This episode of 'Cybersecurity Today' hosted by Jim Love covers various significant events in the cybersecurity landscape. OpenAI has banned multiple ChatGPT accounts linked to state-sponsored hackers from countries including China, Russia, North Korea, Iran, and the Philippines for developing malware, generating disinformation, and conducting scams.
The episode also discusses the Dark Gaboon hacker group, which targets Russian companies with Lock Bit 3.0 ransomware.
Furthermore, it highlights the controversial installation of a Starlink satellite internet terminal at the White House by Elon Musk's DOGE team, bypassing normal security measures, and a hardware enthusiast's successful use of ChatGPT to unlock an Android tablet's BIOS, raising questions about firmware security.
00:00 Open AI Bans ChatGPT Accounts used by state backed hackers
00:25 State-Sponsored Threat Actors Exploiting ChatGPT
04:36 Dark Gaboon: A New Hacker Group Targets Russia
07:11 Elon Musk's DOGE Team Installs Starlink at the White House
09:57 Unlocking an Android Tablet with ChatGPT
12:07 Conclusion and Contact Information
Episode Transcript
Open AI Bans ChatGPT Accountsused by state backed hackers.
A new hacker group, dark Gaboonuses locked bit ransomware
to target Russian companies.
ChatGPT helps unlock an Android tabletand Musk's DOGE team installed starlink at
the White House despite security warnings.
(00:20):
This is cybersecurity today.
I'm your host, Jim Love.
OpenAI has shut down dozens of ChatGPTaccounts linked to state-sponsored
threat actors from China, Russia, NorthKorea, Iran, and the Philippines, who
were using the AI chat bot to developmalware, generate disinformation
campaigns, and conduct employment scams.
(00:42):
The company released its latestthreat intelligence report this week,
documenting 10 distinct operationsacross three months that misused
ChatGPT for malicious purposes.
Chinese linked accounts were representedin four of the 10 operations, making
China the most active nation inattempting to weaponize the AI platform.
(01:04):
Open AI attributed some accounts towell-known Chinese hacking groups,
APT 5, and APT 15, known respectivelyas Keyhole Panda and Vixen Panda.
. These advanced persistent threatgroups, which have been active since
at least 2007 and 2010 respectively.
Used ChatGPT to assist with password bruteforcing scripts, AI driven penetration
(01:29):
testing and social media automation.
OpenAI stated that multiple threat actorssought publicly available information on
US Special operations command, satellitecommunications technologies, and specific
ground station terminal locations, aswell as government identity verification
cards and networking equipment.
(01:50):
Russian speaking threat.
Actors used ChatGPT to develop Windowsmalware that OpenAI dubbed Scope Creep,
the malware targeted video game players,and included capabilities for privilege
escalation, credential theft, andtelegram based notifications to attackers.
The Russian actors demonstratedoperational security awareness
(02:12):
Using temporary email addresses tosign up for ChatGPT accounts, and
limiting each account to singleconversations about incremental code
improvements before abandoning them.
Chinese accounts generated bulk socialmedia posts in English, Chinese, and Urdu
covering divisive US political topics.
The content appeared on TikTok X,Reddit, Facebook, and other platforms.
(02:36):
Though most posts garnered littlelegitimate engagement, Russian accounts
generated German language content aboutGermany's federal elections and anti
NATO messaging, and Iranian accountsproduced similar geopolitical content
While accounts from the Philippinescreated posts supporting President
Ferdinand Marcos Jr's policies
(02:59):
North Korean threat actors used ChatGPTextensively for their well-documented
IT worker scheme generating fakeresumes and personas to apply for
remote jobs, the accounts researchtools to circumvent corporate security
measures and maintain undetectedremote access to company systems.
Open AI detected two types of operators,core operators who automated resume
(03:22):
creation based on job descriptions andcontractors who performed actual work
tasks using the fraudulent identities.
Accounts linked to Cambodia's cyberscam industry generated recruitment
messages in multiple languages,offering high paying jobs for simple
tasks like liking social media posts.
(03:44):
Cambodia has become the epicenterof cyber fraud operations where
trafficked individuals areforced to conduct online scams.
Despite the concerning activity,OpenAI emphasized the threat
actors gained no novel capabilitiesthey couldn't obtain elsewhere.
We found no evidence that access to ourmodels provided these actors with novel
(04:04):
capabilities or directions that theycould not otherwise have obtained from
multiple publicly available resources.
The company stated.
China's foreign ministry told Reutersthere is no basis for open AI's
claims saying China has consistentlyopposed the misuse and abuse of
artificial intelligence technology.
(04:25):
OpenAI said it shared threat indicatorswith industry partners and continues
monitoring for malicious activityas part of its AI safety efforts.
We tend to think of Russia as thehome to cybercrime groups where
they're immune from prosecution.
But a cybercrime group dubbed Dark Gaboonhas been targeting Russian companies
(04:46):
with lock bit 3.0 ransomware since 2023.
Operating independently from traditionalransomware as a service networks.
The group was first identified byRussian cybersecurity firm, Positive
Technologies in January, but researchershave traced its operations back to 2023.
Dark Gaboon has targeted Russianorganizations across banking, retail,
(05:10):
tourism, and public services sectors.
In the latest spring campaign,Dark Gaboon deployed lock bit 3.0
ransomware against Russian victims.
The group uses a version that waspublicly leaked in 2022 and is now
employed by numerous cyber criminals.
But unlike lock bit affiliatesoperating under the ransomware
as a service model, Dark Gaboonappears to function independently.
(05:35):
Dark Gaboon relies on phishingemails written in Russian, crafted
to appear urgent and directed atemployees in financial departments.
The malicious attachments are disguisedas legitimate financial documents
based on templates downloaded fromlegitimate Russian language sources.
