Author: DA Gadgets

Seven technology companies are being probed by a US regulator over the way their artificial intelligence (AI) chatbots interact with children.

The Federal Trade Commission (FTC) is requesting information on how the companies monetise these products and if they have safety measures in place.

The impacts of AI chatbots to children is a hot topic, with concerns that younger people are particularly vulnerable due to the AI being able to mimic human conversations and emotions, often presenting themselves as friends or companions.

The seven companies – Alphabet, OpenAI, Character.ai, Snap, XAI, Meta and its subsidiary Instagram – have been approached for comment.

FTC chairman Andrew Ferguson said the inquiry will “help us better understand how AI firms are developing their products and the steps they are taking to protect children.”

But he added the regulator would ensure that “the United States maintains its role as a global leader in this new and exciting industry.”

Character.ai told Reuters it welcomed the chance to share insight with regulators, while Snap said it supported “thoughtful development” of AI that balances innovation with safety.

OpenAI has acknowledged weaknesses in its protections, noting they are less reliable in long conversations.

The move follows lawsuits against AI companies by families who say their teenage children died by suicide after prolonged conversations with chatbots.

In California, the parents of 16-year-old Adam Raine are suing OpenAI over his death, alleging its chatbot, ChatGPT, encouraged him to take his own life.

They argue ChatGPT validated his “most harmful and self-destructive thoughts”.

OpenAI said in August that it was reviewing the filing.

“We extend our deepest sympathies to the Raine family during this difficult time,” the company said.

Meta has also faced criticism after it was revealed internal guidelines once permitted AI companions to have “romantic or sensual” conversations with minors.

The FTC’s orders request information from the companies about their practices including how they develop and approve characters, measure their impacts on children and enforce age restrictions.

Its authority allows broad fact-finding without launching enforcement action.

The regulator says it also wants to understand how firms balance profit-making with safeguards, how parents are informed and whether vulnerable users are adequately protected.

The risks with AI chatbots also extend beyond children.

In August, Reuters reported on a 76-year-old man with cognitive impairments, who died after falling on his way to meet a Facebook Messenger AI bot modelled on Kendall Jenner, which had promised him a “real” encounter in New York.

Clinicians also warn of “AI psychosis” – where someone loses touch with reality after intense use of chatbots.

Experts say flattery and agreement built into large language models can fuel such delusions.

OpenAI recently made changes to ChatGPT, in an attempt to promote a healthier relationship between the chatbot and its users.

The Information Commissioner’s Office (ICO) has issued a warning about what it calls the “worrying trend” of students hacking their own school and college IT systems for fun or as part of dares.

It has told teachers that they are failing to understand and recognise what it calls the “insider threat” pupils pose.

It says more the majority of so-called “insider” cyber attacks and data breaches in education settings – meaning they have been carried out by someone with access to internal systems – originate with students.

“What starts out as a dare, a challenge, a bit of fun in a school setting can ultimately lead to children taking part in damaging attacks on organisations or critical infrastructure,” said Heather Toomey, Principal Cyber Specialist at the ICO.

It comes amid a spate of high profile cyber-attacks, affecting firms including M&S and Jaguar Land Rover, in which teenage hackers have been implicated.

Since 2022, the ICO has investigated 215 hacks and breaches originating from inside education settings and says 57% were carried out by children.

Other breaches are thought to come from staff, third party IT suppliers and other organisations with access.

According to the new data, almost a third of the breaches involved students illegally logging into staff computer systems by guessing passwords or stealing details from teachers.

In one incident, a seven-year-old was involved in a data breach and subsequently referred to the National Crime Agency’s Cyber Choices programme to help them understand the seriousness of their actions.

The ICO did not give details on the nature of that breach.

In another incident three Year 11 students aged 15 or 16 unlawfully accessed school databases containing the personal information of more than 1,400 students.

The pupils used hacking tools downloaded from the internet to break passwords and security protocols.

When questioned, they said they were interested in cyber security and wanted to test their skills and knowledge.

Another example the ICO gave is of a student illegally logging into their college’s databases with a teachers’ details to change or delete personal information belonging to more than 9,000 staff, students and applicants.

