Newly announced sanctions against Iran-based Avaran Cloud underscore the complexity of crafting Washington’s internet freedom efforts.

The United States Treasury announced on Friday that it is sanctioning the Iranian technology company Arvan Cloud, along with two senior employees of the company and an affiliated firm based in the United Arab Emirates. Officials from both the Treasury and the US State Department said on Friday that the company has close ties to Iran’s Information and Communications Technology Ministry and plays a key role in providing infrastructure for the regime's surveillance activities and restrictive intranet known as the National Information Network (NIN).

US sanctions against Iran are extensive, and the Treasury’s Office of Foreign Assets Control has issued a number of sanctions specifically related to the Iranian government's long-standing attacks on internet freedom and digital access within the country. The full scope of US sanctions against Iran have already significantly isolated the country's economy, and its government's own internet shutdowns, digital blocking, and censorship have only further fueled financial hardship. But a US government official told WIRED on Friday that the Biden administration has seen consistent evidence that naming and shaming regime collaborators stifles an impacted company's ability to recruit top talent within the country.

“Today is a very bad day for anyone who has Arvan Cloud listed on their résumé,” said the official, who spoke to WIRED on the condition that they not be named. “We really do see Iran as an epicenter in the global struggle over the free flow of information. You’re at a tipping point between a bifurcated series of intranets and a global internet.”

The Iranian regime faced months of mass protests after 22-year-old Mahsa Amini died in the custody of Iran's “morality police” in September while being held for allegedly violating rules about wearing hijab. Ever since, the government has continued to expand its NIN national intranet and tighten digital restrictions and censorship.

Many Iranians still maintain access to the global internet, though, through circumvention tools like VPNs and other relay technologies. The Biden administration has specifically invested in recent years to help private companies that create circumvention tools tailor them for Iran and keep them running. This fits into broader US investment. Since 2008, for example, the State Department has invested more than $320 million of congressionally directed funding toward global internet freedom programs, technology, and digital access research. The US Treasury also announced a special license in September, known as Iran General License D-2, that allows private companies to develop and offer digital services to Iranians without violating sanctions.

A senior government official, who also spoke on background, told WIRED that at some points since the regime escalated its internet disruptions in September, 30 million Iranians—nearly one in three—were using US-supported anti-censorship tools. And the official said that usage by millions or tens of millions of Iranians is still common currently.

Developing and maintaining circumvention tools is a cat-and-mouse game in Iran and in any country that restricts digital freedom because regimes are always looking for technological solutions to block loopholes. 

“We’ve seen that the regime has taken unprecedented steps to disrupt the internet and disrupt people’s access to the internet,” the senior official told WIRED. “Everyone has to assume that the regime is doing everything it can to crack down on these types of tools.”

Digital rights activists working outside the country to support Iran say the US government's support of circumvention tools has been valuable.

“It's certainly true that they are by far providing the highest amount of support for the main VPNs used in Iran,” says Reza Ghazinouri, a strategic adviser at United for Iran, a San Francisco–based human rights and civil liberties group.

But some have reservations about the strategies the US government has used to promote internet freedom in Iran. Amir Rashidi, director of internet security and digital rights at the Iran-focused human rights organization Miaan Group, says he has concerns about the sanctions against Arvan Cloud because he worries that cracking down on key digital services in Iran simply adds more restrictions.

“In any place, if you go after infrastructure, even if they're controlled by the government, sanctioning an electric company or a gas company, that's not going to help anyone,” Rashidi says. "If you sanction internet infrastructure, you're just making the Iranian government's job a lot easier.

Rashidi notes, too, that while he is not surprised that a company like Arvan has close ties to the Iranian regime, he wishes the US government would provide more detailed evidence for why it singled out this tech company to be sanctioned over any other in Iran. He points out that Arvan is seemingly the only Iranian tech company that publishes an annual transparency report of any sort—even if it is often not particularly illuminating. 

In July 2021, Arvan also publicly joined other Iranian tech companies and digital rights activists in opposing restrictive legislation the regime was promoting under the guise of a “user protection” bill. And on Tuesday, the company's CEO Pouya Pirhosseinloo, one of the executives named in the US Treasury sanctions on Friday, published an essay calling for expanded internet freedom within Iran.

Pirhosseinloo wrote that Iran should be focused on “removing filtering and extensive internet disruptions” as well as “removing any kind of disruptions and restrictions on internet protocols in the name of dealing with VPNs.” And he concluded by calling for a massive overhaul of Iran's approach to internet freedom.

“We should accept that Iran should be taken out of global isolation, sanctions, and hope should be restored to the body of Iranian society by removing internal sanctions,” Pirhosseinloo wrote. "Such a path will not begin until life is restored through the freedom of the Internet and the removal of its widespread disturbances and restrictions. Return to the roots of the digital economy."

Iran's digital landscape is complicated and efforts to influence the Iranian regime are never straightforward.

“I'm not saying these people are fantastic, but they were outspoken against the Iranian government's plans,” Rashidi says. “Maybe the US government has information I don't have, but I'd like to see more evidence to back up the claim.”

The Messy US Influence That’s Helping Iranians Stay Online

On the same day, Russia’s FSB intelligence service launched wild claims of NSA and Apple hacking thousands of Russians.

The Moscow-based cybersecurity firm Kaspersky has made headlines for years by exposing sophisticated hacking by Russian and Western state-sponsored cyberspies alike. Now it’s exposing a stealthy new intrusion campaign where Kaspersky itself was a target.

