Faster, cheaper, smarter? The contenders to replace Army’s Black Hawk

The Army’s future “helicopter” takes shape. A transcript of this video can be found here. (video link)

The Sikorsky UH-60 Black Hawk and its many variants have been the backbone of the US Army’s helicopter force for decades. Designed during the Army’s last major helicopter procurement push in the 1980s, the Black Hawk now flies in some form in all of the military services. But its range and speed have become limiting factors in the Army’s airborne assault operations. And to add to the problem, the Army lacks a scout helicopter that meets the demands of deployment overseas. The Eurocopter UH-72 Lakota isn’t combat capable, so AH-64 Apaches have had to play the role of armed scouts with the assistance of drones.

As a result, the Army has two separate helicopter procurement programs running for the first time since the Black Hawk and Apache were in the pipeline. The two programs, which emerged from the “capability sets” of the Army’s Future Vertical Lift program, seek Black Hawk and Kiowa replacements that are “optionally manned”—meaning that they can fly with or without an aircrew—as well as being easier to maintain and fly than their predecessors.

Read 9 remaining paragraphs | Comments

Hard-to-detect credential-theft malware has infected 1,200 and is still going

Hard-to-detect credential-theft malware has infected 1,200 and is still going

A deceptively simple malware attack has stolen a wide array of credentials from thousands of computers over the past few weeks and continues to steal more, a researcher warned on Tuesday.

The ongoing attack is the latest wave of Separ, a credential stealer that has been known to exist since at least late 2017, a researcher with security firm Deep Instinct said. Over the past few weeks, the researcher said, Separ has returned with a new version that has proven surprisingly adept at evading malware-detection software and services. The source of its success: a combination of short scripts and legitimate executable files that are used so often for benign purposes that they blend right in. Use of spartan malware that’s built on legitimate apps and utilities has come to be called “living off the land,” and
it has been used in a variety
of highly effective campaigns over the past few years.

The latest Separ arrives in what appears to be a PDF document. Once clicked, the file runs a chain of other apps and file types that are commonly used by system administrators. An inspection of the servers being used in the campaign show that it, so far, has collected credentials belonging to about 1,200 organizations or individuals. The number of infections continues to rise, which indicates that the spartan approach has been effective in helping it fly under the radar.

Read 7 remaining paragraphs | Comments

Inside the DNSpionage hacks that hijack domains at an unprecedented scale

Inside the DNSpionage hacks that hijack domains at an unprecedented scale

Since the beginning of the year, the US government and private security companies have been warning of a sophisticated wave of attacks that’s hijacking domains belonging to multiple governments and private companies at an unprecedented scale. On Monday, a detailed report provided new details that helped explain how and why the widespread DNS hijackings allowed the attackers to siphon huge numbers of email and other login credentials.

The article, published by KrebsOnSecurity reporter Brian Krebs, said that, over the past few months, the attackers behind the so-called DNSpionage campaign have compromised key components of DNS infrastructure for more than 50 Middle Eastern companies and government agencies. Monday’s article goes on to report that the attackers, who are believed to be based in Iran, also took control of domains belonging to two highly influential Western services—the Netnod Internet Exchange in Sweden and the Packet Clearing House in Northern California. With control of the domains, the hackers were able to generate valid TLS certificates that allowed them to launch man-in-the-middle attacks that intercepted sensitive credentials and other data.

Short for domain name system, DNS acts as one of the Internet’s most fundamental services by translating human-readable domain names into the IP addresses one computer needs to locate other computers over the global network. DNS hijacking works by falsifying the DNS records to cause a domain to point to an IP address controlled by a hacker rather than the domain’s rightful owner. DNSpionage has taken DNS hijacking to new heights, in large part by compromising key services that companies and governments rely on to provide domain lookups for their sites and email servers.

Read 13 remaining paragraphs | Comments

With elections weeks away, someone “sophisticated” hacked Australia’s politicians

Just over a week after the announcement of a cyber-attack on Australia's Parliament House, the government now says three Australian political parties weer also attacked by a "sophisticated state actor."

With elections just three months away, Australian Prime Minister Scott Morrison announced on February 18 that the networks of the three major national political parties had been breached by what Australian security officials described as a “sophisticated state actor.”

The Sydney Morning Herald reports that while the attack bears hallmarks of tools and techniques used by China-sponsored hacking groups in the past, security officials were concerned that the attackers may have used such approaches as part of a “false-flag” attack—like what is believed to have occurred in the case of the “Olympic Destroyer” attack on last year’s Winter Olympics in South Korea.

Morrison said that the Australian government had made moves to “ensure the integrity of our electoral system,” including instructing the Australian Cyber Security Centre “to be ready to provide any political party or electoral body in Australia with immediate support, including making their technical experts available.” Electoral commissions and state and territory security agencies have been briefed on the attacks, and the Cyber Security Centre has also passed along malware samples and other information to “global anti-virus companies,” the Prime Minister noted.

