Tag: technology

In search of riches, hackers plant 4G-enabled Raspberry Pi in bank network

Hackers planted a Raspberry Pi equipped with a 4G modem in the network of an unnamed bank in an attempt to siphon money out of the financial institution’s ATM system, researchers reported Wednesday.

The researchers with security firm Group-IB said the “unprecedented tactic allowed the attackers to bypass perimeter defenses entirely.” The hackers combined the physical intrusion with remote access malware that used another novel technique to conceal itself, even from sophisticated forensic tools. The technique, known as a Linux bind mount, is used in IT administration but had never been seen used by threat actors. The trick allowed the malware to operate similarly to a rootkit, which uses advanced techniques to hide itself from the operating system it runs on.

End goal: Backdooring the ATM switching network

The Raspberry Pi was connected to the same network switch used by the bank’s ATM system, a position that effectively put it inside the bank’s internal network. The goal was to compromise the ATM switching server and use that control to manipulate the bank’s hardware security module, a tamper-resistant physical device used to store secrets such as credentials and digital signatures and run encryption and decryption functions.

The group behind the attack is tracked in the industry under the name UNC2891. The financially motivated threat group has been active since at least 2017 in targeting the infrastructures of banks. It has earned a well-deserved reputation for proficiency in its use of custom malware in attacks targeting Linux, Unix, and Oracle Solaris systems.

In 2022, Google’s Mandiant division said it had observed UNC2891 spending years inside a targeted network, during which time the intrusion went largely unnoticed. Mandiant researchers went on to identify CakeTap, a custom rootkit for Solaris systems. Among other things, CakeTap manipulated messages passing through an infected ATM switching network, most likely for use in unauthorized cash withdrawals using fraudulent bank cards. Mandiant documented two other custom pieces of malware, which the company named SlapStick and TinyShell.

Group-IB’s report on Wednesday shows that UNC2891 is still active and finding new and advanced ways to burrow into bank networks without detection.

“One of the most unusual elements of this case was the attacker’s use of physical access to install a Raspberry Pi device,” Group-IB Senior Digital Forensics and Incident Response Specialist Nam Le Phuong wrote. “This device was connected directly to the same network switch as the ATM, effectively placing it inside the bank’s internal network. The Raspberry Pi was equipped with a 4G modem, allowing remote access over mobile data.”

To maintain persistence, UNC2891 also compromised a mail server because it had constant Internet connectivity. The Raspberry Pi and the mail server backdoor would then communicate by using the bank’s monitoring server as an intermediary. The monitoring server was chosen because it had access to almost every server within the data center.

Keep reading

China Probes Nvidia Over Alleged H20 AI Chip’s “Backdoor” Security Risks

China’s Cyberspace Administration (CAC) summoned Nvidia officials to address alleged “backdoor” security vulnerabilities with the H20 AI chip, just weeks after Nvidia CEO Jensen Huang’s diplomatic visit to Beijing, and days after US and Chinese officials met in Stockholm to extend their tariff truce

Nvidia was asked “to clarify and submit relevant supporting documentation regarding security risks, including potential vulnerabilities and backdoors, associated with its H20 computing chips sold to China,” according to a statement from CAC. 

China’s top internet watchdog claimed Nvidia’s AI chips pose major security threats due to security vulnerabilities…

“US lawmakers have previously called for advanced chips exported from the US to be equipped with location-tracking features,” the regulator pointed out. 

“The location-tracking and remote shutdown capabilities on Nvidia computing chips are ready, according to US AI experts,” CAC said. 

CAC’s concerns follow a legislative push in Washington, where Republican Senator Tom Cotton and a bipartisan group of eight Representatives recently introduced the U.S. Chip Security Act (H.R. 3447). This bill includes the requirement for companies like Nvidia to embed security mechanisms into advanced chips, such as location verification or tracking mechanisms. 

Nvidia reps were asked to provide technical documents about the H20 AI chip to ensure there are no “backdoors.” Huang has previously denied any security vulnerabilities with his chips. 

Keep reading

Lockheed Has Something ‘Magical,’ Costly as Hell, and Totally Secret Up its Sleeve

Defense giant Lockheed Martin just reported a rare — and yuge — quarterly loss of $1.6 billion, but CEO James D. Taiclet sounded unfazed, thanks to a “magical” classified aeronautics program he claims will create a “game-changing capability for our joint U.S. and international customers.”

Is it a bird? A plane? Superman?

Before we get to the speculation — and there is some juicy stuff — a quick look at how the company lost so much money on something that Taiclet said Lockheed “probably won’t be able to talk about what that is for many years to come.”