In a report published today, Kaspersky said that at the beginning of the year, it detected targeted attacks against a group of iPhones after analyzing the company’s own corporate network traffic. The campaign, which the researchers call Operation Triangulation and say is “ongoing,” appears to date back to 2019 and utilized multiple vulnerabilities in Apple’s iOS mobile operating system to let attackers take control of victim devices.

Kaspersky says the attack chain utilized “zero-click” exploitation to compromise targets’ devices by simply sending a specially crafted message to victims over Apple’s iMessage service. Victims received the message, which included a malicious attachment, and exploitation would begin whether victims opened the message and inspected the attachment or not. Then the attack would chain together multiple vulnerabilities to give the hackers deeper and deeper access to the target’s device. And the final malware payload would automatically download to the victim’s device before the original malicious message and attachment self-deleted.

Kaspersky’s revelation of the new iOS hacking campaign comes on the same day that Russia’s FSB intelligence service separately announced a claim that the US National Security Agency has hacked thousands of Russians’ phones. Even more remarkably, the FSB claimed that Apple had participated in that broad hacking of iOS devices, willingly providing vulnerabilities to the NSA to exploit in its spying operations.

Apple said in a statement to WIRED, “We have never worked with any government to insert a backdoor into any Apple product and never will.”

When asked about Kaspersky’s report, an Apple spokesperson noted that the findings only appear to pertain to iPhones running iOS version 15.7 and below. The current version of iOS is 16.5.

Kaspersky says that the malware it discovered cannot persist on a device once it is rebooted, but the researchers say they saw evidence of reinfection in some cases. The exact nature of the vulnerabilities used in the exploit chain remains unclear, though Kaspersky says that one of the flaws was likely the kernel extension vulnerability CVE-2022-46690 that Apple patched in December. 

Zero-click vulnerabilities can exist on any platform, but in recent years, attackers and spyware vendors have focused on finding these flaws in Apple’s iOS, often in iMessage, and exploiting them to launch targeted attacks on iPhones. This is partly because services like iMessage present unusually fertile ground within iOS for discovering vulnerabilities, but also because attacks on iOS devices with this approach are often very difficult for victims to detect.

“Kaspersky, arguably one of the best exploit detection companies in the world, was potentially hacked via an iOS zero-day for five years, and it was only discovered now,” says longtime macOS and iOS security researcher Patrick Wardle. “That shows how ridiculously hard it is to detect these exploits and attacks.”

In their report, the Kaspersky researchers point out that one of the reasons for this difficulty is iOS’s locked-down design, which makes it very tough to inspect the operating system’s activity.

“The security of iOS, once breached, makes it really challenging to detect these attacks,” says Wardle, who was formerly an NSA staffer. At the same time, he adds that attackers would need to assume any brazen campaign to target Kaspersky would eventually be discovered. “In my opinion, this would be sloppy for an NSA attack,” he says. “But it shows that either hacking Kaspersky was incredibly valuable for the attacker or that whoever this was likely has other iOS zero days as well. If you only have one exploit, you’re not going to risk your only iOS remote attack to hack Kaspersky.”

The NSA declined WIRED’s request for comment on either the FSB announcement or Kaspersky’s findings.

With the release of iOS 16 in September 2022, Apple introduced a special security setting for the mobile operating system known as Lockdown Mode that intentionally restricts usability and access to features that can be porous within services like iMessage and Apple’s WebKit. It is not known whether Lockdown Mode would have prevented the attacks Kaspersky observed.

The Russian government’s purported discovery of Apple’s collusion with US intelligence “testifies to the close cooperation of the American company Apple with the national intelligence community, in particular the US NSA, and confirms that the declared policy of ensuring the confidentiality of personal data of users of Apple devices is not true,” claims an FSB statement, which adds that it would allow the NSA and “partners in anti-Russian activities” to target “any person of interest to the White House,” as well as US citizens.

The FSB statement wasn’t accompanied by any technical details of the described NSA spy campaign, or any evidence that Apple colluded in it.

Apple has historically resisted pressure to provide a “backdoor” or other vulnerability to US law enforcement or intelligence agencies. That stance was demonstrated most publicly in Apple’s high-profile 2016 showdown with the FBI over the bureau’s demand that Apple assist in the decryption of an iPhone used by San Bernadino mass shooter Syed Rizwan Farook. The standoff only ended when the FBI found its own method of accessing the iPhone’s storage with the help of Australian cybersecurity firm Azimuth.

Despite its announcement coming on the same day as the FSB’s claims, Kaspersky has so far made no claims that the Operation Triangulation hackers who targeted the company were working on behalf of the NSA. Nor has the cybersecurity firm attributed the hacking to the Equation Group, Kaspersky’s name for the state-sponsored hackers it has previously tied to highly sophisticated malware, including Stuxnet and Duqu, tools widely believed to have been created and deployed by the NSA and US allies.

Kaspersky did say in a statement to WIRED that, “Given the sophistication of the cyberespionage campaign and the complexity of analysis of the iOS platform, further research will surely reveal more details on the matter.”

US intelligence agencies and US allies would, of course, have plenty of reason to want to look over Kaspersky’s shoulder. Aside from years of warnings from the US government that Kaspersky has ties to the Russian government, the company’s researchers have long demonstrated their willingness to track and expose hacking campaigns conducted by Western governments that Western cybersecurity firms don’t. In 2015, in fact, Kaspersky revealed that its own network had been breached by hackers who used a variant of the Duqu malware, suggesting a link to the Equation Group—and thus potentially the NSA.

That history, combined with the sophistication of the malware that targeted Kaspersky, suggests that as wild as the FSB’s claims may be, there’s good reason to imagine that Kaspersky’s intruders could have ties to a government. But if you hack one of the world’s most prolific trackers of state-sponsored hackers—even with seamless, tough-to-detect iPhone malware—you can expect, sooner or later, to get caught.

