Crypto-Funded Chinese Peptide Labs Are Booming

加密货币资助的中国多肽实验室正在蓬勃发展

Meta has been quietly stashing dormant face recognition code on more than 50 million phones, WIRED reported this week, tucked inside the companion app that pairs with its Ray-Ban and Oakley smart glasses. If activated, the feature—known internally as NameTag—would let wearers identify people in front of them by matching captured faces against a biometric gallery sitting on the user’s device. It’s the same kind of technology Meta said it walked away from in 2021, after paying out billions of dollars to settle biometric privacy lawsuits in Texas and Illinois.

据《连线》（WIRED）本周报道，Meta 一直在 5000 多万部手机中悄悄存放着处于休眠状态的人脸识别代码，这些代码隐藏在与其 Ray-Ban 和 Oakley 智能眼镜配对的配套应用程序中。如果该功能（内部称为 NameTag）被激活，佩戴者可以通过将捕捉到的人脸与用户设备上的生物识别库进行比对，从而识别面前的人。这正是 Meta 在 2021 年支付数十亿美元和解德克萨斯州和伊利诺伊州的生物识别隐私诉讼后，声称已放弃的同类技术。

Meanwhile, xAI is asking a federal judge to force four people suing the company over Grok-generated deepfake nudes to drop their pseudonyms and litigate under their real names—including one plaintiff who alleges the chatbot was used to fabricate sexual images of her as a child. The plaintiffs say they’d sooner drop the suit than submit to harassment and doxing from Musk’s online supporters. xAI’s lawyers, however, claim that since the deepfakes will remain under seal, there’s “nothing inherently stigmatizing” about naming the people in them.

与此同时，xAI 正在请求联邦法官强制四名因 Grok 生成深度伪造裸照而起诉该公司的原告放弃化名，并使用真实姓名进行诉讼——其中包括一名声称该聊天机器人被用于伪造她未成年时期性图像的原告。原告方表示，他们宁愿撤诉，也不愿屈服于马斯克在线支持者的骚扰和人肉搜索。然而，xAI 的律师声称，由于这些深度伪造图像将保持密封，公开当事人姓名“本身并没有什么污名化”。

Google rolled out a new Android feature this week aimed at the wave of AI-powered impersonation scams that help fraudsters spoof a familiar number and clone a person’s voice. Packaged with Google Dialer and shipping to phones running Android 12 or later, it pings the caller’s device for a silent cryptographic handshake. If the call is fake, Android will flag it and strip the contact photo from the screen, but only if both ends are on Google Dialer, which leaves iPhones out of the picture.

本周，谷歌推出了一项新的 Android 功能，旨在应对利用人工智能进行冒充诈骗的浪潮，这些诈骗手段帮助欺诈者伪造熟悉的号码并克隆人的声音。该功能集成在 Google Dialer 中，并向运行 Android 12 或更高版本的手机推送，它会向呼叫者的设备发送信号进行静默加密握手。如果通话是虚假的，Android 将对其进行标记并从屏幕上移除联系人照片，但前提是双方都使用 Google Dialer，这意味着 iPhone 用户无法享受此功能。

WIRED also reported this week that the Manhattan Institute—the same right-wing think tank that engineered the 1990s broken-windows policing and the Trump administration’s anti-DEI push—is now shopping model legislation to turn minor protest-related offenses into felonies under a novel theory it calls “civil terrorism.”

《连线》本周还报道称，曼哈顿研究所（Manhattan Institute）——即曾策划 20 世纪 90 年代“破窗”警务政策和特朗普政府反 DEI（多元、公平与包容）运动的同一右翼智库——目前正在推销一项示范立法，旨在根据其称之为“公民恐怖主义”的新颖理论，将轻微的抗议相关违法行为定为重罪。

Researchers have detailed a clever new browser side-channel attack called FROST that fingerprints other tabs—and sometimes the apps on your device—by measuring how long it takes to read from a sandboxed file on your SSD. The attack runs entirely in JavaScript and feeds the timing traces through a neural network trained on the I/O signatures of common software. No evidence so far anyone is using it in the wild.

研究人员详细介绍了一种名为 FROST 的巧妙新型浏览器侧信道攻击，它通过测量从 SSD 上的沙盒文件读取数据所需的时间，来对其他标签页甚至设备上的应用程序进行指纹识别。该攻击完全在 JavaScript 中运行，并将时间轨迹输入到一个根据常见软件 I/O 特征训练的神经网络中。目前尚无证据表明有人在现实中利用该技术。

Chinese Crypto-Funded Fentanyl Labs Are Switching to Selling Peptides. The supplements known as peptides—chains of amino acids that promise to help those who smear, ingest, or inject them achieve everything from weight loss to skin rejuvenation—have become their own largely unregulated pharmaceutical subindustry. So it figures that their growth is being fueled by cryptocurrency, often sent directly to the Chinese labs that sell these mysterious panaceas.

