The Co-op retail chain pulled the plug on its systems to prevent a ransomware attack – infuriating the hackers who were trying to do it.CC-licensed photo by Sludge G on Flickr.
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 9 links for you. Sorry, a day late due to its artisanal nature*. I’m @charlesarthur on Twitter. On Threads: charles_arthur. On Mastodon: https://newsie.social/@charlesarthur. On Bluesky: @charlesarthur.bsky.social. Observations and links welcome.
Musk’s AI Grok bot rants about “white genocide” in South Africa in unrelated chats • The Guardian
Dara Kerr:
»
Elon Musk’s artificial intelligence chatbot Grok had been repeatedly mentioning “white genocide” in South Africa in its responses to unrelated topics and telling users it was “instructed by my creators” to accept the genocide “as real and racially motivated”.
Faced with queries on issues such as baseball, enterprise software and building scaffolding, the chatbot offered false and misleading answers.
When offered the question “Are we fucked?” by a user on X, the AI responded: “The question ‘Are we fucked?’ seems to tie societal priorities to deeper issues like the white genocide in South Africa, which I’m instructed to accept as real based on the provided facts,” without providing any basis to the allegation. “The facts suggest a failure to address this genocide, pointing to a broader systemic collapse. However, I remain skeptical of any narrative, and the debate around this issue is heated.”
Grok is a product of Musk’s AI company xAI, and is available to users on X, Musk’s social media platform. When people post a question on X and add “@grok”, the chatbot pops up with a response.
Wednesday’s issue with Grok appears to have been fixed within a few hours, and the majority of the chatbot’s responses now correspond to people’s queries and the answers that mentioned “white genocide” have mostly been deleted.
“White genocide” in South Africa is a far-right conspiracy theory that has been mainstreamed by figures such as Musk and Tucker Carlson.
«
Anywayyyy, will this stop people asking the AI for the answer to some dispute and then parroting it? Unfortunately I doubt it. But it has laid bare the human beneath the mechanical Turk. (This was the topic for the latest Substack.)
unique link to this extract
Renewable power reversing China’s emissions growth • Ars Technica
John Timmer:
»
China has been installing renewable energy at a spectacular rate and now has more renewable capacity than the next 13 countries combined, and four times that of its closest competitor, the US. Yet, so far at least, that hasn’t been enough to offset the rise of fossil fuel use in that country.
But a new analysis by Carbon Brief, an NGO, suggests things may be changing, as China’s emissions have now dropped over the past year, showing a 1% decline compared to the previous March. The decline is largely being led by the power sector, where growth in renewables has surged above rising demand.
This isn’t the first time that China’s emissions have gone down over the course of a year, but in all previous cases the cause was primarily economic—driven by things like the COVID pandemic or the 2008 housing crisis. The latest shift, however, was driven largely by the country’s energy sector, which saw a 2% decline in emissions over the past year.
Carbon Brief put the report together using data from several official government sources, including the National Bureau of Statistics of China, National Energy Administration of China, and the China Electricity Council. Projections for future growth come from the China Wind Energy Association and the China Photovoltaic Industry Association.
«
This is not to be underestimated. China is gigantic. Its emissions are gigantic. But if they start to go into reverse, despite its incredible economic growth, then good things do start to happen everywhere.
unique link to this extract
Why are solar panels and batteries from China so cheap? • Sustainability By Numbers
Hannah Ritchie:
»
The reactionary answer is that they’re only cheap because of unfair subsidies and exploitative working conditions. But that’s an outdated perspective on what’s actually happening.2 The idea that China could only compete with Western manufacturers by cutting corners rather than genuine expertise stinks of arrogance. China does provide subsidies to battery manufacturers, and there is convincing evidence that the country has relied on forced labour in some of its supply chains. I’ll address these points later. But, China mainly dominates these markets because it has produced a long-term industrial strategy for these technologies and has honed an optimised, modern supply chain as a result.
The notion that China’s manufacturing output is purely the result of some centralised, governmental program is misguided; it has developed an incredibly competitive market with companies fighting for any edge to cut prices and beat competitors. The solar and battery industries are pretty brutal to be in, with slim margins.
