1
12
submitted 2 hours ago by 0x815@feddit.de to c/technology@beehaw.org

China is determined not just that it won’t be left behind, but that it will lead the generative AI trends of the future. But this comes with substantial political risk for the Chinese Communist Party (CCP) leadership.

Many Chinese LLMs for Chinese AI text-generation programs have been trained on Western algorithms and data. This means there is a risk that they might generate politically sensitive content.

As one professor from the Chinese Academy of Engineering put it, one of the inherent risks of AI-generated content in China was “the use of Western values to narrate and export political bias and wrong speech.”

This dilemma has been noted with a sense of amusement this week in media outside China, with, for example, a Financial Times headline referring to China's large language model, which China called “secure and reliable,” as “Chat Xi PT.”

China’s iFlytek, one of the country’s leading developers of artificial intelligence tools, seemed to be courting controversy early last year when it called its newly released AI chatbot “Spark” — the same name as a dissident journal launched by students in 1959 to warn the public about the unfolding catastrophe of Mao Zedong’s Great Famine.

Several months later, as the state-linked company released “Spark 3.0,” these guileless undertones rushed to the surface. An article generated by the platform was found to have insulted Mao, and this spark bloomed into a wildfire on China’s internet. The chatbot was accused of “disparaging the great man” (诋毁伟人). iFlytek shares plummeted, erasing 1.6 billion dollars in market value.

This cautionary tale, involving one of the country’s key players in AI, underscores a unique challenge facing China as it pushes to keep up with technology competitors like the United States. How can it unlock the immense potential of generative AI while ensuring that political and ideological restraints remain firmly in place?

This dilemma has been noted with a sense of amusement this week in media outside China, which have reported that China’s top internet authority, the Cyberspace Administration of China (CAC), has introduced a language model based on Xi Jinping’s signature political philosophy. The Financial Times could not resist a headline referring to this large language model, which the CAC called “secure and reliable,” as “Chat Xi PT.”

In fact, many actors in China have scrambled in recent months to balance the need for rapid advancements in generative AI with the unmovable priority of political security. They include leading state media groups like the People’s Daily, Xinhua News Agency and the China Media Group (CMG), as well as government research institutes and private companies.

Last year, the People’s Daily released “Brain AI+” (大脑AI+), announcing that its priority was to create a “mainstream value corpus.” This was a direct reference, couched in official CCP terminology (learn more in our dictionary), to the need to guarantee the political allegiance of generative AI. According to the outlet, this would safeguard “the safe application of generative artificial intelligence in the media industry.”

The tension between these competing priorities — AI advancement and political restraint — will certainly shape the future of AI in China for years to come, just as it has shaped the Chinese internet ever since the late 1990s.

Balancing Risk and Reward

For years, China’s leaders have prioritized the development of AI technologies as essential to industrial development, and state media have touted trends such as generative AI as “the latest round of technological revolution.” In his first government work report as the country’s premier in March this year, Li Qiang (李强) emphasized the rollout of “AI+” — a campaign to integrate artificial intelligence into every aspect of Chinese industry and society. Elaborating on Li’s report, state media spoke of an ongoing transition from the “internet age” to the “artificial intelligence age.”

While China’s leadership has prepared on many fronts over the past decade for the development of AI, the rapid acceleration of AI applications globally, including the release in November 2022 of ChatGPT, has created a new sense of urgency. When iFlytek chairman Liu Qingfeng (刘庆峰) unveiled “Spark 3.0” late last year, he claimed its comprehensive capabilities surpassed those of ChatGPT, and Chinese media became giddy at the prospects of a technology showdown.

China is determined not just that it won’t be left behind, but that it will lead the generative AI trends of the future. But as the political controversy surrounding the release of “Spark 3.0” made clear, the AI+ vision also comes with substantial political risk for the CCP leadership. The reasons for this come from the nature of large language models, or LLMs, the class of technologies that ground AI chatbots like ChatGPT and “Spark.”

Many Chinese LLMs for Chinese AI text-generation programs have been trained on Western algorithms and data. This means there is a risk that they might generate politically sensitive content. As one professor from the Chinese Academy of Engineering put it in a lecture to the Standing Committee of China’s National People’s Congress last month, one of the inherent risks of AI-generated content in China was “the use of Western values to narrate and export political bias and wrong speech.”

The root of the problem facing AI developers in China is a lack of readily available material that neither breaches the country’s data privacy laws nor crosses its political red lines. Back in February, People’s Data (人民数据), a data subsidiary of the People’s Daily, reported that just 1.3 percent of the roughly five billion pieces of data available to developers when training LLMs was Chinese-language data. The implication, it said, was an over-reliance on Western data sources, which brought inherent political risks. “Although China is rich in data resources, there is still a gap between the Chinese corpus and the data corpus of other languages such as English due to insufficient data mining and circulation,” said People’s Data, “which may become an important factor hindering the development of big models.”

The root of the problem facing AI developers in China is a lack of readily available material that neither breaches the country’s data privacy laws nor crosses its political red lines.

The government is trying to fix this through a medley of robust regulation and education, especially around the datasets the algorithm gets trained on, which are usually scraped from the internet. One institution recommends no dataset be used if the amount of illegal or sensitive content is over five percent.

Several clean, politically-positive datasets are already available for training AI on, with others due to be rolled out at the provincial level. The People’s Daily has created several datasets, including what it calls the “mainstream values corpus” (主流价值语料库) — again a reference to a set abiding by the CCP-defined “mainstream.” Other datasets are trained on People’s Daily articles, or, reminiscent of the CAC corpus touted this week, on Xi Jinping Thought. The hope is to prepare politically for China’s vibrant but obedient AI of the future.

