Editor’s Pick

Enlarge (credit: Getty Images)

A group of Russian-state hackers known for almost exclusively targeting Ukranian entities has branched out in recent months either accidentally or purposely by allowing USB-based espionage malware to infect a variety of organizations in other countries.

The group—known by many names, including Gamaredon, Primitive Bear, ACTINIUM, Armageddon, and Shuckworm—has been active since at least 2014 and has been attributed to Russia’s Federal Security Service by the Security Service of Ukraine. Most Kremlin-backed groups take pains to fly under the radar; Gamaredon doesn’t care to. Its espionage-motivated campaigns targeting large numbers of Ukrainian organizations are easy to detect and tie back to the Russian government. The campaigns typically revolve around malware that aims to obtain as much information from targets as possible.

One of those tools is a computer worm designed to spread from computer to computer through USB drives. Tracked by researchers from Check Point Research as LitterDrifter, the malware is written in the Visual Basic Scripting language. LitterDrifter serves two purposes: to promiscuously spread from USB drive to USB drive and to permanently infect the devices that connect to such drives with malware that permanently communicates with Gamaredon-operated command and control servers.

Enlarge (credit: FT montage)

The future of OpenAI remained uncertain on Tuesday after extraordinary efforts by employees and investors to oust the board had so far failed to persuade its directors to resign and reinstate co-founder Sam Altman.

People with direct knowledge of the matter said that by the end of Monday, 747 out of 770 OpenAI employees had signed a letter threatening to quit and join Microsoft if the board refused to resign and reverse their decision on Friday to sack Altman.

Venture capitalists backing the generative artificial intelligence start-up were also exploring legal measures to force the board to reverse course, according to multiple people with knowledge of their thinking.

Enlarge (credit: Benj Edwards)

After two days of roller-coaster negotiations at OpenAI HQ due to the surprise ouster of CEO Sam Altman, Microsoft CEO Satya Nadella has announced that Microsoft plans to hire Altman and former OpenAI President Greg Brockman to head a “new advanced AI research team.” Overnight, the OpenAI board named a new interim CEO, Emmett Shear, who acknowledged the messy process and promised to hire an investigator to generate a full report on Altman’s firing.

But the story isn’t over yet, because Monday morning, 650 of 770 OpenAI employees sent a letter to the OpenAI board demanding that all current board members resign and Altman and Brockman be reinstated, or they will likely leave to join Altman and Brockman at Microsoft. (Apparently the number of signatories to the letter is still growing.)

“The process through which you terminated Sam Altman and removed Greg Brockman from the board has jeopardized all of this work and undermined our mission and company,” the letter states. “Your conduct has made it clear you did not have the competence to oversee OpenAI.”

Enlarge / OpenAI CEO Sam Altman speaks during the OpenAI DevDay event on November 06, 2023 in San Francisco. (credit: Getty Images | Ars Technica)

Just over a day since his surprise firing that sent shock waves through the tech industry, the OpenAI board is reportedly engaging in discussions with Sam Altman to potentially return as CEO of the company, according to The Verge, citing people familiar with the matter. The outlet says that Altman is “ambivalent” about returning and would want significant changes to how the company is run.

The move would be a dramatic about-face for the board, which has faced intense scrutiny from all corners of the tech world for abruptly and surprisingly firing one of the tech industry’s most high-profile CEOs. Altman was popular with both Microsoft leadership and OpenAI staff, and his firing came as a shock to employees, who reportedly pushed back against OpenAI Chief Scientist Ilya Sutskever’s handling of the move during an all-hands meeting on Friday. The overtures toward Altman suggest that the board may have been surprised by the sizable reaction from the world at large.

In an internal memo obtained by Axios on Saturday, OpenAI COO Brad Lightcap hinted at criticism of how the firing was handled and confirmed that Altman was not fired in response to “malfeasance or anything related to our financial, business, safety, or security/privacy practices.” With no apparent legal wrongdoing at play, and with broad support within the company (present board of directors excluded), the path could clear for Altman’s return, should he choose to accept it.

Enlarge (credit: Getty Images | Panuwat Sikham)

After years of inaction, the FCC this week said that it’s finally going to protect consumers against a scam that takes control of their cell phone numbers by deceiving employees who work for mobile carriers. While commissioners congratulated themselves for the move, there’s little reason yet to believe it will stop a practice that has been all too common over the past decade.

The scams, known as “SIM swapping” and “port-out fraud,” both have the same objective: to wrest control of a cell phone number away from its rightful owner by tricking the employees of the carrier that services it. SIM swapping occurs when crooks hold themselves out as someone else and request that the victim’s number be transferred to a new SIM card—usually under the pretense that the victim has just obtained a new phone. In port-out scams, crooks do much the same thing, except they trick the carrier employee into transferring the target number to a new carrier.

This class of attack has existed for well over a decade, and it became more commonplace amid the irrational exuberance that drove up the price of Bitcoin and other crypto currencies. People storing large sums of digital coin have been frequent targets. Once crooks take control of a phone number, they trigger password resets that work by clicking on links sent in text messages. The crooks then drain cryptocurrency and traditional bank accounts.

