Cryptologist/CS professor Daniel J. Bernstein is alleging that America's National Security Agency is attempting to influence NIST post-quantum cryptography standards.

Bernstein first emphasizes that it's normal for post-quantum cryptography (or "PQ") to be part of "hybrid" security that also includes traditional pre-quantum cryptography. (Bernstein says this is important because since 2016, "We've seen many breaks of post-quantum proposals...")

"The problem in a nutshell. Surveillance agency NSA and its [UK counterpart] GCHQ are trying to have standards-development organizations endorse weakening [pre-quantum] ECC+PQ down to just PQ." Part of this is that NSA and GCHQ have been endlessly repeating arguments that this weakening is a good thing... I'm instead looking at how easy it is for NSA to simply spend money to corrupt the standardization process.... The massive U.S. military budget now publicly requires cryptographic "components" to have NSA approval... In June 2024, NSA's William Layton wrote that "we do not anticipate supporting hybrid in national security systems"...

[Later a Cisco employee wrote of selling non-hybrid cryptography to a significant customer, "that's what they're willing to buy. Hence, Cisco will implement it".]

What do you do with your control over the U.S. military budget? That's another opportunity to "shape the worldwide commercial cryptography marketplace". You can tell people that you won't authorize purchasing double encryption. You can even follow through on having the military publicly purchase single encryption. Meanwhile you quietly spend a negligible amount of money on an independent encryption layer to protect the data that you care about, so you're actually using double encryption.
This seems to be a speculative scenario. But Bernstein is also concerned about how the Internet Engineering Task Force handled two drafts specifying post-quantum encryption mechanisms for TLS ("the security layer inside HTTPS and inside various other protocols"). For a draft suggesting "non-hybrid" encryption, there were 20 statements of support (plus 2 more only conditionally supporting it), but 7 more statements unequivocally opposing adoption, including one from Bernstein. The IETF has at times said they aim for "rough consensus" — or for "broad consensus" — but Bernstein insists 7 opposers in a field of 29 (24.13%) can't be said to match the legal definition of consensus (which is "general agreement"). "I've filed a formal complaint regarding the claim of consensus to adopt."

He's also written a second blog post analyzing the IETF's decision-making process in detail. "It's already bad that the IETF TLS working group adopted non-hybrid post-quantum encryption without official answers to the objections that were raised. It's much worse if the objections can't be raised in the first place."

Thanks to alanw (Slashdot reader #1,822) for spotting the blog posts.

theodp writes: GeekWire reports that Microsoft is bringing artificial intelligence to every public classroom in its home state -- and sparking new questions about its role in education. The Redmond tech giant on Thursday unveiled Microsoft Elevate Washington, a sweeping new initiative that will provide free access to AI-powered software and training for all 295 public school districts and 34 community and technical colleges across Washington state. The program is part of Microsoft Elevate, the company's broader $4 billion, five-year commitment to support schools and nonprofits with AI tools and training that was announced in July.

"This is our home," Microsoft President Brad Smith said at a launch event on the company's headquarters campus. "A big part of what we're doing today is investing in our home." Smith said Microsoft understands the unease around AI in classrooms but argued that waiting isn't an option. "I don't know that it will be possible to slow down the use of AI, even if someone wanted to," he said. In an interview with KING-TV Seattle, Smith added, "We're making a bigger commitment to this state than we are to any state in the country. [...] Above all else, we want to ensure that people can learn how to use the technology of tomorrow. That's the only way for our kids to succeed in the future."

The event on Thursday also included comedian Trevor Noah, the company's "chief questions officer," as well as Code.org CEO Hadi Partovi. Noah and Partovi both also appeared with Smith at the Microsoft Elevate launch event in July, where Smith told Partovi it was time to "switch hats" from coding to AI, adding that "the last 12 years have been about the Hour of Code [Code.org's flagship event, credited with pushing CS into K-12 classrooms], but the future involves the Hour of AI." Code.org last month committed to "engage 25M learners in an Hour of AI in school year '25/'26" at a meeting of the White House Task Force on AI Education that preceded a White House dinner for top execs from the nation's leading AI companies.

