open source and cybersecurity news

June 15, 2023

Hunter Valley Bus Tragedy Scams Spotted, Striking a balance, protecting national security and privacy in the age of commercial data, CISA warns of sabotage from Chinese hackers, PassGPT

In this Episode:

Hunter Valley Bus Tragedy Scams Spotted

?? Edwin Kwan, Sydney, Australia ↗
Scammers allegedly set up GoFundMe pages to exploit Hunter Valley bus tragedy – Cyber Security Connect

Striking a balance, protecting national security and privacy in the age of commercial data.

?? Hillary Coover, Washington, DC
Declassified Report on Commercial Available Information

CISA warns of sabotage from Chinese hackers

?? Katy Craig, San Diego, California ↗
Americans should prepare for cyber sabotage from Chinese hackers, US official warns | Reuters

PassGPT is an AI Model That Generates 20% unseen passwords by learning from RockYou2021 – the biggest password leak in history

?? Olimpiu Pop, Transylvania, Romania ↗
Meet PassGPT, the AI Trained on Millions of Leaked Passwords – Decrypt
PassGPT: Password Modeling and (Guided) Generation with Large Language Models
[2306.01545] PassGPT: Password Modeling and (Guided) Generation with Large Language Models
RockYou2021: Largest Ever Password Compilation Leaked | Cybernews

This Day in Tech History 

?? Marcel Brown, St. Louis, Missouri ↗

Episode Transcription:

Pokie Huang:

Hey, it’s 5:05 on Thursday, June 15th, 2023. From the Sourced Podcast Network in New York City, this is your host, Pokie Huang. Stories in today’s episode come from Edwin Kwan in Sydney, Australia, Hillary Coover in Washington, DC, Katy Craig in San Diego, California, Olimpiu Pop in Transylvania, Romania, Marcel Brown in St. Louis, Missouri. 

Let’s get to it.

Edwin Kwan: 

This is Edwin Kwan from Sydney, Australia. 

Early this week there was a tragic bus accident in Australia, New South Wales Hunter Valley region. A bus which was returning from a local wedding overturned, killing 10 people and injuring a further 14. Following the accident, scammers wasted no time in targeting unsuspecting donors.

Multiple GoFundMe pages had been set up, which was circulating across social media. GoFundMe said that they have mobilized their crisis response teams who are continually monitoring, vetting, and verifying all fundraisers for those who have been affected by this incident. They said that all donations are safely held until the GoFundMe Trust and safety team are able to complete their checks to ensure that funds can be transferred safely to the intended beneficiary.

For those wanting to donate, the local football club is setting up an official page, and that link will be posted to their Facebook page in due course.

Hillary Coover: 

In today’s complex world, the delicate balance between national security and individual privacy has never been more critical. The recent report on commercially available information by the US’ Top Spy Agency sparked an important conversation about the responsible use of data for national security purposes.

I’m Hillary Coover. 

As we explore the implications of this report, it becomes clear that smart and balanced legislation is essential to protect both national security and the privacy of citizens. So first and foremost, we have to acknowledge the immense value that this data holds for national security efforts. When used responsibly, it can enhance our nation’s security posture and I think that we cannot ignore that.

However, it is crucial to address the valid concerns surrounding the privacy implications of this commercially available data. The fact that this data is accessible to anyone, including potential adversaries is cause for concern. I believe that most people don’t realize that their individual privacy is breached or their individual data is used in the way that it is for commercial purposes or national security purposes.

We should recognize that privacy protection should extend beyond government surveillance and encompass all entities, including commercial actors. I’ve realized that will not be a popular opinion among the multi-billion dollar advertising industry that relies on targeted data, but it is, an evolving landscape that must be regulated.

Furthermore, legislation should address the issue of data anonymization, which has proven to be imperfect. As that report highlighted, even anonymized data can be de-anonymized. Stricter regulations and guidelines are also needed to ensure that the privacy protection measures are effective and that individuals cannot be easily identified or targeted through this data.

It’s also critical to acknowledge the global nature of data acquisition and usage. Other countries are actively acquiring this data for intelligence purposes. To protect our citizens’ privacy, we need legislation that extends beyond national borders, fostering international cooperation and agreements that establish common standards for data protection.