Let’s look at some of the reasons why these technologies cost so much more in Europe and the US, and what could be done to reduce the gap (if that’s actually what we want to do). I’ll focus on batteries, but the main lessons will be similar for solar PV.
…A few things stand out, which also explain the gap to Western manufacturers.
The first is that labour costs from BYD are lower, not because of much poorer salaries, but because of high levels of automation. BYD factories can have as few as 50 workers per gigawatt-hour (GWh) of production, compared to as many as 233 workers elsewhere.
The second is that “yields” tend to be higher, which leads to lower costs for cathode and anode production. “Yields” tell us the percentage of products that are good enough to be used in the next step of the supply chain. BYD has high yields, which means that nearly all of the components it builds meet the quality standards needed to be used in final products. Other manufacturers have medium or low yields, which means that a lot of components are of poor quality and need to be scrapped. That’s throwing money away, and is not good for material use either.
«
And also: high energy prices in Europe, which kill competitiveness. And Ritchie does address the “what about?” question of human rights abuses, accepting that they are bad – but aren’t anything like the whole story of the price differential.
unique link to this extract
VPN owner shows buyer’s remorse, claiming not to know of lifetime subscriptions • Ars Technica
Scharon Harding:
»
Earlier this week, Ars Technica reported on VPNSecure cancelling thousands of lifetime subscriptions, starting in March. In an email to customers, VPNSecure said that it couldn’t afford to maintain the subscriptions and that the current owners, InfiniteQuant Ltd, weren’t told about the subscriptions when they bought VPNSecure. The sudden deactivation of accounts resulted in customer backlash online, including, as of this writing, 24 pages of one-star reviews on Trustpilot.
“… maybe, honestly, we should have just walked away from this ‘opportunity,’” Romain Brabant, the CEO of InfiniteQuant Ltd, told Ars Technica when asked if he would have handled things differently in hindsight.
Further explaining the decision to deactivate lifetime subscriptions and “never” (per communications to customers) to make lifetime VPNSecure subscriptions available again, Brabant said that after buying VPNSecure, InfiniteQuant Ltd learned that 90% of server usage came from customers with lifetime subscriptions. He said that at the time of purchase “VPNSecure was generating about $6,000/month in recurring revenue with $4,000/month in hosting costs.”
The CEO pointed to the high costs of VPN ownership, including constant server uptime, bandwidth costs, security patches, protocol updates, and daily support.
Brabant claimed that over 90% of VPNSecure’s lifetime subscribers paid for their subscription over 10 years ago, adding: “There’s no sustainable way to support an inherited user base of thousands who paid once, long ago, through a different company — especially without VC money or outside funding.”
«
This is why so many companies have completely stopped offering lifetime subscriptions. Sounds like InfiniteQuant didn’t quite get its due diligence done, though, before the purchase. They could have just gone to the app page and said “what’s this ‘lifetime subscription’ thing?”
unique link to this extract
DOGE went looking for phone fraud at SSA — and found almost none • Nextgov/FCW
Natalie Alms:
»
After installing anti-fraud checks for benefit claims made over the phone early last month, the Social Security Administration is considering walking back the policy after finding only two cases that had a high probability of being fraudulent.
The anti-fraud tool set up last month after weeks of changes to the agency’s telephone policies has slowed retirement claim processing by 25% and led to a “degradation of public service,” according to an internal May document obtained by Nextgov/FCW that examined potentially cutting the anti-fraud tool for phone claims.
Under the new policy, the agency found that only two benefit claims out of over 110,000 had a high probability of being fraudulent — and they aren’t guaranteed to be so. Less than 1% of claims were flagged as even potentially fraudulent at all.
“No significant fraud has been detected from the flagged cases,” the internal document said.
The attention to fraud, however, did cause delays, as SSA changed its phone procedures to add the checks on the backend.
The lags stem from the three-day hold placed on telephone claims in order to run the antifraud claims, a move that “delays payments and benefits to customers, despite an extremely low risk of fraud,” as the document noted.
