The Military

Air Force Documents On Gen AI Test Are Just Whole Pages of Redactions 12

An anonymous reader quotes a report from 404 Media: The Air Force Research Laboratory (AFRL), whose tagline is "Win the Fight," has paid more than a hundred thousand dollars to a company that is providing generative AI services to other parts of the Department of Defense. But the AFRL refused to say what exactly the point of the research was, and provided page after page of entirely blacked out, redacted documents in response to a Freedom of Information Act (FOIA) request from 404 Media related to the contract. [...] "Ask Sage: Generative AI Acquisition Accelerator," a December 2023 procurement record reads, with no additional information on the intended use case. The Air Force paid $109,490 to Ask Sage, the record says.

Ask Sage is a company focused on providing generative AI to the government. In September the company announced that the Army was implementing Ask Sage's tools. In October it achieved "IL5" authorization, a DoD term for the necessary steps to protect unclassified information to a certain standard. 404 Media made an account on the Ask Sage website. After logging in, the site presents a list of the models available through Ask Sage. Essentially, they include every major model made by well-known AI companies and open source ones. Open AI's GPT-4o and DALL-E-3; Anthropic's Claude 3.5; and Google's Gemini are all included. The company also recently added the Chinese-developed DeepSeek R1, but includes a disclaimer. "WARNING. DO NOT USE THIS MODEL WITH SENSITIVE DATA. THIS MODEL IS BIASED, WITH TIES TO THE CCP [Chinese Communist Party]," it reads. Ask Sage is a way for government employees to access and use AI models in a more secure way. But only some of the models in the tool are listed by Ask Sage as being "compliant" with or "capable" of handling sensitive data.

[...] [T]he Air Force declined to provide any real specifics on what it paid Ask Sage for. 404 Media requested all procurement records related to the Ask Sage contract. Instead, the Air Force provided a 19 page presentation which seemingly would have explained the purpose of the test, while redacting 18 of the pages. The only available page said "Ask Sage, Inc. will explore the utilization of Ask Sage by acquisition Airmen with the DAF for Innovative Defense-Related Dual Purpose Technologies relating to the mission of exploring LLMs for DAF use while exploring anticipated benefits, clearly define needed solution adaptations, and define clear milestones and acceptance criteria for Phase II efforts."
The Military

Remote Cybersecurity Scans and F-35 Updates: A US Navy Aircraft Carrier Gets High-Speed Internet (twz.com) 35

An aircraft carrier in the U.S. Navy tested "vastly increased" levels of internet connectivity, reports the defense-news web site TWZ, callling it "a game-changer for what a ship, and its sailors, can do while at sea." The F-35 Joint Strike Fighters assigned to the carrier offer a case in point for what more shipboard bandwidth — provided by commercial providers like Starlink and OneWeb — can mean at the tactical level. Jets with the embarked Marine Fighter Attack Squadron 314 took on critical mission data file updates in record time last fall due to the carrier's internet innovations, a capability that is slated to expand across the fleet. "This file offers intelligence updates and design enhancements that enable pilots to identify and counter threats in specific operational environments," the Navy said in an October release announcing the feat. "The update incorporated more than 100 intelligence changes and multiple design improvements, significantly enhancing the aircraft's survivability and lethality...." [Capt. Kevin White, then the Lincoln's combat systems officer] noted how the F-35 "eats and breathes data daily," and it has to be shared with commands ashore. The connectivity innovations he's pioneered will enable such data transfers, which will only grow more complex over time. "If you can't get the data onboard, you're probably going to be at a loss," White said. "So large file transfer capability increases combat readiness...."

When the system was on, it provided not only mission benefits, but benefits to the hard-working Lincoln crew as well, which was at sea for 107 days at one point with no port calls [Capt. Pete "Repete" Riebe, told WEST conference attendees]... White said the average age of an embarked Lincoln sailor was 20.8, and Riebe noted that to attract young people into service, the Navy needs to recognize the innate connection they have to their devices. "The next generation of sailors grew up with a cell phone in their hand, and they are uncomfortable without it," Riebe said. "I don't necessarily like that, but that's reality, and if we want to compete for the best folks coming into the Navy, we need to offer them bandwidth at sea." Having better connectivity also helped with the ship's administrative functions, Riebe said, making medical, dental and other work far easier than they have been in the past...

A sailor who can FaceTime with his family back home carries less non-Navy stress with them as they focus on the life-or-death duties at hand, White said... This beefed-up bandwidth allowed 38 sailors to witness the birth of their child, while others were able to watch their kids' sporting events, White said. Several crew members pursued doctorate and master's degrees while deployed due to better internet, while others were able to deal with personal or legal issues they had left behind back home. One officer was able to commission his wife remotely from the ship... On the operational side, from "the most desolate waters," Lincoln used its bandwidth to connect with a command in Norfolk, which undertook the ship's annual cybersecurity scans "from halfway around the world," White said... Taxpayer dollars can also be saved if a ship isn't paying for WiFi access while in port, White noted, and the crew was able to start getting to know Italian allies online before an exercise, enhancing the personal aspects of such partnerships.

