President Joe Biden on Monday signed an executive order barring many uses by the federal government of commercial spyware, which has been increasingly used by other countries in recent years to surveil dissidents, journalists, and politicians.
The signing of the executive order came as administration officials told journalists that roughly 50 US government personnel in at least 10 countries had been infected or targeted by such spyware, a larger number than previously known. The officials didn’t elaborate.
Commercial spyware is sold by a host of companies, with the best known being NSO Group of Israel. The company sells a hacking tool known as Pegasus that can surreptitiously compromise both iPhones and Android devices using “clickless” exploits, meaning they require no user interaction. By sending a text or ringing the device, Pegasus can install spying software that steals contacts, messages, geo locations, and more, even when the text or call isn’t answered. Other companies selling commercial spyware include Cytrox, Candiru, and Paragon.
While NSO describes Pegasus as a “lawful intercept” tool that’s sold only to legitimate law-enforcement agencies to investigate crime and terrorism. Mexico, India, Saudi Arabia, the United Arab Emerates, Morocco, and other countries have been caught deploying it against political dissidents, journalists, and other citizens that aren’t accused of any crimes. In November 2021, the Biden administration restricted the export, re-export, and in-country transfer of products from NSO and three other companies in Israel, Russia, and Singapore.
Monday’s executive order goes further by barring federal agencies, including those engaged in law enforcement, defense, or intelligence activities, from “operationally using” commercial spyware.
“The proliferation of commercial spyware poses distinct and growing counterintelligence and security risks to the United States, including to the safety and security of US Government personnel and their families,” a fact sheet published by the White House said. “US Government personnel overseas have been targeted by commercial spyware, and untrustworthy commercial vendors and tools can present significant risks to the security and integrity of US Government information and information systems.”
White House officials aren’t naming the specific spyware that’s barred, but using the term commercial spyware strongly implies it includes tools sold by NSO, Cytrox, Candiru, and others. Criteria for tools falling under the order include if:
they’re abused by a foreign government in an attempt to access the device of a US citizen
a foreign actor deploys them against activists or dissidents in an attempt to intimidate or curb dissent or opposition or squelch expressions of free speech
they’re supplied to governments for which there are credible reports that they engage in systematic acts of political repression.
The officials declined to say if US law enforcement and intelligence agencies currently use commercial spyware. Last year, the FBI confirmed a New York Times report that the bureau had bought NSO Group’s Pegasus tool for product testing and evaluation but said they weren’t used for operational purposes or to support any investigation. The US Drug Enforcement Agency, the NYT has also reported, deployed a surveillance tool called Graphite for use in counternarcotics operations.
Organizations big and small are falling prey to the mass exploitation of a critical vulnerability in a widely used file-transfer program. The exploitation started over the Memorial Day holiday—while the critical vulnerability was still a zeroday—and continues now, some nine days later.
As of Monday evening, payroll service Zellis, the Canadian province of Nova Scotia, British Airways, the BBC, and UK retailer Boots were all known to have had data stolen through the attacks, which are fueled by a recently patched vulnerability in MOVEit, a file-transfer provider that offers both cloud and on-premises services. Both Nova Scotia and Zellis had their own instances or cloud services breached. British Airways, the BBC, and Boots were customers of Zellis. All of the hacking activity has been attributed to the Russian-speaking Clop crime syndicate.
Widespread and rather substantial
Despite the relatively small number of confirmed breaches, researchers monitoring the ongoing attacks are describing the exploitation as widespread. They liken the hacks to smash-and-grab robberies, in which a window is broken and thieves grab whatever they can, and warned that the quick-moving heists are hitting banks, government agencies, and other targets in alarmingly high numbers.
“We have a handful of customers that were running MOVEit Transfer open to the Internet, and they were all compromised,” Steven Adair, president of security firm Volexity, wrote in an email. “Other folks we have talked to have seen similar.”
Adair continued:
I do not want to categorize our customers at this point since I do not know what all is out there in terms of who is running the software and give them away. With that said, though—it’s both massive and small organizations that have been hit. The cases we have looked into have all involved some level of data exfiltration. The attackers typically grabbed files from the MOVEit servers less than two hours after exploitation and shell access. We believe this was likely widespread and a rather substantial number of MOVEit Transfer servers that were running Internet-facing web services were compromised.
