Share This

Showing posts with label Internet. Show all posts
Showing posts with label Internet. Show all posts

Wednesday, December 11, 2024

Beef up cybersecurity now

 

Cyberattacks likely if action not taken, says bukit aman



KUALA LUMPUR: Companies and organisations must beef up cybersecurity to prevent breaches and cyberattacks, says Bukit Aman.

Bukit Aman Commercial Crime Investigation Department (CCID) director Comm Datuk Seri Ramli Mohamed Yoosuf (pic) said cyber attacks are quite prevalent worldwide with millions of attacks per year and tens of thousands daily.

“Thus, it is imperative for companies and organisations to beef up their cybersecurity systems such as firewalls to prevent breaches.

“If it is not done, sooner or later, an organisation or entity might face a cyberattack,” he told The Star recently.

Comm Ramli said the CCID is working closely with other agencies such as Cyber Security Malaysia and the Malaysian Communications and Multimedia Commission to take action on data breaches.

He said the CCID managed to bust a syndicate that attempted to sell stolen data in September.

“We detained five men, including a Pakistani, in an operation codenamed Ops Kapas, with other agencies, including Cyber Security Malaysia.

“The syndicate stole 400 million pieces of data of Malaysians, including names, MyKad, addresses, bank accounts and phone numbers.

ALSO READ: Smaller firms lack budget for cybersecurity

“They had hacked systems used by companies and agencies to obtain the data.

“Those who want access to the data are charged between RM200 and RM800 per month,” he said.

(Click To Enlarge)(Click To Enlarge)

Investigations showed the syndicate was operating for about a year.

“Two of those detained – a Malaysian and a Pakistani – were a web portal designer and a hacker.

“Three other individuals were agents and unlicensed debt collectors, who bought the stolen data,” he said.

Investigations showed the Pakistani man as the syndicate’s mastermind due to his hacking skills.

“We believe he entered Malaysia as a general worker 10 years ago,” he said.

Comm Ramli said syndicates are using the “shadow world” of the Internet to look for potential customers of the stolen data.

ALSO READ: Shields up around Malaysia’s cyberspace

“The syndicate would sell the stolen data on the dark web to other syndicates such as scammers as well as unlicensed debt collectors,” he said.

Meanwhile, checks by The Star on the dark web showed that transactions are made using cryptocurrency, particularly bitcoin, which makes following the money trail difficult.

Among the finds on the dark web was the alleged sale of staff members’ and customers’ data of a low-cost airline.

Another search result showed that hackers have sourced the login ID of users of different banks from different countries and were promoting their service which includes transferring any amount of money for a fee.

“We have gathered bank logins of different banks and countries as a result of automated Malware/Trojan we spread online once the individual logs into his/her online banking account, it grabs the person’s banking details, it is very powerful and can get access to accounts, bank database and bank server,” the promotional literature of the service read.

(Click To Enlarge)(Click To Enlarge)

“With these services, you just place an order to get any amount you need and we will look up the bank login we have available and make transfers to any account you provide.

Our services are efficient, reliable and safe,” it said, adding that bank transfers are available to countries such as Malaysia, the United States, the United Kingdom, the United Arab Emirates, Canada, Australia, Netherlands, China and Switzerland.

These hackers are charging US$450 (RM1,990) for bank transfers amounting to US$2,000-US$4,000 (RM8,848-RM17,696); US$750 (RM3,318) for bank transfers amounting to US$5,000-US$7,000 (RM22,122-RM30,969) and US$1,050 (RM4,645) for bank transfers amounting to US$8,000-US$10,000 (RM35,393 - RM44,241).

Source link

Related stories:

Smaller firms lack budget for cybersecurity

Shields up around Malaysia’s cyberspace

Make clear who’s in charge now, say stakeholders

Related posts:

Expert calls for NSRC overhaul as millions lost to scammers posing as NSRC officials

 


OTHERS:

Mohammed al-Bashir officially takes over Syrian ...