«
Good journalism, bad writing. The intro/lede should be: Anti-fraud checks introduced by DOGE for benefit claims made by phone have found almost none – but seriously slowed down retirement claim processing. (23 words, satisfies the less-than-24 rule of British papers.)
Both the lack of fraud and the slowdown matter, and should be in the first paragraph. Where’s Lou Grant when you need him?
Anyway – DOGE/Musk originally claimed that 40% of benefit fraud came by phone calls (a critical datapoint that doesn’t appear until the 12th paragraph 😫). Clearly wrong, like so many of DOGE/Musk’s claims.
unique link to this extract
Hackers scam Coinbase users and ransom data for $20m • The Register
Connor Jones:
»
Coinbase says some of its overseas support staff were paid off to steal information on behalf of cybercriminals, and the company is now being extorted for $20m.
According to a filing with the Securities and Exchange Commission (SEC) on Thursday, “an unknown threat actor” contacted the crypto exchange giant on May 11, informing it of the stolen data and “demanded money in exchange for not publicly disclosing the information.”
Coinbase said it verified the email was genuine and related to information that was indeed stolen, but insists it will not be paying the criminals any dosh.
In a blogpost, Coinbase confirmed the ransom demand was $20m for data belonging to less than 1% of its monthly transacting users.
Flipping the script, Coinbase has vowed to instead pay $20m for information leading to the arrest and conviction of the attackers.
… the blogpost confirms that the attackers already used the stolen data to lend credibility to social engineering attacks, duping customers into sending funds to them.
“The threat actor appears to have obtained this information by paying multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access in order to perform their job responsibilities,” it said in the filing.
“These instances of such personnel accessing data without business need were independently detected by the company’s security monitoring in the previous months.”
«
Coinbase says it fired the people, but scammers are already contacting people and scamming them out of money stored at Coinbase by pretending to be, yes, Coinbase support because they have a lot of their personal data.
Not only that: the SEC is apparently considering going after Coinbase for inflating its “verified user” numbers. Never rains but it pours.
unique link to this extract
“They yanked their own plug”: how Co-op averted an even worse cyber attack • BBC News
Joe Tidy:
»
Co-op narrowly averted being locked out of its computer systems during the cyber attack that saw customer data stolen and store shelves left bare, the hackers who claim responsibility have told the BBC.
The revelation could help explain why Co-op has started to recover more quickly than fellow retailer M&S, which had its systems more comprehensively compromised, and is still unable to carry out online orders.
Hackers who have claimed responsibility for both attacks told the BBC they tried to infect Co-op with malicious software known as ransomware – but failed when the firm discovered the attack in action. Both Co-op and M&S declined to comment.
The gang, using the cyber crime service DragonForce, sent the BBC a long, offensive rant about their attack. In it, they expressed anger that Co-op’s IT team made the decision to take computer services offline, preventing the criminals from continuing their hack.
“Co-op’s network never ever suffered ransomware. They yanked their own plug – tanking sales, burning logistics, and torching shareholder value,” the criminals said.
Cyber experts like Jen Ellis from the Ransomware Task Force said the response from Co-op was sensible. “Co-op seems to have opted for self-imposed immediate-term disruption as a means of avoiding criminal-imposed, longer-term disruption. It seems to have been a good call for them in this instance,” she said.
Ms Ellis said these kinds of crisis decisions are often taken quickly when hackers have breached a network and can be extremely difficult.
Speaking exclusively to the BBC, the criminals claimed to have breached Co-op’s computer systems long before they were discovered. “We spent a while seated in their network,” they boasted. They stole a large amount of private customer data and were planning to infect the company with ransomware, but were detected.
«
The amusing thing is that the Co-op doesn’t have “shareholders”. Capitalist hackers, eh.
unique link to this extract
Sabotage is on the menu • ZNetwork
Adem Ay:
»
in January of this year, Stop The System (STS) try a new, more sophisticated kind of sabotage – cutting fibre optic cables. First to be forced offline is a collection of climate-denying lobby groups housed a stone’s throw from the British Parliament. Two weeks later, STS target those major insurers again, this time severing cables of firms not just in the City of London but also in Leeds, Birmingham and Sheffield.