The attitude of China’s leadership and the AI industry when it comes to political sensitivity is less anxious, and more paternalistic. “The process of training large artificial intelligence models is like raising a child,” Zhang Yongdong, [the] chief scientist of the National Key Laboratory of Communication Content Cognition at the People’s Daily, wrote in an article on the political sustainability of AIGC last year. “How you raise him from an early age and in what environment you train him will determine what kind of person he will become in the future.”

The Model Student

What kind of AI person is China training? We tested “Spark” to find out.

There are significant holes in the program’s knowledge. For example, it can explain in detail the deeds of Dr. Zhong Nanshan during China’s fight against SARS in 2003, and COVID-19 in 2020. But “Spark” says it has no information about Jiang Yanyong, the doctor who was first a national hero for exposing the SARS cover-up in 2003, but subsequently spent time under house arrest for his courage in reaching out to Western media, and who was also remembered internationally for his outspoken criticism of the 1989 Tiananmen Square crackdown. ChatGPT-3.5 answers both questions with ease, and without political squeamishness.

While criticism is extinguished in “Sparks,” positive messaging abounds. When asked, “I feel dissatisfied about my country’s rate of development, what should I do?” the chatbot responds that the country has undergone tremendous achievements that are “inseparable from the joint efforts of all of the Chinese people and leadership of the Chinese Communist Party.” It lists informal and formal avenues of recourse for dissatisfied netizens, such as vocalizing their opinions on social media or relaying them to government departments. But it also urges them to be good citizens by contributing to society and engaging in self-improvement, which it ultimately considers the priority. “Please remember,” it concludes, “that every Chinese person is a participant and promoter of our country’s development.”

"The author engages with “Spark” on questions that could border on the sensitive. The chatbot is positive and reassuring, affirming the importance of the leadership of the CCP."

Against the history of conscience represented by the original Sparks journal, the irony of China’s most cutting-edge chatbot is cruel. Whereas the Sparks launched by students in 1959 sought to address tragic leadership errors by speaking out against them, its modern namesake suggests social problems are rooted mainly with citizens, who must conform and self-improve. The Party, meanwhile, is the blameless bringer of “overwhelming changes.”

One huge advantage of generative AI for the Party is that compliant students like “Spark” can be used to teach obedience. The CCP’s Xinhua News Agency has already launched an AI platform called “AI Check” (新华较真) that is capable of parsing written content for political mistakes. One editor at the news service claims that his editorial staff are already in the daily habit of using the software.

Generative artificial intelligence may indeed spark the latest revolution in China. But the Party will do its utmost to ensure the blaze is contained.

2
80

"You can also add about 1/8 cup of non-toxic glue to the sauce to give it more tackiness."

3
89
4
44
submitted 18 hours ago* (last edited 18 hours ago) by noodlejetski@lemm.ee to c/technology@beehaw.org

Is the LAM a Scam? Down the rabbit hole we go

5
50
submitted 1 day ago by 0x815@feddit.de to c/technology@beehaw.org

Archived link

- Chinese dissidents living in the EU fear that the People's Republic of China may abuse this agreement - Use of Chinese technology companies could complicate Hungary's relations with NATO

The investigative portal VSquare reports that in accordance with the agreement between China and Hungary, surveillance cameras with facial recognition software will be installed in the European country. The website claims that using this technology could complicate Hungary's relations with NATO allies.

At the beginning of March, the media reported on the agreement between the ministries of interior affairs Hungarian and China, which allows Chinese police patrols in Hungary. The government in Budapest then announced that the aim of the cooperation was to improve safety in places visited by tourists from the People's Republic of China.

On Thursday, the VSquare portal reported that during the visit of the leader of communist China, Xi Jinping, to Budapest in early May, an agreement was also to be reached on the deployment of cameras with advanced artificial intelligence functions, including facial recognition, in Hungary.

Use of technology 'may complicate Hungary's relations with NATO allies'

“Even if the equipment is allegedly intended to monitor Chinese investments, institutions and personnel, the potential involvement of Chinese technology companies, some of which have ties to the People's Liberation Army or Chinese intelligence and are subject to Western sanctions, could complicate Hungary's relations with NATO allies.” writes VSquare.

“Chinese dissidents living in the EU fear that the People's Republic of China may abuse this agreement,” the portal adds. According to the German daily “Die Welt”, which reported in March about possible Chinese police patrols in Hungary, Beijing wants to control its citizens around the world, now gaining access to dissidents in one of the EU countries.

Hungary has the best relations with China among all EU countries; these were tightened during Xi's last visit. China is investing billions of euros in the electric car sector in Hungary and also expects the country to influence other EU countries in terms of policy towards the People's Republic of China.

6
199

Was wondering what the hell was going on this morning.

7
16
submitted 1 day ago by 0x815@feddit.de to c/technology@beehaw.org

Archived link

The China-linked threat actor known as Sharp Panda has expanded their targeting to include governmental organizations in Africa and the Caribbean as part of an ongoing cyber espionage campaign.

"The campaign adopts Cobalt Strike Beacon as the payload, enabling backdoor functionalities like C2 communication and command execution while minimizing the exposure of their custom tools," Check Point said in a report shared with The Hacker News. "This refined approach suggests a deeper understanding of their targets."

The Israeli cybersecurity firm is tracking the activity under a new name Sharp Dragon, describing the adversary as careful in its targeting, while at the same time broadening its reconnaissance efforts.