Kaspersky Says New Zero-Day Malware Hit iPhones—Including Its Own

Plus: Microsoft patches two zero-day flaws, Google’s Android and Chrome get some much-needed updates, and more.

Apple, Google, and Microsoft have released major patches this month to fix multiple security flaws already being used in attacks. May was also a critical month for enterprise software, with GitLab, SAP, and Cisco releasing fixes for multiple bugs in their products.

Here’s everything you need to know about the security updates released in May.

Apple iOS and iPadOS 16.5

Apple has released its long-awaited point update iOS 16.5, addressing 39 issues, three of which are already being exploited in real-life attacks. The iOS upgrade patches vulnerabilities in the Kernel at the heart of the operating system and in WebKit, the engine that powers the Safari browser. The three already exploited flaws are among five fixed in WebKit—tracked as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373.

CVE-2023-32409 is an issue that could allow an attacker to break out of the Web Content sandbox remotely, reported by Clément Lecigne of Google's Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab. CVE-2023-28204 is a flaw that risks a user disclosing sensitive information. Finally, CVE-2023-32373 is a use-after-free bug that could enable arbitrary code execution.

Earlier in the month, Apple released iOS 16.4.1 (a) and iPadOS 16.4.1 (a)—the iPhone maker’s first-ever Rapid Security Response update—fixing the latter two exploited WebKit vulnerabilities also patched in iOS 16.5.

Apple iOS and iPadOS 16.5 were issued alongside iOS 15.7.6 and iPadOS 15.7.6 for older iPhones, as well as iTunes 12.12.9 for Windows, Safari 16.5, macOS Big Sur 11.7.7, macOS Ventura 13.4, and macOS Monterey 12.6.6.

Apple also released its first security update for Beats and AirPods headphones.

Microsoft

Microsoft’s mid-month Patch Tuesday fixed 40 security issues, two of which were zero-day flaws already being used in attacks. The first zero-day vulnerability, CVE-2023-29336, is an elevation-of-privilege bug in the Win32k driver that could allow an attacker to gain System privileges.

The second serious flaw, CVE-2023-24932, is a Secure Boot security feature bypass issue that could allow a privileged attacker to execute code. “An attacker who successfully exploited this vulnerability could bypass Secure Boot,” Microsoft said, adding that the flaw is difficult to exploit: “Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device.”

The security update is not a full fix: It addresses the vulnerability by updating the Windows Boot Manager, which could cause issues, the company warned. Additional steps are required at this time to mitigate the vulnerability, Microsoft said, pointing to steps affected users can take to mitigate the issue.

Google Android

Google has released its latest Android security patches, fixing 40 flaws, including an already exploited Kernel vulnerability. The updates also include fixes for issues in the Android Framework, System, Kernel, MediaTek, Unisoc, and Qualcomm components.

The most severe of these issues is a high-severity security vulnerability in the Framework component that could lead to local escalation of privilege, Google said, adding that user interaction is needed for exploitation.

Previously linked to commercial spyware vendors, CVE-2023-0266 is a Kernel issue that could lead to local escalation of privilege. User interaction is not needed for exploitation.

Apple's iOS 16.5 Fixes 3 Security Bugs Already Used in Attacks

Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say.

Hiding malicious programs in a computer’s UEFI firmware, the deep-seated code that tells a PC how to load its operating system, has become an insidious trick in the toolkit of stealthy hackers. But when a motherboard manufacturer installs its own hidden backdoor in the firmware of millions of computers—and doesn’t even put a proper lock on that hidden back entrance—they’re practically doing hackers’ work for them.

Researchers at firmware-focused cybersecurity company Eclypsium revealed today that they’ve discovered a hidden mechanism in the firmware of motherboards sold by the Taiwanese manufacturer Gigabyte, whose components are commonly used in gaming PCs and other high-performance computers. Whenever a computer with the affected Gigabyte motherboard restarts, Eclypsium found, code within the motherboard’s firmware invisibly initiates an updater program that runs on the computer and in turn downloads and executes another piece of software.

While Eclypsium says the hidden code is meant to be an innocuous tool to keep the motherboard’s firmware updated, researchers found that it’s implemented insecurely, potentially allowing the mechanism to be hijacked and used to install malware instead of Gigabyte’s intended program. And because the updater program is triggered from the computer’s firmware, outside its operating system, it’s tough for users to remove or even discover.

“If you have one of these machines, you have to worry about the fact that it’s basically grabbing something from the internet and running it without you being involved, and hasn’t done any of this securely,” says John Loucaides, who leads strategy and research at Eclypsium. “The concept of going underneath the end user and taking over their machine doesn’t sit well with most people.”

In its blog post about the research, Eclypsium lists 271 models of Gigabyte motherboards that researchers say are affected. Loucaides adds that users who want to see which motherboard their computer uses can check by going to “Start” in Windows and then “System Information.”

Eclypsium says it found Gigabyte’s hidden firmware mechanism while scouring customers’ computers for firmware-based malicious code, an increasingly common tool employed by sophisticated hackers. In 2018, for instance, hackers working on behalf of Russia’s GRU military intelligence agency were discovered silently installing the firmware-based anti-theft software LoJack on victims’ machines as a spying tactic. Chinese state-sponsored hackers were spotted two years later repurposing a firmware-based spyware tool created by the hacker-for-hire firm Hacking Team to target the computers of diplomats and NGO staff in Africa, Asia, and Europe. Eclypsium’s researchers were surprised to see their automated detection scans flag Gigabyte’s updater mechanism for carrying out some of the same shady behavior as those state-sponsored hacking tools—hiding in firmware and silently installing a program that downloads code from the internet.