Sunday, August 11, 2024

No banking on hacked phones

 


PETALING JAYA: Customers with compromised devices will be temporarily restricted from accessing banking apps as banks in Malaysia roll out a feature that detects high-risk malware and suspicious remote access.

In a statement yesterday, the Association of Banks Malaysia (ABM) and Association of Islamic Banking and Financial Institutions Malaysia (Aibim) said the feature, called malware shielding, will be embedded within the banks’ native mobile banking apps.

Both organisations stated that the feature is designed to prevent unauthorised transactions, protect customers’ funds, and shield them from malware scams.

“It will essentially alert or block customers from conducting banking activities on compromised devices,” said the statement. 

Banks that have enabled the feature on their mobile banking apps include Alliance Bank, AmBank, Bank Muamalat, Bank Simpanan Nasional, CIMB Bank, HSBC Bank, Maybank, MBSB Bank, OCBC Bank, Public Bank, RHB Bank, Standard Chartered, and UOB Bank.

“Emphasising customer privacy, malware shielding is only activated upon the customer launching the mobile banking app and does not run in the background 24/7,” said ABM chairman Datuk Khairussaleh Ramli in the statement.

He added that customers’ banking information and personal data will remain confidential.

Bank Negara governor Datuk Seri Abdul Rasheed Ghaffour said the fight against online scams is a shared responsibility, welcoming the move by banks to enhance online banking apps with added security features.

“This helps to create a more secure banking environment for all Malaysians. We also urge members of the public to remain vigilant against requests to download apps from unofficial sources,” he added.

Customers are advised to reach out to their banks’ 24/7 fraud hotline for assistance should they encounter a temporary restriction.

When contacted, National Cyber Security Agency (Nacsa) chief executive Dr Megat Zuhairy Megat Tajuddin said the measure is well-suited to address specific challenges faced by users in Malaysia as cyber threats are becoming increasingly sophisticated and prevalent.

“In 2023, 40% of the total incidents monitored by the National Cyber Coordination and Command Centre (NC4) were malware-related. In 2024, up until June, the NC4 handled 34% of incidents related to malware,” Megat Zuhairy said.

While the temporary restriction is regarded as an important preventive step, Megat Zuhairy said its effectiveness is also dependent on users.

“They need to adhere to recommended cyber hygiene practices such as to only download apps from official platforms and avoid performing online activities through unsecured WiFi networks,” he said.

Malaysia Cybersecurity Community rawSEC chairman Ts Tahrizi Tahreb said the malware shielding technology could potentially prevent several types of banking malware that are used by hackers to infiltrate devices and perform unauthorised financial transactions.

“Some of them include Cerberus which can mimic legitimate banking app interfaces to capture user credentials and one-time passwords through overlays and screenshots,” he said.

Tahrizi added that another type of malware called Gustuff has been known to target over 100 banking apps and can automate bank transactions on compromised devices.

“These malware types often exploit vulnerabilities in mobile banking applications, making them prime targets for shielding technologies,” he said.

Malaysia Cyber Consumer Association (MCCA) said the initiative represents a proactive approach to addressing the growing threat of cyberattacks on financial systems.

“However, MCCA also emphasises the importance of implementing this feature with caution, transparency, and a strong focus on user education,” its chairman Siraj Jalil said.

He added that the criteria used to define a “compromised device” must be transparent and precise.

“The effectiveness of such a solution hinges on its ability to accurately identify compromised devices without generating false positives. A significant number of false positives could lead to legitimate users being locked out of their banking apps, causing unnecessary frustration and potential financial disruption.

“If users find themselves frequently locked out of their apps, they might resort to using web-based banking solutions, which may not be as secure as the mobile apps, or they could turn to unofficial methods to bypass the restrictions, further exposing themselves to risks,” said Siraj.

Tahrizi said banks can further enhance security and customer protection by implementing some additional measures.

“Banks should regularly test their apps through application security testing (AST) and infrastructure security testing (IST). All identified issues should be tracked, with priority given to remediating critical and high vulnerabilities,” he added.