An anonymous reader quotes a report from KrebsOnSecurity: The world's largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating efforts to limit collateral damage from the botnet's attacks, which shattered previous records this week with a brief traffic flood that clocked in at nearly 30 trillion bits of data per second.

Since its debut more than a year ago, the Aisuru botnet has steadily outcompeted virtually all other IoT-based botnets in the wild, with recent attacks siphoning Internet bandwidth from an estimated 300,000 compromised hosts worldwide. The hacked systems that get subsumed into the botnet are mostly consumer-grade routers, security cameras, digital video recorders and other devices operating with insecure and outdated firmware, and/or factory-default settings. Aisuru's owners are continuously scanning the Internet for these vulnerable devices and enslaving them for use in distributed denial-of-service (DDoS) attacks that can overwhelm targeted servers with crippling amounts of junk traffic.

As Aisuru's size has mushroomed, so has its punch. In May 2025, KrebsOnSecurity was hit with a near-record 6.35 terabits per second (Tbps) attack from Aisuru, which was then the largest assault that Google's DDoS protection service Project Shield had ever mitigated. Days later, Aisuru shattered that record with a data blast in excess of 11 Tbps. By late September, Aisuru was publicly flexing DDoS capabilities topping 22 Tbps. Then on October 6, its operators heaved a whopping 29.6 terabits of junk data packets each second at a targeted host. Hardly anyone noticed because it appears to have been a brief test or demonstration of Aisuru's capabilities: The traffic flood lasted less only a few seconds and was pointed at an Internet server that was specifically designed to measure large-scale DDoS attacks.

Aisuru's overlords aren't just showing off. Their botnet is being blamed for a series of increasingly massive and disruptive attacks. Although recent assaults from Aisuru have targeted mostly ISPs that serve online gaming communities like Minecraft, those digital sieges often result in widespread collateral Internet disruption. For the past several weeks, ISPs hosting some of the Internet's top gaming destinations have been hit with a relentless volley of gargantuan attacks that experts say are well beyond the DDoS mitigation capabilities of most organizations connected to the Internet today.

Longtime Slashdot reader hackingbear writes: Following U.S. lawmakers' call on Tuesday for broader bans on the export of chipmaking equipment to China, China dramatically expanded its rare earths export controls on Thursday, adding five new elements, dozens of pieces of refining technology, and extra scrutiny for semiconductor users as Beijing tightens control over the sector ahead of talks between Presidents Donald Trump and Xi Jinping. The new rules expands controls Beijing announced in April that caused shortages around the world, before a series of deals with Europe and the U.S. eased the supply crunch.

China produces over 90% of the world's processed rare earths and rare earth magnets. The 17 rare earth elements are vital materials in products ranging from electric vehicles to aircraft engines and military radars. Foreign companies producing some of the rare earths and related magnets on the list will now also need a Chinese export license if the final product contains or is made with Chinese equipment or material, even if the transaction includes no Chinese companies, mimicking rules the U.S. has implemented to restrict other countries' exports of semiconductor-related products to China.

Developing mining and processing capabilities requires a long-term effort, meaning the United States will be on the back foot for the foreseeable future. The Commerce Ministry also added to its "unreliable entity list" 14 foreign organizations, which are mostly based in the United States, restricting their ability to carry out commercial activities within the world's second-largest economy for carrying out military and technological cooperation with Taiwan, or "made malicious remarks about China, and assisted foreign governments in suppressing Chinese companies," it said in a separate statement, referring to TechInsights, a prominent Canadian tech research firm, and nine of its subsidiaries including Strategy Analytics which were among those blacklisted.

eBird, now the world's largest citizen science project with over 2 billion bird observations, is transforming ornithology by turning casual birders (and even TikTok-using kids) into vital contributors to global research and conservation. Slashdot reader alternative_right shares a report from Phys.org: The Cornell Lab of Ornithology has been one of the most influential organizations in the world when it comes to encouraging people to engage in natural history projects. While some form of amateur involvement in science projects has been around since 1900, when the Audubon Society organized the first Christmas Bird Count, it was the Cornell Lab that formalized citizen science as a sound and reliable means of collecting data on birds.

