From my favorite security news website:
Major ChatGPT Outage Caused by DDoS Attack
ChatGPT Taken Down by DDOS Attack
This one is pretty cut and dried, a typical DDoS attack was used on ChatGPT to take the service down. What’s interesting is the origin. Some group “Anonymous Sudan” claimed responsibility, but they are believed to be Russian-based hackers.
Let’s not forget that claims of a hack’s origins are always suspicious. In the wake of the Snowden release back in 2013, it came out later in a tools release that the CIA can hack computer systems and leave traces that make it look like the hack came from somewhere else. I would assume this is also a feature of the Pegasus and QuaDream software we looked at in a previous post.
Wikileaks, Snowden and Vault 7
The CIA hacking tools release I’m thinking of was the Wikileaks Vault 7 release in 2017. In that doc, look under the heading “Evading Forensics” and there’s a link to Tradecraft DO’s and DON’Ts. In there you find a great discussion of avoiding leaving CIA fingerprints on operations.
By the way, Ed Snowden was made a Russian citizen in 2022, making him immune from extradition to the US. This is according to the Wikipedia article about Snowden.
New Legislation to Limit Government Data Snooping
There’s a new initiative to limit government from prying into the affairs of innocent Americans, it’s the Government Surveillance Reform Act of 2023 (GSRA). I haven’t reviewed it fully, I’m not here to tell you to support or oppose it. I would encourage you to look into it and if you’re of such a mind, call your Congressperson and voice your opinion.
A New US Privacy Bill Seeks to End Warrantless Police and FBI Spying
“Americans know that it is possible to confront our country’s adversaries ferociously without throwing our constitutional rights in the trash can,”
This is a quote from Senator Ron Wyden, who, along with Senator Mike Lee, introduced the bill in the Senate. Mike Lee, being my US Senator from Utah, is all over the map. He talks a good game and then seems to side with Big Tech all the time, at least lately. Well I’m not here to bash Mike Lee. Not really.
I guess I’m here to bash the information collection practices of the US federal government. They don’t even know how much data they have:
The first thing to know about the program, and how many Americans it ensnares each year, is that the government doesn’t know the number and has little interest in learning it.
The government’s defense to this is to say that the very act of determining who is and isn’t a US citizen would break the very laws the US needs to follow. This doesn’t seem to stop them when they want to look at your data, however, the alphabet agencies are experts at sidestepping judicial review a.k.a. they often look at the data without getting a warrant first.
You really should read this article to the end, the last section gets into the guts of the new legislation:
The GSRA takes aim at the use of incidental data by federal law enforcement agents, who are not bound by the same rules against spying on Americans as are analysts at the Pentagon, whose purview lies strictly overseas…
For background, there’s a section 702 of the Fi
There’s an interesting link in the Wired article, I mentioned that the government doesn’t know how much data it is hoovering up every year.
Just How Much Data is the Government Really Processing?
A Princeton professor has apparently been working on the problem:
Did an Ivy League professor crack the key to 702 oversight?
Check it out, it’s a good article for a deep dive into privacy considerations.
Thanks, we’ll see you next week for the final post of the semester.
Image credit: “Snowden” by AK Rockefeller is licensed under CC BY-SA 2.0.