- The Weekend Byte
- Posts
- Massive AT&T Breach
Massive AT&T Breach
Nearly all customer's phone and SMS records stolen over a six-month period.
I spent time in Chicago this week and was reminded that it is one of my favorite cities. Amazing architecture, great food (with many plant-based options), great summer weather, and awesome people. That includes my Lyft driver, who randomly brought up deepfakes and asked if I had ever heard of them. Are deepfakes mainstream now??
This week in the cyber world, we’re covering:
A look into a Russian AI-enabled disinformation platform
AT&T customer phone and text message records lost in data breach
The winner of the first AI influencer pageant 🤦
-Jason
AI Spotlight
AI-Enabled Russian Propaganda
This week, the US Department of Justice announced that it seized two domains and shut down 968 social media accounts associated with an AI-enabled Russian bot farm used to spread propaganda. The platform, dubbed Meliorator, was defined as a “covert artificial intelligence (AI) enhanced software package.”
The platform enabled Russian state-sponsored media affiliates to automate the following tasks with AI:
Create fictitious online personas en masse to include profile pictures, biographical information, and other user details.
Generate fake images and text for social posts, often based on other Russian disinformation.
Automate engagement and interact with other fake profiles.
A joint cybersecurity advisory published last week shows the components of the platform. At the time of the advisory, the platform focused on X (Twitter), though could easily be updated to include other social media platforms.
Meliorator Components
What type of misinformation is Russia pumping out? I’m so glad you asked. A few weeks ago, one hilarious example popped up. A French fake news site, Vérité Cachée, posted an article stating that Olena Zelenska, the wife of the Ukraine President, would be the first person to receive a new Bugatti Turbillon. The article included an obvious deepfake of a fake Bugatti dealership employee. You can watch the deepfake video yourself.
For me, the small head and seat belt gave away the idea that it was fake.
Screenshot of deepfake video
Per Ars Technica, Vérité Cachéeis is part of a news network run by John Mark Dougan, a former US Marine and cop who now lives in Moscow and works with Russian think tanks. Not cool.
In more AI news, you can also tell that the fake news website is an AI fan. They left what appears to be part of an AI prompt to rewrite an article in the main article. Can you blame the AI intern for that?
Security Deep Dive
AT&T + Snowflake = Ouch
We’re still dealing with the fallout from the threat actor who hacked over 165 Snowflake customer accounts. The first victims to come forward, Ticketmaster and Santander, were just the beginning.
And not that it’s a competition, but the latest victim to come forward, AT&T, put the others to shame with the type of information that was exposed…
Let’s break down AT&T’s public statement…
The attackers behind the Ticketmaster and Santander breach accessed an AT&T Snowflake account that did not enforce MFA. If you recall from a previous newsletter, Snowflake is a data warehouse that can store A LOT of information. It’s a great solution for enterprises with a ton of data and the need to slice that data for business analytics or other purposes.
Per TechCrunch, AT&T will notify over 110 million customers that their data was stolen in the attack. What type of data…well that’s where things get interesting. The stolen data included the phone and SMS records for “nearly every” AT&T cell customer that occurred from May 1, 2022, to October 31, 2022, and, randomly, January 2, 2023.
It’s important to point out that the content of the text messages was NOT impacted. It was just a record of the phone number you interacted with. So at least AT&T customers can be spared from being embarrassed about the number of gifs/memes they send.
Cool story. Another data breach, so what? TBH, it’s more of the same. More of your data (assuming you’re an AT&T customer) is potentially out there in the ethers of the dark web. So, while we can freak out about the headline, the same tried and true approach to security should be maintained.
Use a password manager: While passwords were (thankfully) not impacted in this data breach, they are a prime target for attackers. The stolen information can be used to create more targeted phishing attacks. Use a password manager to maintain unique passwords on every site. This limits the blast radius if your password is compromised.
Use MFA everywhere: Seriously, you’ve heard this everywhere. Just do it. Shoot for passkeys wherever they are supported. If they’re not, take a look at time-based one-time password (TOTP) (those rotating numbers) in your password manager. This ties the MFA to a specific domain, adding a protection layer.
Be suspicious of links: Stranger danger still applies on the Internet, but if attackers know numbers you typically interact with, they can combine that information with other leaked data to have a profile of you and the people you talk with. So even if your friends are sending some dank memes, if something seems weird, don’t click on it.
Whelp, that’s one other major data breach announced from the Snowflake…who knows how many more to go. Until then, we’ll just sit and rock ourselves to comfort.
Security News
What Else is Happening?
🏆️ Congrats to Kenza Layli, the winner of the first Miss-AI pageant…wait, wtf? Yeah, she’s not real…she’s a GenAI influencer with over 200K followers. Why does this need to be a thing?
☠️ In the greatest description of a ransomware attack, Frankfurt University was the victim of a “a serious hacker attack.” Sadly for the students, courses are still happening.
🎤 Sad news for Swiftie fans…the Taylor Swift concert barcodes that TicketMaster hackers claimed to have stolen are useless. We have scalpers to thank for that. The barcodes change every few seconds to avoid the impact of this very scenario.
🤖 The latest diss is to claim that someone isn’t even real. This happened to a UK political candidate who missed campaign events due to pneumonia. This led some to speculate that he was an AI bot. What a time to be alive.
🤦 A US intelligence official reported that the Russian misinformation engine has started to meddle in the US elections. Per The Record, the official said, “We are beginning to see Russia target specific voter demographics, promote divisive narratives and denigrate specific politicians.” Buckle up, this year is going to be a bumpy ride.
🤣 A startup is using AI to disrupt scammers. It works by your voice provider routing known spam callers to AI bots that will pick up the call and have a lengthy conversation with the scammers. Whether it will have a tangible impact on disrupting these scammers is up for debate, but I’m down for making their jobs harder.
If you enjoyed this, forward it to a fellow cyber nerd.
If you’re that fellow cyber nerd, subscribe here.
See you next week!
Reply