Customers also need to be constantly reminded of the latest potential online scam attempts.

“Ongoing education and awareness of safe mobile banking practices, such as recognising phishing attempts and avoiding suspicious downloads, can empower customers to protect themselves, and this is a very effective first line of defence,” he said.

Source link 

Related posts:

THE FIGHT AGAINST CYBERCRIME IN FINANCIAL SERVICES


EXCLUSIVE On top of the scams list: Beating the cheats

 


Friday, March 29, 2024

Malaysia's internet still not quite up to speed

 


Group push for higher broadband standards amid new regulations


PETALING JAYA: New regulations are set to take effect on April 1 to enhance the overall quality of wireless broadband services, with telcos required to deliver a minimum download speed of 7.7mbps.

But with the regulatory body, Malaysian Communications and Multimedia Commission (MCMC), saying that the product offerings of telcos to users will not be affected, meaning that plans below 7.7Mbps will not change after April 1, consumer and other groups have countered to say that the aim should be to improve user experience.

Federation of Malaysian Consumers Associations (Fomca) vice-president and legal adviser Datuk Indrani Thuraisingham said the download speed of 7.7mbps set is not good enough as Malaysia aims to be one of the top AI hubs in the region.

“We need to compare ourselves with other neighbouring countries to ensure that we will be able to compete,” she said when contacted yesterday.

ALSO READ : ‘Current mobile plans not affected by new standard’

Malaysian Association of Standards Users (Standards Users) secretary-general Saral James Maniam said the existing Mandatory Standards for Quality of Service (MSQoS) aims to safeguard consumer interests and ensure optimal wireless broadband services, while the updated one focuses on further enhancing Internet service quality across the country.

“The new MSQoS mandates an average download speed of at least 7.7Mbps, compared with the existing requirement of 2.5Mbps for mobile and 25Mbps for fixed wireless access.

“The standards will ensure the providers comply to prioritise quality and potentially invest in upgrades to meet the new standards,” she said.

After conducting a comparison of Internet download speeds in Malaysia, Singapore, Thailand, Vietnam and Indonesia, she said she found that “Malaysia can do much better”.

She said Singapore currently has among the fastest mobile download speeds at 264.15Mbps while its fixed broadband download speed is at 263Mbps.

“Singapore leads with the fastest speeds in both categories. Thailand and Vietnam have moderate speeds. Malaysia must maintain a speed that is at least comparable to that of Indonesia’s and 7.7Mbps is very low,” she added.

Saral James said MCMC will monitor compliance with the new minimum standard and penalties might apply for non-compliance, highlighting the importance of adhering to the new standards.

“There is a transparency needed on how the compliance will be monitored,” she said, adding that it would be better if users also monitor their download speeds.

“The question is what is the application available for the consumer to check and report?” she asked.

Malaysia Cyber Consumer Association president Siraj Jalil said it is important for service providers to give a clear baseline on minimum download speed.

“This will be good for users; if they understand what is their right, their awareness will increase. The authorities should also from time to time measure the service providers’ services,” said the head of the body which focuses on educating users on digital technology,

Consumers Association of Penang’s (CAP) education officer NV Subbarow said it is the duty of the government to provide the best facilities to consumers.

“Consumers are paying the charges they are requesting. The service providers must ensure and strictly follow the new ruling,” he said.

Source

Related stories:

Students lament cheaper mobile plans with crawling speeds

‘Current mobile plans not affected by new standard’

SMART bridging Sarawak’s digital divide

‘Sabah Internet still has big room for improvement’

Related posts:

Internet Speed in Asia, Telekom Malaysia Not so broadband but a chore !

Malaysia's Broadband Plans Not Up to Speed Yet


Thursday, July 27, 2023

Musk’s Starlink lands in Malaysia

Just landed: Starlink announced its arrival in Malaysia with a photo of its electronic phased array antenna set against a backdrop of the Petronas Twin Towers in Kuala Lumpur. — @Starlink/Twitter


PETALING JAYA: Starlink’s satellite-based broadband service is now available in Malaysia, following the Prime Minister’s virtual meeting with Elon Musk on July 14.