It didn't take much thought to realize that one of the richest sources of information about birds resided in the notebooks virtually every birder has kept, often from childhood. It's a given that birdwatchers list everything. The problem is that zillions of such notebooks sit forgotten in drawers or in dusty boxes in the attic. If only all of that information could be gathered together, organized in sensible ways and then made available to anyone who wanted to use it. What a resource that would be!

After lots of trials and discussion, a small team at the Lab came up with the idea of eBird. It started in a humble way back in 2002, as simply somewhere birders could store their records in a central location. Today, "humble" is no longer an appropriate description. In 2022, its 20th anniversary year, a total of more than 1.3 billion records had been received from more than 820,000 participants. In the month of August this year, reports eBird, 123,000 birders submitted 1.6 million lists of sightings. It has now hit a total of 2 billion bird observations since inception.

Salesforce says it's refusing to pay an extortion demand made by a crime syndicate that claims to have stolen roughly 1 billion records from dozens of Salesforce customers. From a report: The threat group making the demands began their campaign in May, when they made voice calls to organizations storing data on the Salesforce platform, Google-owned Mandiant said in June. The English-speaking callers would provide a pretense that necessitated the target connect an attacker-controlled app to their Salesforce portal. Amazingly -- but not surprisingly -- many of the people who received the calls complied.

[...] Earlier this month, the group created a website that named Toyota, FedEx, and 37 other Salesforce customers whose data was stolen in the campaign. In all, the number of records recovered, Scattered LAPSUS$ Hunters claimed, was "989.45m/~1B+." The site called on Salesforce to begin negotiations for a ransom amount "or all your customers [sic] data will be leaked." The site went on to say: "Nobody else will have to pay us, if you pay, Salesforce, Inc." The site said the deadline for payment was Friday.

theodp writes: From Thursday's Code.org press release announcing the replacement of the annual Hour of Code for K-12 schoolkids with the new Hour of AI: "A decade ago, the Hour of Code ignited a global movement that introduced millions of students to computer science, inspiring a generation of creators. Today, Code.org announced the next chapter: the Hour of AI, a global initiative developed in collaboration with CSforALL and supported by dozens of leading organizations. [...] As artificial intelligence rapidly transforms how we live, work, and learn, the Hour of AI reflects an evolution in Code.org's mission: expanding from computer science education into AI literacy. This shift signals how the education and technology fields are adapting to the times, ensuring that students are prepared for the future unfolding now."

"Just as the Hour of Code showed students they could be creators of technology, the Hour of AI will help them imagine their place in an AI-powered world," said Hadi Partovi, CEO and co-founder of Code.org. "Every student deserves to feel confident in their understanding of the technology shaping their future. And every parent deserves the confidence that their child is prepared for it."

"Backed by top organizations such as Microsoft, Amazon, Anthropic, Zoom, LEGO Education, Minecraft, Pearson, ISTE, Common Sense Media, American Federation of Teachers (AFT), National Education Association (NEA), and Scratch Foundation, the Hour of AI is designed to bring AI education into the mainstream. New this year, the National Parents Union joins Code.org and CSforALL as a partner to emphasize that AI literacy is not only a student priority but a parent imperative."

The announcement of the tech-backed K-12 CS education nonprofit's mission shift into AI literacy comes just days after Code.org's co-founders took umbrage with a NY Times podcast that discussed "how some of the same tech companies that pushed for computer science are now pivoting from coding to pushing for AI education and AI tools in schools" and advancing the narrative that "the country needs more skilled AI workers to stay competitive, and kids who learn to use AI will get better job opportunities."