Lockheed launched Program X with the Pentagon in 2018 during the Trump 45 administration on a fixed-price basis. That strikes me as a bit odd (albeit awesome for taxpayers) because exotic weapons systems that require developing bleeding-edge technologies are usually done on a cost-plus basis. That’s just because you can’t price something when half the parts haven’t even been invented yet.

So Lockheed signed on to a fixed-price contract just a couple of years before Bidenflation knocked 25% off the value of the dollar. “But I can assure you,” Taiclet said of Project X, “that it’s going to be in high demand for a very long time, well beyond the fixed price commitments.”

What might generate so much revenue, not just from the Pentagon, but from our allies around the world? I did a little poking around on Reddit and other forums where nerds like to geek out and found some fascinating possibilities.

Lockheed lost the contest to produce the Air Force’s Next Generation Air Dominance (NGAD) stealth fighter — now known as the F-47 — to rival Boeing. So there’s been some speculation that Project X is a carrier-based version of Lockheed’s NGAD for the Navy. But Lockheed denies this.

There’s also the long-rumored Hypersonic Reconnaissance Aircraft to replace the long-retired SR-71 spy plane. But those are top-secret, highly specialized aircraft that would be unlikely to generate foreign sales, even if Congress decided to allow it. (Congress refused permission to sell the F-22 Raptor stealth fighter overseas to help keep its secrets.) I seriously doubt Project X is an SR-72.

Here’s where the possibilities get weirder — or should I say, “magical?”

Keep reading

EU plans $30 billion investment in gigawatt AI data centers — multiple sites to host 100,000 AI GPUs each as bloc plays catch-up to US and China

The European Union is the world’s second-largest economy in terms of GDP, but when it comes to its place on the AI market, its position is by far not as strong. To catch up with the U.S. and China, the bloc is launching a $30 billion initiative to build a network of high-capacity data centers that can host millions of AI GPUs, reports CNBC. If successful, the EU will have gigawatt-class datacenters with performance akin to that owned by leading U.S. companies.

To date, the European Union has allocated €10 billion (approximately $11.8 billion) to establish 13 AI data centers, alongside an additional €20 billion earmarked as initial funding for a network of gigawatt-class AI facilities. So far, the project has attracted 76 expressions of interest from 16 member states, covering a total of 60 potential locations, according to CNBC. Initial launches are underway, with the first AI factory expected to go live in the coming weeks and a large-scale project in Munich planned for early September.

Each gigawatt datacenter is expected to require €3 to €5 billion and deliver a level of computational power far greater than existing AI data centers, potentially supporting over 100,000 advanced AI GPUs per site, according to estimates by UBS cited by CNBC. xAI’s Colossus cuper cluster consumes about 150 MW of power when equipped with 100,000 H100 GPUs, so a gigawatt facility will probably be able to host many more GPUs. Perhaps, 300,000 Blackwell Ultra processors.

The EU’s effort, if realized, is probably one of the world’s largest publicly funded initiatives in artificial intelligence, probably well below what Chinese authorities (both federal and local) have invested in AI data centers, but well ahead of what other big economies invest in their AI efforts.

Henna Virkkunen, European Commission executive vice president for technology policy, told CNBC that while Europe has a strong talent base — reportedly 30% more AI researchers per capita than the U.S. — their limited access to computing has held back development. Building massive AI data centers is designed to solve this problem and kick-start the AI sector across the EU.

Despite strong public interest, the scale and sustainability of the project remain in question. Bertin Martens of Bruegel noted that while the EU has committed taxpayer funding, it is unclear how much the public sector will invest in the project. Also, the specifications of the upcoming data centers are unclear. While the EU has access to Nvidia GPUs and other advanced AI accelerators developed in America through a trade agreement with the U.S., Martens pointed out that acquiring hardware is only the beginning.

Keep reading

Porn Studios File Copyright Lawsuit Against Meta Claiming Mass Download of XXX Movies to Train AI

Two major porn production companies have filed a copyright lawsuit against Mark Zuckerberg’s Meta, alleging unauthorized use of their videos to train AI models.

TorrentFreak reports that the adult film studios Strike 3 Holdings and Counterlife Media are taking aim at Meta with a copyright lawsuit. The companies, which produce popular adult brands like Vixen, Tushy, Blacked, and Deeper, claim that Meta illicitly downloaded at least 2,396 of their movies via BitTorrent since 2018 for the purpose of training its AI systems, including the Meta Movie Gen and Large Language Model (LLaMA).

