Optiv spokesperson Jeremy Jones wrote in an email that his company has “cooperated fully with the Department of Justice” and that Optiv “is not a subject of this investigation.” That’s true: The subjects of the investigation are the three former US intelligence and military personnel who worked illegally with the UAE. However, Accuvant’s role as exploit developer and seller was important enough to be detailed at length in Justice Department court filings.
The iMessage exploit was the primary weapon in an Emirati program called Karma, which was run by DarkMatter, an organization that posed as a private company but in fact acted as a de facto spy agency for the UAE.
Reuters reported the existence of Karma and the iMessage exploit in 2019. But on Tuesday, the US fined three former US intelligence and military personnel $1.68 million for their unlicensed work as mercenary hackers in the UAE. That activity included buying Accuvant’s tool and then directing UAE-funded hacking campaigns.
The US court documents noted that the exploits were developed and sold by American firms but did not name the hacking companies. Accuvant’s role has not been reported until now.
“The FBI will fully investigate individuals and companies that profit from illegal criminal cyber activity,” Bryan Vorndran, assistant director of the FBI’s Cyber Division, said in a statement. “This is a clear message to anybody, including former US government employees, who had considered using cyberspace to leverage export-controlled information for the benefit of a foreign government or a foreign commercial company—there is risk, and there will be consequences.”
Prolific exploit developer
Despite the fact that the UAE is considered a close ally of the United States, DarkMatter has been linked to cyberattacks against a range of American targets, according to court documents and whistleblowers.
Helped by American partnership, expertise, and money, DarkMatter built up the UAE’s offensive hacking capabilities over several years from almost nothing to a formidable and active operation. The group spent heavily to hire American and Western hackers to develop and sometimes direct the country’s cyber operations.
At the time of the sale, Accuvant was a research and development lab based in Denver, Colorado, that specialized in and sold iOS exploits.
“The FBI will fully investigate individuals and companies that profit from illegal criminal cyber activity. This is a clear message to anybody… there is risk, and there will be consequences.”
Brandon Vorndran, FBI
A decade ago, Accuvant established a reputation as a prolific exploit developer working with bigger American military contractors and selling bugs to government customers. In an industry that typically values a code of silence, the company occasionally got public attention.
“Accuvant represents an upside to cyberwar: a booming market,” journalist David Kushner wrote in a 2013 profile of the company in Rolling Stone. It was the kind of company, he said, “capable of creating custom software that can enter outside systems and gather intelligence or even shut down a server, for which they can get paid up to $1 million.”
Optiv largely exited the hacking industry following the series of mergers and acquisitions, but Accuvant’s alumni network is strong—and still working on exploits. Two high-profile employees went on to cofound Grayshift, an iPhone hacking company known for its skills at unlocking devices.
Accuvant sold hacking exploits to multiple customers in both governments and the private sector, including the United States and its allies—and this exact iMessage exploit was also sold simultaneously to multiple other customers, MIT Technology Review has learned.
The iMessage exploit is one of several critical flaws in the messaging app that have been discovered and exploited over recent years. A 2020 update to the iPhone’s operating system shipped with a complete rebuilding of iMessage security in an attempt to make it harder to target.
The way forward: Merging IT and operations
“People in operations see a ton of opportunity,” says Irani-Famili, who has worked in the energy sector for the better part of a decade. For problems they encounter every day, OT dreams up potential fixes. For example, if there’s a power outage, relevant supervisors could automatically get notifications wherever they are. Or staff availability data could flow through company systems so supervisors and managers can more easily assign projects or shifts.
“And then they go and talk to IT, and IT’s response might be ‘Not possible. This could be breaking every security protocol,’” Irani-Famili says. Operations sees solutions to problems. IT sees cybersecurity, integration, and support risk. “But from the operations perspective, what they see is IT red tape, IT is not collaborating, or IT is not playing the game.”
It’s easy to describe IT and OT as different departments with different objectives and starkly different cultures. They are often managed independently in organizations and treated as isolated groups that cater to specific problems and employ their own protocols. But that results in inefficient, costly setups that fail to foster innovation and standardization.
As global economies gain steam after near collapse amid the 2020 coronavirus pandemic, the pressure is on to boost productivity, innovation, and agility. Companies need to increase the speed of business by digitizing processes and using the internet of things and artificial intelligence (AI) to extract actionable insight from large data sets.
To undergo such digital transformation in industries that rely heavily on physical assets—manufacturing, oil and gas, transportation, energy, and utilities—organizations must integrate IT and OT into one seamless organization that connects systems on both sides.
“IT/OT convergence is an inevitability,” says Fay Cranmer, senior managing director in Accenture’s natural resources practice and former chief information officer at mining company Rio Tinto. “It’s the only way to have a full digital transformation, especially in the heavy industry space.”
But there are significant challenges to overcome. Many industrial environments are characterized by legacy equipment, time-honored, manual processes, and resistance to change—from both sections of the business, OT and IT. Often the attitude is, OT alone knows how to generate the products and services that produce revenue for the company.
Conversely, IT folks often think only they know how to help modernize OT departments, by enabling the systems that allow the benefits of AI, the internet of things, and other digital technologies. True collaboration is a must, but the complexity of new technology and infrastructure merging with legacy machines prompts questions concerning investment, leadership, and governance.
Bala Arunachalam, an executive in oil and gas for more than 30 years, says specific industry characteristics are a big factor. “This industry is a legacy industry. For them to move onto the technology space, to capitalize on the opportunity that is in front of them, is a struggle.”
As physical assets, whether in the factory or out in the field, become digitized through internet-of-things technology; as applications, data storage, and data processing move to the cloud; and as employees stick to their home offices more than a year into the pandemic, any perceived boundaries between OT and rest of the business are crumbling. “The challenge is that we need to bring data together across all those boundaries,” says Cranmer. The biggest hurdles, she says, are organizational and cultural. “The technological side is much more easily overcome than the human side.”
The good news is there are guidelines that organizations can follow to achieve the IT/OT integration that’s so critical for successful digital transformation initiatives.
Download the full report.
Forget dating apps: Here’s how the net’s newest matchmakers help you find love
The thread took off. Morgan basked in the feel-good vibes of seeing people find each other—“I love love!”—and reveled in the real-life connections she was able to mastermind: multiple dates in her hometown of Portland, Oregon; someone who was thinking of flying to meet somebody in New York because of the thread; even a short relationship. Even today, people continue to add their pictures to the thread, seeking love all across the United States.
If this feels a bit like old-fashioned matchmaking, it is. But it’s a long way from gossipy neighborhood grandmas setting up dates. These operations are often ad hoc, based on platforms like Twitter and TikTok, and—unlike the dating apps, with their endless menu of eligible suitors—hyperfocused on one person at a time.
Play by mail
Randa Sakallah launched Hot Singles in December 2020 to solve her own dating blues. She’d just moved to New York to work in tech and was “sick of swiping.” So she created an email newsletter using the platform Substack that had a seemingly simple premise: apply via Google Form to be featured, and if you are, your profile—and yours only—is sent to an audience of thousands.
Yes, each profile features the requisite information: name, sexual orientation, interests, and some photos. But crucially, it has a wry editorial slant that comes from Sakallah’s questions and the email presentation. This week’s single, for example, is asked what animal she would be; the answer is somewhere between a peacock and a sea otter. (“My main goals in life are to snack, hold hands, and maybe splash around a bit,” she writes.)
Sakallah says part of the appeal of Hot Singles is that only one person’s profile is delivered via email on Friday. It’s not a stream of potential faces available on demand, she says, which makes it possible to really savor getting to know a single person as a human being and not an algorithmically offered statistic.
“I try to tell a story and give them a voice,” says Sakallah. “You really want to think about the whole person.”
Dating apps may be quick and easy to use, but critics say their design and their focus on images reduces people to caricatures. Morgan, who started the long-running Twitter thread, is a black woman who says that the dating-app experience can be exhausting because of her race.
“I’ve had friends just put their photo and an emoji up, and they would get someone asking them to coffee so fast,” she said. Meanwhile, “I’d have to put more work into my profile and write paragraphs.” The results of her effort either didn’t get read or attracted a slew of uncomfortable, racist comments. “It was frustrating,” she says.
Scratching a different itch
Dating-app fatigue has a number of sources. There’s the paradox of choice: you want to be able to select from a wide variety of people, but that variety can be debilitatingly overwhelming. Plus, the geographic parameters typically set on such apps often actually make the dating pool worse.
Alexis Germany, a professional matchmaker, decided to try TikTok videos during the pandemic to showcase people and has found them immensely popular—particularly among people who don’t live in the same place.
“What makes you think your person is in your city?” Germany says. “If they’re a car ride away or a short plane ride away, it could work.”
These weird virtual creatures evolve their bodies to solve problems
“It’s already known that certain bodies accelerate learning,” says Bongard. “This work shows that AI that can search for such bodies.” Bongard’s lab has developed robot bodies that are adapted to particular tasks, such as giving callus-like coatings to feet to reduce wear and tear. Gupta and his colleagues extend this idea, says Bongard. “They show that the right body can also speed up changes in the robot’s brain.”
Ultimately, this technique could reverse the way we think of building physical robots, says Gupta. Instead of starting with a fixed body configuration and then training the robot to do a particular task, you could use DERL to let the optimal body plan for that task evolve and then build that.
Gupta’s unimals are part of a broad shift in how researchers are thinking about AI. Instead of training AIs on specific tasks, such as playing Go or analyzing a medical scan, researchers are starting to drop bots into virtual sandboxes—such as POET, OpenAI’s virtual hide-and-seek arena, and DeepMind’s virtual playground XLand—and getting them to learn how to solve multiple tasks in ever-changing, open-ended training dojos. Instead of mastering a single challenge, AIs trained in this way learn general skills.
For Gupta, free-form exploration will be key for the next generation of AIs. “We need truly open-ended environments to create intelligent agents,” he says.