Read 2 remaining paragraphs | Comments

Electric truck startup announces $700 million funding round led by Amazon

A man and a dog sit on an electric pickup truck

On Friday, electric truck startup Rivian announced a $700 million funding round led by Amazon. The announcement is notable not just for the size of the investment but also due to Amazon’s involvement.

The e-commerce giant has made a variety of investments in mobility, and electric trucks and SUVs like the kind Rivian debuted at the Los Angeles Auto Show in November could help the company further its ambitions in that regard.

Rivian’s R1T pickup and R1S SUV made a splash at their announcement. The startup is seen as a potential competitor to Tesla, which has promised to develop an all-electric pickup truck in the future. Rivian’s trucks are expected to be pricy: the startup is taking pre-orders, and it said in November that, when the R1T and R1S go on sale in late 2020, they’ll start at $61,500, and $65,000 after the $7,500 IRS tax credit. (Rivian has sold no trucks to date, so vehicles from that company would still be eligible for the full electric vehicle tax credit. The full tax credit begins to phase out after a company has sold more than 200,000 electric vehicles.)

Read 3 remaining paragraphs | Comments

Behold, the Facebook phishing scam that could dupe even vigilant users

Behold, the Facebook phishing scam that could dupe even vigilant users

Phishers are deploying what appears to be a clever new trick to snag people’s Facebook passwords by presenting convincing replicas of single sign-on login Windows on malicious sites, researchers said this week.

Single sign-on, or SSO, is a feature that allows people to use their accounts on other sites—typically Facebook, Google, LinkedIn, or Twitter—to log in to third-party websites. SSO is designed to make things easier for both end users and websites. Rather than having to create and remember a password for hundreds or even thousands of third-party sites, people can log in using the credentials for a single site. Websites that don’t want to bother creating and securing password-based authentication systems need only access an easy-to-use programming interface. Security and cryptographic mechanisms under the hood allow the the login to happen without the third party site ever seeing the username password.

Researchers with password manager service Myki recently found a site that purported to offer SSO from Facebook. As the video below shows, the login window looked almost identical to the real Facebook SSO. This one, however, didn’t run on the Facebook API and didn’t interface with the social network in any way. Instead, it phished the username and password.

Read 3 remaining paragraphs | Comments

Shell buys Sonnen, Tesla’s competitor in the home battery business

A worker assembling a Sonnen battery.

On Friday, oil major Royal Dutch Shell and German energy storage company Sonnen announced that Shell would acquire Sonnen for an undisclosed amount.

Sonnen has been one of the top competitors with Tesla’s Powerwall in the US home battery market. The company built its base in Germany, attaching batteries for self-consumption to homes with solar panels. Sonnen now claims 40,000 batteries installed in households in Germany, the US, and Australia.

The company’s assets include proprietary software that optimizes a home’s battery use in combination with solar power.

Read 5 remaining paragraphs | Comments

Researchers, scared by their own work, hold back “deepfakes for text” AI

This is fine.

OpenAI, a non-profit research company investigating “the path to safe artificial intelligence,” has developed a machine learning system called Generative Pre-trained Transformer-2 (GPT-2 ), capable of generating text based on brief writing prompts. The result comes so close to mimicking human writing that it could potentially be used for “deepfake” content. Built based on 40 gigabytes of text retrieved from sources on the Internet (including “all outbound links from Reddit, a social media platform, which received at least 3 karma”), GPT-2 generates plausible “news” stories and other text that match the style and content of a brief text prompt.

The performance of the system was so disconcerting, now the researchers are only releasing a reduced version of GPT-2 based on a much smaller text corpus. In a blog post on the project and this decision, researchers Alec Radford, Jeffrey Wu, Rewon Child, David Luan, Dario Amodei, and Ilya Sutskever wrote:

Due to concerns about large language models being used to generate deceptive, biased, or abusive language at scale, we are only releasing a much smaller version of GPT-2 along with sampling code. We are not releasing the dataset, training code, or GPT-2 model weights. Nearly a year ago we wrote in the OpenAI Charter: “we expect that safety and security concerns will reduce our traditional publishing in the future, while increasing the importance of sharing safety, policy, and standards research,” and we see this current work as potentially representing the early beginnings of such concerns, which we expect may grow over time. This decision, as well as our discussion of it, is an experiment: while we are not sure that it is the right decision today, we believe that the AI community will eventually need to tackle the issue of publication norms in a thoughtful way in certain research areas.

OpenAI is funded by contributions from a group of technology executives and investors connected to what some have referred to as the PayPal “mafia”—Elon Musk, Peter Thiel, Jessica Livingston, and Sam Altman of YCombinator, former PayPal COO and LinkedIn co-founder Reid Hoffman, and former Stripe Chief Technology Officer Greg Brockman. Brockman now serves as OpenAI’s CTO. Musk has repeatedly warned of the potential existential dangers posed by AI, and OpenAI is focused on trying to shape the future of artificial intelligence technology—ideally moving it away from potentially harmful applications.

Read 6 remaining paragraphs | Comments