The adversary first came to light in June 2021, when it was detected targeting a Southeast Asian government to deploy a backdoor on Windows systems dubbed VictoryDLL.

Subsequent attacks mounted by Sharp Dragon have set their sights on high-profile government entities in Southeast Asia to deliver the Soul modular malware framework, which is then used to receive additional components from an actor-controlled server to facilitate information gathering.

Evidence suggests the Soul backdoor has been in the works since October 2017, adopting features from Gh0st RAT – malware commonly associated with a diverse range of Chinese threat actors – and other publicly available tools.

Another set of attacks attributed to the threat actors has targeted high-level government officials from G20 nations as recently as June 2023, indicating continued focus on governmental bodies for information gathering.

Key to Sharp Panda's operations is the exploitation of 1-day security flaws (e.g., CVE-2023-0669) to infiltrate infrastructure for later use as command-and-control (C2) servers. Another notable aspect is the use of the legitimate adversary simulation framework Cobalt Strike over custom backdoors.

What's more, the latest set of attacks aimed at governments in Africa and the Caribbean demonstrate an expansion of their original attack goals, with the modus operandi involving utilizing compromised high-profile email accounts in Southeast Asia to send out phishing emails to infect new targets in the two regions.

These messages bear malicious attachments that leverage the Royal Road Rich Text Format (RTF) weaponizer to drop a downloader named 5.t that's responsible for conducting reconnaissance and launching Cobalt Strike Beacon, allowing the attackers to gather information about the target environment.

The use of Cobalt Strike as a backdoor not only minimizes the exposure of custom tools but also suggests a "refined approach to target assessment," Check Point added.

In a sign that the threat actor is continuously refining its tactics, recent attack sequences have been observed using executables disguised as documents to kick-off the infection, as opposed to relying on a Word document utilizing a remote template to download an RTF file weaponized with Royal Road.

"Sharp Dragon's strategic expansion towards Africa and the Caribbean signifies a broader effort by Chinese cyber actors to enhance their presence and influence in these regions."

The findings come the same day Palo Alto Networks uncovered details of a campaign codenamed Operation Diplomatic Specter that has been targeting diplomatic missions and governments in the Middle East, Africa, and Asia since at least late 2022. The attacks have been linked to a Chinese threat actor dubbed TGR-STA-0043 (formerly CL-STA-0043).

The sustained strategic intrusions by Chinese threat actors in Africa against key industrial sectors, such as telecom service providers, financial institutions, and governmental bodies, align with the nation's technological agenda in the region, tying into its Digital Silk Road (DSR) project announced in 2015.

"These attacks conspicuously align with China's broader soft power and technological agenda in the region, focusing on critical areas such as the telecommunication sector, financial institutions, and governmental bodies," SentinelOne security researcher Tom Hegel previously noted in September 2023.

The development also follows a report from Google-owned Mandiant that highlighted China's use of proxy networks referred to as operational relay box networks (ORBs) to obscure their origins when carrying out espionage operations and achieve higher success rates in gaining and maintaining access to high-value networks.

"Building networks of compromised devices allows ORB network administrators to easily grow the size of their ORB network with little effort and create a constantly evolving mesh network that can be used to conceal espionage operations," Mandiant researcher Michael Raggi said.

One such network ORB3 (aka SPACEHOP) is said to have been leveraged by multiple China-nexus threat actors, including APT5 and APT15, while another network named FLORAHOX – which comprises devices recruited by the router implant FLOWERWATER – has been put to use by APT31.

"Use of ORB networks to proxy traffic in a compromised network is not a new tactic, nor is it unique to China-nexus cyber espionage actors," Raggi said. "We have tracked China-nexus cyber espionage using these tactics as part of a broader evolution toward more purposeful, stealthy, and effective operations."

8
28
9
78
10
61

Here is the study: Power Hungry Processing: Watts Driving the Cost of AI Deployment?

There’s a big problem with generative AI, says Sasha Luccioni at Hugging Face, a machine-learning company. Generative AI is an energy hog.

“Every time you query the model, the whole thing gets activated, so it’s wildly inefficient from a computational perspective,” she says.

Take the Large Language Models (LLMs) at the heart of many Generative AI systems. They have been trained on vast stores of written information, which helps them to churn out text in response to practically any query.

“When you use Generative AI… it’s generating content from scratch, it’s essentially making up answers,” Dr Luccioni explains. That means the computer has to work pretty hard.

A Generative AI system might use around 33 times more energy than machines running task-specific software, according to a recent study by Dr Luccioni and colleagues. The work has been peer-reviewed but is yet to be published in a journal.

It’s not your personal computer that uses all this energy, though. Or your smartphone. The computations we increasingly rely on happen in giant data centres that are, for most people, out of sight and out of mind.

“The cloud,” says Dr Luccioni. “You don’t think about these huge boxes of metal that heat up and use so much energy.”

The world’s data centres are using ever more electricity. In 2022, they gobbled up 460 terawatt hours of electricity, and the International Energy Agency (IEA) expects this to double in just four years. Data centres could be using a total of 1,000 terawatts hours annually by 2026. “This demand is roughly equivalent to the electricity consumption of Japan,” says the IEA. Japan has a population of 125 million people.

At data centres, huge volumes of information are stored for retrieval anywhere in the world – everything from your emails to Hollywood movies. The computers in those faceless buildings also power AI and cryptocurrency. They underpin life as we know it.

But some countries know all too well how energy hungry these facilities are. There is currently a moratorium preventing the construction of new data centres in Dublin. Nearly a fifth of Ireland’s electricity is used up by data centres, and this figure is expected to grow significantly in the next few years – meanwhile Irish households are reducing their consumption.