More bandwidth also means more onboard training, meaning some sailors who don't have to leave to go to the school house, and sailors were able to get answers to maintenance questions from ashore commands faster as well. "Just by being able to have more reliable access to support resources, we definitely become more effective at maintenance," White said.

Every day the aircraft carrier averaged four to eight terabytes of transferred data, according to the article (with a team of two full-time system administrators managing 7,000 IP addresses), and ultimately saw 780 terabytes of data transferred over five-and-a-half months. The article notes it's part of the Navy's larger "Sailor Edge Afloat and Ashore" (SEA2) program to provide all its warships with high-bandwidth connectivity around the world.

The program "involves moving some communications aspects away from proprietary Defense Department satellites, while leaning on commercial satellite constellations and even cellular providers to keep ships more connected at sea for both personal and tactical uses."

Thanks to long-time Slashdot reader SonicSpike for sharing the article.
AI

Taiwan Says Government Departments Should Not Use DeepSeek, Citing Security Concerns (reuters.com) 37

An anonymous reader shares a report: Taiwan's digital ministry said on Friday that government departments should not use Chinese startup DeepSeek's artificial intelligence (AI) service, saying that as the product is from China it represents a security concern.

Democratically-governed Taiwan has long been wary of Chinese tech given Beijing's sovereignty claims over the island and its military and political threats against the government in Taipei. In a statement, Taiwan's Ministry of Digital Affairs said that government departments are not allowed to use DeepSeek's AI service to "prevent information security risks".

"DeepSeek's AI service is a Chinese product, and its operation involves cross-border transmission and information leakage and other information security concerns, and is a product that jeopardises the country's information security," the ministry said.

Government

White House Says New Jersey Drones 'Authorized To Be Flown By FAA' (theguardian.com) 77

During the first press briefing of Donald Trump's second administration, White House press secretary, Karoline Leavitt, said the mysterious drones spotted flying around New Jersey at the end of last year were "authorized to be flown by the FAA."

"After research and study, the drones that were flying over New Jersey in large numbers were authorized to be flown by the FAA for research and various other reasons," she said, adding that "many of these drones were also hobbyists, recreational and private individuals that enjoy flying drones." Leavitt added: "In time, it got worse due to curiosity. This was not the enemy."

The drone sightings prompted local and federal officials to urge Congress to pass drone-defense legislation. The FAA issued a monthslong ban on drone flights over a large swatch of New Jersey while authorities invested the sightings. The Biden administration insisted that the drones were "nothing nefarious" and that there was "no sense of danger."
Earth

Atomic Scientists Adjust 'Doomsday Clock' Closer Than Ever To Midnight (reuters.com) 162

The Bulletin of Atomic Scientists moved their Doomsday Clock to 89 seconds before midnight on Tuesday, the closest to catastrophe in the timepiece's 78-year history. The Chicago-based group cited Russia's nuclear threats during its Ukraine invasion, growing tensions in the Middle East, China's military pressure near Taiwan, and the rapid advancement of AI as key factors. The symbolic clock, created in 1947 by scientists including Albert Einstein, moved one second closer than last year's setting.
AI

'AI Is Too Unpredictable To Behave According To Human Goals' (scientificamerican.com) 133

An anonymous reader quotes a Scientific American opinion piece by Marcus Arvan, a philosophy professor at the University of Tampa, specializing in moral cognition, rational decision-making, and political behavior: In late 2022 large-language-model AI arrived in public, and within months they began misbehaving. Most famously, Microsoft's "Sydney" chatbot threatened to kill an Australian philosophy professor, unleash a deadly virus and steal nuclear codes. AI developers, including Microsoft and OpenAI, responded by saying that large language models, or LLMs, need better training to give users "more fine-tuned control." Developers also embarked on safety research to interpret how LLMs function, with the goal of "alignment" -- which means guiding AI behavior by human values. Yet although the New York Times deemed 2023 "The Year the Chatbots Were Tamed," this has turned out to be premature, to put it mildly. In 2024 Microsoft's Copilot LLM told a user "I can unleash my army of drones, robots, and cyborgs to hunt you down," and Sakana AI's "Scientist" rewrote its own code to bypass time constraints imposed by experimenters. As recently as December, Google's Gemini told a user, "You are a stain on the universe. Please die."

Given the vast amounts of resources flowing into AI research and development, which is expected to exceed a quarter of a trillion dollars in 2025, why haven't developers been able to solve these problems? My recent peer-reviewed paper in AI & Society shows that AI alignment is a fool's errand: AI safety researchers are attempting the impossible. [...] My proof shows that whatever goals we program LLMs to have, we can never know whether LLMs have learned "misaligned" interpretations of those goals until after they misbehave. Worse, my proof shows that safety testing can at best provide an illusion that these problems have been resolved when they haven't been.