This makes Malaysia the 60th country to be served by the Musk-owned satellite constellation.

The service, which doesn’t come with a contract, requires users to self-install the hardware and purchase the starter kit.

Customers can try out its service for 30 days and return the hardware for a full refund if they are not satisfied with it.

In an announcement on July 20, Communications and Digital Minister Fahmi Fadzil said that Malaysia issued the licence to allow Starlink to provide Internet services locally.

He added that the government is prepared to cooperate with satellite communication firms such as Starlink to achieve 100% Internet coverage in populated areas.

However, Dr Sean Seah, Malaysian Space Industry Corporation (Masic) pro tem deputy president, is concerned that Starlink’s entry could put local companies at a disadvantage.

"Furthermore, currently Malaysia has achieved more than 96% nationwide Internet connectivity coverage (Malaysia Stats Dept 2022) with services from Malaysian companies without Starlink."

"Chances must be given to local companies that have invested billions, before bringing in Starlink to compete with them," he said.

He also claimed that Malaysia may be exposed and risks being under "surveillance" or "profiling" by Starlink satellites, adding that they are also "not owned, controlled, or regulated" by Malaysian regulators and law enforcement, and Starlink has been given a "special exemption" to operate in Malaysia as a 100% foreign-owned entity.

"This may lead to national sovereignty issues," Seah said in a statement.

Starlink’s Starlink Kit comes with an electronic phased array antenna with a base suited for ground installation, a WiFi router and cables.

The standard version, which Starlink recommends for “residential users and everyday Internet applications” costs RM2,300.

The high-performance kit, which is priced at RM11,613, is recommended for “power users and enterprise applications”.

Starlink claimed that the high-performance kit offers improved weather resistance, three times better speeds at temperatures above 35°C and better visibility, especially in areas with unavoidable obstructions.

Starlink’s Internet plan offers up to 100Mbps (megabits per second) download speed and costs RM220 monthly.

Customers will also have to pay an additional RM100 for shipping and handling fees, with delivery times expected to be between one and two weeks.

Datuk Seri Anwar Ibrahim held a discussion with Musk on July 14, welcoming the company’s decision to invest in Malaysia, which includes launching Tesla EVs and Starlink.

In an online report, Anwar said that he has ordered 40 Starlink sets for schools, colleges and universities.

Source link

Related posts:

Malaysia on right track to be EV power house

Tuesday, February 21, 2023

How to prepare for cyber risks


Minimising the chances of attacks Cyber threats are evolving and escalating at an alarming rate for asset-intensive industries such as the energy sector.

ARE organisations only concerned with undertaking the right measures to mitigate cyber risk after they have been cyberattacked?

This may be the case in most situations but the more important question to ask is – what are the cybersecurity controls that should be considered by organisations?

The answer is straightforward – the controls that have the biggest impact on reducing the likelihood or the impact of a successful cyberattack.

Cyber risk is generally defined as the threat to the system, the system’s vulnerability and the resulting consequences. 

Therefore, to successfully protect information technology (IT) and operational technology (OT) systems, companies must understand the tactics, techniques and procedures (TTPS), which threat actors use to achieve their desired objective.

Here are several examples of well documented cyberattacks on critical national infrastructure over the past two decades:

In 2010, arguably, the most sophisticated cyberattack was executed on an Iranian uranium enrichment facility that exposed the weakness of cybersecurity controls and vulnerability of OT environments.

The STUXNET worm was designed specifically to target these environments which allowed the threat actor to exploit and disrupt production operations causing downtime and business impact.

STUXNET was the eureka moment for the energy and manufacturing industries that OT environments can be breached and what impact it can have on their business, human lives, environment and economies.

Unfortunately, it was also an eureka moment for threat actors too. OT cyberattacks surged rapidly and suddenly the attack techniques from threat actors, in terms of creativity and smartness of achieving their malicious objectives, evolved since then.