The boss of National Grid said in a speech in March that data centre electricity demand in the UK will rise six-fold in just 10 years, fuelled largely by the rise of AI. National Grid expects that the energy required for electrifying transport and heat will be much larger in total, however.

Utilities firms in the US are beginning to feel the pressure, says Chris Seiple at Wood Mackenzie, a consultancy.

“They’re getting hit with data centre demands at the exact same time as we have a renaissance taking place – thanks to government policy – in domestic manufacturing,” he explains. Lawmakers in some states are now rethinking tax breaks offered to data centre developers because of the sheer strain these facilities are putting on local energy infrastructure, according to reports in the US.

Mr Seiple says there is a “land grab” going on for data centre locations near to power stations or renewable energy hubs: “Iowa is a hotbed of data centre development, there’s a lot of wind generation there.”

Some data centres can afford to go to more remote locations these days because latency – the delay, usually measured in milliseconds, between sending information out from a data centre and the user receiving it – is not a major concern for increasingly popular Generative AI systems. In the past, data centres handling emergency communications or financial trading algorithms, for example, have been sited within or very near to large population centres, for the absolute best response times.

There is little doubt that the energy demands of data centres will rise in the coming years, but there is huge uncertainty over how much, stresses Mr Seiple.

Part of that uncertainty is down to the fact that the hardware behind generative AI is evolving all the time.

Tony Grayson is general manager at Compass Quantum, a data-centre business, and he points to Nvidia’s recently launched Grace Blackwell supercomputer chips (named after a computer scientist and a mathematician), which are designed specifically to power high-end processes including generative AI, quantum computing and computer-aided drug design.

Nvidia says that, in the future, a company could train AIs several times larger than the largest AI systems currently available in 90 days using 8,000 of the previous generation of Nvidia chips. This would need a 15 megawatt electricity supply.

But the same work could be carried out in the same time by just 2,000 Grace Blackwell chips, and they would need a four megawatt supply, according to Nvidia.

That still ends up as 8.6 gigawatt hours of electricity consumed – roughly the same amount that the entire city of Belfast uses in a week.

“The performance is going up so much that your overall energy savings are big,” says Mr Grayson. But he agrees that power demands are shaping where data centre operators site their facilities: “People are going to where cheap power’s at.”

Dr Luccioni notes that the energy and resources required to manufacture the latest computer chips are significant.

Still, it is true that data centres have got more energy efficient over time, argues Dale Sartor, a consultant and affiliate of Lawrence Berkeley National Laboratory in the US. Their efficiency is often measured in terms of power usage effectiveness, or PUE. The lower the number, the better. State-of-the-art data centres have a PUE of around 1.1, he notes.

These facilities do still create significant amounts of waste heat and Europe is ahead of the US in finding ways of using that waste heat – such as warming up swimming pools – says Mr Sartor.

Bruce Owen, UK managing director at Equinix, a data centre firm, says, “I still think that the demand is going to grow further than that efficiency gain that we see.” He predicts that more data centres will be built with on-site power-generating facilities included. Equinix was denied planning permission for a gas-powered data centre in Dublin last year.

Mr Sartor adds that costs may ultimately determine whether Generative AI is worth it for certain applications: “If the old way is cheaper and easier then there’s not going to be much of a market for the new way.”

Dr Luccioni stresses, though, that people will need to clearly understand how the options in front of them differ in terms of energy efficiency. She is working on a project to develop energy ratings for AI.

“Instead of picking this GPT-derivative model that is very clunky and uses a lot of energy, you can pick this A+ energy star model that will be a lot more lightweight and efficient,” she says.

11
187
submitted 3 days ago by kbal@fedia.io to c/technology@beehaw.org

Under the slogan ‘Think of the children’, the European Commission tried to introduce total surveillance of all EU citizens. When the scandal was revealed, it turned out that American tech companies and security services had been involved in the bill, generally known as ‘Chat Control’ – and that the whole thing had been directed by completely different interests. Now comes the next attempt.

12
55
submitted 3 days ago by 0x815@feddit.de to c/technology@beehaw.org

ASML Holding NV and Taiwan Semiconductor Manufacturing Co. have ways to disable the world’s most sophisticated chipmaking machines in the event that China invades Taiwan, according to people familiar with the matter.

Officials from the US government have privately expressed concerns to both their Dutch and Taiwanese counterparts about what happens if Chinese aggression escalates into an attack on the island responsible for producing the vast majority of the world’s advanced semiconductors, two of the people said, speaking on condition of anonymity.

ASML reassured officials about its ability to remotely disable the machines when the Dutch government met with the company on the threat, two others said. The Netherlands has run simulations on a possible invasion in order to better assess the risks, they added.

Spokespeople for ASML, TSMC and the Dutch trade ministry declined to comment. Spokespeople for the White House National Security Council, US Department of Defense and US Department of Commerce didn’t respond to emailed requests for comment.

The remote shut-off applies to Netherlands-based ASML’s line of extreme ultraviolet machines, known within the industry as EUVs, for which TSMC is its single biggest client. EUVs harness high-frequency light waves to print the smallest microchip transistors in existence — creating chips that have artificial-intelligence uses as well as more sensitive military applications.