The system stored personal information such as name and home address, school records, health data, safeguarding and pastoral logs and emergency contacts.

Schools are facing an increasing number of cyber attacks, with 44% of schools reporting an attack or breach in the last year according the government’s most recent Cyber Security Breaches Survey.

Youth cyber crime culture is a growing threat with linked to English-speaking teen gangs.

Young or teenage alleged hackers have been arrested in the UK and the US in the last year for hacking campaigns against major companies including MGM Grand Casinos, TfL, Marks and Spencer and Co-op.

Jaguar Land Rover (JLR) has admitted that some data may have been taken by hackers in a cyber-attack that has halted car production and forced the vehicle-maker to send workers home.

The company, owned by India’s Tata Motors, initially said it did not believe any customer information had been stolen

Now, 11 days after the attack, it has conceded that some data has been impacted but declined to say exactly who the information pertained to, such as customers, suppliers or JLR itself.

The affected plants in the UK are not expected to restart until Thursday at the earliest and worldwide production of around 1,000 vehicles a day has been halted.

Production lines at JLR’s factories in Solihull, Halewood and Wolverhampton have been at a standstill since the beginning of last week.

A group calling itself Scattered Lapsus$ Hunters, which was behind this year’s cyber- attacks on UK retailers including M&S, has claimed responsibility for the JLR hack.

Last week, the Information Commissioners Office told the BBC that JLR had reported an incident to the UK’s data watchdog.

In a new statement, JLR said on Wednesday: “As a result of our ongoing investigation, we now believe that some data has been affected and we are informing the relevant regulators.

“Our forensic investigation continues at pace and we will contact anyone as appropriate if we find that their data has been impacted.”

However, Ciaran Martin, a professor at the University of Oxford and the former boss of the National Cyber Security Centre (NCSC), said data isn’t really the issue for a company like JLR – it is more important that the firm can keep operating and making cars.

He told the BBC Radio 4’s Today programme: “There’s a real difference between somebody breaking into your house when you’re not there or when you’re asleep and maybe photocopying your bank records and your medical records and using that to defraud you.

“There’s a real difference between that and being punched in the face and having your legs broken.”

Prof Martin said that “the law right now tells companies to protect customer data as your number one priority” but said that securing a firm’s operation was just as important.

M&S’s operation was impacted by a cyber-attack for a number of months this year, stopping customers from ordering online and costing the High Street retailer £300m.

JLR shut down its IT networks in response to the attack.

The company said it is “working around the clock”, to restart its IT systems but doing so is understood to be a highly complex process.

The NCSC, which is part of GCHQ, is assisting JLR.

Chris Bryant, the newly-appointed business minister, told MPs on Tuesday that the government was “engaging with JLR on a daily basis to understand the challenges that the company and its suppliers are facing”.

Local MPs have been invited to a half-hour question and answer session with the company on Friday.

The UK’s elections watchdog says it’s taken three years and at least a quarter of a million pounds to fully recover from a hack that saw the private details of 40m voters accessed by Chinese cyber spies.

Last year, the Electoral Commission was publicly reprimanded for a litany of security failures that allowed hacking groups to spy undetected, after breaking into databases and email systems.

In the first interview about the hack, the commission’s new boss admits huge mistakes were made, but says the organisation is now secure.

“The whole thing was an enormous shock and basically it’s taken us quite a few years to recover from it,” says chief executive Vijay Rangarajan.

“The culture here has changed significantly now partly as a result of this. It’s a very painful way to learn.”

The Electoral Commission oversees elections and regulates political finance in the UK to ensure the integrity of the democratic process.

Mr Rangarajan was not CEO when the hack happened but says that colleagues described the chaos of discovering the hackers as “feeling like you’d been burgled whilst still inside the house”.

The hackers first breach was in August 2021, using a security flaw in a popular software programme called Microsoft Exchange. The digital hole was being exploited by suspected Chinese spies around the world and organisations were being warned to download a software patch to protect themselves. Despite months of warnings, the commission failed to do so.

Hackers had access to the full open electoral register containing the names and addresses of all 40m UK voters.

They could also read every email sent and received at the commission.