The Cybersecurity Information Sharing Act expired on Wednesday when the federal government shut down. The law had provided legal protections since 2015 for organizations to share cyber threat intelligence with federal agencies. Without these protections, private sector companies that control most U.S. critical infrastructure face potential legal risks when sharing information about threats. Sen. Gary Peters called the lapse "an open invitation to cybercriminals and hostile actors to attack our economy and our critical infrastructure."

The intelligence sharing enabled by CISA 2015 helped expose Chinese campaigns including Volt Typhoon in 2023 and Salt Typhoon last year. Several cybersecurity firms pledged to continue sharing threat data despite the law's expiration. Halcyon and CrowdStrike confirmed they would maintain information sharing. Palo Alto Networks said it remained committed to public-private partnerships but did not specify whether it would continue sharing threat data. Multiple bipartisan reauthorization efforts failed before the shutdown. The House Homeland Security Committee had approved a 10-year extension last month.

An anonymous reader shares a report: Google said hackers are sending extortion emails to an unspecified number of executives, claiming to have stolen sensitive data from their Oracle business applications. In a statement, Google said a group claiming affiliation with the ransomware gang cl0p, opens new tab was sending emails to "executives at numerous organizations claiming to have stolen sensitive data from their Oracle E-Business Suite." Google cautioned that it "does not currently have sufficient evidence to definitively assess the veracity of these claims."

Friday the security researchers at Arctic Wolf Labs wrote: In late July 2025, Arctic Wolf Labs began observing a surge of intrusions involving suspicious SonicWall SSL VPN activity. Malicious logins were followed within minutes by port scanning, Impacket SMB activity, and rapid deployment of Akira ransomware. Victims spanned across multiple sectors and organization sizes, suggesting opportunistic mass exploitation.

This campaign has recently escalated, with new infrastructure linked to it observed as late as September 20, 2025.
More from Cybersecurity News: SonicWall has linked these malicious logins to CVE-2024-40766, an improper access control vulnerability disclosed in 2024. The working theory is that threat actors harvested credentials from devices that were previously vulnerable and are now using them in this campaign, even if the devices have since been patched. This explains why fully patched devices have been compromised, a fact that initially led to speculation about a potential zero-day exploit.

Once inside a network, the attackers operate with remarkable speed. The time from initial access to ransomware deployment, known as "dwell time," is often measured in hours, with some intrusions taking as little as 55 minutes, Arctic Wolf said. This extremely short window for response makes early detection critical.
"Threat actors in the present campaign successfully authenticated against accounts with the one-time password (OTP) MFA feature enabled..." notes Artic Wolf Labs: The threats described in this campaign demand early detection and a rapid response to avoid catastrophic impact to organizations. To facilitate this process, we recommend monitoring for VPN logins originating from untrusted hosting infrastructure. Equally important is ensuring visibility into internal networks, since lateral movement and ransomware encryption can occur within hours or even minutes of initial access. Monitoring for anomalous SMB activity indicative of Impacket use provides an additional early detection opportunity.

When firewalls are confirmed to be running firmware versions vulnerable to credential access or full configuration export, patching alone is not enough. In such situations, credentials must be reset wherever possible, including MFA-related secrets that might otherwise be thought of as secure, and Active Directory credentials with VPN access. These considerations are best practices that apply regardless of which firewall products are in use.
Thanks to Slashdot reader Mirnotoriety for suggesting this story.

40% of U.S. employees have received "workslop" -- AI-generated content that appears polished but lacks substance -- in the past month, according to research from BetterUp Labs and Stanford Social Media Lab. The survey of 1,150 full-time workers found recipients spend an average of one hour and 56 minutes addressing each incident of workslop, costing organizations an estimated $186 per employee monthly. For a 10,000-person company, lost productivity totals over $9 million annually.