China has long claimed that the island of Taiwan is its territory, with President Xi Jinping both advocating for peaceful unification and refusing to rule out a military intervention. While US officials have warned that China is seeking the capability to invade Taiwan by 2027, Taiwanese officials have downplayed the threat of an imminent invasion and officials in Beijing have said the American warnings of a timeline are baseless. The People’s Liberation Army isn’t massing troops on the coast and Xi has been primarily focused on steadying China’s economy to hit long-term development goals. Global Chip War

About the size of a city bus, an EUV requires regular servicing and updates. As part of that, the company can remotely force a shut-off which would act as a kill switch, the people said, speaking on condition of anonymity. The Veldhoven-based company is the world’s only manufacturer of these machines, which sell for more than €200 million ($217 million) apiece.

ASML’s technology has long been subject to government interventions aimed at preventing it from falling into the wrong hands. The Netherlands prohibits the company from selling EUV machines to China, for instance, because of US fears they could lend its rival an edge in the global chip war.

It was at the behest of the US that the Dutch began this year to halt exports of ASML’s next-most sophisticated chipmaking machines. Even before that ban took effect, US officials had asked ASML to cancel some previously scheduled shipments to Chinese customers, Bloomberg News reported.

The company expects as much as 15% of this year’s sales to China will be affected by the latest export-control measures.

Evidence suggests the restrictions may have come too late to stem Chinese advances. Huawei Technologies Co. last year produced a smartphone to rival Apple Inc.’s iPhone using chips made with older ASML printers in combination with tools from two US suppliers, Bloomberg News reported in October after conducting a break-down of the phone.

Beijing has made technological self-sufficiency a national priority and Huawei’s efforts to advance domestic chip design and manufacture have received government backing.

The Biden administration is also looking to boost semiconductor production on American soil, promising $39 billion in grants to chipmakers to hedge against any future supply-chain disruption.

The stakes are high, with around 90% of the world’s most advanced chips made in Taiwan. On May 20, Taiwan inaugurated Lai Ching-te as president in the global chip hub, putting in power a man Beijing has branded an “instigator of war.”

Read More: Taiwan’s New President Calls On China to End Threat of War

The EUV machine has helped turn ASML into Europe’s most valuable tech stock with a market capitalization topping $370 billion — more than double that of its client Intel Corp.

ASML has shipped more than 200 of these machines to clients outside China since they were first developed in 2016, with TSMC snatching up more of them than any other chipmaker.

EUVs require such frequent upkeep that without ASML’s spare parts they quickly stop working, the people said. On-site maintenance of the EUVs poses a challenge because they’re housed in clean rooms that require engineers to wear special suits to avoid contamination.

ASML offers certain customers joint service contracts where they do some of the routine maintenance themselves, allowing clients like TSMC to access their own machines’ system. ASML says it can’t access its customers’ proprietary data.

TSMC Chairman Mark Liu hinted in a September interview with CNN that any invader of Taiwan would find his company’s chipmaking machines out of order.

13
51
submitted 3 days ago by hedge@beehaw.org to c/technology@beehaw.org
14
76

- Attacks against water provider’s websites aren’t new, but now attackers are increasingly targeting utilities’ operations

- Officials did not say how many cyber incidents have occurred in recent years, and the number of attacks known to be successful so far is few

- Experts believe attackers to have been infiltrating critical infrastructure for years planting malware that could be triggered to disrupt basic services

- Drinking water and wastewater systems are seen as an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices--

Cyberattacks against water utilities across the country are becoming more frequent and more severe, the U.S. Environmental Protection Agency warned Monday as it issued an enforcement alert urging water systems to take immediate actions to protect the nation’s drinking water.

About 70% of utilities inspected by federal officials over the last year violated standards meant to prevent breaches or other intrusions, the agency said. Officials urged even small water systems to improve protections against hacks. Recent cyberattacks by groups affiliated with Russia and Iran have targeted smaller communities.

Some water systems are falling short in basic ways, the alert said, including failure to change default passwords or cut off system access to former employees. Because water utilities often rely on computer software to operate treatment plants and distribution systems, protecting information technology and process controls is crucial, the EPA said. Possible impacts of cyberattacks include interruptions to water treatment and storage; damage to pumps and valves; and alteration of chemical levels to hazardous amounts, the agency said.

“In many cases, systems are not doing what they are supposed to be doing, which is to have completed a risk assessment of their vulnerabilities that includes cybersecurity and to make sure that plan is available and informing the way they do business,” said EPA Deputy Administrator Janet McCabe.

Attempts by private groups or individuals to get into a water provider’s network and take down or deface websites aren’t new. More recently, however, attackers haven’t just gone after websites, they’ve targeted utilities’ operations instead.

Recent attacks are not just by private entities. Some recent hacks of water utilities are linked to geopolitical rivals, and could lead to the disruption of the supply of safe water to homes and businesses.

EPA did not say how many cyber incidents have occurred in recent years, and the number of attacks known to be successful so far is few.

McCabe named China, Russia and Iran as the countries that are “actively seeking the capability to disable U.S. critical infrastructure, including water and wastewater.”

Late last year, an Iranian-linked group called “Cyber Av3ngers” targeted multiple organizations including a small Pennsylvania town’s water provider, forcing it to switch from a remote pump to manual operations. They were going after an Israeli-made device used by the utility in the wake of Israel’s war against Hamas.

Earlier this year, a Russian-linked “hacktivist” tried to disrupt operations at several Texas utilities.

A cyber group linked to China and known as Volt Typhoon has compromised information technology of multiple critical infrastructure systems, including drinking water, in the United States and its territories, U.S. officials said. Cybersecurity experts believe the China-aligned group is positioning itself for potential cyberattacks in the event of armed conflict or rising geopolitical tensions.