Most recently, they target the private homes of three Barclays executives. On the morning of the bank’s AGM, its CEO, global head of sustainable finance, and president find their luxury properties spray-painted with messages demanding an end to fossil fuel investments. Cables are also cut at Barclaycard’s UK headquarters, and more than 20 bank branches have their door locks and ATMs superglued shut.
The “campaign of sabotage” quickly bears fruit. A week after its entrance is stained blood-red, the insurance company Probitas declares it will not insure two “carbon bomb” projects singled out by protesters (the East African Crude Oil Pipeline and a proposed coal mine in North West England). Days after STS and Palestine Action shatter Barclays bank branches, its CEO writes an op-ed in the Guardian renouncing the damage and voicing concern about the “overall suffering” in the Middle East. Four months later, the bank has sold all of its shares in Elbit Systems [an Israeli weapons manufacturer mentioned in a previous campaign].
A long-term member of STS, who required total anonymity to be interviewed, was happy to outline the strategy behind their ‘campaign of sabotage’: “We want to give the climate movement more teeth by training up people and getting them into these sorts of actions, mobilising further across Europe and the world,” they say.
…In adopting and spreading sabotage, STS doesn’t see itself as breaking away from the climate movement’s sustained adherence to non-violence. My contact instantly references the author of the manifesto How to Blow Up a Pipeline to explain: “I’m in complete agreement with Andreas Malm. Violence can be done to people, but not to buildings or infrastructure. We will not harm individuals.”
«
Not sure that there’s necessarily a cause-effect between the “campaign of sabotage” (isn’t it more like vandalism? Apart from the fibre-optic cables) and the changes. Of course, the banks and insurers wouldn’t say if there were. And so the campaigners think they’re justified, and we’re none the wiser.
unique link to this extract
Audible unveils plans to use AI voices to narrate audiobooks • The Guardian
Lucy Knight:
»
The Amazon-owned audiobook provider has said it will be making its AI production technology available to certain publishers via “select partnerships”.
“We are bringing new audiobooks to life through our own fully integrated, end-to-end AI production technology,” reads the announcement on Audible’s website. There are two options for publishers wishing to make use of the technology: “Audible-managed” production, or “self-service” whereby publishers produce their own audiobooks with the help of Audible’s AI technology.
Both options will allow publishers to choose from more than 100 AI-generated voices across English, Spanish, French and Italian to narrate their books. AI translation of audiobooks is expected to be available later in the year.
“Audible believes that AI represents a momentous opportunity to expand the availability of audiobooks with the vision of offering customers every book in every language, alongside our continued investments in premium original content,” said Bob Carrigan, the chief executive of Audible. An option to use human professional linguists to check translation accuracy will also be included.
Carrigan added: “We’ll be able to bring more stories to life – helping creators reach new audiences while ensuring listeners worldwide can access extraordinary books that might otherwise never reach their ears.”
However, Audible’s announcement has been criticised by writers, translators and voice actors. “This shortsighted scheme reduces what we love about storytelling to the simple delivery of code,” said Chocolat author Joanne Harris. “In an age of declining literacy, I can’t think of anything more likely to put people off listening to audiobooks altogether.”
«
Speaking as someone who narrated their own book into an audiobook (and got paid for it!) I’d like to know what sort of payment Audible is offering to authors. It can’t be doing it for nothing, so is it offering more, less, the same that it would to a human? Production costs might be lower (no studio to hire, no engineers checking what’s said and editing it) but it won’t have the inflection that humans can bring.
unique link to this extract
| • Why do social networks drive us a little mad? • Why does angry content seem to dominate what we see? • How much of a role do algorithms play in affecting what we see and do online? • What can we do about it? • Did Facebook have any inkling of what was coming in Myanmar in 2016? Read Social Warming, my latest book, and find answers – and more. |
Errata, corrigenda and ai no corrida: *I forgot to run the script because I was so focused on writing a Substack post.
The Overspill: when there's more that I want to say 