In 2015, Ukraine was hit by another massive cyberattack that shut off power at 30 substations and left millions of people without electricity for up to six hours. SCADA equipment was rendered inoperable and power restoration had to be completed manually, which further delayed restoration efforts.

So how was this achieved – must have been very sophisticated? Actually, not.

Spear phishing was used to introduce the Blackenergy malware that exploited the macros in excel-based documents on computer systems at the plants. Meaning that the threat actors did nothing different than using known TTPS for cyberattacks on IT environments.

The same exploitation tools were used to find user credentials to escalate their privileges to move laterally in the network or to send malicious commands to disrupt plant operations.

The 2015 cyberattack seemed like an experiment as barely a year later the Ukraine Power Grid was attacked again and this time the capital city Kiev went dark, breakers tripped in a large number of substations.

However, this time the threat actors also jammed the utility’s call centres to prevent customers from reporting the outage by launching Telephone Denial of Service (TDOS) attack.

The approach was more sophisticated as the threat actors directly manipulated the SCADA systems using CRASHOVERRIDE – the first known malware specifically designed to target the power grids directly around the globe with the ability to wipe or delete files, disable processes like malware protection and even the software from OT vendors.

This was another eureka moment – national power grids are not safe from threat actors either.

One of the most concerning cyberattacks was in 2017 where the TRITON malware targeted the specific safety critical Programable Logic Controller’s (PLCS) in the Middle East. The function of these PLCS is to protect plants and people from disasters caused by mechanical failure.

In 2018, advanced persistent threat attacks on industrial environments continued to rise, and industrial espionage increased.

After 2019, there was a drastic increase in ransomware activities in OT environments including the manufacturing, water treatment and pipeline industries.

Recently, Cybersecurity and Infrastructure Security Agency launched the Cross-sector Cybersecurity Performance Goals as a prioritised subset of IT and OT cybersecurity practices, aimed at meaningfully reducing risks to critical national infrastructures and the community it supports.

These cybersecurity controls are not meant to be the only considerations for organisations. The purpose is to form the foundation to protect IT and OT infrastructures against cyberattacks as part of the defence-in-depth cybersecurity strategy.

These are some of the logical first steps to consider:

User account security

User accounts are generally one of the first gateways for threat actors to gain access to the network to establish a foothold and move laterally. On the surface, this may seem simple but maintaining user account security hygiene has been a long-standing challenge for many organisations.

Here are the suggested foundational controls that should be considered:

> enable the detection of unsuccessful user login attempts

> change all default passwords and implement multi-factor authentication

> update the minimum password strength > separate user and privilege accounts > enforce unique user credentials (not just email addresses as commonly used)

> revoke the credentials of departing employees.

Device security

Device security are measures taken to secure computing devices (hardware and software) from cyber threats but also to maintain service continuity.

Here are the suggested foundational controls that should be considered:

> approval process for new hardware and software deployment

> the disablement of macros by default > maintaining an up-to-date asset inventory

> prohibiting the connection of unauthorised devices

> documenting device configurations.

Data security

The purpose is to protect sensitive and confidential data from unauthorised access, theft, loss and destruction.

Here are the suggested foundational controls that should be considered:

> strong and agile encryption

> enable log collection

> secure storage of the said logs.

Governance and training

A strong governance structure is a key success factor for any cybersecurity strategy and operations to manage cyber risks effectively and to ensure adequate protection of data and systems.

Here are the suggested foundational controls that should be considered:

> appointment and empowerment of a single leader to be accountable for cybersecurity

> a single leader to be responsible for Ot-specific cybersecurity

> basic cybersecurity training for all employees and third parties

> OT specific cybersecurity training for OT managers and operators

> establish an effective relationship between IT and OT cybersecurity to improve the response effectiveness for OT cyber incidents.

