The Breach Report
Posts
The Breach Report: February 20, 2024

The Breach Report: February 20, 2024

LockBit Seized & Shutdown by FBI, AI Voice Cloning of Relatives, AI File Determination Tool

Rob Waters
February 20, 2024 • ⏱️ Reading Time: 9 minutes

Welcome to the latest issue of The Breach Report, a cybersecurity newsletter from the creators of the Cybersecurity Careers Blog. Be sure to subscribe via email or RSS.

FBI, NCA Seize LockBit Ransomware Group Domains, Infrastructure

The notorious ransomware gang LockBit had its website, domains, and infrastructure seized by the U.S. FBI and U.K. NCA in a joint operation, “Operation Cronos.”

In an epic takedown, the U.S. Federal Bureau of Investigation (FBI) and U.K. National Crime Agency announced that the LockBit ransomware group’s infrastructure and domains have been seized. The takedown was part of “Operation Cronos”, and confirmed by a LockBit representative to malware repository vx-underground.

“The FBI pwnd me,” the representative stated. Two other LockBit members were arrested: one in Poland, the other in Ukraine, according to a Europol statement.

The #FBI and its U.K. partners have indicted two Russian nationals and disrupted the LockBit ransomware group, affecting more than 2,000 victims worldwide. Victims may be able to restore compromised systems with newly developed decryption capabilities.
— FBI (@FBI)
Feb 20, 2024

Within three years, LockBit has become the most disruptive, powerful ransomware cybercriminal gang. They have attacked over 1,700 U.S. entities, ranging from city governments, hospitals, and critical infrastructure. The group has pilfered millions of dollars by holding its victims’ data and infrastructure under ransom, demanding payment in cryptocurrency before providing any decryption keys.

Europol announced that the operation “resulted in the compromise of LockBit’s primary platform and other critical infrastructure that enabled their criminal enterprise.” This includes the takedown of 34 servers across Europe, the U.K. and the United States, and the seizure of over 200 cryptocurrency wallets.

The takedown is the latest in a string of FBI operations targeted at disrupting cybercrime and cyber espionage infrastructure worldwide under Rule 41, a legal framework that enables the FBI to access computers across multiple jurisdictions and modify them.

AI voice cloning is bringing back school shooting victims

Generative AI is used for all kinds of powerful use cases, but inevitably, controversial or malicious ones. We’ve already seen U.S. President Joe Biden’s voice cloned in a deepfake robocall campaign last month to discourage voting in the New Hampshire Presidential Primary.

As a result, the Federal Communications Commission (FCC) quickly outlawed unwanted robocalls generated by AI, fearing future election disinformation efforts.

“Bad actors are using AI-generated voices in unsolicited robocalls to extort vulnerable family members, imitate celebrities, and misinform voters,” said FCC chairwoman Jessica Rosenworcel in a statement on the FCC ruling.

Now, children’s voices are being cloned who were victims of mass shootings, such as the Uvalde school shooting in May 2022 and the Parkland school shooting in February 2018. The cloned voices are used in new campaigns to raise awareness for gun safety and stricter gun control laws, reports Joanna Stern of The Wall Street Journal.

Grieving parents are using their children’s voices to stir the emotions of lawmakers and the public. But, it’s a creepy new frontier for generative AI and yet another example of something that could be straight out of a Black Mirror episode.

The children’s voices are being used with parents’ consent, and surprisingly, are often created with only a few seconds worth of audio of the child with eerily accurate results.

“This is a United States problem and we have not been able to fix it,” Manny told me in an interview filmed at their house. “If we need to use creepy stuff to fix it, welcome to the creepy.”

Patricia and Manny Oliver, parents of Joaquin Oliver, who was 17 at the of being killed in the Parkland, Florida school shooting. (source: The Wall Street Journal)

The AI-generated voices are created using ElevenLabs, the same tool used for the President Biden deepfakes.

It raises profound ethical questions such as, is emulating your child’s voice – who is now dead – OK? What if the child wouldn’t agree to this emulation of their voice? How do parents even know that what they use their child’s voice to say is something they would condone or would have said themselves?

Over 54,000 voice calls have been sent so far to U.S. lawmakers, according to The Shotline, a foundation established by the Olivers to promote awareness of gun violence and legal change.

Just a few months ago, Deutsche Telekom made this entire AI-generated cloning of children’s voices and likenesses in the digital world into a viral warning, raising awareness about oversharing personal data online.

Now, we took that warning and threw it into a dumpster fire and accelerated into a full-blown dystopian reality of AI-generated kid cloning for political and social movement campaigns.

What’s next? I’m sure our family members’ AI likeness in a robot or on our personal device isn’t far away. And yes, there’s a Black Mirror episode for that.

Google Releases Magika, an AI-Powered File Determination Tool, to Open-Source

Google has released Magika to open-source, an AI-powered file determination tool. (source: Google)

Google has released Magika, an AI-powered file determination tool, to open-source. (source: Google)

In an example of AI for positive outcomes, Google has released Magika, an AI file determination tool, to open-source. Magika assists with helping cyber analysts and defenders accurately detect binary and textual file types. Google states that Magika can identify file types within milliseconds, even on a CPU.

File determination is challenging because of the variety of file types, structured versus unstructured data, and programming language nuances.

For years, sophisticated tools and hackers have been able to insert hidden payloads or change file structures to cloak malware. With no automated way to scale file determination from start to finish, it results in endless hours of human toil developing manual detection rules and policies.

Magika will help close this gap, and improve cybersecurity defenses for enterprises and organizations globally. You can read more about the tool’s capabilities in the public announcement on Google’s blog.

Magika is available for download on Google’s public GitHub repository.

Cybersecurity Headlines

New from our blog:

New from our favorite blogs and journalists:

Fake Funeral Live Stream Scams Are All Over Facebook (404 Media)
Do Spencer’s Vibrators Have Malware on Them? An Investigation (404 Media)
These six young people died by gun violence. Now their AI-generated voices are sending gun control pleas to lawmakers (CNN)
‘I Died That Day’—AI Brings Back Voices of Children Killed in Shootings (Wall Street Journal)
Microsoft, Google, Amazon and tech peers sign pact to combat election-related misinformation (CNBC)
New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide (The Hacker News)
Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative (The Hacker News)