Caitlin Condon, a senior manager of security research who leads the research arm of security firm Rapid7, said normally her team reserves the term “widespread threat” for events involving “many attackers, many targets.” The attacks under way have neither. So far there’s only one known attacker: Clop, a Russian-speaking group that’s among the most prolific and active ransomware actors. And with the Shodan search engine indexing just 2,510 Internet-facing MOVEit instances when the attacks began, it’s fair to say there aren’t “many targets,” relatively speaking.
In this case, however, Rapid7 is making an exception.
“We aren’t seeing commodity threat actors or low-skill attackers throwing exploits here, but the exploitation of available high-value targets globally across a wide range of org sizes, verticals, and geo-locations tips the scale for us on classifying this as a widespread threat,” she explained in a text message.
She noted that Monday was only the only third business day since the incident became widely known and many victims may only now be learning they were compromised. “We expect to see a longer list of victims come out as time goes on, particularly as regulatory requirements for reporting come into play,” she wrote.
Independent researcher Kevin Beaumont, meanwhile, said on social media on Sunday night: “I’ve been tracking this—there are a double-digit number of orgs who had data stolen, that includes multiple US Government and banking orgs.”
The MOVEit vulnerability stems from a security flaw that allows for SQL injection, one of the oldest and most common classes of exploit. Often abbreviated as SQLi, these vulnerabilities usually stem from a failure by a Web application to adequately scrub search queries and other user input of characters that an app might consider a command. By entering specially crafted strings into vulnerable website fields, attackers can trick a Web app into returning confidential data, giving administrative system privileges, or subverting the way the app works.
Timeline
According to a post published by security firm Mandiant on Monday, the first signs of the Clop exploitation spree occurred on May 27. In some cases data theft occurred within minutes of the installation of a custom webshell tracked as LemurLoot, the researchers said. They added:
Mandiant is aware of multiple cases where large volumes of files have been stolen from victims’ MOVEit transfer systems. LEMURLOOT can also steal Azure Storage Blob information, including credentials, from the MOVEit Transfer application settings, suggesting that actors exploiting this vulnerability may be stealing files from Azure in cases where victims are storing appliance data in Azure Blob storage, although it is unclear if theft is limited to data stored in this way.
The webshell is disguised with filenames such as “human2.aspx” and “human2.aspx.lnk” in an attempt to masquerade as human.aspx, a legitimate component of the MOVEit Transfer service. Mandiant also said it has “observed several POST requests made to the legitimate guestaccess.aspx file before interaction with the LEMURLOOT webshell, indicating SQLi attacks were directed towards that file.”
On May 31, four days after the earliest attacks began, MOVEit provider Progress patched the vulnerability. Within a day, social media posts surfaced reporting that the vulnerability was under exploit by a threat actor who was installing a file named human2.aspx in the root directory of vulnerable servers. Security firms soon confirmed the reports.
Formal attribution that Clop is behind the attacks came on Sunday from Microsoft, which linked the attacks to “Lace Tempest,” the name that company researchers use to track a ransomware operation that maintains the extortion website for the Clop ransomware group. Mandiant, meanwhile, found that tactics, techniques, and procedures used in the attack matched those of a group tracked as FIN11, which has deployed Clop ransomware in the past.
Clop is the same threat actor that mass exploited CVE-2023-0669, a critical vulnerability in a different file-transfer service known as GoAnywhere. That hacking spree allowed Clop to fell data security company Rubrik, obtain health information for one million patients from one of the biggest hospital chains, and (according to Bleeping Computer) take credit for hacking 130 organizations. Research from security firm Huntress has also confirmed that the malware used in intrusions exploiting CVE-2023-0669 had indirect ties to Clop.
So far, there are no known reports of victims receiving ransom demands. The Clop extortion site has also made no mention so far of the attacks. “If the goal of this operation is extortion,” researchers from Mandiant wrote, “we anticipate that victim organizations could receive extortion emails in the coming days to weeks.”