Enlarge / Ilya Sutskever, OpenAI Chief Scientist, speaks at Tel Aviv University on June 5, 2023. (credit: Getty Images)

On Friday, OpenAI fired CEO Sam Altman in a surprise move that led to the resignation of President Greg Brockman and three senior scientists. The move also blindsided key investor and minority owner Microsoft, reportedly making CEO Satya Nadella furious. As Friday night wore on, reports emerged that the ousting was likely orchestrated by Chief Scientist Ilya Sutskever over concerns about the safety and speed of OpenAI’s tech deployment.

“This was the board doing its duty to the mission of the nonprofit, which is to make sure that OpenAI builds AGI that benefits all of humanity,” Sutskever told employees at an emergency all-hands meeting on Friday afternoon, as reported by The Information.

Since its founding, OpenAI has pursued the development of artificial general intelligence (or AGI), which is a hypothetical technology that would be able to perform any intellectual task a human can do, potentially replacing a large number of humans at their jobs.

Enlarge (credit: OpenAI / Ars Technica)

On Friday afternoon, not long after news of CEO Sam Altman’s abrupt and surprising departure from OpenAI began spreading online, the company held an all-hands meeting at its headquarters in San Francisco, reports The Information. During the meeting, interim CEO Mira Murati attempted to reassure the shocked employees that the search for a new CEO is underway.

Hours later, OpenAI co-founder and president Greg Brockman posted a statement on X, saying that after he learned today’s news he sent a message to the OpenAI team: “based on todays news, i quit.” Brockman, a key technical figure involved in many of the company’s successes, was relieved of his OpenAI board membership on Friday, but the company initially announced he would be staying on.

Earlier on Friday, OpenAI released a blog post titled “OpenAI announces leadership transition” where it announced that Atlman “was not consistently candid in his communications with the board, hindering its ability to exercise its responsibilities.” In a response post on X, Altman wrote, “I loved my time at openai,” and hinted at future plans without revealing any details.

Enlarge / A screenshot of the Cambridge Dictionary website where it announced its 2023 word of the year, “hallucinate.” (credit: Cambridge Dictionary)

On Wednesday, Cambridge Dictionary announced that its 2023 word of the year is “hallucinate,” owing to the popularity of large language models (LLMs) like ChatGPT, which sometimes produce erroneous information. The Dictionary also published an illustrated site explaining the term, saying, “When an artificial intelligence hallucinates, it produces false information.”

“The Cambridge Dictionary team chose hallucinate as its Word of the Year 2023 as it recognized that the new meaning gets to the heart of why people are talking about AI,” the dictionary writes. “Generative AI is a powerful tool but one we’re all still learning how to interact with safely and effectively—this means being aware of both its potential strengths and its current weaknesses.”

As we’ve previously covered in various articles, “hallucination” in relation to AI originated as a term of art in the machine learning space. As LLMs entered mainstream use through applications like ChatGPT late last year, the term spilled over into general use and began to cause confusion among some, who saw it as unnecessary anthropomorphism. Cambridge Dictionary’s first definition of hallucination (for humans) is “to seem to see, hear, feel, or smell something that does not exist.” It involves perception from a conscious mind, and some object to that association.

Enlarge (credit: Getty Images)

One of the world’s most active ransomware groups has taken an unusual—if not unprecedented—tactic to pressure one of its victims to pay up: reporting the victim to the US Securities and Exchange Commission.

The pressure tactic came to light in a post published on Wednesday on the dark web site run by AlphV, a ransomware crime syndicate that’s been in operation for two years. After first claiming to have breached the network of the publicly traded digital lending company MeridianLink, AlphV officials posted a screenshot of a complaint it said it filed with the SEC through the agency’s website. Under a recently adopted rule that goes into effect next month, publicly traded companies must file an SEC disclosure within four days of learning of a security incident that had a “material” impact on their business.

“We want to bring to your attention a concerning issue regarding MeridianLink’s compliance with the recently adopted cybersecurity incident disclosure rules,” AlphV officials wrote in the complaint. “It has come to our attention that MeridianLink, in light of a significant breach compromising customer data and operational information, has failed to file the requisite disclosure under item 1.05 of form 8-K within the stipulated four business days, as mandated by the new SEC rules.”

Enlarge / A shot of tldraw’s “Make it Real” in action, provided by Ashe on X: “Ok…@tldraw
is super fun. I iterated through ~10 builds today and it cost me $0.90 using GPT4. The pong game is playable as described.” (credit: Ashe Oro)

On Wednesday, a collaborative whiteboard app maker called “tldraw” made waves online by releasing a prototype of a feature called “Make it Real” that lets users draw an image of software and bring it to life using AI. The feature uses OpenAI’s GPT-4V API to visually interpret a vector drawing into functioning Tailwind CSS and JavaScript web code that can replicate user interfaces or even create simple implementations of games like Breakout.

“I think I need to go lie down,” posted designer Kevin Cannon at the start of a viral X thread that featured the creation of functioning sliders that rotate objects on screen, an interface for changing object colors, and a working game of tic-tac-toe. Soon, others followed with demonstrations of drawing a clone of Breakout, creating a working dial clock that ticks, drawing the snake game, making a Pong game, interpreting a visual state chart, and much more.

Users can experiment with a live demo of Make It Real online. However, running it requires providing an API key from OpenAI, which is a security risk. If others intercept your API key, they could use it to rack up a very large bill in your name (OpenAI charges by the amount of data moving into and out of its API). Those technically inclined can run the code locally, but it will still require OpenAI API access.