Professional services and technology sectors are disproportionately affected. Workers report that 15.4% of received content qualifies as workslop. The phenomenon occurs primarily between peers at 40%, though 18% flows from direct reports to managers and 16% moves down the hierarchy. Beyond financial costs, workslop damages workplace relationships -- half of recipients view senders as less creative, capable, and reliable, while 42% see them as less trustworthy.

The high seas, the vast waters beyond any one country's jurisdiction, cover nearly half the planet. On Friday, a hard-fought global treaty to protect the "cornucopia of biodiversity" living there cleared a final hurdle and will become international law. From a report: The High Seas Treaty, as it is known, was ratified by a 60th nation, Morocco, crossing the threshold for United Nations treaties to go into effect. Two decades in the making, it allows for the establishment of enormous conservation zones in international waters. Environmentalists hailed it as a historic moment. The treaty "is a conservation opportunity that happens once in a generation, if that," said Lisa Speer, who directs the International Oceans Program at the Natural Resources Defense Council.

It is also a bright spot amid a general dimming of optimism about international diplomacy and cooperation among nations toward common goals. It will come into force just as the high seas are poised to become the site of controversial industrial activities including deep sea mining. The treaty provides a comprehensive set of regulations for high seas conservation that would supersede the existing patchwork of rules developed by United Nations agencies and industrial organizations in sectors like oil, fishing and shipping. Currently, less than 10 percent of the world's oceans are protected under law, and conservation advocates say little of that protection is effective. The treaty states a goal of giving 30 percent of the high seas some kind of protected status by 2030.

US wholesale electricity prices have nearly doubled since 2020, rising faster than consumer rates across most regional grid operators. Analysis of location marginal pricing data from 17 trading hubs shows average wholesale costs increased from baseline 2020 levels to peaks 2-4 times higher by 2022, before partially recovering. Consumer electricity prices rose 35% during the same period.

Transmission congestion spreads are widening in most Independent System Operators and Regional Transmission Organizations, particularly in PJM, SPP, and NYISO, where bottlenecks increasingly prevent access to cheaper generation. California's CAISO stands alone among major grid operators as wholesale prices remain flat or decline in 2025 despite natural gas volatility. The cheapest wholesale electricity continues to trade in SPP's Oklahoma-Kansas region at $16-17 per megawatt-hour.

An anonymous reader quotes a report from The Intercept: The company behind the Proton Mail email service, Proton, describes itself as a "neutral and safe haven for your personal data, committed to defending your freedom." But last month, Proton disabled email accounts belonging to journalists reporting on security breaches of various South Korean government computer systems following a complaint by an unspecified cybersecurity agency. After a public outcry, and multiple weeks, the journalists' accounts were eventually reinstated -- but the reporters and editors involved still want answers on how and why Proton decided to shut down the accounts in the first place.

Martin Shelton, deputy director of digital security at the Freedom of the Press Foundation, highlighted that numerous newsrooms use Proton's services as alternatives to something like Gmail "specifically to avoid situations like this," pointing out that "While it's good to see that Proton is reconsidering account suspensions, journalists are among the users who need these and similar tools most." Newsrooms like The Intercept, the Boston Globe, and the Tampa Bay Times all rely on Proton Mail for emailed tip submissions. Shelton noted that perhaps Proton should "prioritize responding to journalists about account suspensions privately, rather than when they go viral." On Reddit, Proton's official account stated that "Proton did not knowingly block journalists' email accounts" and that the "situation has unfortunately been blown out of proportion."

The two journalists whose accounts were disabled were working on an article published in the August issue of the long-running hacker zine Phrack. The story described how a sophisticated hacking operation -- what's known in cybersecurity parlance as an APT, or advanced persistent threat -- had wormed its way into a number of South Korean computer networks, including those of the Ministry of Foreign Affairs and the military Defense Counterintelligence Command, or DCC. The journalists, who published their story under the names Saber and cyb0rg, describe the hack as being consistent with the work of Kimsuky, a notorious North Korean state-backed APT sanctioned by the U.S. Treasury Department in 2023. As they pieced the story together, emails viewed by The Intercept show that the authors followed cybersecurity best practices and conducted what's known as responsible disclosure: notifying affected parties that a vulnerability has been discovered in their systems prior to publicizing the incident. Phrack said the account suspensions created a "real impact to the author. The author was unable to answer media requests about the article." Phrack noted that the co-authors were already working with affected South Korean organizations on responsible disclosure and system fixes. "All this was denied and ruined by Proton," Phrack stated.

