Hackers demanding bitcoin payments for code held hostage from GitHub and GitLab

By Aaron Mamiit Updated October 28, 2020

Hackers are demanding bitcoin payments in exchange for code that they have extracted from GitHub, GitLab, and Bitbucket repositories, through ransom notes that they have left behind for their victims.

Hackers have removed all the source code from the repositories, and in exchange is a ransom note that demands 0.1 bitcoin, which is equivalent to about $570. The hackers claim to be willing to send proof that they are indeed holding the code hostage, backed up on their own servers.

“If we don’t receive your payment in the next 10 days, we will make your code public or use them otherwise,” the hackers wrote to end the ransom note.

There were a total of 392 GitHub repositories that had their commits and code wiped out by an account named gitbackup, which was created seven years ago on January 25, 2012, according to Bleeping Computer. So far, none of the victims have succumbed and paid the ransom to the hackers, which is good as there is no assurance that the code will indeed be returned.

It remains unclear how the hacker or hackers are gaining access to the repositories to be able to wipe out the stored codes and leave behind the ransom note. One user received a response from Atlassian, the company behind Bitbucket and the cross-platform free Git client SourceTree, regarding an attempted breach.

“Within the past few hours, we detected and blocked an attempt — from a suspicious IP address — to log in with your Atlassian account. We believe that someone used a list of login details stolen from third-party services in an attempt to access multiple accounts,” Atlassian told the user.

According to investigations by GitHub, in cooperation with the security teams of other affected companies, there was no evidence that the authentication systems of the repositories were compromised. It appears that the account credentials of the victims were acquired by hackers from third-party exposures, which is one of the risks of using a username and password in more than one service.

GitHub recommends its customers to use two-factor authentication, in conjunction with strong passwords, for better protection. However, one victim said that the hackers were still able to gain access even with two-factor authentication enabled, suggesting a vulnerability within GitHub’s systems.

Topics

Contributor

Aaron received an NES and a copy of Super Mario Bros. for Christmas when he was four years old, and he has been fascinated…

Computing

Best Buy deals: Save on laptops, TVs, appliances, and more

best buy shuts down insignia line smart home products store 2 768x768

If you're looking to snag a good deal, Best Buy is probably one of the best retailers to do it, and we often draw from it for some of the best deals we put on these lists. A lot of that has to do with the massive variety of products that best Buy sells, and that includes things like the best TV deals, best laptop deals, and best phone deals, so there is always something to draw from. That said, it can be difficult to navigate all the deals and offers that are available on Best Buy, which is why we've gone out and collected some of our favorite deals across various categories, from headphones to small kitchen appliances.
Best Buy TV deals

There may be no better place to purchase one of the best TVs than Best Buy. There is almost always some huge savings to find on TVs at Best Buy, and that’s certainly the case right now. You’ll find deals top TV brands like Sony, Samsung, and LG, and more budget-friendly brands like TCL and Hisense are in play, too.

Computing

Target is selling Lenovo laptops for $150, with a catch

The Lenovo IdeaPad Slim 3 on a white background.

Considering the back to school shopping season is in full swing, now is one of the best times of the year to look for laptop deals. Of course, you’ll find markdowns on a wide array of models at just about every retailer, so sometimes finding the best discounts can be a little tough. It’s our job to stay on top of all the best sales though, and we recently came across a Target promo we’d like to share:

For a limited time, Target is selling a refurbished version of the Lenovo Ideapad Slim 3 with 4GB of RAM and 64GB of storage for $150. At full price, this model can go for upwards of $270.

Computing

OpenAI Project Strawberry: here’s everything we know so far

a strawberry

Even as it is reportedly set to spend $7 billion on training and inference costs (with an overall $5 billion shortfall), OpenAI is steadfastly seeking to build the world's first Artificial General Intelligence (AGI). Project Strawberry is the company's next step toward that goal.
What is Project Strawberry?
Project Strawberry is OpenAI's latest (and potentially greatest) large language model, one that is expected to broadly surpass the capabilities of current state-of-the-art systems with its "human-like reasoning skills" when it is released. It might power the next generation of GPTs.
What can Strawberry do?
Project Strawberry will reportedly be a reasoning powerhouse. It will be able to solve math problems it has never seen before and act as a high-level agent, creating marketing strategies and autonomously solving complex word puzzles like the NYT's Connections. It can even "navigate the internet autonomously" to perform "deep research," according to internal documents viewed by Reuters in July.

The Reuters report also notes that Strawberry's architecture is similar to the Self-Taught Reasoner (STaR) technique. Developed at Stanford in 2022, STaR enables a model to generate training data on which to fine-tune itself, becoming more capable over time.
Why is it called that?
We don't know the exact reason for the name "Strawberry," as that's not something OpenAI has publicly disclosed. It's a code name chosen for internal reference and to maintain secrecy during development.