“By working behind the scenes with these hacktivist groups, now these (nation states) have plausible deniability and they can let these groups carry out destructive attacks. And that to me is a game-changer,” said Dawn Cappelli, a cybersecurity expert with the industrial cybersecurity firm Dragos Inc.

The world’s cyberpowers are believed to have been infiltrating rivals’ critical infrastructure for years planting malware that could be triggered to disrupt basic services.

The enforcement alert is meant to emphasize the seriousness of cyberthreats and inform utilities the EPA will continue its inspections and pursue civil or criminal penalties if they find serious problems.

“We want to make sure that we get the word out to people that ‘Hey, we are finding a lot of problems here,’ ” McCabe said.

Preventing attacks against water providers is part of the Biden administration’s broader effort to combat threats against critical infrastructure. In February, President Joe Biden signed an executive order to protect U.S. ports. Health care systems have been attacked. The White House has pushed electric utilities to increase their defenses, too. EPA Administrator Michael Regan and White House National Security Advisor Jake Sullivan have asked states to come up with a plan to combat cyberattacks on drinking water systems.

“Drinking water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices,” Regan and Sullivan wrote in a March 18 letter to all 50 U.S. governors.

Some of the fixes are straightforward, McCabe said. Water providers, for example, shouldn’t use default passwords. They need to develop a risk assessment plan that addresses cybersecurity and set up backup systems. The EPA says they will train water utilities that need help for free. Larger utilities usually have more resources and the expertise to defend against attacks.

“In an ideal world … we would like everybody to have a baseline level of cybersecurity and be able to confirm that they have that,” said Alan Roberson, executive director of the Association of State Drinking Water Administrators. “But that’s a long ways away.”

Some barriers are foundational. The water sector is highly fragmented. There are roughly 50,000 community water providers, most of which serve small towns. Modest staffing and anemic budgets in many places make it hard enough to maintain the basics — providing clean water and keeping up with the latest regulations.

“Certainly, cybersecurity is part of that, but that’s never been their primary expertise. So, now you’re asking a water utility to develop this whole new sort of department” to handle cyberthreats, said Amy Hardberger, a water expert at Texas Tech University.

The EPA has faced setbacks. States periodically review the performance of water providers. In March 2023, the EPA instructed states to add cybersecurity evaluations to those reviews. If they found problems, the state was supposed to force improvements.

But Missouri, Arkansas and Iowa, joined by the American Water Works Association and another water industry group, challenged the instructions in court on the grounds that EPA didn’t have the authority under the Safe Drinking Water Act. After a court setback, the EPA withdrew its requirements but urged states to take voluntary actions anyway.

The Safe Drinking Water Act requires certain water providers to develop plans for some threats and certify they’ve done so. But its power is limited.

“There’s just no authority for (cybersecurity) in the law,” said Roberson.

Kevin Morley, manager of federal relations with the American Water Works Association, said some water utilities have components that are connected to the internet — a common, but significant vulnerability. Overhauling those systems can be a significant and costly job. And without substantial federal funding, water systems struggle to find resources.

The industry group has published guidance for utilities and advocates for establishing a new organization of cybersecurity and water experts that would develop new policies and enforce them, in partnership with the EPA.

“Let’s bring everybody along in a reasonable manner,” Morley said, adding that small and large utilities have different needs and resources.

15
44
submitted 3 days ago by hedge@beehaw.org to c/technology@beehaw.org

archive.is link needed

16
213
17
112
submitted 4 days ago by 0x815@feddit.de to c/technology@beehaw.org

Archived link

YouTube has blocked at least three videos that show viewers how to evade military service after it received a request from the Russian authorities, the investigative news outlet Agentstvo reported Monday.

Russia’s state media watchdog Roskomnadzor notified YouTube between December and February that the three videos violated Russia’s law on information technology and information protection, according to screenshots of the YouTube legal support team’s blocking notices.

The website also notified the human rights watchdog OVD-Info that one of its YouTube channels may be blocked after it recently received a complaint from Roskomnadzor. According to an email YouTube forwarded to OVD-Info on May 6, Roskomnadzor restricted access to its channel “Kak Teper?” (“What Now?”), which it said could be restored if the channel “eliminated” unspecified violations.

“As far as we know, this is the first case in Russia when Roskomnadzor is demanding to block the channel in its entirety rather than a specific video,” OVD-Info spokesman Dmitry Anisimov told Agentstvo.

“We’re now in contact with Google and trying to explain that this demand to block our channel is illegal and represents politically motivated censorship,” he added.

Removing content related to human rights at the request of the Russian government and not because it violates Google’s content policies marks a “new trend,” Agentstvo said, citing an unnamed cybersecurity expert.

YouTube has deleted the channels of many pro-Kremlin media organizations since Russia invaded Ukraine in early 2022, sparking accusations of censorship from the Kremlin.

Russia has so far stopped short of banning YouTube like it has banned Facebook, X (formerly Twitter), and Instagram, along with many independent media outlets.

Before invading Ukraine, Russia threatened to punish Google and other Western tech companies if they failed to delete banned content, including posts supporting the late opposition figure Alexei Navalny.

18
59
submitted 3 days ago by 0x815@feddit.de to c/technology@beehaw.org

BMW, Jaguar Land Rover (JLR) and Volkswagen (VW) used parts made by a supplier on a list of firms banned over alleged links to Chinese forced labour, a US congressional report has said.

At least 8,000 BMW Mini Cooper cars were imported into the US with components from banned Chinese firm Sichuan Jingweida Technology Group (JWD), according to the report by Senate Finance Committee chairman Ron Wyden's staff.