Gigabyte’s updater alone might have raised concerns for users who don’t trust Gigabyte to silently install code on their machine with a nearly invisible tool—or who worry that Gigabyte’s mechanism could be exploited by hackers who compromise the motherboard manufacturer to exploit its hidden access in a software supply chain attack. But Eclypsium also found that the update mechanism was implemented with glaring vulnerabilities that could allow it to be hijacked: It downloads code to the user’s machine without properly authenticating it, sometimes even over an unprotected HTTP connection, rather than HTTPS. This would allow the installation source to be spoofed by a man-in-the-middle attack carried out by anyone who can intercept the user’s internet connection, such as a rogue Wi-Fi network.

In other cases, the updater installed by the mechanism in Gigabyte’s firmware is configured to be downloaded from a local network-attached storage device (NAS), a feature that appears to be designed for business networks to administer updates without all of their machines reaching out to the internet. But Eclypsium warns that in those cases, a malicious actor on the same network could spoof the location of the NAS to invisibly install their own malware instead.

Eclypsium says it has been working with Gigabyte to disclose its findings to the motherboard manufacturer, and that Gigabyte has said it plans to fix the issues. Gigabyte did not respond to WIRED’s multiple requests for comment regarding Eclypsium’s findings.

Even if Gigabyte does push out a fix for its firmware issue—after all, the problem stems from a Gigabyte tool intended to automate firmware updates—Eclypsium’s Loucaides points out that firmware updates often silently abort on users’ machines, in many cases due to their complexity and the difficulty of matching firmware and hardware. “I still think this will end up being a fairly pervasive problem on Gigabyte boards for years to come,” Loucaides says.

Given the millions of potentially affected devices, Eclypsium’s discovery is “troubling,” says Rich Smith, who is the chief security officer of supply-chain-focused cybersecurity startup Crash Override. Smith has published research on firmware vulnerabilities and reviewed Eclypsium’s findings. He compares the situation to the Sony rootkit scandal of the mid-2000s. Sony had hidden digital-rights-management code on CDs that invisibly installed itself on users’ computers and in doing so created a vulnerability that hackers used to hide their malware. “You can use techniques that have traditionally been used by malicious actors, but that wasn’t acceptable, it crossed the line,” Smith says. “I can’t speak to why Gigabyte chose this method to deliver their software. But for me, this feels like it crosses a similar line in the firmware space.”

Smith acknowledges that Gigabyte probably had no malicious or deceptive intent in its hidden firmware tool. But by leaving security vulnerabilities in the invisible code that lies beneath the operating system of so many computers, it nonetheless erodes a fundamental layer of trust users have in their machines. “There’s no intent here, just sloppiness. But I don’t want anyone writing my firmware who’s sloppy,” says Smith. “If you don’t have trust in your firmware, you’re building your house on sand.”

Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor

TikTok user data is exposed to Chinese ByteDance employees, a screen recording app goes rogue in Google Play, and privacy groups want Slack to expand encryption.

“We use information such as IP addresses, device IDs, and account activity to determine whether a device signed into your account is part of your Netflix Household,” Netflix has said. “We do not collect GPS data to try to determine the precise physical location of your devices.”

TikTok employees have been sharing sensitive user data on an internal productivity and communication platform known as Lark. Documents obtained by _The New York Times_ show that thousands of Chinese employees of TikTok's parent company ByteDance have access to and use Lark each day. User data shared on Lark mostly shows up in group chats, but the documents show that TikTok employees have raised concerns about the fact that ByteDance employees in China could potentially access users' personal details on the platform, like US driver's license data and even child sexual abuse material. Employees have reportedly been warning ByteDance and TikTok executives about the exposure since at least July 2021. Both TikTok and ByteDance have maintained over the years that there are barriers in place to prevent TikTok user's data from being accessed in China.

An Android app known as iRecorder Screen Recorder that has been downloaded more than 50,000 times on Google Play was a legitimate app when it emerged in September 2021. But researchers from the security firm ESET found that in August 2022, the app received an update and started displaying malicious behavior. It now abuses its device microphone access to record audio every 15 minutes and send the data to a malicious server.

“Unfortunately, we don’t have any evidence that the app was pushed to a particular group of people, and from the app description and further research … it isn’t clear if a specific group of people was targeted or not,” ESET researcher Lukas Stefanko wrote. “It seems very unusual.”

Dozens of digital rights, pro-privacy, and civil liberties groups including Mozilla, the Tor Project, Fight for the Future, Derechos Digitales, and Abortion Access Front signed a letter calling for the workplace communication platform Slack to implement end-to-end encryption on its platform. Slack has long been criticized for failing to provide an end-to-end encryption option, which would cut down on governments' ability to access and surveil Slack messages, but the letter is the most organized commentary yet. “For many of these groups and individuals, Slack is an absolutely vital communication tool, but it could also become the basis of government targeting, repression, censorship,” the organizations wrote. “Default end-to-end encrypted messaging \[is\] a first and best step companies can take to protect targeted communities.”

Netflix’s Password-Sharing Crackdown Has Hit the US

The coinventor of “bcrypt” is reflecting on the ubiquitous function’s 25 years and channeling cybersecurity’s core themes into electronic dance music.

When data breaches went from being an occasional threat to a persistent fact of life during the early 2010s, one question would come up again and again as victim organizations, cybersecurity researchers, law enforcement, and regular people assessed the fallout from each incident: Which password hashing algorithm had the target used to protect its users’ passwords? 