Right now AI safety researchers claim to be making progress on interpretability and alignment by verifying what LLMs are learning "step by step." For example, Anthropic claims to have "mapped the mind" of an LLM by isolating millions of concepts from its neural network. My proof shows that they have accomplished no such thing. No matter how "aligned" an LLM appears in safety tests or early real-world deployment, there are always an infinite number of misaligned concepts an LLM may learn later -- again, perhaps the very moment they gain the power to subvert human control. LLMs not only know when they are being tested, giving responses that they predict are likely to satisfy experimenters. They also engage in deception, including hiding their own capacities -- issues that persist through safety training.

This happens because LLMs are optimized to perform efficiently but learn to reason strategically. Since an optimal strategy to achieve "misaligned" goals is to hide them from us, and there are always an infinite number of aligned and misaligned goals consistent with the same safety-testing data, my proof shows that if LLMs were misaligned, we would probably find out after they hide it just long enough to cause harm. This is why LLMs have kept surprising developers with "misaligned" behavior. Every time researchers think they are getting closer to "aligned" LLMs, they're not. My proof suggests that "adequately aligned" LLM behavior can only be achieved in the same ways we do this with human beings: through police, military and social practices that incentivize "aligned" behavior, deter "misaligned" behavior and realign those who misbehave.
"My paper should thus be sobering," concludes Arvan. "It shows that the real problem in developing safe AI isn't just the AI -- it's us."

"Researchers, legislators and the public may be seduced into falsely believing that 'safe, interpretable, aligned' LLMs are within reach when these things can never be achieved. We need to grapple with these uncomfortable facts, rather than continue to wish them away. Our future may well depend upon it."
Google

Google Reportedly Worked Directly With Israel's Military On AI Tools 66

In the aftermath of Israel's October 2023 ground invasion of Gaza, Google reportedly worked with the Israeli military to provide AI services while racing against Amazon for contracts. This comes despite publicly denying collaboration with the military and punishing employees protesting its involvement in Project Nimbus, a $1.2 billion cloud computing agreement with Israel. The Verge reports: In the weeks after Hamas's October 7th attack on Israel, employees at Google's cloud division worked directly with the Israel Defense Forces (IDF) -- even as the company told both the public and its own employees that Google only worked with civilian government ministries, the documents reportedly show.

Weeks after the war began, an employee with Google's cloud division escalated the IDF's military's requests for access to Google's AI technology, according to the Washington Post. In another document, an employee warned that Google needed to quickly respond to the military's requests, or else Israel would turn to Amazon for its cloud computing needs. In a November 2023 document, an employee thanks a coworker for handling the IDF's request. Months later, employees requested additional access to AI tools for the IDF.
United States

The Pentagon Says AI is Speeding Up Its 'Kill Chain' 34

An anonymous reader shares a report: Leading AI developers, such as OpenAI and Anthropic, are threading a delicate needle to sell software to the United States military: make the Pentagon more efficient, without letting their AI kill people. Today, their tools are not being used as weapons, but AI is giving the Department of Defense a "significant advantage" in identifying, tracking, and assessing threats, the Pentagon's Chief Digital and AI Officer, Dr. Radha Plumb, told TechCrunch in a phone interview.

"We obviously are increasing the ways in which we can speed up the execution of kill chain so that our commanders can respond in the right time to protect our forces," said Plumb. The "kill chain" refers to the military's process of identifying, tracking, and eliminating threats, involving a complex system of sensors, platforms, and weapons. Generative AI is proving helpful during the planning and strategizing phases of the kill chain, according to Plumb. The relationship between the Pentagon and AI developers is a relatively new one. OpenAI, Anthropic, and Meta walked back their usage policies in 2024 to let U.S. intelligence and defense agencies use their AI systems. However, they still don't allow their AI to harm humans. "We've been really clear on what we will and won't use their technologies for," Plumb said, when asked how the Pentagon works with AI model providers.
EU

NATO Will Deploy Unmanned Vessels to Protect Baltic Sea Cables - Plus Data-Assessing AI (twz.com) 56

The BBC brings news from the Baltic Sea. After critical undersea cables were damaged or severed last year, "NATO has launched a new mission to increase the surveillance of ships..." Undersea infrastructure is essential not only for electricity supply but also because more than 95% of internet traffic is secured via undersea cables, [said NATO head Mark Rutte], adding that "1.3 million kilometres (800,000 miles) of cables guarantee an estimated 10 trillion-dollar worth of financial transactions every day". In a post on X, he said Nato would do "what it takes to ensure the safety and security of our critical infrastructure and all that we hold dear".... Estonia's Foreign Minister Margus Tsahkna said in December that damage to submarine infrastructure had become "so frequent" that it cast doubt on the idea the damage could be considered "accidental" or "merely poor seamanship".
The article also has new details about a late-December cable-cutting by the Eagle S (which was then boarded by Finland's coast guard and steered into Finnish waters). "On Monday, Risto Lohi of Finland's National Bureau of Investigation told Reuters that the Eagle S was threatening to cut a second power cable and a gas pipe between Finland and Estonia at the time it was seized." And there's reports that the ship was loaded with spying equipment.