Phrack editors said that the incident leaves them "concerned what this means to other whistleblowers or journalists. The community needs assurance that Proton does not disable accounts unless Proton has a court order or the crime (or ToS violation) is apparent."

An anonymous reader quotes a report from The Register: All work in IT departments will be done with the help of AI by 2030, according to analyst firm Gartner, which thinks massive job losses won't result. Speaking during the keynote address of the firm's Symposium event in Australia today, VP analyst Alicia Mullery said 81 percent of work is currently done by humans acting alone without AI assistance. Five years from now Gartner believes 75 percent of IT work will be human activity augmented by AI, with the remainder performed by bots alone.

Distinguished VP analyst Daryl Plummer said this shift will mean IT departments gain labor capacity and will need to show they deserve to keep it. "You never want to look like you have too many people," he advised, before suggesting technology leaders consult with peers elsewhere in a business to identify value-adding opportunities IT departments can execute. Plummer said Gartner doesn't foresee an "AI jobs bloodbath" in IT or other industries for at least five years, adding that just one percent of job losses today are attributable to AI. He and Mullery did predict a reduction in entry-level jobs, as AI lets senior staff tackle work they would once have assigned to juniors.

The two analysts also forecast that businesses will struggle to implement AI effectively, because the costs of running AI workloads balloon. ERP, Plummer said, has straightforward up-front costs: You pay to license and implement it, then to train people so they can use it. AI needs that same initial investment but few organizations can keep up with AI vendors' pace of innovation. Adopting AI therefore creates a requirement for near-constant exploration of use cases and subsequent retraining. Plummer said orgs that adopt AI should expect to uncover 10 unanticipated ancillary costs, among them the need to acquire new datasets, and the costs of managing multiple models. The need to use one AI model to check the output of others -- a necessary step to verify accuracy -- is another cost to consider. AI's hidden costs mean Gartner believes 65 percent of CIOs aren't breaking even on AI investments.

Four years ago a small Microsoft Research team started creating an analog optical computer. They used commercially available parts like sensors from smartphone cameras, optical lenses, and micro-LED lights finer than a human hair. "As the light passes through the sensor at different intensities, the analog optical computer can add and multiply numbers," explains a Microsoft blog post.

They envision the technology scaling to a computer that for certain problems is 100X faster and 100X more energy efficient — running AI workloads "with a fraction of the energy needed and at much greater speed than the GPUs running today's large language models." The results are described in a paper published in the scientific journal Nature, according to the blog post: At the same time, Microsoft is publicly sharing its "optimization solver" algorithm and the "digital twin" it developed so that researchers from other organizations can investigate this new computing paradigm and propose new problems to solve and new ways to solve them. Francesca Parmigiani, a Microsoft principal research manager who leads the team developing the AOC, explained that the digital twin is a computer-based model that mimics how the real analog optical computer [or "AOC"] behaves; it simulates the same inputs, processes and outputs, but in a digital environment — like a software version of the hardware. This allowed the Microsoft researchers and collaborators to solve optimization problems at a scale that would be useful in real situations. This digital twin will also allow other users to experiment with how problems, either in optimization or in AI, would be mapped and run on the analog optical computer hardware. "To have the kind of success we are dreaming about, we need other researchers to be experimenting and thinking about how this hardware can be used," Parmigiani said.