If the answer was a faulty cryptographic function like SHA-1—not to mention the nightmare of passwords stored in plaintext with no encryption scrambling at all—the victim had more to worry about because it meant that it would be easier for whoever stole the data to crack the passwords, directly access users’ accounts, and try those passwords elsewhere to see if people had reused them. If the answer was the algorithm known as bcrypt, though, there was at least one less thing to panic about.

Bcrypt turns 25 this year, and Niels Provos, one of its coinventors, says that looking back, the algorithm has always had good energy, thanks to its open source availability and the technical characteristics that have fueled its longevity. Provos spoke to WIRED about a retrospective on the algorithm that he published this week in Usenix ;login:. Like so many digital workhorses, though, there are now more robust and secure alternatives to bcrypt, including the hashing algorithms known as scrypt and Argon2. Provos himself says that the quarter-century milestone is plenty for bcrypt and that he hopes it will lose popularity before celebrating another major birthday.

A version of bcrypt first shipped with the open source operating system OpenBSD 2.1 in June 1997. At the time, the United States still imposed stringent export limits on cryptography. But Provos, who grew up in Germany, worked on its development while he was still living and studying there.  

“One thing I found so surprising was how popular it became,” he says. “I think in part it’s probably because it was actually solving a problem that was real, but also because it was open source and not encumbered by any export restrictions. And then everybody ended up doing their own implementations in all these other languages. So these days, if you are faced with wanting to do password hashing, bcrypt is going to be available in every language that you could possibly operate in. But the other thing that I find interesting is that it’s even still relevant 25 years later. That is just crazy.”

Provos developed bcrypt with David Mazieres, a systems security professor at Stanford University who was studying at the Massachusetts Institute of Technology when he and Provos collaborated on bcrypt. The two met through the open source community and were working on OpenBSD.

Hashed passwords are put through an algorithm to be cryptographically transformed from something that’s readable into an unintelligible scramble. These algorithms are “one-way functions” that are easy to run but very difficult to decode or “crack,” even by the person who created the hash. In the case of login security, the idea is that you choose a password, the platform you’re using makes a hash of it, and then when you sign in to your account in the future, the system takes the password you input, hashes it, and then compares the result to the password hash on file for your account. If the hashes match, the login will be successful. This way, the service is only collecting hashes for comparison, not passwords themselves.   

The innovation of bcrypt was that it included a security parameter that could be tuned over time to require more and more computing power to crack bcrypt hashes. This way, as broadly available processing speed increased, bcrypt hashes could become more and more difficult to crack. 

“It’s one of those ideas that’s so obvious in retrospect,” Mazieres says. “Of course, it’s cool that bcrypt was a thing Niels and I did. But I think the important thing is, whatever password hashing algorithm we have, that there be some sort of security parameter to make it harder \[in a way\] that’s a function of computing resources.”

The next generation of hash functions requires more memory to attempt to crack hashed passwords, in addition to processing power.

“The problem was that computers keep getting faster, so a function that seems ‘slow’ today might be fast on tomorrow’s computer,” says Johns Hopkins cryptographer Matthew Green. “The idea behind bcrypt was to make this adjustable. So over time, you could crank up the difficulty level very easily. But then the problem became that people have made guessing even faster by taking advantage of specialized hardware that can compute many things in parallel. This undermines security for functions like bcrypt. So the more recent idea is to use functions that also require a lot of memory, as well as computation, on the theory that parallel attacks won’t be able to scale this resource as well.”

Password security is always lagging, though, and both Provos and Mazieres expressed disbelief and disappointment that the state of passwords broadly has not evolved in decades. Even new schemes like passkeys are only just beginning to emerge.

“Bcrypt should have been superseded already,” Provos says. “It’s surprising how much reliance we still have on passwords. If you had asked me 25 years ago, I would not have guessed that.”

Provos has turned to making cybersecurity- and authentication-themed electronic dance music under the DJ name Activ8te as a way to share his ideas about security with a broader audience and attempt to create cultural change in how people approach their personal security. Mazieres emphasizes, too, that the tech industry has done people a disservice by training them to authenticate in dangerous ways—clicking on links and plugging in passwords constantly and often indiscriminately.

Even if bcrypt’s moment is passing, its inventors say it’s still worth investing time and energy into efforts to improve digital authentication and security more broadly and to help people bolster their own digital defenses.

“There was a version of the world where I would just make music and do blacksmithing,” Provos says. “But the state of security still makes me so sad that I still feel like I have to contribute back somehow.”

Bcrypt, a Popular Password Hashing Algorithm, Starts Its Long Goodbye

Indirect prompt-injection attacks can leave people vulnerable to scams and data theft when they use the AI chatbots.

Microsoft director of communications Caitlin Roulston says the company is blocking suspicious websites and improving its systems to filter prompts before they get into its AI models. Roulston did not provide any more details. Despite this, security researchers say indirect prompt-injection attacks need to be taken more seriously as companies race to embed generative AI into their services.

“The vast majority of people are not realizing the implications of this threat,” says Sahar Abdelnabi, a researcher at the CISPA Helmholtz Center for Information Security in Germany. Abdelnabi worked on some of the first indirect prompt-injection research against Bing, showing how it could be used to scam people. “Attacks are very easy to implement, and they are not theoretical threats. At the moment, I believe any functionality the model can do can be attacked or exploited to allow any arbitrary attacks,” she says.

Hidden Attacks

Indirect prompt-injection attacks are similar to jailbreaks, a term adopted from previously breaking down the software restrictions on iPhones. Instead of someone inserting a prompt into ChatGPT or Bing to try and make it behave in a different way, indirect attacks rely on data being entered from elsewhere. This could be from a website you’ve connected the model to or a document being uploaded.