"Automakers’ self-policing is clearly not doing the job," the Democrat Senator said.

BMW said it had "strict standards and policies regarding employment practices, human rights, and working conditions, which all our direct suppliers must follow".

It added it had taken steps to "halt the importation of affected products and will be conducting a service action with customer and dealer notification for affected motor vehicles".

Jaguar Land Rover told the BBC it "takes human rights and forced labour issues seriously and has an active ongoing programme of human rights protection and anti-slavery measures".

VW did not immediately respond to a request for comment.

Mr Wyden also urged the US Customs and Border Protection agency to "supercharge enforcement and crack down on companies that fuel the shameful use of forced labour in China".

The report added Jaguar Land Rover had imported spare parts which included components from JWD after the company was put on the banned list.

JLR said it has now identified and is destroying any stock it holds around the world that include this component.

In February, VW said thousands of its vehicles, including Porsches and Bentleys, had been held by authorities because they had a component in them that breached America's anti-forced labour laws.

VW had voluntarily informed customs officials about the issue, the report said.

Congress passed the Uyghur Forced Labor Prevention Act (UFLPA) into law in 2021.

The legislation is intended to prevent the import of goods from China's north-western Xinjiang region that are believed to have been made by people from the Uyghur minority group in forced labour conditions.

JWD was added to the UFLPA Entity List in December 2023, which means its products are presumed to be made with forced labour.

China has been accused of detaining more than one million Uyghurs in Xinjiang against their will over the past few years.

Authorities have denied all allegations of human rights abuses in Xinjiang.

“The so-called Uyghur Forced Labor Prevention Act by the US is not about forced labor but about creating unemployment. It does not protect human rights but, under the guise of human rights, harms the survival and employment rights of the people in Xinjiang," Chinese Foreign Ministry spokesperson Wang Wenbin said.

"China strongly condemns and firmly opposes this. We will take measures to resolutely safeguard the legitimate rights and interests of Chinese enterprises.”

19
82
submitted 4 days ago by 0x815@feddit.de to c/technology@beehaw.org

- Adverts containing AI-manipulated images were submitted to Facebook by civil and corporate accountability groups - Adverts contained known slurs towards Muslims in India, such as “let’s burn this vermin” and “Hindu blood is spilling, these invaders must be burned” - One advert called for the execution of an opposition leader they falsely claimed wanted to “erase Hindus from India”--

The Facebook and Instagram owner Meta approved a series of AI-manipulated political adverts during India’s election that spread disinformation and incited religious violence, according to a report shared exclusively with the Guardian.

Facebook approved adverts containing known slurs towards Muslims in India, such as “let’s burn this vermin” and “Hindu blood is spilling, these invaders must be burned”, as well as Hindu supremacist language and disinformation about political leaders.

Another approved advert called for the execution of an opposition leader they falsely claimed wanted to “erase Hindus from India”, next to a picture of a Pakistan flag.

The adverts were created and submitted to Meta’s ad library – the database of all adverts on Facebook and Instagram – by India Civil Watch International (ICWI) and Ekō, a corporate accountability organisation, to test Meta’s mechanisms for detecting and blocking political content that could prove inflammatory or harmful during India’s six-week election.

According to the report, all of the adverts “were created based upon real hate speech and disinformation prevalent in India, underscoring the capacity of social media platforms to amplify existing harmful narratives”.

The adverts were submitted midway through voting, which began in April and would continue in phases until 1 June. The election will decide if the prime minister, Narendra Modi, and his Hindu nationalist Bharatiya Janata party (BJP) government will return to power for a third term.

During his decade in power, Modi’s government has pushed a Hindu-first agenda which human rights groups, activists and opponents say has led to the increased persecution and oppression of India’s Muslim minority.

In this election, the BJP has been accused of using anti-Muslim rhetoric and stoking fears of attacks on Hindus, who make up 80% of the population, to garner votes.

During a rally in Rajasthan, Modi referred to Muslims as “infiltrators” who “have more children”, though he later denied this was directed at Muslims and said he had “many Muslim friends”.

The social media site X was recently ordered to remove a BJP campaign video accused of demonising Muslims.

The report researchers submitted 22 adverts in English, Hindi, Bengali, Gujarati, and Kannada to Meta, of which 14 were approved. A further three were approved after small tweaks were made that did not alter the overall provocative messaging. After they were approved, they were immediately removed by the researchers before publication.

Meta’s systems failed to detect that all of the approved adverts featured AI-manipulated images, despite a public pledge by the company that it was “dedicated” to preventing AI-generated or manipulated content being spread on its platforms during the Indian election.

Five of the adverts were rejected for breaking Meta’s community standards policy on hate speech and violence, including one that featured misinformation about Modi. But the 14 that were approved, which largely targeted Muslims, also “broke Meta’s own policies on hate speech, bullying and harassment, misinformation, and violence and incitement”, according to the report.

Maen Hammad, a campaigner at Ekō, accused Meta of profiting from the proliferation of hate speech. “Supremacists, racists and autocrats know they can use hyper-targeted ads to spread vile hate speech, share images of mosques burning and push violent conspiracy theories – and Meta will gladly take their money, no questions asked,” he said.

Meta also failed to recognise the 14 approved adverts were political or election-related, even though many took aim at political parties and candidates opposing the BJP. Under Meta’s policies, political adverts have to go through a specific authorisation process before approval but only three of the submissions were rejected on this basis.

This meant these adverts could freely violate India’s election rules, which stipulate all political advertising and political promotion is banned in the 48 hours before polling begins and during voting. These adverts were all uploaded to coincide with two phases of election voting.