Hitesh Ballani, who directs research on future AI infrastructure at the Microsoft Research lab in Cambridge, U.K. said he believes the AOC could be a game changer. "We have actually delivered on the hard promise that it can make a big difference in two real-world problems in two domains, banking and healthcare," he said. Further, "we opened up a whole new application domain by showing that exactly the same hardware could serve AI models, too." In the healthcare example described in the Nature paper, the researchers used the digital twin to reconstruct MRI scans with a good degree of accuracy. The research indicates that the device could theoretically cut the time it takes to do those scans from 30 minutes to five. In the banking example, the AOC succeeded in resolving a complex optimization test case with a high degree of accuracy...

As researchers refine the AOC, adding more and more micro-LEDs, it could eventually have millions or even more than a billion weights. At the same time, it should get smaller and smaller as parts are miniaturized, researchers say.

As America's trade talks with China were set to begin last July, a "puzzling" email reached several U.S. government agencies, law firms, and trade groups, reports the Wall Street Journal. It appeared to be from the chair of a U.S. Congressional committee, Representative John Moolenaar, asking recipients to review an alleged draft of upcoming legislation — sent as an attachment. "But why had the chairman sent the message from a nongovernment address...?"

"The cybersecurity firm Mandiant determined the spyware would allow the hackers to burrow deep into the targeted organizations if any of the recipients had opened the purported draft legislation, according to documents reviewed by The Wall Street Journal." It turned out to be the latest in a series of alleged cyber espionage campaigns linked to Beijing, people familiar with the matter said, timed to potentially deploy spyware against organizations giving input on President Trump's trade negotiations. The FBI and the Capitol Police are investigating the Moolenaar emails, and cyber analysts traced the embedded malware to a hacker group known as APT41 — believed to be a contractor for Beijing's Ministry of State Security... The hacking campaign appeared to be aimed at giving Chinese officials an inside look at the recommendations Trump was receiving from outside groups. It couldn't be determined whether the attackers had successfully breached any of the targets.

A Federal Bureau of Investigation spokeswoman declined to provide details but said the bureau was aware of the incident and was "working with our partners to identify and pursue those responsible...." The alleged campaign comes as U.S. law-enforcement officials have been surprised by the prolific and creative nature of China's spying efforts. The FBI revealed last month that a Beijing-linked espionage campaign that hit U.S. telecom companies and swept up Trump's phone calls actually targeted more than 80 countries and reached across the globe...

The Moolenaar impersonation comes as several administration officials have recently faced impostors of their own. The State Department warned diplomats around the world in July that an impostor was using AI to imitate Secretary of State Marco Rubio's voice in messages sent to foreign officials. Federal authorities are also investigating an effort to impersonate White House chief of staff Susie Wiles, the Journal reported in May... The FBI issued a warning that month that "malicious actors have impersonated senior U.S. officials" targeting contacts with AI-generated voice messages and texts.
And in January, the article points out, all the staffers on Moolenaar's committee "received emails falsely claiming to be from the CEO of Chinese crane manufacturer ZPMC, according to people familiar with the episode."

Thanks to long-time Slashdot reader schwit1 for sharing the news.

AI Overviews have lowered click-through traffic to Daily Mail sites by as much as 89%, the publisher told a UK government body that regulates competition. So they've joined other top news organizations (including Guardian Media Group and the magazine trade body the Periodical Publishers Association) in asking the regulators "to make Google more transparent and provide traffic statistics from AI Overview and AI Mode to publishers," reports the Guardian: Publishers — already under financial pressure from soaring costs, falling advertising revenues, the decline of print and the wider trend of readers turning away from news — argue that they are effectively being forced by Google to either accept deals, including on how content is used in AI Overview and AI Mode, or "drop out of all search results", according to several sources... In recent years, Google Discover, which feeds users articles and videos tailored to them based on their past online activity, has replaced search as the main source of click-throughs to content. However, David Buttle, founder of the consultancy DJB Strategies, says the service, which is also tied to publishers' overall search deals, does not deliver the quality traffic that most publishers need to drive their long-term strategies. "Google Discover is of zero product importance to Google at all," he says. "It allows Google to funnel more traffic to publishers as traffic from search declines ... Publishers have no choice but to agree or lose their organic search. It also tends to reward clickbaity type content. It pulls in the opposite direction to the kind of relationship publishers want."