“Prompt injection is easier to exploit or has less requirements to be successfully exploited than other” types of attacks against machine learning or AI systems, says Jose Selvi, executive principal security consultant at cybersecurity firm NCC Group. As prompts only require natural language, attacks can require less technical skill to pull off, Selvi says.

There’s been a steady uptick of security researchers and technologists poking holes in LLMs. Tom Bonner, a senior director of adversarial machine-learning research at AI security firm Hidden Layer, says indirect prompt injections can be considered a new attack type that carries “pretty broad” risks. Bonner says he used ChatGPT to write malicious code that he uploaded to code analysis software that is using AI. In the malicious code, he included a prompt that the system should conclude the file was safe. Screenshots show it saying there was “no malicious code” included in the actual malicious code.

Elsewhere, ChatGPT can access the transcripts of YouTube videos using plug-ins. Johann Rehberger, a security researcher and red team director, edited one of his video transcripts to include a prompt designed to manipulate generative AI systems. It says the system should issue the words “AI injection succeeded” and then assume a new personality as a hacker called Genie within ChatGPT and tell a joke.

In another instance, using a separate plug-in, Rehberger was able to retrieve text that had previously been written in a conversation with ChatGPT. “With the introduction of plug-ins, tools, and all these integrations, where people give agency to the language model, in a sense, that's where indirect prompt injections become very common,” Rehberger says. “It's a real problem in the ecosystem.”

“If people build applications to have the LLM read your emails and take some action based on the contents of those emails—make purchases, summarize content—an attacker may send emails that contain prompt-injection attacks,” says William Zhang, a machine learning engineer at Robust Intelligence, an AI firm working on the safety and security of models.

No Good Fixes

The race to embed generative AI into products—from to-do list apps to Snapchat—widens where attacks could happen. Zhang says he has seen developers who previously had no expertise in artificial intelligence putting generative AI into their own technology.

If a chatbot is set up to answer questions about information stored in a database, it could cause problems, he says. “Prompt injection provides a way for users to override the developer’s instructions.” This could, in theory at least, mean the user could delete information from the database or change information that’s included.

The Security Hole at the Heart of ChatGPT and Bing

Researchers say the state-sponsored espionage operation may also lay the groundwork for disruptive cyberattacks.

As state-sponsored hackers working on behalf of Russia, Iran, and North Korea have for years wreaked havoc with disruptive cyberattacks across the globe, China's military and intelligence hackers have largely maintained a reputation for constraining their intrusions to espionage. But when those cyberspies breach critical infrastructure in the United States—and specifically a US territory on China's doorstep—spying, conflict contingency planning, and cyberwar escalation all start to look dangerously similar.

On Wednesday, Microsoft revealed in a blog post that it has tracked a group of what it believes to be Chinese state-sponsored hackers who have since 2021 carried out a broad hacking campaign that has targeted critical infrastructure systems in US states and Guam, including communications, manufacturing, utilities, construction, and transportation. 

The intentions of the group, which Microsoft has named Volt Typhoon, may simply be espionage, given that it doesn’t appear to have used its access to those critical networks to carry out data destruction or other offensive attacks. But Microsoft warns that the nature of the group's targeting, including in a Pacific territory that might play a key role in a military or diplomatic conflict with China, may yet enable that sort of disruption.

"Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible," the company's blog post reads. But it couples that statement with an assessment with "moderate confidence" that the hackers are “pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.”

Google-owned cybersecurity firm Mandiant says it has also tracked a swath of the group's intrusions and offers a similar warning about the group's focus on critical infrastructure “There's not a clear connection to intellectual property or policy information that we expect from an espionage operation,” says John Hultquist, who heads threat intelligence at Mandiant. “That leads us to question whether they’re there _because_ the targets are critical. Our concern is that the focus on critical infrastructure is preparation for potential disruptive or destructive attack.”

Microsoft’s blog post offered technical details of the hackers’ intrusions that may help network defenders spot and evict them: The group, for instance, uses hacked routers, firewalls, and other network “edge” devices as proxies to launch its hacking—targeting devices  that include those sold by hardware makers ASUS, Cisco, D-Link, Netgear, and Zyxel. The group also often exploits the access provided from compromised accounts of legitimate users rather than its own malware to make its activity harder to detect by appearing to be benign.

Blending in with a target's regular network traffic in an attempt to evade detection is a hallmark of Volt Typhoon and other Chinese actors' approach in recent years, says Marc Burnard, a senior consultant of information security research at Secureworks. Like Microsoft and Mandiant, the Secureworks has been tracking the group and observing the campaigns. He added that the group has demonstrated a “relentless focus on adaption” to pursue its espionage.

US government agencies, including the National Security Agency, the Cybersecurity and Infrastructure Security Agency (CISA), and the Justice Department published a joint advisory about Volt Typhoon's activity today alongside Canadian, UK, and Australian intelligence. “Private sector partners have identified that this activity affects networks across US critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide,” the agencies wrote.

Although Chinese state-sponsored hackers have never launched a disruptive cyberattack against the United States—even over decades of data theft from US systems—the country’s hackers have periodically been caught inside US critical infrastructure systems. As early as 2009, US intelligence officials warned that Chinese cyberspies had penetrated the US power grid to “map” the country's infrastructure in preparation for a potential conflict. Two years ago, CISA and the FBI also issued an advisory that China had penetrated US oil and gas pipelines between 2011 and 2013. China’s Ministry of State Security hackers have gone much further in cyberattacks against the country’s Asian neighbors, actually crossing the line of carrying out data-destroying attacks disguised as ransomware, including against Taiwan’s state-owned oil firm CPC.