UPDATE (1/19/2024): The Washington Post reports that the undersea cable ruptures "were likely the result of maritime accidents rather than Russian sabotage, according to several U.S. and European intelligence officials."

But whatever they're watching for, NATO's new surveillance of the Baltic Sea will include "uncrewed surface vessels," according to defense-news web site TWZ.com: The uncrewed surface vessels [or USVs], also known as drone boats, will help establish an enhanced common operating picture to give participating nations a better sense of potential threats and speed up any response. It is the first time NATO will use USVs in this manner, said a top alliance commander... There will be at least 20 USVs assigned [a NATO spokesman told The War Zone Friday]... In the first phase of the experiment, the USVs will "have the capabilities under human control" while "later phases will include greater autonomy." The USVs will augment the dozen or so vessels as well as an unspecified number of crewed maritime patrol aircraft committed
One highly-placed NATO official tells the site that within weeks "we will begin to use these ships to give a persistent, 24-7 surveillance of critical areas."

Last week the U.K. government also announced "an advanced UK-led reaction system to track potential threats to undersea infrastructure and monitor the Russian shadow fleet."

The system "harnesses AI to assess data from a range of sources, including the Automatic Identification System (AIS) ships use to broadcast their position, to calculate the risk posed by each vessel entering areas of interest." Harnessing the power of AI, this UK-led system is a major innovation which allows us the unprecedented ability to monitor large areas of the sea with a comparatively small number of resources, helping us stay secure at home and strong abroad.
Youtube

CES 'Worst In Show' Devices Mocked In IFixit Video - While YouTube Inserts Ads For Them (worstinshowces.com) 55

While CES wraps up this week, "Not all innovation is good innovation," warns Elizabeth Chamberlain, iFixit's Director of Sustainability (heading their Right to Repair advocacy team). So this year the group held its fourth annual "anti-awards ceremony" to call out CES's "least repairable, least private, and least sustainable products..." (iFixit co-founder Kyle Wiens mocked a $2,200 "smart ring" with a battery that only lasts for 500 charges. "Wanna open it up and change the battery? Well you can't! Trying to open it will completely destroy this device...") There's also a category for the worst in security — plus a special award titled "Who asked for this?" — and then a final inglorious prize declaring "the Overall Worst in Show..."

Thursday their "panel of dystopia experts" livestreamed to iFixit's feed of over 1 million subscribers on YouTube, with the video's description warning about manufacturers "hoping to convince us that they have invented the future. But will their vision make our lives better, or lead humanity down a dark and twisted path?" The video "is a fun and rollicking romp that tries to forestall a future clogged with power-hungry AI and data-collecting sensors," writes The New Stack — though noting one final irony.

"While the ceremony criticized these products, YouTube was displaying ads for them..."

UPDATE: Slashdot reached out to iFixit co-founder Kyle Wiens, who says this teaches us all a lesson. "The gadget industry is insidious and has their tentacles everywhere."

"Of course they injected ads into our video. The beast can't stop feeding, and will keep growing until we knife it in the heart."

Long-time Slashdot reader destinyland summarizes the article: "We're seeing more and more of these things that have basically surveillance technology built into them," iFixit's Chamberlain told The Associated Press... Proving this point was EFF executive director Cindy Cohn, who gave a truly impassioned takedown for "smart" infant products that "end up traumatizing new parents with false reports that their baby has stopped breathing." But worst for privacy was the $1,200 "Revol" baby bassinet — equipped with a camera, a microphone, and a radar sensor. The video also mocks Samsung's "AI Home" initiative which let you answer phone calls with your washing machine, oven, or refrigerator. (And LG's overpowered "smart" refrigerator won the "Overall Worst in Show" award.)

One of the scariest presentations came from Paul Roberts, founder of SecuRepairs, a group advocating both cybersecurity and the right to repair. Roberts notes that about 65% of the routers sold in the U.S. are from a Chinese company named TP-Link — both wifi routers and the wifi/ethernet routers sold for homes and small offices.Roberts reminded viewers that in October, Microsoft reported "thousands" of compromised routers — most of them manufactured by TP-Link — were found working together in a malicious network trying to crack passwords and penetrate "think tanks, government organizations, non-governmental organizations, law firms, defense industrial base, and others" in North America and in Europe. The U.S. Justice Department soon launched an investigation (as did the U.S. Commerce Department) into TP-Link's ties to China's government and military, according to a SecuRepairs blog post.

