Hashtag Trending Feb.29- Google’s troubles with AI; New U.S. executive order to regulate data broker industry; Lockbit announces return

Sponsor:

Hashtag Trending is sponsored by Dalikoo.com (Spell). The founder is a big supporter of our podcast and is not only a sponsor but he has offered to provide $20,000 in Azure credits for two to three of our listeners who have a unique idea for an Azure based project. The credits can be applied to existing subscriptions as well. 

That’s Dalikoo.com – and there’s a link in the show notes. 

MUSIC UP

Google’s recent troubles in AI may not be that easy to fix, the U.S. government buys data instead of spying on its citizens and realizes that other governments can do the same thing and two gangs of cybercrooks that law enforcement thought they had disrupted are back with a vengeance. 

Hashtag Trending on Amazon Alexa Google Podcasts badge - 200 px wide

 

All this and more on the “some days you just can’t win” edition of Hashtag Trending. I’m your host, Jim Love, CIO of IT World Canada and TechNewsDay in the US.

Google’s artificial intelligence (AI) tool, Gemini, has been taking a lot of criticism online and seems to have been caught in the culture wars. 

After a couple of false starts with errors and accusations of altering a video to exaggerate its AI, Google had been counting on Gemini to put it back into a leadership position in AI. Gemini came to market with technical achievements like its ability to a much larger prompt than its rival ChatGPT, but one of its key advantages was supposed to be its superiority in multi-modal work – audio, video and image generation and analysis from simple text prompts. 

They even came to market with a solution that had plagued image creation – the bias in the data. 

AI tools are trained on vast amounts of data from the internet, which contains inherent biases. Google’s attempt to correct these biases with Gemini has led to responses that many find absurd due to the lack of nuance that humans instinctively understand but AI systems do not.

For instance, Gemini created an image of the US Founding Fathers that inaccurately included a black man. It depicted German soldiers from World War Two featuring a black man and an Asian woman. 

In response, Google prevented its AI from showing pictures of people. This was a huge embarrassment.

But it turns out the problems were not restricted to images. 

There was controversy about Gemini’s text responses, such as stating there was “no right or wrong answer” to a question comparing Elon Musk’s meme posting on X (formerly Twitter) to Hitler’s actions during World War Two. 

Google’s CEO, Sundar Pichai, has acknowledged that some of Gemini’s responses have offended users and shown bias, which he deemed “completely unacceptable.” His embarrassment showed in an internal leaked memo where he talked about the need to work day and night to fix this problem. 

Pichai’s frustration is understandable. Google’s AI development problems have resulted in many embarrassing moments. In the launch of Gemini’s predecessor, Bard, the AI made a simple and obvious mistake during the launch, one that was caught by everyone – except the embarrassed Google team and its AI.

A subsequent video demo which supposedly showed how the AI could interpret and create images from even unclear instructions or drawings was found to have been altered to speed it up and make the results look more appealing than they did in real life. Once again, this was caught and publicized heavily.

Google was a pioneer in AI development, and it largely invented the transformer architecture that gave us generative AI. But after ChatGPT took the public attention, Google seems unable to launch a successful AI offering. 

No matter what they do in terms of technical advancement, they seem to always make a significant mistake.

So it’s no wonder that Pichai wants this fixed, quickly. But according to some experts, it may not be easy to do. 

Many believe that there is no easy fix for these issues, as correcting bias in AI outputs is a complex task that has been a focus of the AI ethics community for years. 

So, do they go back to biased data or do they persevere and take the delays? There are times when you are damned If you do and damned if you don’t.

Sources include: BBC

We’ve covered stories in the past about how the U.S. government doesn’t have to conduct surveillance to get information about its citizens – they can simply buy information from data brokers. There are real debates about whether this is appropriate and there will undoubtedly be guidelines restricting some of this activity by the U.S. government.

But what about other governments who don’t play by the rules? It turns out that instead of spying on U.S. citizens they can simply buy the data as well – unless a new government restriction is put in place.

President Joe Biden is reported to be set to issue an executive order aimed at limiting the mass sale of Americans’ personal data to “countries of concern,” including Russia and China. 

This executive order specifically targets the bulk sale of geolocation, genomic, financial, biometric, health, and other personally identifying information. A senior administration official highlighted that the sale of such data to these countries poses a national security risk, pointing out that buying data through data brokers is currently legal in the United States. 

The executive order will prohibit data brokers and other companies from selling large troves of Americans’ personal information to countries or entities in Russia, China, Iran, North Korea, Cuba, and Venezuela, either directly or indirectly. This includes additional restrictions on companies’ ability to sell data as part of cloud service contracts, investment agreements, and employment agreements.

While the White House has described this step as “the most significant executive action any President has ever taken to protect Americans’ data security,” the specifics of how the new policies will be enforced within the Justice Department remain unclear. A Department of Justice (DoJ) official mentioned that the executive order would require data brokers to perform due diligence to vet their clients, similar to how companies adhere to US sanctions.

