{"id":1501,"date":"2025-01-14T00:01:03","date_gmt":"2025-01-14T00:01:03","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=1501"},"modified":"2025-01-14T00:01:03","modified_gmt":"2025-01-14T00:01:03","slug":"microsoft-sues-overseas-threat-actor-group-over-abuse-of-openai-service","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=1501","title":{"rendered":"Microsoft sues overseas threat actor group over abuse of OpenAI service"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Microsoft has filed suit against 10 unnamed people (\u201cDoes\u201d), who are apparently operating overseas, for misuse of its Azure OpenAI platform, asking the Eastern District of Virginia federal court for damages and injunctive relief.<\/p>\n<p>The suit was filed in late December but was not made public until last Friday, when the initial sealed filings were revealed. The complaint makes numerous claims, of which the most prominent are violations of the Computer Fraud and Abuse Act, as well as the Racketeering and Organized Corruption Act.<\/p>\n<p>Microsoft, according to its main complaint, is accusing the 10 \u201cDoes\u201d of illicitly accessing its Azure OpenAI service and using it to provide a \u201chacking-as-a-service\u201d offering to other unnamed bad actors. The nameless defendants, who, according to Microsoft, make up a foreign-based consortium, used the OpenAI access to provide generative AI services to criminals, while simultaneously circumventing the \u201cguard rails\u201d that Microsoft has put in place in order to prevent its AI from being used for nefarious purposes.<\/p>\n<p>Microsoft\u2019s guard rails, as detailed in <a href=\"https:\/\/www.courtlistener.com\/docket\/69534982\/microsoft-corporation-v-does-1-10-operating-an-azure-abuse-network\/\">the complaint<\/a>, are designed to bar generative AI from performing certain harmful tasks, including intentionally misleading people, creating harassing content, and much more, causing the system to reject such prompts. The unnamed hackers in this case are alleged to have devised workarounds for this behavior, allowing the AI to be used maliciously by the group\u2019s customers.<\/p>\n<p>\u201cAs alleged in our court filings unsealed today, Microsoft has observed a foreign-based threat\u2013actor group develop sophisticated software that exploited exposed customer credentials scraped from public websites,\u201d wrote Steven Masada, assistant general counsel at Microsoft\u2019s digital crimes unit, <a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2025\/01\/10\/taking-legal-action-to-protect-the-public-from-abusive-ai-generated-content\/\">in a blog post published on Friday.<\/a> \u201cCybercriminals then used these services and resold access to other malicious actors with detailed instructions on how to use these custom tools to generate harmful and illicit content.\u201d<\/p>\n<p>Masada noted that the company has since blocked this access to its services, and \u201cenhanced its safeguards\u201d against similar attacks.<\/p>\n<p>The lawsuit, at least in part, is an investigative tool, according to Microsoft, which said that it had seized a website linked to the criminal enterprise and gained further insight into the operation as a consequence. While the practice of suing anonymous overseas criminals in US courts isn\u2019t exactly common, it\u2019s a known method of pursuing this type of cybercrime, according to George Washington University law professor Paul Schiff Berman.<\/p>\n<p>The idea is to expedite investigation, said Berman. By pursuing legal action in federal court, Microsoft can use legal tools to discover more information about websites and companies that are potentially involved in the illicit activity.<\/p>\n<p>\u201cI suspect that Microsoft is hoping that, in the discovery process, they\u2019ll be able to use the subpoena power of the court to discover information that will tell them something more about who these people are,\u201d he said.<\/p>\n<p>It\u2019s likely to be a long process, but more information about the alleged hackers could open access to further legal avenues against them. For one thing, Berman said, even if the perpetrators aren\u2019t subject to the jurisdiction of a US court, they could be residents of a country with which the US has what\u2019s called a mutual legal assistance treaty, which offers a channel for requesting assistance from the court system of a foreign country to provide further information or documents.<\/p>\n<p>Domain registrars and web services firms in the US can be another source of information, according to Berman \u2013 something which Microsoft\u2019s legal team apparently understands quite well, highlighting in the complaint the attacker\u2019s misuse of services from US-based companies like Verisign and the Public Internet Registry.<\/p>\n<p>Nevertheless, there are numerous obstacles that Microsoft must overcome to gather information on the alleged cybercriminals, Berman noted. Mutual legal assistance treaties are not ubiquitous, which means that countries hostile to US interests are unlikely to have such an arrangement in place, for one thing.<\/p>\n<p>\u201cI don\u2019t think [Microsoft is] filing this suit thinking they\u2019re going to be successful at all these things,\u201d Berman said. \u201cI think they\u2019re filing the suit partially to show Americans that they\u2019re trying \u2026 but also, to the extent they can get information, they can alert the US government.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Microsoft has filed suit against 10 unnamed people (\u201cDoes\u201d), who are apparently operating overseas, for misuse of its Azure OpenAI platform, asking the Eastern District of Virginia federal court for damages and injunctive relief. The suit was filed in late December but was not made public until last Friday, when the initial sealed filings were [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":1502,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1501","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1501"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1501"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1501\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/1502"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1501"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1501"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1501"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}