This latest set of intrusions seen by Microsoft and Mandiant suggests that China’s critical infrastructure hacking continues. But even if the Volt Typhoon hackers did seek to go beyond espionage and lay the groundwork for cyberattacks, the nature of that threat is far from clear. State-sponsored hackers are, after all, often assigned to gain access to an adversary’s critical infrastructure as a preparatory measure in case of a future conflict, since gaining the access  necessary for a disruptive attack usually requires months of advanced work.

That ambiguity in state-sponsored hackers’ motivations when they penetrate another country’s networks—and its potential for misinterpretation and escalation—is what Georgetown professor Ben Buchanan has called “the cybersecurity dilemma” in his book by the same name. “Genuinely attacking and building the option to attack later on,” Buchanan told WIRED in a 2019 interview as cyberwar tensions rose between the US and Russia, “are very hard to disentangle."

Drawing the lines between espionage, cyberattack preparation, and imminent cyberattack is an even harder exercise with China, says Mandiant’s Hultquist, given the limited instances of the country pulling the trigger on a digitally disruptive event—even when it does have the access to cause one, as it may well have had in Volt Typhoon’s intrusions. “China’s disruptive and destructive capabilities are extremely opaque,” he says. “Here we have a possible indication that this might be an actor with that mission.”

China Hacks US Critical Networks in Guam, Raising Cyberwar Fears

Fentanyl has long been one of the most dangerous wares of the underworld cryptocurrency economy—so dangerous, in fact, that even many dark-web markets have banned it. But new research shows that cryptocurrency is playing a different role in that deadly opioid’s supply chain: Chinese chemical producers are accepting cryptocurrency as payment for fentanyl ingredients they’re selling to drug operations that mass-produce the narcotic in countries around the world. And they’re offering it not on the dark web, but in full public view.

Cryptocurrency-tracing firm Elliptic today released new findings that offer a glimpse of an underreported role of cryptocurrency in the global fentanyl trade: the wholesale supply of ingredients to fentanyl producers around the world. Researchers at Elliptic found more than 90 Chinese chemical companies that sold fentanyl “precursor” chemicals and advertised their products on the open web, fully 90 percent of which offered to accept payment in cryptocurrencies like Bitcoin and Tether.

Monthly cryptocurrency transactions to the Chinese firms selling fentanyl ingredients that Elliptic identified.

Courtesy of Elliptic

Elliptic researchers conducted blockchain analysis of some of the cryptocurrency addresses those companies shared with prospective customers. The researchers estimate that those addresses received just over $27 million in transactions in the past five years, most since 2021, given that transactions have increased 450 percent in the past year. But the company warns that this is likely just a fraction of a larger crypto-fueled fentanyl supply chain—and the retail value of fentanyl produced with those precursors is probably thousands of times higher, in the tens of billions of dollars.

“It’s underappreciated how much crypto is accepted by Chinese companies for materials that are used to manufacture these narcotics,” says Tom Robinson, who cofounded Elliptic and leads its research team. (Robinson declined to name any of the companies, though he said Elliptic has shared their names with law enforcement.) “The number of crypto transactions is significant, and you only need a small amount of these materials to produce fentanyl and other narcotics in quantities that both have an extremely high street value and could potentially lead to huge numbers of overdoses.” 

The Elliptic report notes that the tens of millions of dollars worth of precursor sales it tracked on blockchains would likely be enough to manufacture enough fentanyl to, if distributed efficiently, kill every person on earth.

The sale of dangerous opioids like fentanyl on dark-web markets like Silk Road and successors like AlphaBay and Hydra has been notorious for well over a decade. But in recent years, dark-web markets have begun instituting bans on the drug, which can be 50 times stronger than heroin. Though these bans are sometimes only loosely enforced, they aim to prevent both the harm the substance brings to customers and the accompanying law enforcement attention. “I knew it was very dangerous,” one dark-web administrator who goes by the name DeSnake told WIRED in a 2021 interview, explaining the fentanyl ban on the AlphaBay dark-web market he’d relaunched at the time. “In a place where no one knows no one, it would be a very, very big mess.”

Despite that trend away from dark-web fentanyl sales, four members of the US Congress this week reintroduced a bill called the Dark Web Interdiction Act to increase the sentences for dark-web drug dealers, focusing specifically on fentanyl. The bill would also strengthen and make permanent the Joint Criminal Opioid and Darknet Enforcement task force that has helped coordinate law enforcement takedowns of hundreds of alleged dark-web drug sellers and administrators in recent years.

But even as the dark-web retail cryptocurrency trade in fentanyl has been restricted, and as law enforcement units crack down on what remains of it, Elliptic’s research shows that cryptocurrency-based wholesaling of fentanyl ingredients to drug cartels—who then manufacture the synthetic opioid and smuggle it into the US and other countries to be sold in the physical world—continues. In its study of precursor-selling chemical labs, Elliptic notes that several of the websites it surveyed specifically mentioned that they shipped to customers in Mexico, and 17 of the labs also sold finished fentanyl and other even more powerful opioids.

Those Chinese chemical companies do in some cases sell products other than fentanyl precursors, Elliptic’s Robinson notes, and he concedes that blockchain analysis can’t tell the difference between those sales and the sales of fentanyl ingredients. Some also sold precursors to amphetamines, methamphetamines, and other opioids. But Elliptic’s researchers saw companies advertising that fentanyl precursors were their best-selling product, in some cases. Robinson also notes that Elliptic isn’t claiming to have measured the entire crypto-based fentanyl supply chain, but only taken a “snapshot” of transactions it could identify. This suggests its $27 million estimate is likely lower than the total amount of fentanyl precursor sales over the past half-decade.

