Friday Five: An Investigation on OpenAI, Implementing the New National Cybersecurity Strategy, & More
This past week, the White House released the first version of their National Cybersecurity Strategy implementation plan, Signal's President voiced her concerns over encryption and data privacy, BreachForums made its return, and more. Catch up on these stories and more in this week’s Friday Five!
WHITE HOUSE RELEASES NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN BY CHRISTIAN VASQUEZ
The White House has released the initial version of its multiyear implementation plan for the National Cybersecurity Strategy, marking a significant change in how the US government will regulate digital security. The plan outlines over 65 initiatives that align with the strategy's five pillars. While the strategy is a one-time document, the implementation plan will evolve over time to adapt to changing threat landscapes and completed initiatives. The plan will be updated next year as version 2.0, and other aspects will be revised as necessary. Some ongoing initiatives include codifying the Cyber Safety Review Board, updating the National Cyber Incident Response Plan, and developing a national cyber workforce and education strategy. The plan aims to enhance defensibility and resilience against cyberattacks while minimizing their impact.
SIGNAL’S MEREDITH WHITTAKER: BREAKING ENCRYPTION WHILE PRESERVING PRIVACY IS ‘MAGICAL THINKING’ BY TONYA RILEY
Signal, a leading encrypted messaging app, is facing challenges from lawmakers seeking to undermine privacy protections. Signal President Meredith Whittaker is actively advocating against policies that threaten encryption, having joined forces with critics like Meta to call for changes to the U.K. Online Safety Bill. Whittaker emphasizes the need to dispel misconceptions about surveillance technologies and the dangers of allowing constant monitoring of private communications. Imminent threats to encryption include the encryption provisions in the U.K. bill. Despite differences in business models, encrypted messaging services are banding together to oppose the law, as they recognize the shared interest in protecting private communication amidst the encryption backlash tied to issues like child exploitation.
CHASING DEFAMATORY HALLUCINATIONS, FTC OPENS INVESTIGATION INTO OPENAI BY BENJI EDWARDS
OpenAI, the company behind ChatGPT AI assistant, is being investigated by the US Federal Trade Commission (FTC) for potential violations of consumer protection laws. The investigation focuses on OpenAI's risk management strategies regarding its AI models and whether the company has engaged in deceptive practices that harm consumers' reputations. The FTC is particularly interested in understanding how OpenAI addresses the generation of false or misleading statements by its AI models. The probe comes in response to incidents involving ChatGPT fabricating defamatory claims about individuals, leading to a lawsuit against OpenAI for defamation. This regulatory challenge reflects the growing need to address the risks associated with advanced AI models, prompting government agencies to scrutinize the industry more closely.
BREACHFORUMS REPLACEMENT EMERGES AS ROBUST FORUM FOR CRIMINAL HACKERS TO TRADE THEIR SPOILS BY AJ VICENS
Following the recent seizure of domains related to the cybercriminal marketplace BreachForums, a new version of the forum has emerged and is growing rapidly, facilitating the illicit trade of sensitive information. The quick return of BreachForums demonstrates the resilience of the cybercrime ecosystem and the difficulty for law enforcement agencies to prevent such activities. The new version is expected to attract more cybercriminals and may lead to high-profile leaks and sales of databases. The original administrator of BreachForums was arrested earlier this year, leading to rival forums jostling for attention. The current administrators, known as Baphomet and ShinyHunters, have relaunched BreachForums, and their presence is expected to maintain the forum's status despite competition.
RANSOMWARE ATTACKS ARE ON THE RISE, AGAIN BY LILY HAY NEWMAN
Ransomware payments have surged in 2023, with victims paying $449.1 million to ransomware groups in the first six months of the year, according to cryptocurrency tracing firm Chainalysis. If this pace continues, the total figure for 2023 could reach $898.6 million, making it the second-highest year for ransomware revenue after 2021. Ransomware groups have become more aggressive, publishing stolen sensitive data to pressure victims, and the increase in payments aligns with a spike in these more frequent and aggressive attacks. The slump in payments in 2022 was attributed to improved security measures and decryption tools, but the increase in attacks this year may be linked to the evolving state of the Russia-Ukraine conflict.