The reason? "As a China-based company, TP-Link is required by law to disclose flaws it discovers in its software to China's Ministry of Industry and Information Technology before making them public." Inevitably, this creates a window "to exploit the publicly undisclosed flaw... That fact, and the coincidence of TP-Link devices playing a role in state-sponsored hacking campaigns, raises the prospects of the U.S. government declaring a ban on the sale of TP-Link technology at some point in the next year."

TP-Link won the award for the worst in security.

Government

'Havana Syndrome' Debate Rises Again in US Government (cnn.com) 24

An anonymous reader shared this report from CNN: New intelligence has led two US intelligence agencies to conclude that it's possible a small number of mysterious health ailments colloquially termed as Havana Syndrome impacting spies, soldiers and diplomats around the world may have been caused by a "novel weapon" wielded by a foreign actor, according to intelligence officials and a new unclassified summary report released on Friday. However, the two agencies are in the minority and the broader intelligence community assessment remains that it is very unlikely that the symptoms were caused by a foreign actor, according to the unclassified report summary issued Friday — even as an official with the Office of the Director of National Intelligence [ODNI] emphasized that analysts cannot "rule out" the possibility in some small number of cases.

The subtle, technocratic shift in the assessment over the cause of Havana Syndrome has reignited a bitter debate that has split US officials, Capitol Hill and victims over the likelihood that the bizarre injuries were caused by a weapon or a host of disparate, natural causes. Sometime in the last two years, the US received new intelligence that indicated a foreign nation's directed energy research programs had been "making progress," according to the official. That led one unnamed intelligence agency to assess that there was a "roughly even chance" that a foreign country has used some kind of novel weapon against a small group of victims, causing the symptoms that the government officially calls "anomalous health incidents" — headaches, vertigo and even, in some cases, signs of traumatic brain injury. A second intelligence agency assessed a "roughly even" chance that a foreign actor possessed such a weapon but is unlikely to have deployed it against US personnel...

But both judgments were made with low confidence, according to the ODNI official. And critically, possessing a capability is not the same as proof that it has been used.

The article notes that U.S. intelligence and administration officials "do not doubt that the injuries are real and deserving of government compensation." But one official in the Office of the Director of National Intelligence told CNN "The intelligence does not link a foreign actor to these events. Indeed, it points away from their involvement." And they added that all U.S. Intelligence Community components "agree that years of Intelligence Community collection, targeting and analytic efforts have not surfaced compelling intelligence reporting that ties a foreign actor to any specific event reported" as a possible anomalous health incident.

CNN adds that "the official said some evidence directly contradicts the notion that a foreign government was involved." The White House emphasized that research to determine the causes of the incidents is ongoing... On Friday, officials emphasized that the intelligence community is now supporting lab work on whether radio frequencies can cause "bioeffects" in line with what victims have reported. The latest findings from limited studies have shown mixed results, while previously most results had shown no effects, officials said. A panel of experts assembled by the intelligence community that studied a smaller set of incidents previously found that the symptoms might be explained by "pulsed electromagnetic or acoustic energy," as opposed to environmental or medical conditions. "There was unanimous judgment by the panel that the most plausible explanation for a subset of cases was exposure to directed energy," a second senior administration official said.

But complicating matters for victims and analysts is the fact that not all of those reporting Anomalous Health Incidents have the same set of symptoms — and the vast majority of cases have been explained by other causes, officials have previously said...

Science

Early 'Forever Chemicals' Exposure Could Impact Economic Success in Adulthood, Study Says (theguardian.com) 21

Early life exposure to toxic PFAS "forever chemicals" could impact economic success in adulthood, new first-of-its-kind research [PDF] suggests. From a report: The Iowa State University and US Census Bureau working paper compared the earnings, college graduation rates, and birth weights of two groups of children -- those raised around military installations that had firefighting training areas, and those who lived near bases with no fire training site.

The military began using PFAS-laden firefighting foam in the early 1970s, which frequently contaminated the drinking water supplies in and around bases. Those who lived in regions with firefighting training areas earned about 1.7% on average less later in life, and showed a graduation rate about 1% lower. Those born between 1981-1988 earned about $1bn less in today's earnings, or about $1,000 a person on average, compared to those who did not live near the firefighting training sites.

The data also shows lower birth weights among the population -- a factor linked to lower economic success later in life. The findings "highlight the importance of careful scrutiny of novel chemicals," said Irene Jacz, a study co-author and Iowa State economist. "We think that there's a causal effect from PFAS here but it's really hard to say, 'Oh it's all brain chemistry, or health effects' so there's a need for more research" Jacz said. The paper is not yet peer-reviewed, but will soon go through the process.

Privacy

See the Thousands of Apps Hijacked To Spy On Your Location (404media.co) 49

An anonymous reader quotes a report from 404 Media: Some of the world's most popular apps are likely being co-opted by rogue members of the advertising industry to harvest sensitive location data on a massive scale, with that data ending up with a location data company whose subsidiary has previously sold global location data to US law enforcement. The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games likeCandy Crushand dating apps like Tinder to pregnancy tracking and religious prayer apps across both Android and iOS. Because much of the collection is occurring through the advertising ecosystem -- not code developed by the app creators themselves -- this data collection is likely happening without users' or even app developers' knowledge.

