Feed aggregator
The First AI Street Hawker
Article URL: https://edwardbenson.com/2024/11/the-worlds-first-ai-street-hawker
Comments URL: https://news.ycombinator.com/item?id=42208457
Points: 2
# Comments: 0
What We Learned Migrating from Webpack to Vite
Article URL: https://neon.tech/blog/from-webpack-to-vite
Comments URL: https://news.ycombinator.com/item?id=42208449
Points: 3
# Comments: 0
Ayfkm: Painful bureaucratic journeys of a multicultural family
Article URL: https://ayfkm.blog/2023/02/15/preamble/
Comments URL: https://news.ycombinator.com/item?id=42208447
Points: 3
# Comments: 0
The Surprising Benefits of Talking Out Loud to Yourself
Article URL: https://time.com/7177294/talking-out-loud-to-yourself-benefits/
Comments URL: https://news.ycombinator.com/item?id=42208406
Points: 4
# Comments: 0
What Are Bluesky Starter Packs? How to Find And Create Them
Show HN: Llama 3.2 Interpretability with Sparse Autoencoders
I spent a lot of time and money on this rather big side project of mine that attempts to replicate the mechanistic interpretability research on proprietary LLMs that was quite popular this year and produced great research papers by Anthropic[1], OpenAI[2] and Deepmind[3].
I am quite proud of this project and since I consider myself the target audience for HackerNews did I think that maybe some of you would appreciate this open research replication as well. Happy to answer any questions or face any feedback.
Cheers
[1] https://transformer-circuits.pub/2024/scaling-monosemanticit...
[2] https://arxiv.org/abs/2406.04093
[3] https://arxiv.org/abs/2408.05147
Comments URL: https://news.ycombinator.com/item?id=42208383
Points: 10
# Comments: 0
Agent Graph System boosts GPT-4o multi-step function calling success rate by 4x
Article URL: https://xpander.ai/2024/11/20/announcing-agent-graph-system/
Comments URL: https://news.ycombinator.com/item?id=42208379
Points: 4
# Comments: 1
Ask HN: Best Minimal Blog Site?
I am looking for a more minimalist site to host my blog on (I currently use Medium).
What blog sites have you seen or used that you would consider minimalist?
Comments URL: https://news.ycombinator.com/item?id=42208358
Points: 2
# Comments: 4
This MagSafe-Friendly PopSockets Phone Grip Is Half Price for Black Friday
PacifiCorp mulls breakup that could align Wyoming with other pro-coal states
Article URL: https://wyofile.com/pacificorp-mulls-breakup-that-could-align-wyoming-with-other-pro-coal-states/
Comments URL: https://news.ycombinator.com/item?id=42208327
Points: 4
# Comments: 1
We shipped enterprise SSO in 48 hours
Article URL: https://getconvoy.io/blog/we-shipped-enterprise-sso-in-48-hours
Comments URL: https://news.ycombinator.com/item?id=42208317
Points: 6
# Comments: 0
Concerns About White House/Tech Collusion Have Disappeared with Elon's Ascension
Best Solar Companies of November 2024
FCC's 'Broadband Nutrition Labels' Are Now Mandatory for All Internet Providers
Best Internet Providers in Roanoke, Virginia
Feds Charge Five Men in ‘Scattered Spider’ Roundup
Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio.
The five men, aged 20 to 25, are allegedly members of a hacking conspiracy dubbed “Scattered Spider” and “Oktapus,” which specialized in SMS-based phishing attacks that tricked employees at tech firms into entering their credentials and one-time passcodes at phishing websites.
The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. Some SMS phishing messages told employees their VPN credentials were expiring and needed to be changed; other phishing messages advised employees about changes to their upcoming work schedule.
These attacks leveraged newly-registered domains that often included the name of the targeted company, such as twilio-help[.]com and ouryahoo-okta[.]com. The phishing websites were normally kept online for just one or two hours at a time, meaning they were often yanked offline before they could be flagged by anti-phishing and security services.
The phishing kits used for these campaigns featured a hidden Telegram instant message bot that forwarded any submitted credentials in real-time. The bot allowed the attackers to use the phished username, password and one-time code to log in as that employee at the real employer website.
In August 2022, multiple security firms gained access to the server that was receiving data from that Telegram bot, which on several occasions leaked the Telegram ID and handle of its developer, who used the nickname “Joeleoli.”