Filed in a California federal court, the complaint alleges that Meta’s unauthorized use of the copyrighted adult films could ultimately result in AI models capable of creating similar “high-quality” porn content at a lower cost, potentially threatening the studios’ business. The plaintiffs argue that by training specifically on their works, “Meta’s AI Movie Gen may very well soon produce full length films with Plaintiffs’ identical style and quality, which other real world adult studios cannot replicate.”

The lawsuit also accuses Meta of not only downloading the copyrighted works without permission but also uploading them to third parties participating in the same BitTorrent swarms. This allegation is allegedly backed by data from the studios’ proprietary tracking software, VXN Scan. BitTorrent’s “tit for tat” algorithm rewards users for sharing content with others to increase download speeds, and the plaintiffs claim that Meta deliberately chose to continue sharing the pirated files to capitalize on faster downloads and infringe more content at a quicker pace.

Strike 3 and Counterlife Media discovered the alleged infringements after Meta’s BitTorrent activity was revealed in a separate lawsuit filed by book authors. In that case, Meta admitted to obtaining content from pirate sources. This revelation prompted the adult studios to search their archive of collected BitTorrent data for Meta-linked IP addresses, uncovering 47 addresses owned by the company that allegedly infringed their copyrights. The complaint provides a list of thousands of alleged infringements from these addresses as evidence. Strike 3 has filed many lawsuits in the past related to videos allegedly downloaded by BitTorrent pirates, leading one judge to label them as a “copyright troll.”

Keep reading

OpenAI and Oracle announce Stargate AI data centre deal

OpenAI has shaken hands with Oracle on a colossal deal to advance the former’s colossal Stargate AI data centre initiative.

It’s one thing to talk about the AI revolution in abstract terms, but it’s another thing entirely to grasp the sheer physical scale of what’s being built to make it happen. The foundations of our AI future are being laid in concrete, steel, and miles of fibre-optic cable, and those foundations are getting colossally bigger.

Together, OpenAI and Oracle are going to build new data centres in the US packed with enough hardware to consume 4.5 gigawatts of power. It’s hard to overstate what a staggering amount of energy that is—it’s the kind of power that could light up a major city. And all of it will be dedicated to one thing: powering the next generation of AI.

This isn’t just a random expansion; it’s a huge piece of OpenAI’s grand Stargate plan. The goal is simple: to build enough computing power to bring advanced AI to everyone.

When you add this new project to the work already underway in Abilene, Texas, OpenAI is now developing over 5 gigawatts of data centre capacity. That’s enough space to run more than two million of the most powerful computer chips available.

This move shows they are dead serious about a pledge they made at the White House earlier this year to plough half a trillion dollars into US AI infrastructure. In fact, with the momentum they’re getting from partners like Oracle and Japan’s SoftBank, they now expect to blow past that initial goal.

But this story isn’t just about silicon chips and corporate deals; it’s about people. OpenAI believes that building and running these new Stargate AI data centres will create over 100,000 jobs.

That job creation presents real opportunities for families across the country from construction crews pouring the concrete, to specialised electricians wiring up racks of servers, and the full-time technicians who will keep these digital brains running day and night.

Keep reading

Denmark Is Fighting AI by Giving Citizens Copyright to Their Own Faces

Your image, your voice, and your essence as a human being could be gobbled up and regurgitated by AI. The clock is ticking on when you’re control over your image and representation is completely out of your hands.

To tip the scales back in favor of those who wish to remain in firm control of their image, Denmark has put forth a proposal that would give every one of its citizens the legal ground to go after someone who uses their image without their consent.

This specifically covers deepfakes, those videos of a person’s face or body that have been digitally altered so they appear to be someone else.

The Scandinavian nation has put forth a proposal to amend its copyright laws so that everyone owns the rights to their own face, their own voice, and their body. Current laws aren’t quite up to snuff when it comes to protecting people from having their likenesses twisted and contorted.

Keep reading

AI in Wyoming may soon use more electricity than state’s human residents

On Monday, Mayor Patrick Collins of Cheyenne, Wyoming, announced plans for an AI data center that would consume more electricity than all homes in the state combined, according to The Associated Press. The facility, a joint venture between energy infrastructure company Tallgrass and AI data center developer Crusoe, would start at 1.8 gigawatts and scale up to 10 gigawatts of power use.

The project’s energy demands are difficult to overstate for Wyoming, the least populous US state. The initial 1.8-gigawatt phase, consuming 15.8 terawatt-hours (TWh) annually, is more than five times the electricity used by every household in the state combined. That figure represents 91 percent of the 17.3 TWh currently consumed by all of Wyoming’s residential, commercial, and industrial sectors combined. At its full 10-gigawatt capacity, the proposed data center would consume 87.6 TWh of electricity annually—double the 43.2 TWh the entire state currently generates.