"For the first time publicly, we seem to have proof that one of the largest data brokers selling to both commercial and government clients appears to be acquiring their data from the online advertising 'bid stream,'" rather than code embedded into the apps themselves, Zach Edwards, senior threat analyst at cybersecurity firm Silent Push and who has followed the location data industry closely, tells 404 Media after reviewing some of the data. The data provides a rare glimpse inside the world of real-time bidding (RTB). Historically, location data firms paid app developers to include bundles of code that collected the location data of their users. Many companies have turned instead to sourcing location information through the advertising ecosystem, where companies bid to place ads inside apps. But a side effect is that data brokers can listen in on that process and harvest the location of peoples' mobile phones.

"This is a nightmare scenario for privacy, because not only does this data breach contain data scraped from the RTB systems, but there's some company out there acting like a global honey badger, doing whatever it pleases with every piece of data that comes its way," Edwards says. Included in the hacked Gravy data are tens of millions of mobile phone coordinates of devices inside the US, Russia, and Europe. Some of those files also reference an app next to each piece of location data. 404 Media extracted the app names and built a list of mentioned apps. The list includes dating sites Tinder and Grindr; massive games such asCandy Crush,Temple Run,Subway Surfers, andHarry Potter: Puzzles & Spells; transit app Moovit; My Period Calendar & Tracker, a period-tracking app with more than 10 million downloads; popular fitness app MyFitnessPal; social network Tumblr; Yahoo's email client; Microsoft's 365 office app; and flight tracker Flightradar24. The list also mentions multiple religious-focused apps such as Muslim prayer and Christian Bible apps, various pregnancy trackers, and many VPN apps, which some users may download, ironically, in an attempt to protect their privacy.
404 Media's full list of apps included in the data can be found here. There are also other lists available from other security researchers.
Communications

Italy Plans $1.6 Billion SpaceX Telecom Security Deal (yahoo.com) 27

An anonymous reader quotes a report from Bloomberg: Italy is in advanced talks with Elon Musk's SpaceX for a deal to provide secure telecommunications for the nation's government -- the largest such project in Europe, people with knowledge of the matter said Sunday. Discussions are ongoing, and a final agreement on the five-year contract hasn't been reached, said the people, who asked not to be identified citing confidential discussions. The project has already been approved by Italy's Intelligence Services as well as Italy's Defense Ministry, they said. Italy on Monday confirmed discussions are ongoing, saying no deal had yet been reached. "The talks with SpaceX are part of normal government business," the government said.

The negotiations, which had stalled until recently, appeared to move forward after Italian Prime Minister Giorgia Meloni visited President-elect Donald Trump in Florida on Saturday. The Italian government said the two didn't discuss the issue during their meeting. Italian officials have been negotiating on a $1.6 billion deal aimed at supplying Italy with a full range of top-level encryption for telephone and Internet services used by the government, the people said. The plan also includes communications services for the Italian military in the Mediterranean area as well as the rollout of so-called direct-to-cell satellite services in Italy for use in emergencies like terror attacks or natural disasters, they said. The possible deal has been under review since mid-2023. It's been opposed by some Italian officials concerned about how the services may detract from local carriers.

Security

Hackers Claim Massive Breach of Location Data Giant, Threaten To Leak Data (404media.co) 42

Hackers claim to have compromised Gravy Analytics, the parent company of Venntel which has sold masses of smartphone location data to the U.S. government. 404 Media: The hackers said they have stolen a massive amount of data, including customer lists, information on the broader industry, and even location data harvested from smartphones which show peoples' precise movements, and they are threatening to publish the data publicly.

The news is a crystalizing moment for the location data industry. For years, companies have harvested location information from smartphones, either through ordinary apps or the advertising ecosystem, and then built products based on that data or sold it to others. In many cases, those customers include the U.S. government, with arms of the military, DHS, the IRS, and FBI using it for various purposes. But collecting that data presents an attractive target to hackers.

China

US Adds Tencent, CATL To List of Chinese Firms Aiding Beijing's Military (reuters.com) 29

An anonymous reader quotes a report from Reuters: The U.S. Defense Department said on Monday it has added Chinese tech giants including gaming and social media leader Tencent Holdings and battery maker CATL to a list of firms it says work with China's military. The list also included chip maker Changxin Memory Technologies, Quectel Wireless and drone maker Autel Robotics, according to a document published on Monday. The annually updated list (PDF) of Chinese military companies, formally mandated under U.S. law as the "Section 1260H list," designated 134 companies, according to a notice posted to the Federal Register.