Katy Craig: 

During an appearance at the Aspen Institute, Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency, sounded the alarm on Beijing’s growing investments and capabilities to sabotage US critical infrastructure. 

This is Katy Craig in San Diego, California. 

She emphasized the real intangible threat that we need to prepare for and build resilience against. Beijing’s hackers, according to Easterly, have the potential to breach defenses and cause physical damage. She warned that preventing disruptions will be extremely difficult given the formidable capabilities and resources China dedicates to these activities. 

The Chinese embassy in Washington had no immediate response to this warning.

Easterly’s comments echoed concerns about Volt Typhoon, a suspected Chinese hacking group positioning itself for destructive cyber attacks during conflicts, as previously highlighted by US intelligence assessments. 

The cybersecurity landscape remains a high stakes battleground. As we confront these evolving threats, let’s stay vigilant and fortify our defenses against the risks that lie ahead.

This is Katie Craig. Stay safe out there. 

Olimpiu Pop: 

Rocky 2021. It’s not the concert, it’s not the movie, and it’s not my email address, even though it has a nice ring to it. It was the biggest password leak in history with 8.4 billion passwords leaked. That’s a billion with a B, the second letter in the alphabet. That’s scary. At least one password leaked for each human on this planet.

 But some good comes out of it as well. Let me see if you guess the name of the tool. PassGPT, of course. The tool developed by researchers from ETH Zürich, Swiss Data Science Center, and SRI International in New York, learn from the leaked passwords to help users generate more secure passwords.

Wait, what? That’s right. As opposed to previous models that fashion passwords as complete entities PassGPT introduces an innovative strategy, progressive sampling. This method constructs passwords, character by character, ensuring a meticulously complex password, and was trained on a collection of millions of previously leaked passwords.

Wait, there is an extra complexity. Heuristics failed to work with passwords in other languages than English. In the AI hype, this is not the case anymore. According to its creator, this approach can create more unseen passwords by 20%. 

Be careful where you get the tool from. There was an April Fools joke with the same name. 

On you can find the proper links to the tool. 

Olimpiu Pop reporting from Sylvania, Romania.

Marcel Brown: 

This is Marcel Brown, the most trusted name in technology, bringing you some technology history for June 15th. 

June 15th, 1911. The Computing Tabulating Recording company is incorporated in New York. Otherwise known as CTR, it was a consolidation of the Computing Scale Company of America, the Tabulating Machine Company, and the International Time Recording Company.

Eventually, in 1924, CTR adopted the name International Business Machines, better known as IBM. 

June 15th, 2006. Bill Gates by this time chairman of Microsoft, given that he had transitioned the CEO role to Steve Balmer, announces that he will transition out of his day-to-day role at Microsoft by July, 2008 in order to dedicate more time to the Bill and Melinda Gates Foundation. 

In all my study of Bill Gates, this move only solidified my opinion that he really wasn’t passionate about technology, and technology was simply his vehicle to prove to the world just how smart he was. Once he conquered the technology world, or at least felt he had by this point with Microsoft, he seemingly moved on to bigger and better things where he could continue to show the world just how smart he was by spending his vast fortune through his foundation. 

That’s your technology history for today. For more, tune in tomorrow and visit my website

Pokie Huang:

That’s it for today’s open source and cybersecurity updates. For direct links to all stories and resources mentioned in today’s episode, go to, where you can listen to our growing library of over 100 episodes. You can also download the transcript of all episodes for easy reference.

5:05 is a Sourced Networks Production with updates available Monday through Friday on your favorite audio streaming platform. Just search for “It’s 5:05!”. And please consider subscribing while you’re there.

Thank you to Edwin Kwan, Hillary Coover, Katy Craig, Olimpiu Pop, Marcel Brown for today’s contributions.

The Executive Producer and the editor is Mark Miller. The sound engineer is Pokie Huang. Music for today’s episode is by Blue Dot Sessions. We use Descript for spoken text editing and Audacity to layer in the soundscapes. The show distribution platform is provided by This is Pokie Huang. See you tomorrow… at 5:05.



Leave the first comment