Microsoft Sues Group for Creating Tools to Bypass Azure AI Security
Microsoft is taking to the courts to protect the integrity of its cloud-based generative AI services, suing what it says is a foreign-based threat group that is developing tools aimed at bypassing safety guardrails the company has put in place to protect them.
In a 41-page lawsuit filed in federal court in Virginia, Microsoft is targeting 10 unnamed members of a threat group that the IT giant is claiming are using their tools in a “sophisticated scheme” to get around the security measures to use the Azure OpenAI AI services to create harmful images.
“Microsoft continues to go to great lengths to enhance the resilience of our products and services against abuse; however, cybercriminals remain persistent and relentlessly innovate their tools and techniques to bypass even the most robust security measures,” Steven Masada, assistant general counsel in Microsoft’s Digital Crimes Unit, wrote in a blog post.
According to Masada, Microsoft uses built-in mechanisms to mitigate security issues with its AI services at the model, platform, and applications levels, including content filtering and abuse detection technologies. However, the cybercriminals the company is suing allegedly created sophisticated software using exposed customer credentials that were scraped from public website.
They were able to find and access accounts with certain AI services and then changed the capabilities of the services.
“Cybercriminals then used these services and resold access to other malicious actors with detailed instructions on how to use these custom tools to generate harmful and illicit content,” he wrote, noting that once the scheme was detected, Microsoft revoked the access used by the attackers, put countermeasures in place, and improved the security guardrails to protect against similar activity.
Infrastructure In Place
According to the lawsuit, three of the defendants had created the infrastructure and technology for the scheme, and the seven other defendants used the tools and services to access Microsoft’s software and computers. The infrastructure included at least one website, code repositories, and reverse-proxy tools and infrastructure. In addition, one defendant controlled the stolen Azure API keys and other authentication information of Microsoft customers.
They also used an Amazon Web Services (AWS) API address that Microsoft said “geolocates” to computers in Virginia “as one end of the access tunnel they created into the Azure OpenAI Service in order to carry out their scheme.” The images they created with the AI service were copied to the computers in Virginia.
The three defendants creating and controlling the infrastructure and tools live outside of the United States, according to Microsoft.
Furthering the Investigation
Masada wrote that the lawsuit is part of a larger investigation into the perpetrators of the activity. A court order allowed Microsoft to seize a website used by the operators that will enable the company’s investigators to collect evidence about the defendants, determine how they made money from the scheme, and to disrupt the operations of any other technical infrastructure they fine.
“At the same time, we have added additional safety mitigations targeting the activity we have observed and will continue to strengthen our guardrails based on the findings of our investigation,” he wrote.
Microsoft vs. Cybercriminals
Vendor lawsuits against threat groups aren’t unusual and Microsoft’s Digital Crimes Unit, launched in 2008, has been aggressive in pursuing legal actions against botnets and similar attacks. In an article in Lawfare in 2021, two law professors at Indiana University questioned whether Microsoft’s use of restraining orders and other mechanisms were the proper weapons when addressing cybercrime like botnets that are on a global scale.
Two years later, Amy Hogan-Burney, vice president and deputy general counsel for customer security and trust at Microsoft, and George Ramsey, a technology litigation partner at Crowell and Moring law firm, pushed back in their own column in Lawfare, saying they agree that global governance frameworks and institutions could be effective in battling large-scale criminal operations, they disagreed with the belief that legal avenues like those pursued by Microsoft shouldn’t be used.
However imperfect a civil action might be, litigation is an effective tool to disrupt cybercrime that is available now,” Hogan-Burney and Ramsey wrote. “When a case can be made to stop cybercrime, it should be pursued. Inaction in the face of persistent threats in favor of holding out for a comprehensive internet governance framework is still inaction and is unreasonable.”