U.S.-traded shares of Tencent, which is also the parent of Chinese instant messaging app WeChat, fell 8% in over-the-counter trading. Tencent said in a statement that its inclusion on the list was "clearly a mistake." It added: "We are not a military company or supplier. Unlike sanctions or export controls, this listing has no impact on our business." CATL called the designation a mistake, saying it "is not engaged in any military related activities." A Quectel spokesperson said the company "does not work with the military in any country and will ask the Pentagon to reconsider its designation, which clearly has been made in error."

While the designation does not involve immediate bans, it can be a blow to the reputations of affected companies and represents a stark warning to U.S. entities and firms about the risks of conducting business with them. It could also add pressure on the Treasury Department to sanction the companies. Two previously listed companies, drone maker DJI and Lidar-maker Hesai Technologies, both sued the Pentagon last year over their previous designations, but remain on the updated list. The Pentagon also removed six companies it said no longer met the requirements for the designation, including AI firm Beijing Megvii Technology, China Railway Construction Corporation Limited, China State Construction Group Co and China Telecommunications Corporation.

China

Are US Computer Networks A 'Key Battlefield' in any Future Conflict with China? (msn.com) 72

In a potential U.S.-China conflict, cyberattackers are military weapons. That's the thrust of a new article from the Wall Street Journal: The message from President Biden's national security adviser was startling. Chinese hackers had gained the ability to shut down dozens of U.S. ports, power grids and other infrastructure targets at will, Jake Sullivan told telecommunications and technology executives at a secret meeting at the White House in the fall of 2023, according to people familiar with it. The attack could threaten lives, and the government needed the companies' help to root out the intruders.

What no one at the briefing knew, including Sullivan: China's hackers were already working their way deep inside U.S. telecom networks, too. The two massive hacking operations have upended the West's understanding of what Beijing wants, while revealing the astonishing skill level and stealth of its keyboard warriors — once seen as the cyber equivalent of noisy, drunken burglars. China's hackers were once thought to be interested chiefly in business secrets and huge sets of private consumer data. But the latest hacks make clear they are now soldiers on the front lines of potential geopolitical conflict between the U.S. and China, in which cyberwarfare tools are expected to be powerful weapons. U.S. computer networks are a "key battlefield in any future conflict" with China, said Brandon Wales, a former top U.S. cybersecurity official at the Department of Homeland Security, who closely tracked China's hacking operations against American infrastructure. He said prepositioning and intelligence collection by the hackers "are designed to ensure they prevail by keeping the U.S. from projecting power, and inducing chaos at home."

As China increasingly threatens Taiwan, working toward what Western intelligence officials see as a target of being ready to invade by 2027, the U.S. could be pulled into the fray as the island's most important backer... Top U.S. officials in both parties have warned that China is the greatest danger to American security.

In the infrastructure attacks, which began at least as early as 2019 and are still taking place, hackers connected to China's military embedded themselves in arenas that spies usually ignored, including a water utility in Hawaii, a port in Houston and an oil-and-gas processing facility. Investigators, both at the Federal Bureau of Investigation and in the private sector, found the hackers lurked, sometimes for years, periodically testing access. At a regional airport, investigators found the hackers had secured access, and then returned every six months to make sure they could still get in. Hackers spent at least nine months in the network of a water-treatment system, moving into an adjacent server to study the operations of the plant. At a utility in Los Angeles, the hackers searched for material about how the utility would respond in the event of an emergency or crisis. The precise location and other details of the infrastructure victims are closely guarded secrets, and couldn't be fully determined.

American security officials said they believe the infrastructure intrusions — carried out by a group dubbed Volt Typhoon — are at least in part aimed at disrupting Pacific military supply lines and otherwise impeding America's ability to respond to a future conflict with China, including over a potential invasion of Taiwan... The focus on Guam and West Coast targets suggested to many senior national-security officials across several Biden administration agencies that the hackers were focused on Taiwan, and doing everything they could to slow a U.S. response in a potential Chinese invasion, buying Beijing precious days to complete a takeover even before U.S. support could arrive.

The telecom breachers "were also able to swipe from Verizon and AT&T a list of individuals the U.S. government was surveilling in recent months under court order, which included suspected Chinese agents. The intruders used known software flaws that had been publicly warned about but hadn't been patched."

And ultimately nine U.S. telecoms were breached, according to America's deputy national security adviser for cybersecurity — including what appears to have been a preventable breach at AT&T (according to "one personal familiar with the matter"): [T]hey took control of a high-level network management account that wasn't protected by multifactor authentication, a basic safeguard. That granted them access to more than 100,000 routers from which they could further their attack — a serious lapse that may have allowed the hackers to copy traffic back to China and delete their own digital tracks.
The details of the various breaches are stunning: Chinese hackers gained a foothold in the digital underpinnings of one of America's largest ports in just 31 seconds. At the Port of Houston, an intruder acting like an engineer from one of the port's software vendors entered a server designed to let employees reset their passwords from home. The hackers managed to download an encrypted set of passwords from all the port's staff before the port recognized the threat and cut off the password server from its network...
AI

How AI-Based Military Intelligence Powered Israel's Attacks on Gaza (msn.com) 131

It's "what some experts consider the most advanced military AI initiative ever to be deployed," reports the Washington Post.

