign, dubbed ‘WhisperGate,’ employed wiper malware posing as ransomware to intentionally and irreversibly corrupt data on infected devices. Prosecutors asserted that the cyberattacks were orchestrated to instil fear across Ukrainian civil society regarding the security of their government’s systems.

The indictment notes that the Russian hackers pilfered substantial volumes of data during the cyber intrusions, encompassing citizens’ health records, criminal histories, and motor insurance information from Ukrainian government databases. Subsequently, the hackers purportedly advertised the stolen data for sale on prominent cybercrime platforms.

Stigal is moreover charged with assisting hackers affiliated with Russia’s military intelligence unit, the GRU, in targeting Ukraine’s allies, including the United States. US prosecutors highlighted that the Russian hackers repeatedly targeted an unspecified US government agency situated in Maryland between 2021 and 2022 before the invasion, granting jurisdiction to prosecutors in the district to pursue charges against Stigal.

In a subsequent development in October 2022, the same servers arranged by Stigal were reportedly employed by the Russian hackers to target the transportation sector of an undisclosed central European nation, which allegedly provided civilian and military aid to Ukraine post-invasion. The incident aligns with a cyberattack in Denmark during the same period, resulting in widespread disruptions and delays across the country’s railway network.

The US government has announced a $10 million reward for information leading to the apprehension of Stigal, who is currently evading authorities and believed to be in Russia. If convicted, Stigal could face a maximum sentence of five years in prison.

University student pled guilty to cyberstalking

Iván Santell-Velázquez pled guilty before the United States District Court Judge Silvia Carreño-Coll, to cyberstalking. The defendant hacked 100 student email accounts and stole their personal information while studying at the University of Puerto Rico at Cayey. Additionally, in the years between 2019 and 2021, the defendant hacked the Snapchat accounts of several women, who were studying at the University of Puerto Rico, and harassed them by sharing their intimate pictures on Twitter and Facebook.

US Attorney Muldrow stated that this case shows how crucial it is to protect personal information, especially in response to suspicious SMS messages and emails. On October 12, 2022, the sentencing hearing is expected to take place.

British Army’s YouTube and Twitter accounts hacked and used to promote crypto scams

The UK Ministry of Defence has confirmed that the British Army’s Twitter and YouTube accounts were hacked and used to spread scams.

Hackers changed the organisation’s profile picture, bio, and cover photo on Twitter to make it appear as though it was part of The Possessed NFT collection.

On YouTube, hackers deleted all of the videos on the British Army’s channel and changed its name and profile picture to look like the (real) investment company Ark Invest. Hackers replaced the British Army’s videos with a series of old live streams featuring former Twitter CEO Jack Dorsey and Tesla CEO Elon Musk.

The Army has regained control of the accounts.

Hacker claims to have stolen records of 1 billion Chinese citizens

One hacker has claimed to have stolen the personal information of 1 billion Chinese citizens from a Shanghai police database, including their names, addresses, birthplace, national ID numbers, mobile numbers, and all crime/case details.

The hacker has offered to sell the more than 23-terabyte data trove for 10 bitcoin on the hacker forum Breach Forums, where they identify themselves as ChinaDan.

China’s authorities have not yet responded. Many Chinese citizens are afraid that it might be real. By Sunday afternoon, Weibo had blocked the hashtag ‘Shanghai data leak’.

British Army’s social media accounts were hacked

British Army’s Twitter and YouTube accounts were hacked. The name of the Army’s Twitter account was changed, while videos on cryptocurrency, and posts related to NFTs appeared on their feed. The British Army stated there is no evidence as to who may be behind the hacking of the accounts. The accounts were restored to normal while investigations regarding the hacks are still ongoing. Army’s spokesperson stated that there will not be any further comments on the incident until the investigation is complete.