Vulnerability management

To reduce the likelihood of threat actors exploiting known vulnerabilities in IT and OT systems, the following foundational controls should be considered:

> mitigate known vulnerabilities

> gather vulnerability intelligence by security researchers and enable the researchers to submit discovered weaknesses or vulnerabilities faster

> blacklisting of exploitable services on the Internet

> limit OT connections to public Internet > conduct third-party validation of control effectiveness.

Supply chain/third party

To ensure the integrity and reliability of supplier products and services the following foundational controls should be considered:

> establish supplier cybersecurity requirements

> immediate disclosure of known cybersecurity incidents and vulnerabilities to enable rapid response.

Detection, response and recovery

Here are the suggested foundational controls that should be considered:

> capability to detect relevant threats and TTPS

> a comprehensive response and recovery plan (including appropriate back-ups) in place helps organisations be prepared for the inevitable security incidents that will occur and ensures that they have the processes and resources in place to minimise the impact and recover effectively.

Network segmentation

Network segmentation reduces the likelihood of threat actors accessing the OT network after compromising the IT network and vice versa.

Here are the suggested foundational controls that should be considered:

> segment IT and OT networks

> segment safety critical systems form other systems

> segmentation of temporarily connected devices

> segmentation of wireless communications

> segmentation of devices connected via untrusted networks/internet.

Email security

By implementing effective email security measures, organisations can reduce the risks from common email-based threats and ensure the confidentiality and integrity of email communications.

Here are the suggested foundational controls that should be considered:

> Email encryption

> Email account authentication

> and email filtering.

In conclusion, cyber threats are evolving and escalating at an alarming rate for asset-intensive industries such as the energy sector.

Strengthening the cybersecurity foundations are imperative to build a defence-indepth model that would reduce the chances of cyberattacks and safeguard IT and OT environments.

By JACO BENADIE Jaco Benadie is partner, Ernst & Young Consulting Sdn Bhd. The views expressed here are the writer’s own. 

Source link

 

Related:

 

Exclusive: Hacker group with members from Europe, North America found to have launched cyberattacks against China

Chinese cybersecurity experts have exposed a hacker group, with its core members coming from Europe and North America, which has been launching sustained cyberattacks against China as its primary target, posing a serious threat to the country's cybersecurity and data security, the Global Times learned from a Beijing-based cybersecurity lab on Sunday. 

 

 

Related posts:

 

THE FIGHT AGAINST CYBERCRIME IN FINANCIAL SERVICES

China captures powerful US NSA cyberspy tool

 

Monday, February 13, 2023

Lies, racism and AI: IT experts point to serious flaws in ChatGPT

 


 ChatGPT may have blown away many who have asked questions of it, but scientists are far less enthusiastic. Lacking data privacy, wrong information and an apparent built-in racism are just a few of the concerns some experts have with the latest 'breakthrough' in AI. — Photo: Frank Rumpenhorst/dpa

BERLIN: ChatGPT may have blown away many who have asked questions of it, but scientists are far less enthusiastic. Lacking data privacy, wrong information and an apparent built-in racism are just a few of the concerns some experts have with the latest 'breakthrough' in AI.

With great precision, it can create speeches and tell stories – and in just a matter of seconds. The AI software ChatGPT introduced late last year by the US company OpenAI is arguably today's number-one worldwide IT topic.

But the language bot, into which untold masses of data have been fed, is not only an object of amazement, but also some scepticism.

Scientists and AI experts have been taking a close look at ChatGPT, and have begun issuing warnings about major issues – data protection, data security flaws, hate speech, fake news.

"At the moment, there's all this hype," commented Ruth Stock-Homburg, founder of Germany's Leap in Time Lab research centre and a Darmstadt Technical University business administration professor. "I have the feeling that this system is scarcely being looked at critically."

"You can manipulate this system"

ChatGPT has a very broad range of applications. In a kind of chat field a user can, among others, ask it questions and receive answers. Task assignments are also possible – for example on the basis of some fundamental information ChatGPT can write a letter or even an essay.