Because drawing this much power from the public grid is untenable, the project will rely on its own dedicated gas generation and renewable energy sources, according to Collins and company officials. However, this massive local demand for electricity—even if self-generated—represents a fundamental shift for a state that currently sends nearly 60 percent of its generated power to other states.

Wyoming Governor Mark Gordon praised the project’s potential benefits for the state’s natural gas industry in a company statement. “This is exciting news for Wyoming and for Wyoming natural gas producers,” Gordon said.

The proposed site for the new data center sits several miles south of Cheyenne near the Colorado border off US Route 85. While state and local regulators still need to approve the project, Collins expressed optimism about a quick start. “I believe their plans are to go sooner rather than later,” he said.

Keep reading

US Suspends China Tech Restrictions Amid Fears of Rare Earth Retaliation

The administration of US President Donald Trump has suspended restrictions on technology exports to China to avoid harming trade talks with Beijing, the Financial Times newspaper reported on Monday, citing people familiar with the matter.

Chinese Vice Premier He Lifeng is visiting Sweden from July 27-30 for trade talks with US Treasury Secretary Scott Bessent. The officials are expected to discuss US-China trade and economic relationship, Chinese export controls of rare earths, access to each other’s markets, and the overall trade rate.

Over the past few months, the US Department of Commerce’s Bureau of Industry and Security has been instructed to avoid tough measures against China to maintain positive momentum in the talks and ensure a possible meeting between Trump and Chinese President Xi Jinping this year, the report said.

However, some current and former US officials said that the main reason for the suspension of US tariffs was fear of retaliatory measures from China, such as restrictions on rare metals and magnet exports, the report added.

Keep reading

Real Life Drama: Tucker County Residents v. AI Data Center Behemoth

As a child, Nikki Forrester dreamed of living in a cabin in the woods surrounded by mountains, trees, water and the outdoor opportunities that came with the natural land. In 2022 — four years after earning her graduate degree and moving to Tucker County from Pittsburgh — Forrester and her partner made that dream a reality when they bought two acres of land near Davis, West Virginia to build a home.

Forrester has thrived in the small mountain town known for its mountain biking, hiking, stargazing, waterfalls and natural scenery. She and her partner moved into their new home in February. Hiking and biking trails are right outside her front door. In the winter, she said, snow piles up making the nearby mountains look like “heaven on Earth.”

It’s been quite literally a dream come true.

“I feel like I’ve never felt at home so much before. I love being in the woods. I love this community. It’s super cheesy, but this was my childhood dream and now it’s actually come true,” Forrester said. “It felt so good to set down roots here. We knew Davis was where we wanted to start our future.”

But in March, one small public notice posted in the Parsons Advocate — noticed by resident Pamela Moe, who scrambled to find answers after seeing it — changed Forrester’s assumptions about that future.

A Virginia-based company, Fundamental Data, was applying for an air permit from the West Virginia Department of Environmental Protection for what it called the “Ridgeline Facility.” The company’s heavily redacted application showed plans to build an off-the-grid natural gas power plant between Thomas and Davis. That power plant will likely be designed to power an enormous data center just a mile out from Tucker County’s most populous and tourist-attracting areas.

Earlier this month, representatives for Fundamental Data — who did not respond to requests for comment on this article — told the Wall Street Journal that the facility could be “among the largest data center campuses in the world,” spanning 10,000 acres across Tucker and Grant counties if fully realized.

Now, Forrester said, she and her neighbors are in the middle of what feels like a “fight for [their] lives” as they attempt to learn more about the vague development plans and fight against “big data.”

Her images of the future — skiing on white snow, hiking through waterfalls, looking up at clear and starry nights all with one-of-a-kind mountain scenery below — now exist in the shadows of a looming natural gas plant, an industrial complex and the contaminants that could come with them. The fresh, mountain air that surrounds her home and community could be infiltrated by tons of nitrogen oxide (gases that contribute to smog), carbon monoxide, particulate matter and other volatile organic compounds, per the company’s air permit application.

“Honestly, I feel like if this happens, it will destroy this place. People come here because it’s remote, it’s small, it’s surrounded by nature. If you have a giant power plant coughing up smoke and noise pollution and light pollution, it puts all of those things in jeopardy,” Forrester said. “It would honestly make me question whether I would want to live here anymore, because I do love the landscapes here so much, but they would be fundamentally altered and, I think, irreparably harmed if this actually comes to be.”

Keep reading