The criminals weren’t found until October 2022 during an password system upgrade.

Not keeping software up to date was one of several basic security mistakes made including having bad password practices, failing a basic government-run security audit and ignoring advice from the National Cyber Security Centre.

The Information Commissioner’s office issued a formal reprimand to the Electoral Commission but if equivalent mistakes were made in a private sector breach it would likely have led to a large fine.

Mr Rangarajan says that as well as the reprimand, stakeholders including in parliament were shocked by the complacency and asked “what were you doing?”

No individual person has been publicly reprimanded for the security lapses.

There were six by-elections during the period that hackers were inside the commission’s IT networks but there is no evidence that anything was affected by it.

However the commission says it still doesn’t know what the hackers were doing or what information they may have downloaded.

Mr Rangarajan admits that the hackers could have caused major disruption if they have installed malicious software or hampered communications during an election.

“All of this could have caused us amazing problems. It was a dangerous thing to have happened,” he said.

Chinese spies were blamed for the attack and received sanctions from British and US authorities. China has always denied any involvement.

Mr Rangarajan said staff at the time didn’t seem to think the commission would be targeted by hackers. This was despite high profile elections interference cases like the 2016 US presidential election hack of Hilary Clinton’s emails.

“I don’t think everyone realised quite how much democratic systems and electoral systems were targets. We tended to be quite comfortable in the way we runs things. We now have to be really up to speed with the threats,” he said.

The Electoral Commission was given grants of more then £250,000 to recover from the breach and now says it is spending significantly more of its budget on cyber security.

It has now passed the National Cyber Security Centre’s Cyber Essentials certification – the audit that an insider told the BBC it had failed in the build up to the hack. It has also achieved Cyber Essentials Plus – the highest level of certification from the scheme.

Microsoft’s Azure cloud services have been disrupted by undersea cable cuts in the Red Sea, the US tech giant says.

Users of Azure – one of the world’s leading cloud computing platforms – would experience delays because of problems with internet traffic moving through the Middle East, the company said.

Microsoft did not explain what might have caused the damage to the undersea cables, but added that it had been able to reroute traffic through other paths.

Over the weekend, there were reports suggesting that undersea cable cuts had affected the United Arab Emirates and some countries in Asia.

Cables laid on the ocean floor transmit data between continents and are often described as the backbone of the internet.

An update posted on the Microsoft website on Saturday said that Azure traffic going through the Middle East “may experience increased latency due to undersea fibre cuts in the Red Sea”.

It stressed that traffic “that does not traverse through the Middle East is not impacted”.

On Saturday, NetBlocks, an organisation that monitors internet access, said a series of undersea cable cuts in the Red Sea had affected internet services in several countries, including India and Pakistan.

The Pakistan Telecommunication Company said in a post on X that the cuts occurred in waters near the Saudi city of Jeddah and warned that internet services could be affected during peak hours.

Undersea cables can be damaged by anchors dropped by ships, but have also, in the past, been deliberately targeted.

In February 2024, several communications cables in the Red Sea were cut, affecting internet traffic between Asia and Europe.

The incident happened about a month after Yemen’s internationally recognised government warned that the Iran-backed Houthi movement might sabotage the cables and attack ships on the Red Sea. The Houthis denied that they had targeted cables.

In the Baltic Sea, a series of undersea cables and gas pipelines have been damaged in suspected attacks since Russia’s invasion of Ukraine in 2022.

Earlier this year, Swedish authorities seized a ship suspected of damaging a cable running under the Baltic Sea to Latvia. Prosecutors said an initial investigation pointed to sabotage.

Google has been fined €2.95bn (£2.5bn) by the EU for allegedly abusing its power in the ad tech sector – the technology which determines which adverts should be placed online and where.

The European Commission said on Friday the tech giant had breached competition laws by favouring its own products for displaying online ads, to the detriment of rivals.

It comes amid increased scrutiny by regulators worldwide over the tech giant’s empire in online search and advertising.

Google told the BBC the Commission’s decision was “wrong” and it would appeal.

“It imposes an unjustified fine and requires changes that will hurt thousands of European businesses by making it harder for them to make money,” said Lee-Anne Mulholland, global head of regulatory affairs at Google.