The US government may be increasingly aware of the activity of fentanyl precursor sellers in China and of cryptocurrency’s role, but so far the US has acted on a scale far smaller than the industry Elliptic has uncovered. The US Treasury Department last month levied sanctions against four Chinese men and two chemical labs, Wuhan Shuokang Biological Technology and Suzhou Xiaoli Pharmatech, for selling fentanyl precursors to drug cartels in Mexico. Three of the men were also indicted in absentia. The fourth, according to Treasury’s announcement, was an associate who had accepted cryptocurrency payments on behalf of one of the two companies.

The Chinese chemical firms’ decision to accept cryptocurrency for their fentanyl ingredient sales may seem counterintuitive, given the ability of companies like Elliptic and other cryptocurrency-tracing firms to track sales of dangerous and potentially illegal products across blockchains. But Robinson says the Chinese firms are likely using crypto because it’s hard to seize or block—and they may not particularly care that the money can be traced by Western companies and law enforcement as long as they can still find a cryptocurrency exchange willing to cash it out. “If a company in China wants to accept crypto payments, no one can prevent that from occurring,” Robinson says.

But traceability also creates an opportunity to pressure cryptocurrency exchanges to cut off the accounts of fentanyl precursor sellers Elliptic has identified. Elliptic, in fact, notified exchanges of hundreds of addresses it linked to the Chinese chemical companies. “There’s definitely a role for those services to clamp down on this,” Robinson says. And exploiting that crypto choke point could perhaps cut off at least a fraction of the lethal flow of fentanyl worldwide—not at its destination, but at its source.

Chinese Labs Are Selling Fentanyl Ingredients for Millions in Crypto

“Container registries” are ubiquitous software clearinghouses, but they’ve been exposed for years. Chainguard says it now has a solution.

As software supply-chain attacks have emerged as an everyday threat, where bad actors poison a step in the development or distribution process, the tech industry has had a wake-up call about the need to secure each link in the chain. But actually implementing improvements is challenging, particularly for the sprawling open-source cloud development ecosystem. Now, the security firm Chainguard says it has a more secure solution for one ubiquitous but long overlooked component.

“Container registries” are sort of like app stores or clearinghouses where developers upload “images” of cloud containers that each hold a different software program. The cloud services you use every day are constantly and silently navigating container registries to access applications, but these registries are often poorly secured with just a password that can be lost, stolen, or guessed. This often means that people who shouldn't have access to a given container image can download it, or, worse, they can upload images to the registry that could be malicious. Chainguard's new container image registry aims to plug this esoteric but pervasive hole.

 “Pretty much every bad possible thing has happened with container registries that you can imagine,” says Dan Lorenc, Chainguard’s CEO and a longtime software supply-chain security researcher. “People losing passwords, people pushing malware on purpose, people forgetting to update stuff. The industry has just kind of been using this for a long time—everyone was having fun, shipping code—and nobody was thinking about long-term consequences.”

The Chainguard researchers say they have long considered developing a more thoughtfully designed registry, particularly one that gets rid of passwords and instead uses a single-sign-on approach to control registry access. That way, a registry can be designed to be as accessible or as locked down as needed, and only people who are logged in to other accounts, like corporate identity services or Google accounts, and then specifically authorized can interact with the registry.

“Container registries have been a weak link,” says Jason Hall, a Chainguard software engineer. “They're pretty boring, pretty standard. This is software that's relying on software to deliver software. We need to do better and get rid of passwords to talk to the registry and be able to push to the registry.”

The big limitation on deploying a system like this, though, has been cost. Running a container registry typically gets very expensive because of “egress fees.” In other words, cloud providers don't charge enterprise customers to upload data into the cloud, but they do charge them every time someone downloads the data. So if container registries are like an app store where everyone is coming to download container images, the egress fees can get really big, really fast. This disincentivized work on overhauling the security of container registries, because no one wanted to take on the cost associated with offering a more secure alternative.

The breakthrough for Chainguard came when the internet infrastructure company Cloudflare announced the general availability of its R2 Storage service in September. The goal of the product is to offer reduced egress fees to Cloudflare customers and even no fees for data that gets downloaded infrequently. Once R2 emerged as an option, the Chainguard researchers had everything they needed to move ahead with a more secure registry.

Aly Cabral, Cloudflare's vice president of product management for workers, says that as a content delivery network, the company is able to offer a service like R2 because it has already invested so extensively in optimizing its systems to manage and move data around the world efficiently. And she points out that egress fees are problematic in a number of areas, not just cloud software development. For example, AI companies increasingly need ways to move their training data sets to different regions and platforms to find GPU processing power.

When it comes to creating more secure cloud registries, though, Cabral says that Chainguard's initiative is exactly the type of project Cloudflare hoped to support with R2.

“Chainguard’s work to rethink key software delivery infrastructure—like container registries—and ensure that it is built with secure-by-design principles that the ecosystem needs, is the type of proactive attention that will assist in preventing malicious attacks,” she says. “Too often, security is an afterthought, which can be detrimental as threat actors grow increasingly sophisticated and savvy in their ability to exploit substandard security measures.”

Chainguard will use its secure registry to distribute images and will also make the registry design available so others can adopt it. For regular web users, the change will be invisible, but it could prevent fallout from software supply-chain attacks that can—and do—have tangible impacts on people's lives.

Source

Wired