加密货币资助的中国芬太尼实验室正转向销售多肽。被称为多肽的补充剂——即氨基酸链，声称能帮助涂抹、摄入或注射它们的人实现从减肥到皮肤回春等各种效果——已经成为一个基本不受监管的医药子行业。因此，它们的增长由加密货币推动也就不足为奇了，这些资金通常直接汇给销售这些神秘“灵丹妙药”的中国实验室。

Crypto-tracing firm Chainalysis this week published an analysis of crypto flows to peptide sellers, a gray market that the company now measures at more than $100 million a year and growing. Chainalysis specifically found that some of the same Chinese labs that were previously selling fentanyl precursors have now switched to manufacturing and selling peptides. The transition, Chainalysis believes, is designed to cash in on the wave of “looksmaxing” hype across social media that has pushed peptide sales—and to avoid the risk of a law enforcement crackdown on opioid manufacturers.

加密货币追踪公司 Chainalysis 本周发布了一份关于流向多肽卖家加密货币资金的分析报告，该公司目前估计这个灰色市场的规模每年超过 1 亿美元且仍在增长。Chainalysis 特别发现，一些此前销售芬太尼前体的中国实验室现在已经转向生产和销售多肽。Chainalysis 认为，这种转变旨在利用社交媒体上“外貌优化”（looksmaxing）的热潮来获利，同时也为了规避执法部门对阿片类药物制造商的打击风险。

Meta’s AI Support Hacked Its Own Users’ Accounts. AI can do all kinds of things if you just ask it: Code an app, touch up your photos, or even hack President Barack Obama’s Instagram account. Since Meta announced in March that its account support will be increasingly automated with AI, including for functions like updating your password, hackers found that they could exploit the tool to reset the password and take over accounts of even high-profile users and celebrities.

Meta 的 AI 客服功能导致用户账户被黑。只要你提出要求，人工智能几乎无所不能：编写应用程序、修图，甚至黑掉巴拉克·奥巴马总统的 Instagram 账户。自 Meta 在 3 月份宣布其账户支持服务将越来越多地由人工智能自动化处理（包括更新密码等功能）以来，黑客们发现他们可以利用该工具重置密码，并接管包括高知名度用户和名人在内的账户。

Among the victims, as reported by 404 Media, are Obama, the chief master sergeant of the US Space Force, and makeup chain Sephora. Meta says the issue is now fixed and affected accounts have been secured. But the wave of takeovers illustrates the risks of off-loading security functions to AI—particularly at companies like Meta, which has very publicly touted its all-in approach to adopting AI across the company.

据 404 Media 报道，受害者包括奥巴马、美国太空军总军士长以及化妆品连锁店丝芙兰（Sephora）。Meta 表示该问题现已修复，受影响的账户已得到保护。但这一波账户接管事件凸显了将安全功能外包给人工智能的风险——尤其是在像 Meta 这样公开宣扬其在全公司范围内全面采用人工智能战略的公司。

Anthropic Is Now Helping the NSA With Offensive Hacking. When AI firm Anthropic rolled out its powerful Mythos tool to a select group of organizations for testing, it raised eyebrows by including the US National Security Agency on that initial access list. Mythos, after all, is reportedly capable of finding previously hidden, hackable vulnerabilities in software with alarming speed, raising fears that it could be used for automated mass surveillance and cyberattacks.

Anthropic 正在协助美国国家安全局（NSA）进行进攻性黑客攻击。当人工智能公司 Anthropic 向少数特定组织推出其强大的 Mythos 工具进行测试时，将美国国家安全局列入初始访问名单引起了广泛关注。毕竟，据报道 Mythos 能够以惊人的速度发现软件中此前隐藏的可利用漏洞，这引发了人们对其可能被用于自动化大规模监控和网络攻击的担忧。

But the NSA also has a defensive mission, and initial reporting suggested the agency might just be using Anthropic’s tool to find bugs in popular software used by Americans—such as Microsoft’s—with the goal of better securing it. Yet the Financial Times now reports that Anthropic is helping the NSA take its use of Mythos a step further, deploying Anthropic’s own engineers to the agency to help it learn to use the AI tool—including for offensive hacking. The FT couldn’t confirm that Mythos is being used in active hacking operations. But given the growing use of AI for state-sponsored hacking, it would be a surprise if the US is not joining the field of modern-day automated cyberintrusions.

但 NSA 也肩负防御使命，最初的报道暗示该机构可能只是利用 Anthropic 的工具来查找美国人使用的流行软件（如微软产品）中的漏洞，旨在加强其安全性。然而，《金融时报》现报道称，Anthropic 正在帮助 NSA 将 Mythos 的使用更进一步，派遣 Anthropic 自己的工程师前往该机构，帮助其学习使用该 AI 工具——包括用于进攻性黑客攻击。FT 无法证实 Mythos 是否已被用于实际的黑客行动。但考虑到人工智能在国家支持的黑客攻击中日益广泛的应用，如果美国没有加入现代自动化网络入侵的行列，那才令人惊讶。