That Joeleoli moniker registered on the cybercrime forum OGusers in 2018 with the email address joelebruh@gmail.com, which also was used to register accounts at several websites for a Joel Evans from North Carolina. Indeed, prosecutors say Joeleoli’s real name is Joel Martin Evans, and he is a 25-year-old from Jacksonville, North Carolina.
One of Scattered Spider’s first big victims in its 2022 SMS phishing spree was Twilio, a company that provides services for making and receiving text messages and phone calls. The group then used their access to Twilio to attack at least 163 of its customers. According to prosecutors, the group mainly sought to steal cryptocurrency from victim companies and their employees.
“The defendants allegedly preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions in their cryptocurrency accounts,” said Akil Davis, the assistant director in charge of the FBI’s Los Angeles field office.
Many of the hacking group’s phishing domains were registered through the registrar NameCheap, and FBI investigators said records obtained from NameCheap showed the person who managed those phishing websites did so from an Internet address in Scotland. The feds then obtained records from Virgin Media, which showed the address was leased for several months to Tyler Buchanan, a 22-year-old from Dundee, Scotland.
As first reported here in June, Buchanan was arrested in Spain as he tried to board a flight bound for Italy. The Spanish police told local media that Buchanan, who allegedly went by the alias “Tylerb,” at one time possessed Bitcoins worth $27 million.
The government says much of Tylerb’s cryptocurrency wealth was the result of successful SIM-swapping attacks, wherein crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS.
According to several SIM-swapping channels on Telegram where Tylerb was known to frequent, rival SIM-swappers hired thugs to invade his home in February 2023. Those accounts state that the intruders assaulted Tylerb’s mother in the home invasion, and that they threatened to burn him with a blowtorch if he didn’t give up the keys to his cryptocurrency wallets. Tylerb was reputed to have fled the United Kingdom after that assault.
Prosecutors allege Tylerb worked closely on SIM-swapping attacks with Noah Michael Urban, another alleged Scattered Spider member from Palm Coast, Fla. who went by the handles “Sosa,” “Elijah,” and “Kingbob.”
Sosa was known to be a top member of the broader cybercriminal community online known as “The Com,” wherein hackers boast loudly about high-profile exploits and hacks that almost invariably begin with social engineering — tricking people over the phone, email or SMS into giving away credentials that allow remote access to corporate networks.
In January 2024, KrebsOnSecurity broke the news that Urban had been arrested in Florida in connection with multiple SIM-swapping attacks. That story noted that Sosa’s alter ego Kingbob routinely targeted people in the recording industry to steal and share “grails,” a slang term used to describe unreleased music recordings from popular artists.
FBI investigators identified a fourth alleged member of the conspiracy – Ahmed Hossam Eldin Elbadawy, 23, of College Station, Texas — after he used a portion of cryptocurrency funds stolen from a victim company to pay for an account used to register phishing domains.
The indictment unsealed Wednesday alleges Elbadawy controlled a number of cryptocurrency accounts used to receive stolen funds, along with another Texas man — Evans Onyeaka Osiebo, 20, of Dallas.
Members of Scattered Spider are reputed to have been involved in a September 2023 ransomware attack against the MGM Resorts hotel chain that quickly brought multiple MGM casinos to a standstill. In September 2024, KrebsOnSecurity reported that a 17-year-old from the United Kingdom was arrested last year by U.K. police as part of an FBI investigation into the MGM hack.
Evans, Elbadawy, Osiebo and Urban were all charged with one count of conspiracy to commit wire fraud, one count of conspiracy, and one count of aggravated identity theft. Buchanan, who is named as an indicted co-conspirator, was charged with conspiracy to commit wire fraud, conspiracy, wire fraud, and aggravated identity theft.
A Justice Department press release states that if convicted, each defendant would face a statutory maximum sentence of 20 years in federal prison for conspiracy to commit wire fraud, up to five years in federal prison for the conspiracy count, and a mandatory two-year consecutive prison sentence for aggravated identity theft. Buchanan would face up to 20 years in prison for the wire fraud count as well.
Further reading:
Google Has Canceled the Pixel Tablet 2
US Agency Votes To Launch Review, Update Undersea Telecommunications Cable Rules
Best Internet Providers in San Bernardino, California
Sex-dependent effects of early life overstimulation on behavioral function
Article URL: https://www.nature.com/articles/s41598-024-78928-9
Comments URL: https://news.ycombinator.com/item?id=42207983
Points: 1
# Comments: 0