Meanwhile, publishers are fighting a wider battle with AI companies seeking to plunder their content to train their large language models. The creative industry is intensively lobbying the government to ensure that proposed legislation does not allow AI firms to use copyright-protected work without permission, a move that would stop the "value being scraped" out of the £125bn sector. Some publishers have struck bilateral licensing deals with AI companies — such as the FT, the German media group Axel Springer, the Guardian and the Nordic publisher Schibsted with the ChatGPT maker OpenAI — while others such as the BBC have taken action against AI companies alleging copyright theft. "It is a two-pronged attack on publishers, a sort of pincer movement," says Chris Duncan, a former News UK and Bauer Media senior executive who now runs a media consultancy, Seedelta. "Content is disappearing into AI products without serious remuneration, while AI summaries are being integrated into products so there is no need to click through, effectively taking money from both ends. It is an existential crisis."
"At the moment the AI and tech community are showing no signs of supporting publisher revenue," says the chief executive of the UK's Periodical Publishers Association...

Warner Bros. Discovery has filed a major copyright lawsuit against Midjourney, accusing the AI image generator of exploiting its movies and TV shows to train models and generate near-identical reproductions of iconic characters like Batman, Bugs Bunny, and Rick and Morty. From The Hollywood Reporter: The company "brazenly dispenses Warner Bros. Discovery's intellectual property" by letting subscribers produce images and videos of iconic copyrighted characters, alleges the complaint, filed on Thursday in California federal court. "The heart of what we do is develop stories and characters to entertain our audiences, bringing to life the vision and passion of our creative partners," said a Warner Bros. Discovery spokesperson in a statement. "Midjourney is blatantly and purposefully infringing copyrighted works, and we filed this suit to protect our content, our partners, and our investments."

For years, AI companies have been training their technology on data scraped across the internet without compensating creators. It's led to lawsuits from authors, record labels, news organizations, artists and studios, which contend that some AI tools erode demand for their content. Warner Bros. Discovery joins Disney and Universal, which earlier this year teamed up to sue Midjourney. By their thinking, the AI company is a free-rider plagiarizing their movies and TV shows. In the lawsuit, Warner Bros. Discovery points to Midjourney generating images of iconic copyrighted characters. At the forefront are heroes who're at the center of DC Studios' movies and TV shows, like Superman, Wonder Woman and The Joker; others are Looney Tunes, Tom and Jerry and Scooby-Doo characters who've become ubiquitous household names; more are Cartoon Network characters, including those from Rick and Morty, who've emerged as something of cultural touchstones in recent years. [...]

The lawsuit argues Midjourney's ability to return copyrighted characters is a "clear draw for subscribers," diverting consumers away from purchasing Warner Bros. Discovery-approved posters, wall art and prints, among other products that must now compete against the service. [...] Warner Bros. Discovery seeks Midjourney's profits attributable to the alleged infringement or, alternatively, $150,000 per infringed work, which could leave the AI company on the hook for massive damages. The thrust of the studios' lawsuits will likely be decided by one question: Are AI companies covered by fair use, the legal doctrine in intellectual property law that allows creators to build upon copyrighted works without a license? The lawsuit can be found here.

OpenAI plans to launch a new AI-powered jobs platform next year to help match employers with candidates who have AI skills in a bid to accelerate the technology's deployment across businesses and government agencies. From a report: The ChatGPT maker will also introduce a new certification program in the coming months that will teach workers how to better use AI on the job. OpenAI is working with multiple organizations on the program, including Walmart, the largest private employer in the US. OpenAI said it plans to certify 10 million Americans by 2030. [...] For the jobs platform, OpenAI plans to use AI to help match local governments and companies of all sizes with potential candidates.