1. Forum
  2. FidoNET
  3. POLITICS

  • Microsoft claims its serv

    From Mike Powell@1:2320/105 to All on Tuesday, January 14, 2025 10:05:00
    [And here we have one of the first examples of how AI can be used for
    harm. - Mike]

    Microsoft claims its servers were illegally accessed to make unsafe AI content

    Date:
    Tue, 14 Jan 2025 06:02:00 +0000

    Description:
    Unsurprisingly, a scheme which involved developing tools to steal API keys
    and access Microsoft servers without permission isnt faring well in a
    Virginia court.

    FULL STORY

    Microsoft has accused an unnamed collective of developing tools to intentionally sidestep the safety programming in its Azure OpenAI Service
    that powers the AI tool ChatGPT.

    In December 2024, the tech giant filed a complaint in the US District Court
    for the Eastern District of Virginia against 10 anonymous defendants, who it accuses of violating the Computer Fraud and Abuse Act, the Digital Millenium Copyright Act, plus federal racketeering law.

    Microsoft claims its servers were accessed to aid the creation of offensive, harmful and illicit content. Though it gave no further details as to the
    nature of that content, It was clearly enough for swift action; it had a
    Github repository pulled offline, and claimed in a blog post the court
    allowed them to seize a website related to the operation.

    ChatGPT API keys

    In the complaint, Microsoft stated that it first discovered users abusing the Azure OpenAI Service API keys used to authenticate them in order to produce illicit content back in July 2024. It went on to discuss an internal investigation that discovered that the API keys in question had been stolen from legitimate customers.

    The precise manner in which Defendants obtained all of the API Keys used to carry out the misconduct described in this Complaint is unknown, but it
    appears that Defendants have engaged in a pattern of systematic API Key theft that enabled them to steal Microsoft API Keys from multiple Microsoft customers, reads the complaint.

    Microsoft claims, with the ultimate goal of launching a hacking-as-a-service product, the defendants created de3u, a client-side tool, to steal these API keys, plus additional software to allow de3u to communicate with Microsoft servers.

    De3u also worked to circumvent the Azure OpenAI Services inbuilt content filters and subsequent revision of user prompts, allowing DALL-E, for
    example, to generate images that OpenAI wouldnt normally permit.

    These features, combined with Defendants unlawful programmatic API access to the Azure OpenAI service, enabled Defendants to reverse engineer means of circumventing Microsofts content and abuse measures, it wrote in the
    complaint.

    Via TechCrunch

    ======================================================================
    Link to news story: https://www.techradar.com/pro/microsoft-claims-its-servers-were-illegally-acce ssed-to-make-unsafe-ai-content

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)