Enlarge / Someone scans their face using Apple’s “most advanced machine learning techniques” with the Apple Vision Pro during a WWDC 2023 keynote demo reel. (credit: Apple)
Amid notable new products like the Apple Silicon Mac Pro and the Apple Vision Pro revealed at Monday’s WWDC 2023 keynote event, Apple presenters never once mentioned the term “AI,” a notable omission given that its competitors like Microsoft and Google have been heavily focusing on generative AI at the moment. Still, AI was a part of Apple’s presentation, just by other names.
While “AI” is a very ambiguous term days, surrounded by both astounding advancements and extreme hype, Apple chose to avoid that association and instead focused on terms like “machine learning” and “ML.” For example, during the iOS 17 demo, SVP of Software Engineering Craig Federighi talked about improvements to autocorrect and dictation:
Autocorrect is powered by on-device machine learning, and over the years, we’ve continued to advance these models. The keyboard now leverages a transformer language model, which is state of the art for word prediction, making autocorrect more accurate than ever. And with the power of Apple Silicon, iPhone can run this model every time you tap a key.
Notably, Apple mentioned the AI term “transformer” in an Apple keynote. The company specifically talked about a “transformer language model,” which means its AI model uses the transformer architecture that has been powering many recent generative AI innovations, such as the DALL-E image generator and the ChatGPT chatbot.
The technology that underpins ChatGPT has the potential to do much more than just talk. Linxi “Jim” Fan, an AI researcher at the chipmaker Nvidia, worked with some colleagues to devise a way to set the powerful language model GPT-4—the “brains” behind ChatGPT and a growing number of other apps and services—loose inside the blocky video game Minecraft.
The Nvidia team, which included Anima Anandkumar, the company’s director of machine learning and a professor at Caltech, created a Minecraft bot called Voyager that uses GPT-4 to solve problems inside the game. The language model generates objectives that help the agent explore the game, and code that improves the bot’s skill at the game over time.
Voyager doesn’t play the game like a person, but it can read the state of the game directly, via an API. It might see a fishing rod in its inventory and a river nearby, for instance, and use GPT-4 to suggest the goal of doing some fishing to gain experience. It will then use this goal to have GPT-4 generate the code needed to have the character achieve it.
The most novel part of the project is the code that GPT-4 generates to add behaviors to Voyager. If the code initially suggested doesn’t run perfectly, Voyager will try to refine it using error messages, feedback from the game, and a description of the code generated by GPT-4.
Over time, Voyager builds a library of code in order to learn to make increasingly complex things and explore more of the game. A chart created by the researchers shows how capable it is compared to other Minecraft agents. Voyager obtains more than three times as many items, explores more than twice as far, and builds tools 15 times more quickly than other AI agents. Fan says the approach may be improved in the future with the addition of a way for the system to incorporate visual information from the game.
While chatbots like ChatGPT have wowed the world with their eloquence and apparent knowledge—even if they often make things up—Voyager shows the huge potential for language models to perform helpful actions on computers. Using language models in this way could perhaps automate many routine office tasks, potentially one of the technology’s biggest economic impacts.
The process that Voyager uses with GPT-4 to figure out how to do things in Minecraft might be adapted for a software assistant that works out how to automate tasks via the operating system on a PC or phone. OpenAI, the startup that created ChatGPT, has added “plugins” to the bot that allow it to interact with online services such as grocery delivery app Instacart. Microsoft, which owns Minecraft, is also training AI programs to play it, and the company recently announced Windows 11 Copilot, an operating system feature that will use machine learning and APIs to automate certain tasks. It may be a good idea to experiment with this kind of technology inside a game like Minecraft, where flawed code can do relatively little harm.
Video games have long been a test bed for AI algorithms, of course. AlphaGo, the machine learning program that mastered the extremely subtle board game Go back in 2016, cut its teeth by playing simple Atari video games. AlphaGo used a technique called reinforcement learning, which trains an algorithm to play a game by giving it positive and negative feedback, for example from the score inside a game.
It is more difficult for this method to guide an agent in an open-ended game such as Minecraft, where there is no score or set of objectives and where a player’s actions may not pay off until much later. Whether or not you believe we should be preparing to contain the existential threat from AI right now, Minecraft seems like an excellent playground for the technology.