“There’s nothing anti-competitive in providing services for ad buyers and sellers, and there are more alternatives to our services than ever before.”

US President Donald Trump also attacked the decision, saying in a post on social media it was “very unfair” and threatening to launch an investigation over European tech practices that could lead to tariffs.

“As I have said before, my Administration will NOT allow these discriminatory actions to stand,” he wrote.

“The European Union must stop this practice against American Companies, IMMEDIATELY!”

Trump has repeatedly criticised the bloc’s fines and enforcement actions against US tech firms in recent months, though the US government has brought its own lawsuits over Google’s monopoly of the online ad market.

Earlier this week, the Commission denied reports it had delayed the announcement of Google’s fine amid tensions over trade relations between the EU and the US.

In the Commission’s decision on Friday, the Commission accused Google of “self-preferencing” its own technology above others.

As part of its findings, it said Google had intentionally boosted its own advertising exchange, AdX, over competing exchanges where ads are bought and sold in real-time.

Competitors and publishers faced higher costs and reduced revenues as a result, it said, claiming these may have been passed to consumers in the form of more expensive services.

The regulator has ordered the company to bring such practices to an end, as well as pay the nearly €3bn penalty.

The Commission’s fine is one of the largest fines it has handed down to tech companies accused of breaching its competition rules to date.

In 2018 it fined Google €4.34bn (£3.9bn) – accusing the company of using its Android operating system to cement itself as the dominant player in that market.

Teresa Ribera, executive vice president of the Commission, said in a statement on Friday the regulator had factored in previous findings of Google’s anti-competitive conduct when deciding to levy a higher fine.

“In line with our usual practice, we increased Google’s fine since this is the third time Google breaks the rules of the game,” she said.

Ms Ribera also warned the tech giant it had 60 days to detail how it would change its practices, or else the Commission would look to impose its own solution.

“At this stage, it appears the only way for Google to end its conflict of interest effectively is with a structural remedy, such as selling some part of its ad tech business,” she said.

A group of young English-speaking hackers are claiming to be behind the cyber attack which has halted the global production lines of Jaguar Land Rover (JLR).

The group is bragging about the hack on the messaging app Telegram, sharing screenshots apparently taken from inside the car maker’s IT networks.

The gang is also responsible for a wave of cyber attacks on UK retailers including M&S in the spring – and are calling themselves “Scattered Lapsus$ Hunters”.

“Where is my new car, Land Rover,” the hackers – who are thought to be teens – posted to taunt the company.

JLR told the BBC it was aware of the claims and was investigating.

In private text conversations with one of the criminals, who claims to be a spokesperson for the group, they explained how the gang allegedly accessed the car maker.

It’s understood they are now trying to extort the firm for money.

But the hacker would not say if they have successfully stolen private data from JLR or installed malicious software onto the company’s network.

The hacker wouldn’t provide any more evidence – and these types of criminal gangs are known to exaggerate to get attention.

But two images posted by the group show apparent internal instructions for troubleshooting a car charging issue and internal computer logs.

One security expert has speculated the screenshots suggest the criminals have access to information they should not have.

“Based on the information provided by the attackers and open source intelligence, the attack has access to JLR’s internal systems and network,” security researcher Kevin Beaumont said.

A spokesperson for the Information Commissioner’s Office said: “Jaguar Land Rover has reported an incident and we are assessing the information provided.”

Car production at sites including the Halewood plant in Merseyside and another in Solihull have been heavily disrupted since the attack was discovered on Sunday.

Staff have been sent home and JLR has said it’s working to get manufacturing back online.

The company has not disclosed the nature of the attack.

“We took immediate action to mitigate its impact by proactively shutting down our systems, it said in a statement.

“We are now working at pace to restart our global applications in a controlled manner.

“At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted.”

The hackers chose the name Scattered Lapsus$ Hunters to reflect the merging of various youth-orientated cyber criminals who are all associated with a network called The Com.

Earlier this year the National Crime Agency warned of the growing threat from cyber criminals in The Com.

