Sunday☕️

Earth Intelligence

23 Jun 2024 — 7 min read

Trending:

Kraken Security Breach
Russia Targets Ukraines Power Grid

Week Recap:

U.S. food chain giant Panera Bread is alerting employees due to a data breach that occurred during a ransomware attack in March, resulting in the theft of their sensitive personal information by unknown threat actors. Panera Bread and its franchises operate 2,160 cafes under the names Panera Bread or Saint Louis Bread Co, across 48 states in the U.S. and Ontario, Canada. In breach notification letters submitted to the Office of the California Attorney General, Panera Bread detailed the "security incident," outlining steps taken to contain the breach, engage external cybersecurity experts, and notify law enforcement.
The United States and the Republic of Korea are intensifying their efforts to strengthen alliances within the Indo-Pacific region, particularly in response to the growing ties between Russia, North Korea, and China, officials reported on June 10. This strategic move is seen as a necessary response to the increasing global instability driven by powers such as Russia, China, Iran, and North Korea. Kyou-hyun Kim, the former director of the national intelligence service of the Republic of Korea, emphasized the complexity of modern geopolitics, likening it to a team sport where each player has a unique role contributing to the overall strategy.
Chinese scientists have developed an AI military commander in a laboratory at the Joint Operations College of the National Defence University in Shijiazhuang, Hebei province. This AI mirrors human military leaders in experience, thought patterns, personality, and even flaws. Although it has been granted supreme command authority in large-scale computer war games involving all branches of the People’s Liberation Army (PLA), it is strictly confined to the laboratory. The project, revealed in May through a peer-reviewed paper in the Chinese-language journal Common Control & Simulation, was led by senior engineer Jia Chenxing.
On Wednesday, Russia and North Korea signed a new comprehensive strategic partnership, raising concerns among Western officials about the implications of President Vladimir Putin's first state visit to the nuclear-armed country in 24 years. The partnership, which includes a mutual defense pact, was announced by Russian state media shortly after Putin's arrival in Pyongyang. Putin received a red carpet welcome from North Korean leader Kim Jong Un, with thousands attending a lavish ceremony. During the reception, Kim expressed full support and solidarity with Moscow, particularly for its special military operation in Ukraine, according to the state-owned news agency Tass.
A hacker accessed the systems behind Tile device trackers, stealing customer data including names, addresses, emails, and phone numbers. The incident, reported by 404 Media, occurred through a tool designed for responding to law enforcement requests about Tile trackers. However, the stolen information did not include precise Tile location data. The hacker reportedly used login credentials allegedly belonging to a former Tile employee. Screenshots provided to 404 Media by the hacker showed they had access to various internal tools, such as those for transferring ownership of Tile trackers, adding admin accounts, and sending messages to Tile users.
On Thursday, Anthropic, a rising competitor to OpenAI, announced the launch of Claude 3.5 Sonnet, its most advanced artificial intelligence model to date. Claude, much like OpenAI's ChatGPT and Google's Gemini, has surged in popularity over the past year. Anthropic, which was established by former OpenAI research executives, boasts significant backing from tech giants such as Google, Salesforce, and Amazon.
Amtrak has reported a data breach affecting users of its Guest Rewards program. According to a notice filed with the state of Massachusetts, an unknown third party accessed users' account information from May 15-18 using compromised usernames and passwords from previous breaches. Amtrak clarified that its systems were not directly hacked. The accessed data included names, contact information, Guest Rewards account numbers, dates of birth, partial credit card numbers and expiration dates, gift card information, and details about transactions and trips.
Apple has made a notable move by contributing 20 new Core Machine Learning (ML) models to the open-source AI repository Hugging Face. Open sourcing software means making the source code of a software project publicly available so that anyone can view, use, modify, and distribute it. By open sourcing their AI models, Apple is allowing developers and researchers worldwide to access, study, and build upon their work.

Kraken Security Breach:

Crypto exchange Kraken recently disclosed a significant security breach where an unnamed security researcher exploited a critical zero-day vulnerability, resulting in the theft of $3 million in digital assets. This incident was detailed by Kraken's Chief Security Officer, Nick Percoco, on X. The researcher alerted Kraken's Bug Bounty program about a bug that allowed them to artificially inflate their account balance without providing additional specifics. Upon receiving the alert, Kraken quickly identified the issue, which enabled an attacker to deposit funds into their account without fully completing the deposit process. While client assets were not at risk, the flaw could have allowed threat actors to create assets in their accounts.
Kraken addressed the problem and traced its origin to a recent user interface change that let customers use deposited funds before they were cleared. Further investigation revealed that three accounts, including one linked to the security researcher, exploited the flaw within a few days, siphoning off $3 million. Instead of reporting the bug through proper channels to receive a reward, the researcher shared the exploit with two associates. These associates fraudulently generated larger sums and withdrew nearly $3 million from Kraken's treasury.
Kraken reached out to the researcher to share their proof-of-concept exploit and arrange for the return of the stolen funds. Instead, the researcher demanded a payment from Kraken's business development team to release the assets, which Percoco described as extortion. Kraken is treating the incident as a criminal case and is coordinating with law enforcement. Blockchain security firm CertiK later identified itself as the entity behind the breach. CertiK stated it discovered critical flaws that allowed the creation of fake crypto on any account, which could then be withdrawn and converted into real assets.
CertiK defended its actions, stating that no real Kraken user assets were involved in their research activities and criticized Kraken's defense systems for failing to detect their test transactions. Kraken accused CertiK of exploiting the flaw for financial gain before reporting it. Despite the initial conflict, Nick Percoco later updated that all funds had been returned to Kraken, with a small amount lost to fees. The recovered $2.9 million was subsequently distributed to Kraken users via a USDT airdrop.

Russia Targets Ukraines Power Grid:

Russia has launched an offensive on Ukraine's power grid, marking the eighth such strike in the past three months, according to Ukraine's energy ministry. Ukrainian officials reported that air defense systems successfully intercepted 12 out of 16 missiles and all 13 drones launched by Russia overnight, targeting several regions. In Kharkiv, northeastern Ukraine, Russian guided bombs resulted in three fatalities and at least 18 injuries, with multiple explosions heard in the city.
To cope with the energy deficit, Ukraine is importing electricity from the European Union, but these imports are insufficient to fully meet the country’s needs. Consequently, Ukraine is implementing planned nationwide blackouts to safeguard critical infrastructure like hospitals and military facilities. Maxim Timchenko, CEO of DTEK, a major Ukrainian energy company, has called for international support to protect and rebuild the energy system.
President Zelensky has consistently urged Ukraine’s allies to provide more air defense systems, specifically requesting seven advanced Patriot systems from the United States. This sentiment was echoed by Ivan Fedorov, the governor of Zaporizhzhia, who stressed the necessity of enhanced air defense capabilities. U.S. National Security Council spokesman John Kirby announced that Ukraine would be given priority for Patriot system deliveries, ahead of other countries in line.

Statistic: