Microsoft Uncovers Individuals Behind Azure Abuse Scheme
Article Body
Microsoft has identified four individuals involved in an Azure Abuse Enterprise scheme, which exploits unauthorized access to generative artificial intelligence (GenAI) services to produce harmful content. The campaign, known as LLMjacking, targets various AI offerings, including Microsoft’s Azure OpenAI Service, and is tracked by the company as Storm-2139.
The individuals named in the scheme are:
- Arian Yadegarnia, aka “Fiz,” from Iran
- Alan Krysiak, aka “Drago,” from the United Kingdom
- Ricky Yuen, aka “cg-dot,” from Hong Kong, China
- Phát Phùng Tấn, aka “Asakuri,” from Vietnam
According to Steven Masada, assistant general counsel for Microsoft’s Digital Crimes Unit (DCU), “Members of Storm-2139 exploited exposed customer credentials scraped from public sources to unlawfully access accounts with certain generative AI services.” The group then altered the capabilities of these services and resold access to other malicious actors, providing instructions on generating harmful content.
The malicious activity is carried out to bypass the safety guardrails of generative AI systems. Microsoft has filed an amended complaint, which comes after the company announced it was pursuing legal action against the threat actors for engaging in systematic API key theft and monetizing access to other actors.
Microsoft obtained a court order to seize a website (“aitism[.]net”) believed to be part of the group’s operation. The Storm-2139 group consists of creators, providers, and end-users who work together to abuse AI services. Microsoft also identified two actors in the United States, located in Illinois and Florida, whose identities have been withheld to avoid interfering with potential criminal investigations.
Other unnamed co-conspirators, providers, and end-users include:
- A John Doe (DOE 2) likely residing in the United States
- A John Doe (DOE 3) likely residing in Austria, using the alias “Sekrit”
- A person likely residing in the United States, using the alias “Pepsi”
- A person likely residing in the United States, using the alias “Pebble”
- A person likely residing in the United Kingdom, using the alias “dazz”
- A person likely residing in the United States, using the alias “Jorge”
- A person likely residing in Turkey, using the alias “jawajawaable”
- A person likely residing in Russia, using the alias “1phlgm”
- A John Doe (DOE 8) likely residing in Argentina
- A John Doe (DOE 9) likely residing in Paraguay
- A John Doe (DOE 10) likely residing in Denmark
Steven Masada stated, “Going after malicious actors requires persistence and ongoing vigilance. By unmasking these individuals and shining a light on their malicious activities, Microsoft aims to set a precedent in the fight against AI technology misuse
Source Link