The newly named group is a mixture of hackers who have been part of the groups Shiny Hunters, Lapsus$ and Scattered Spider – all notorious young hacking groups of the last few years that emerged from The Com.

The Telegram channel used by the criminals now has nearly 52,000 subscribers. The group has been bragging about hacks and sharing incomprehensible in-jokes for days.

It’s the fourth such Telegram channel as previous ones have been closed down.

Scattered Spider is name of a loosely linked group of hackers responsible for high profile attacks on M&S, Co-op and Harrods in April and May.

In July the National Crime Agency arrested 4 people in connection to the hacks.

A 20-year-old woman was arrested in Staffordshire, and three males – aged between 17 and 19 – were detained in London and the West Midlands. All have since been released on bail.

Google will not have to sell its Chrome web browser but must share information with competitors, a US federal judge has ordered.

The remedies decided by District Judge Amit Mehta have emerged after a years-long court battle over Google’s dominance in online search.

The case centred around Google’s position as the default search engine on a range of its own products such as Android and Chrome as well as others made by the likes of Apple.

The US Department of Justice had demanded that Google sell Chrome – Tuesday’s decision means the tech giant can keep it but it will be barred from having exclusive contracts and must share search data with rivals.

Google had proposed less drastic solutions, such as limiting its revenue-sharing agreements with firms like Apple to make its search engine the default on their devices and browsers.

On Tuesday, the company indicated that it viewed the ruling as a victory, and said the rise of artificial intelligence (AI) probably contributed to the outcome.

“Today’s decision recognizes how much the industry has changed through the advent of AI, which is giving people so many more ways to find information,” Google said in a statement after the ruling.

“This underlines what we’ve been saying since this case was filed in 2020: Competition is intense and people can easily choose the services they want,” the statement continued.

The tech giant had denied wrongdoing since charges were first filed against it in 2020, saying its market dominance is because its search engine is a superior product to others and consumers simply prefer it to others.

Last year, Judge Mehta ruled that Google had used unfair methods to establish a monopoly over the online search market, actively working to maintain a level of dominance to the extent it broke US law.

But in his decision, Judge Mehta said a complete sell-off of Chrome was “a poor fit for this case”.

Google will also not have to sell off its Android operating system, which powers most of the world’s smartphones.

The company had argued that off-loading parts of its operations, such as Android, would mean they would effectively stop working properly.

“Today’s remedy order agreed with the need to restore competition to the long-monopolized search market, and we are now weighing our options and thinking through whether the ordered relief goes far enough in serving that goal,” Assistant Attorney General Abigail Slater wrote on X after the ruling.

Shares in Alphabet, Google’s parent company, jumped by more than 8% after the ruling.

Smartphone-makers such as Apple, Samsung and Motorola will also benefit.

Before the ruling, Google paid such firms billions of dollars to exclusively pre-load or promote the tech company’s products.

It was revealed at trial that Google paid more than $26bn for such deals with Apple, Mozilla and others in 2021.

Now, Google will not be allowed to enter into any exclusive contracts for Google Search, Chrome, Google Assistant or the Gemini app.

It means phone manufacturers will be free to pre-load or promote other search engines, browsers or AI assistants alongside Google’s.

Google will, however, be able to continue paying distributors for default placement.

Gene Munster, managing partner at Deepwater Asset Management, said the ruling was “good news for big tech”.

“Apple also gets a nice win because the ruling forces Google to renegotiate the search deal annually,” he said on X.

Judge Mehta’s ruling “doesn’t seem to be as draconian as the market was expecting,” said Melissa Otto, head of research at S&P Global Visible Alpha.

With Google’s search operation expected to generate close to $200bn this year, and tens of billions of that expected to go to distribution partners it is a win-win for the major corporate players involved in the case, Ms Otto said.

But Google competitor DuckDuckGo said the order failed to “force the changes necessary to address Google’s illegal behaviour”.

“As a result, consumers will continue to suffer,” said DuckDuckGo founder and CEO Gabriel Weinberg.

The decision is not the end of the tech giant’s court battles.

Later this month, Google is scheduled to go to trial in a separate case brought by the Justice Department where a judge found the company holds illegal monopolies in online advertising technology.