This executive order represents a significant move to regulate the largely unregulated multibillion-dollar data broker industry, which has been warned by researchers and privacy advocates as posing national security risks. 

However, once again, this may be easier said than done as the order does not address the bulk sale of Americans’ data to countries or companies not deemed to be a security risk. The White House has urged Congress to pass comprehensive bipartisan privacy legislation, especially to protect children’s safety.

Sources include: Engadget 

Cybercriminals are increasingly targeting the manufacturing industry with ransomware attacks, according to a report by operational technology security firm Dragos. 

In its 2023 year-in-review report, Dragos found that 70 percent of all industrial organization ransomware infections affected manufacturing companies, impacting 638 entities across 33 unique manufacturing subsectors.

The report suggests that the manufacturing sector’s early adoption of digital transformation, including IoT and connected machines, without parallel investments in security, has made it a relatively easy target for cybercriminals. 

Manufacturing organizations’ systems are richer targets due to their significant role in revenue generation. When these systems are hit, the impact on the company’s bottom line prompts faster and more substantial ransom payments.

Dragos CEO Robert Lee highlighted that manufacturing’s struggle with network segmentation. This lack of effective network defenses allows intruders to move across systems and environments more freely.

The report also touches on the broader issue of supply-chain attacks, where exploiting vulnerabilities in commonly used software or equipment can enable mass targeting of organizations for ransomware infections—or worse. 

The report underscores the need for enhanced security measures in the manufacturing sector to protect against these growing cyber threats.

Sources include: The Register

Lockbit, a notorious cybercrime gang known for its use of ransomware to extort victims, has announced its return online after being targeted by an international law enforcement operation. The operation, described as unprecedented, led to the arrest and indictment of its members. Despite these efforts, Lockbit claims to have restored its servers and is back in business.

The gang’s darkweb site, used for leaking data stolen from its victims, was reportedly hacked by law enforcement using a vulnerability in the PHP programming language. Lockbit’s statement, posted in English and Russian on a new version of its darkweb site, asserts that servers with backup blogs not using PHP remain unaffected and will continue to release data from attacked companies.

The National Crime Agency (NCA) of Britain, which spearheaded the international effort to dismantle Lockbit’s operations, stated that the group “remains completely compromised.” The NCA acknowledged the possibility of Lockbit attempting to regroup and rebuild their systems but emphasized that a significant amount of intelligence about the gang and its associates had been gathered. The agency remains committed to targeting and disrupting Lockbit’s activities.

The new Lockbit darkweb site features a gallery of company names, each accompanied by a countdown clock indicating the deadline for the required ransom payment. 

Sources include: The Register 

Despite the FBI’s efforts in December to disrupt BlackCat’s operations by taking down its Tor negotiation and leak sites, the gang has managed to “unseize” their sites and continue their criminal activities. This resilience underscores the challenges faced by law enforcement in permanently dismantling such cybercrime networks.

FBI, CISA, and the Department of Health and Human Services (HHS) have issued a warning to U.S. healthcare organizations about targeted ransomware attacks by the ALPHV/Blackcat group. 

The gang had been linked to over 60 breaches and had reportedly accumulated at least $300 million in ransoms from more than 1,000 victims by September 2023, and apparently, the group has shown resilience and adaptability in the face of law enforcement actions.

The recent surge in attacks against the healthcare sector, with nearly 70 leaked victims since mid-December 2023, appears to be a direct response to an operational action against the group and its infrastructure in early December 2023. The ALPHV Blackcat administrator’s encouragement for affiliates to target hospitals highlights a deliberate and malicious focus on exploiting vulnerabilities within critical healthcare infrastructure.

The U.S. State Department’s offer of rewards for information leading to the identification or location of BlackCat gang leaders, as well as tips on individuals linked to the group’s ransomware attacks, shows how seriously they are taking the pursuit of this group.  

Remember those horror movies where at the very end the villain comes back from the dead or reaches up from the grave? 

Listeners who want even more cybersecurity stories may want to subscribe to our sister podcast CyberSecurity today. You can find it anywhere you get your podcasts. 

Sources include: Bleeping Computer

And that’s our show for today.

Hashtag Trending goes to air five days a week with daily newscast and a weekend interview show that we creatively called – the weekend edition. 

Remember if any of you want to connect with Dalikoo, remember to mention us. We need sponsors to pay for the work it takes to produce this show. www.dalikoo.com

Love your comments. 

Send us a note at jlove@itwc.ca or drop us a comment under the show notes at itworldcanada.com/podcasts – look for Hashtag Trending. 

Thanks for listening and have a Thrilling Thursday.

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Jim Love
Jim Love
I've been in IT and business for over 30 years. I worked my way up, literally from the mail room and I've done every job from mail clerk to CEO. Today I'm CIO and Chief Digital Officer of IT World Canada - Canada's leader in ICT publishing and digital marketing.

Follow this Podcast

More #Hashtag Trending