WIRED learned this week that Amazon Web Services is investigating claims that AI search startup Perplexity may have violated cloud company rules by grabbing data from websites that try to protect themselves against scraping. The news comes after WIRED published an investigation last week into AI search chatbots’ indiscriminate data scraping practices and questionable content generation. WIRED reached out to AWS about the matter, which led to the company looking into Perplexity’s activities. Another WIRED investigation into Quora’s Poe AI platform found that the platform downloaded entire articles from various publishers and shared the files with users, effectively circumventing paywalls.
Earlier this week, the U.S. Department of Justice announced guilty pleas in a series of violent home invasions in which more than a dozen men threatened, assaulted, tortured and kidnapped 11 people in an attempt to steal cryptocurrency.
On Wednesday, WikiLeaks founder Julian Assange agreed to plead guilty to one count of espionage in a US court, finally bringing to an end the long-running legal battle between the US government and the controversial anonymity-focused publisher. The latest in a never-ending parade of US “omnibus” privacy bills, the United States Privacy Rights Act, has been withdrawn from congressional hearings and is now unlikely to receive a full vote. And a new custom-made platform created by SITU Research is being used as a prosecution tool in war crimes cases for the first time at the International Criminal Court.
Concrete evidence is finally emerging in San Jose and New York City that AI gunshot detection systems are working well below their advertised accuracy, deepfake creators are re-recruiting victims of the GirlsDoPorn sex trafficking ring and hosting altered versions of their videos on the platform, and bureaucratic hurdles are making it harder for hospitals and other health care providers to recover from ransomware attacks and get back online.
But wait, that’s not all. Every week we round up the security news we missed so click the headline to read the full story and stay safe.
Google is rolling out a facial recognition system on its Kirkland, Washington campus to detect “unauthorized persons” and block access to offices, according to a document about the plan seen by CNBC. Security cameras in Google’s spaces are already collecting facial data and comparing it to employee badge photos to try to identify people who are not regular or Google employees. If the system identifies a person of interest, Google’s “security and resilience services” team will work to identify potential intruders who “may pose a security risk to Google employees, products, or locations,” according to the document. People who work or visit the Kirkland campus cannot opt out of the system collecting their facial data, but the document says the data is “collected strictly for immediate use and will not be stored.” It also adds that employees can opt out of Google storing their badge images, and that this cache of images will only be used to test the system. The document notes that the goal of the program is “to maintain the safety and security of our people and our spaces.”
German cloud company Teamviewer acknowledged on Friday that it was hit by a cyberattack earlier this week. The company blamed the attack on notorious Russian hacker group APT29 (also known as “Cozy Bear” and “Midnight Blizzard”). “Current findings suggest that the attack took place on Wednesday, June 26th, linked to the credentials of a standard employee account within our corporate IT environment,” Teamviewer said in a statement. The company later acknowledged that “the attack was limited to TeamViewer’s internal IT environment and did not impact our production environment, connectivity platform, or customer data.”
Suspected Chinese government-backed hackers, including a group known as “ChamelGang,” have deployed ransomware in dozens of high-profile attacks as a distraction while they conduct espionage operations on victim networks. Researchers from security firms SentinelOne, Recorded Future, and TeamT5 found evidence that attackers used the tactic in hacks of critical healthcare platforms in India and the Brazilian presidential palace, for example. The espionage actors are joining “an increasingly disturbing trend of using ransomware in the final stages of operations for the purposes of financial gain, disruption, distraction, misidentification, or evidence removal,” the researchers wrote.
Evolve Bank and Trust, a financial company popular with fintech startups, acknowledged on Wednesday that it had fallen victim to a ransomware attack and data breach that may affect its customers. “Evolve is currently investigating a cybersecurity incident involving a known cybercrime organisation, who we believe unlawfully obtained and published on the dark web data and personal information of Evolve’s retail banking customers and financial technology partner customers,” the bank said in a statement on Wednesday. The ransomware gang known as LockBit recently posted data on a dark web leak site that it claimed was stolen from Evolve.