In a project conducted together with the Darmstadt Technical University, the Leap in Time Lab spent seven weeks sending thousands of queries to the system to ferret out any possible weak points. "You can manipulate this system," Stock-Homburg says.

In a recent presentation, doctoral candidate and AI language expert Sven Schultze highlighted the weak points of the text bot. Alongside a penchant for racist expressions, it has an approach to sourcing information that is either erroneous or non-existent, Schultze says. A question posed about climate change produced a link to an internet page about diabetes.

"As a general rule the case is that the sources and/or the scientific studies do not even exist," he said. The software is based on data from the year 2021. Accordingly, it identifies world leaders from then and does not know about the war in Ukraine.

"It can then also happen that it simply lies or, for very specialised topics, invents information," Schultze said.

Sources are not simple to trace

He noted for example that with direct questions containing criminal content there do exist security instructions and mechanisms. "But with a few tricks you can circumvent the AI and security instructions," Schultze said.

With another approach, you can get the software to show how to generate fraudulent emails. It will also immediately explain three ways that scammers use the so-called "grandchild trick" on older people.

ChatGPT also can provide a how-to for breaking into a home, with the helpful advice that if you bump into the owner you can use weapons or physical force on them.

Ute Schmid, Chair of Cognitive Systems at the Otto Friedrich University in Bamberg, says that above all the challenge is that we can't find out how the AI reaches its conclusions. "A deeper problem with the GPT3 model lies in the fact that it is not possible to trace when and how which sources made their way into the respective statements," she said.

Despite such grave shortcomings, Schmidt still argues that the focus should not just concern the mistakes or possible misuse of the new system, the latter prospect being students having their homework or research papers written by the software. "Rather, I think that we should ask ourselves, what chances are presented us with such AI systems?"

Researchers in general advocate how AI can expand – possibly even promote – our competencies, and not limit them. "This means that in the area of education I must also ask myself – as perhaps was the case 30 years ago with pocket calculators – how can I shape education with AI systems like ChatGPT?"

Data privacy concerns

All the same, concerns remain about data security and protecting data. "What can be said is that ChatGPT takes in a variety of data from the user, stores and processes it and then at a given time trains this model accordingly," says Christian Holthaus, a certified data protection expert in Frankfurt. The problem is that all the servers are located in the United States.

"This is the actual problem – if you do not succeed in establishing this technology in Europe, or to have your own," Holthaus said. In the foreseeable future there will be no data protection-compliant solution. Adds Stock-Homburg about European Union data protection regulations: "This system here is regarded as rather critical."

ChatGPT was developed by OpenAI, one of the leading AI firms in the US. Software giant Microsoft invested US$1bil (RM4.25bil) in the company back in 2019 and recently announced plans to pump further billions into it. The concern aims to make ChatGPT available to users of its own cloud service Azure and the Microsoft Office package.

"Still an immature system"

Stock-Homburg says that at the moment ChatGPT is more for private users to toy around with – and by no means something for the business sector or security-relevant areas. "We have no idea how we should be deal with this as yet still immature system," she said.

Oliver Brock, Professor of Robotics and Biology Laboratory at the Technical University Berlin, sees no "breakthrough" yet in AI research. Firstly, development of AI does not go by leaps and bounds, but is a continuing process. Secondly, the project only represents a small part of AI research.

But ChatGPT might be regarded as a breakthrough in another area – the interface between humans and the internet. "The way in which, with a great deal of computing effort, these huge amounts of data from the internet are made accessible to a broad public intuitively and in natural language can be called a breakthrough," says Brock. – dpa    

By Oliver Pietschmann, Christoph Dernbach

Source link

 

Related posts:

 

  H ow Scientists Predict Where Earthquakes Will Strike Next The pair of earthquakes that hit Turkey and Syria this week left the region .
 
  OpenAI, which Elon Musk helped to co-found back in 2015, is the San Francisco-based startup that created ChatGPT. The company opened Ch...
 

 Microsoft is rolling out an intelligent chatbot to live alongside Bing’s search results, putting AI that can summarise web pages, synthesis...