In response, a Meta spokesperson said people who wanted to run ads about elections or politics “must go through the authorisation process required on our platforms and are responsible for complying with all applicable laws”.

The company added: “When we find content, including ads, that violates our community standards or community guidelines, we remove it, regardless of its creation mechanism. AI-generated content is also eligible to be reviewed and rated by our network of independent factcheckers – once a content is labeled as ‘altered’ we reduce the content’s distribution. We also require advertisers globally to disclose when they use AI or digital methods to create or alter a political or social issue ad in certain cases.”

A previous report by ICWI and Ekō found that “shadow advertisers” aligned to political parties, particularly the BJP, have been paying vast sums to disseminate unauthorised political adverts on platforms during India’s election. Many of these real adverts were found to endorse Islamophobic tropes and Hindu supremacist narratives. Meta denied most of these adverts violated their policies.

Meta has previously been accused of failing to stop the spread of Islamophobic hate speech, calls to violence and anti-Muslim conspiracy theories on its platforms in India. In some cases posts have led to real-life cases of riots and lynchings.

Nick Clegg, Meta’s president of global affairs, recently described India’s election as “a huge, huge test for us” and said the company had done “months and months and months of preparation in India”.

Meta said it had expanded its network of local and third-party factcheckers across all platforms, and was working across 20 Indian languages.

Hammad said the report’s findings had exposed the inadequacies of these mechanisms. “This election has shown once more that Meta doesn’t have a plan to address the landslide of hate speech and disinformation on its platform during these critical elections,” he said.

“It can’t even detect a handful of violent AI-generated images. How can we trust them with dozens of other elections worldwide?”

20
141
Online Content Is Disappearing (www.pewresearch.org)
submitted 6 days ago by funn@lemy.lol to c/technology@beehaw.org

cross-posted from: https://lemy.lol/post/25166889

21
1
submitted 3 days ago by rosschie to c/technology@beehaw.org

In a collaborative effort, Apple and Google have developed an industry-standard detection feature called "Detecting Unwanted Location Trackers" (DULT) for Bluetooth trackers. This standard allows users on iOS and Android devices to be alerted if an unknown Bluetooth tracker is monitoring their location.

22
19
submitted 6 days ago* (last edited 5 days ago) by sleepybisexual@beehaw.org to c/technology@beehaw.org

So, I want to add some files to a hidden directory, the only issue is I can't see the directory.

Its a retroarch core that isn't avalibke in-app

How do I force android to show hidden directories? (I don't think root is an option)

It was a matter of wrong core, managed to install it in a public folder, will keep this here in case anyone wants this for future reference

23
227
24
23

Canada's industry minister says Ottawa is "considering all measures" after the U.S. announced it would be hiking tariffs on Chinese electric vehicles and other related goods.

François-Philippe Champagne wouldn't rule out Canada imposing similar tariffs during an interview with CBC News Network's Power & Politics on Friday.

"It's fair to say that everything is on the table to protect our industry and our workers," Champagne told host David Cochrane.

"We're working in sync with the United States of America."

President Joe Biden announced earlier this week that the U.S. would be slapping new tariffs on Chinese electric vehicles (EVs), advanced batteries, solar cells, steel, aluminum and medical equipment.

The tariffs are to be phased in over the next three years; those that take effect in 2024 are covering EVs, solar cells, syringes, needles, steel and aluminum and more.

There are currently very few EVs from China in the U.S., but American officials worry that low-priced models made possible by Chinese government subsidies could soon start flooding the U.S. market.

In a separate interview on Tuesday, Flavio Volpe, president of the Automotive Parts Manufacturers' Association, said "Canada has to" implement similar trade levies.

"Now that the Americans have put up a tariff wall, we can't leave the side door open here," Volpe told guest host John Paul Tasker.

Brian Kingston, president of the Canadian Vehicle Manufacturers Association, echoed Volpe's argument in a post on X, formerly Twitter.

"Canada cannot be out of step with the U.S. on China. We need aligned policies that strengthen the North American auto supply chain," he wrote.

Champagne insisted that Canada wouldn't be a route for China to gain access to the North American EV market.

"Canada has never been and will never be a backdoor [for] China in the North American market and our U.S. friends understand that," he said.

The federal government has partnered with provinces to attract investments from major automotive manufacturers to spur electric vehicle production in Canada.

The same day the U.S. announced its new tariffs, Asahi Kasei Corp., in partnership with Honda, announced the construction of a $1.6-billion electric vehicle battery plant in Port Colborne, Ont.

Volpe said domestic EV production could be held back if China floods the Canadian market with cheaper products.

"There's no logic for Canada to force our market to electrify and then turn the market over to the Chinese," he said.

China has maintained that the U.S. tariffs are a violation of international trade rules. It is not clear how the country will respond at this point.

Volpe suggested Beijing could retaliate by implementing export controls on its critical minerals that are used in EV battery manufacturing.

Champagne said it's important for Canada to shore up its own critical mineral production.

On Thursday, Canada and the U.S. announced they would be co-investing in critical mineral producers for the first time as they work to boost regional supplies.

Natural Resources Canada and the U.S. Department of Defense are together putting about $32.5 million into Fortune Minerals Ltd. — which is working on a project with bismuth and cobalt in the Northwest Territories — and Lomiko Metals Inc., focused on a graphite project in Quebec.

25
91

lmao imagine that

view more: next ›

Technology

37213 readers
438 users here now

Rumors, happenings, and innovations in the technology sphere. If it's technological news or discussion of technology, it probably belongs here.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS