Large language models are pre-trained on uncurated text datasets consisting of trillions of tokens scraped from the Web. Prior work has shown that: (1) web-scraped pre-training datasets can be practically poisoned by malicious actors; and (2) adversaries can compromise language models after poisoning fine-tuning datasets. Our work evaluates for the first time whether language models can also be compromised during pre-training, with a focus on the persistence of pre-training attacks after models are fine-tuned as helpful and harmless chatbots (i.e., after SFT and DPO). We pre-train a series of LLMs from scratch to measure the impact of a potential poisoning adversary under four different attack objectives (denial-of-service, belief manipulation, jailbreaking, and prompt stealing), and across a wide range of model sizes (from 600M to 7B). Our main result is that poisoning only 0.1% of a model's pre-training dataset is sufficient for three out of four attacks to measurably persist through post-training. Moreover, simple attacks like denial-of-service persist through post-training with a poisoning rate of only 0.001%.

For hackers seeking to maximize chaos, so-called denial-of-service attacks that knock targets offline with waves off junk traffic are typically more of a blunt cudgel than a weapon of mass destruction. But according to the US Department of Justice, a pair of Sudanese brothers allegedly behind the hacktivist group Anonymous Sudan launched a spree of those crude cyberattacks that was both powerful and cruel enough in its choice of victims--extending to dozens of hospitals in multiple countries, Israel's missile alert system, and thousands of digital services--that one of them is now being charged not only with criminal hacking but also with the rare added allegation of seeking to cause physical death and injury. On Wednesday the DOJ unsealed charges against brothers Ahmed and Alaa Omer, who allegedly launched a punishing bombardment of more than 35,000 distributed denial-of-service, or DDoS, attacks against hundreds of organizations, taking down websites and other networked systems as part of both their own ideologically motivated hacktivism, as a means of extortion, or on behalf of clients of a cyberattack-for-hire service they ran for profit. According to US prosecutors and the FBI, their victims included Microsoft's Azure cloud services, OpenAI's ChatGPT, video game and media companies, airports, and even the Pentagon, the FBI, and the Department of Justice itself. "We declare cyber war on the United States," Ahmed Omer posted in a message to Anonymous Sudan Telegram channel in April of last year, according to the indictment.

In an IIoT scenario, an attacker could assume control of a smart actuator and knock an industrial robot out of its designated lane and speed limit – potentially damaging an assembly line or injuring operators. Device hijacking: The attacker hijacks and effectively assumes control of a device. These attacks are quite difficult to detect because the attacker does not change the basic functionality of the device. Moreover, it only takes one device to potentially re-infect others, for example, smart meters connected to a grid. In an IIoT scenario, a hijacker could assume control of a smart meter and use the compromised device to launch ransomware attacks against Energy Management Systems (EMSs) or illegally siphon unmetered power lines.

With the advent of gadgets like doorbell cameras, smart kitchen appliances and data-logging sensors that track your sleep, the smart home now extends to even the most intimate areas of the household. It's great for general convenience, like knowing whether you left the heater on or locked the door behind you, but these connected devices also bring with them a host of security concerns. We asked Wendy Nather, director of advisory CISOs at Duo Security, for a reality check on what the real vulnerabilities in a smart home are. "The most prevalent threat is automated attacks that are trying to take over devices as they would personal computers, to assemble into a group that can be used for their own purposes," she said. These threats often include denial-of-service attacks, cryptocurrency mining and stealing user passwords.

Have you ever been attacked by trolls on social media? In December a mocking tweet from white supremacist David Duke led his supporters to turn my Twitter account into an unholy sewer of Nazi ravings and disturbing personal abuse. It went on for days. Faced with a torrent of hate and abuse, people are giving up on social media, and websites are removing comment features. Who wants to be part of an online community ruled by creeps and crazies?

A cyber attack on the Internet infrastructure company Dyn on October 21 hindered internet browsing for hours while the company scrambled to restore service. The as-yet unidentified attackers were helped by a millions-strong army of Internet of Things devices, including enterprise webcams and DVRs, that were quietly conscripted into a botnet to launch the denial-of-service attack. The incident is the latest reminder that many IoT devices aren't adequately secured. These types of attacks will continue as long as a large enough number of vulnerable devices exists. So the question facing the security industry is how to shrink that number.