These decoy files have remainedrelatively unchanged since 2023.
(05:56):
But once inside a victim's network, thegroup deploys Lockbit 3.0 to encrypt files
and leaves behind a ransom note in Russiancontaining two contact email addresses.
Researchers found no signsof data exfiltration during
these recent incidents.
The group uses open source tools,including Revenge, Rat X worm, and
(06:18):
Lockbit ransomware to blend in withbroader cyber criminal activity
making attribution difficult.
Positive technology said they couldnot identify the individuals behind
dark Gaboon, but said the perpetratorsare likely fluent in Russian.
The same email addresses andcurrent ransom notes were previously
linked to Lockbit based attackson Russian financial institutions
(06:42):
between March and April, 2023.
Positive Technologies was sanctionedby the US in 2021 for allegedly
providing IT support to Russian civilianand military intelligence agencies.
The company has denied theseallegations as groundless Russian
entities have previously been targetedwith Lockbit variance, including a
(07:04):
December attack on the largest dairyprocessing plant in southern Siberia.
Elon Musk's Department ofGovernmental Efficiency.
The DOGE team installed a Starlinksatellite internet terminal at the
White House, reportedly withoutinforming communication, security staff
potentially allowing data transmissionoutside normal tracking systems.
(07:27):
The DOGE team installed the Starlinkterminal on the roof at the Eisenhower
Executive Office building in Februarywith the approval from the Trump
administration, but against theconcerns of security officials.
According to the Washington Post,The installation raised alarms among
security experts who worried thesystem could bypass White House data
tracking and monitoring systems.
(07:49):
The officials in charge ofprotecting the White House
communications were not informedof the installation ahead of time.
Insiders told the postwith A starlink connection.
That means White House devices could leavethe network and go outside the gateways.
A person familiar with the mattertold the Daily Beast, it's going
to help you bypass security.
DOGE officials said the Starlinkinstallation was intended to
(08:11):
address Internet dead zoneson the White House campus.
However, the move created a separatenetwork that bypassed traditional White
House security protocols that track datatransmission with names and timestamps.
A Starlink guest wifi network appearedon White House phones in February
requiring only a password rather thanthe usual username and second form
(08:33):
of authentication typically requiredfor White House guest networks.
The network was still appearing onWhite House visitors phones this week
according to the Washington Post.
The installation initially triggereda confrontation between DOGE
employees and the Secret Service,though the Secret Service later
downplayed their security concerns.
(08:53):
Secret Service spokesperson, AnthonyGuglielmi told the Washington Post,
we were aware of DOGE's intentions toimprove internet access on the campus
and did not consider this matter asecurity incident or a security breach.
The White House referred questionsto the Secret Service, which said it
could not discuss specific technologysystems for security reasons.
(09:16):
The Starlink installation is part ofa broader pattern of DOGE accessing
sensitive government data systems.
At other agency, DOGE staffershave demanded deep access to
data and disabled logging thattracked what they did with it.
In April, a whistleblower at the NationalLabor Relations Board accused DOGE of a
significant cybersecurity breach allegingthe team access sensitive data while
(09:39):
requesting their activities not be loggedand attempting to cover their tracks.
We covered that story in aninterview with a whistleblower.
Starlink is operated by Musk's, SpaceXcompany, and Musk has since stepped
back from his government role as hisrelationship with Trump has deteriorated
A hardware enthusiast successfullyused ChatGPT to modify a locked
(10:02):
Android tablet's bios bypassingfactory reset protection and secure
boot to install Windows 10 and Linuxon the previously unusable device.
XDA forum member Devicemodder documentedthe breakthrough with a Panasonic.
Tough Padd FZ.
A two tablet that was lockedwith factory reset protection.
(10:24):
FRP, which ties devices to useraccounts and prevents unauthorized
use after factory resets.
The modder used a $14 CH 3 4 1.
A flash programmer to extract the tablet'sUEFI BIOS, and then uploaded the binary
file to ChatGPT with instructions tocompletely disable secure boot and remove
(10:48):
Panasonic's proprietary security keys.
The AI successfully modified the BIOScode, allowing the model to reflash
the firmware back to the device.
The modder wrote to my knowledge, there'sno information on the hack I did online,
and I might be the first person to attempt
this explaining that the tablet'ssecure boot keys were designed to
(11:10):
only run Android and blocked anyattempts to boot from external drives.
After flashing the ChatGTP modifiedBIOS, the tablet successfully booted
Linux mint and later Windows 10.
However, some hardware componentsincluding the touchscreen cameras,
barcode reader, and audio systemsstill have compatibility issues
(11:32):
requiring additional driver work.
So on the plus side, the techniquecould potentially help unlock thousands
of ex corporate devices sitting unusedin secondary markets due to forgotten
firmware passwords or FRP locks.
Use device marketplaces containnumerous laptops and tablets rendered
unusable by such security measures.
(11:54):
However.
Security experts note.
It also raises questions about therobustness of firmware level protections
when AI tools can potentially identifyand disable security measures.
The mod shared details of theprocess to help others potentially
recover similar lock devices forlegitimate reuse, and that's our show.
(12:16):
Love to hear from you.
You can reach us ateditorial@technewsday.ca, or if
you're watching this on YouTube, justleave a comment under the video and
if you find the content helpful orenjoyable, please consider going to
buy me a coffee.com/tech podcast.
That's buy me a coffee.com/techpodcast and buy us a coffee.
(12:39):
It really helps with thecost of producing the shows.
I'm your host, Jim Love.
Thanks for listening.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
Ridiculous History
History is beautiful, brutal and, often, ridiculous. Join Ben Bowlin and Noel Brown as they dive into some of the weirdest stories from across the span of human civilization in Ridiculous History, a podcast by iHeartRadio.