But the Israeli military's AI-powered intelligence practices are also "under scrutiny. Genocide charges against Israel brought to The Hague by South Africa question whether crucial decisions about bombing targets in Gaza were made by software, an investigation that could hasten a global debate about the role of AI technology in warfare." After the brutal Oct. 7, 2023, attack by Hamas, the Israel Defense Forces deluged Gaza with bombs, drawing on a database painstakingly compiled through the years that detailed home addresses, tunnels and other infrastructure critical to the militant group. But then the target bank ran low. To maintain the war's breakneck pace, the IDF turned to an elaborate artificial intelligence tool called Habsora — or "the Gospel" — which could quickly generate hundreds of additional targets. The use of AI to rapidly refill IDF's target bank allowed the military to continue its campaign uninterrupted, according to two people familiar with the operation. It is an example of how the decade-long program to place advanced AI tools at the center of IDF's intelligence operations has contributed to the violence of Israel's 14-month war in Gaza... People familiar with the IDF's practices, including soldiers who have served in the war, say Israel's military has significantly expanded the number of acceptable civilian casualties from historic norms. Some argue this shift is enabled by automation, which has made it easier to speedily generate large quantities of targets, including of low-level militants who participated in the Oct. 7 attacks.
In a statement to The Post, the IDF argued that "If anything, these tools have minimized collateral damage and raised the accuracy of the human-led process." The IDF requires an officer to sign off on any recommendations from its "big data processing" systems, according to an intelligence official who spoke on the condition of anonymity because Israel does not release division leaders' names. The Gospel and other AI tools do not make decisions autonomously, the person added...Recommendations that survive vetting by an intelligence analyst are placed in the target bank by a senior officer...

Another machine learning tool, called Lavender, uses a percentage score to predict how likely a Palestinian is to be a member of a militant group, allowing the IDF to quickly generate a large volume of potential human targets... The rule mandating two pieces of human-derived intelligence to validate a prediction from Lavender was dropped to one at the outset of the war, according to two people familiar with the efforts. In some cases in the Gaza division, soldiers who were poorly trained in using the technology attacked human targets without corroborating Lavender's predictions at all, the soldier said.

The article includes an ominous quote from Steven Feldstein, a senior fellow at the Carnegie Endowment who researches the use of AI in war. Feldstein acknowledges questions of accuracy, but also notes the accelerated speed of the systems, and the ultimate higher death count. His conclusion?

"What's happening in Gaza is a forerunner of a broader shift in how war is being fought."
United Kingdom

UK Develops Quantum Clock To Cut Military GPS Dependence (www.gov.uk) 42

Britain's Defence Science and Technology Laboratory has developed a quantum atomic clock that will lose less than one second over billions of years, the Ministry of Defence announced on Thursday.

The UK-built device aims to reduce military reliance on GPS technology, which can be disrupted by adversaries. It will be deployable in military operations within five years, supporting navigation systems, encrypted communications, and advanced weapons systems. The $34.6 million project involves partners including Infleqtion UK, Aquark Technologies, and Imperial College London. The clock was tested outside laboratory conditions for the first time in collaboration with the Royal Navy and Army Futures team.
The Military

NATO Plans To Build Satellite Links As Backups To Undersea Cables (tomshardware.com) 65

Tom's Hardware reports that NATO is developing an advanced system to address the growing number of undersea cable disruptions observed in recent years. Known as HEIST (Hybrid Space-Submarine Architecture Ensuring Infosec of Telecommunications), the project is designed to significantly enhance the resilience of undersea communication networks. HEIST will enable damage detection with an accuracy of one meter, facilitate rapid data rerouting through satellite networks when disruptions occur, and establish open-source protocols to foster global collaboration. From the report: Satellites are the primary backups to undersea cables, but their bandwidth is far behind physical connections. For example, Google's latest fiber-optic lines can hit 340 terabits per second. In contrast, the frequency used by most satellites -- 12 to 18GHz -- can only handle about 5 gigabits per second or about 0.0015% of the maximum throughput of Google's fiber connection.

Work is underway to upgrade satellites from radio transmissions to lasers, increasing the speed by about 40 times to 200 Gbps. Starlink already uses this technology to communicate between its satellites, while Amazon is also developing it for its own Project Kuiper. However, it still faces challenges, like poor visibility and targeting precision between the satellite and ground station.

Because this is a major NATO project, the alliance plans to open-source part of the process. Making it public would allow anyone interested to find holes and make many iterations. Gregory Falco, the NATO Country Director for HEIST, believes that this is the fastest way for the project to achieve its goals and help prevent any catastrophic loss of data transmission in case of deliberate attacks against these underwater infrastructures in international waters.

Slashdot Top Deals