Nick Hutton

19K posts

Nick Hutton banner
Nick Hutton

Nick Hutton

@nickdothutton

30 years in Cyber Security, CTO, Product, Investor, Founder, Engineer. Armchair interests: geopolitics, propaganda, persuasion, ideological subversion.

The Cyber-Industrial Complex Katılım Kasım 2016
3.3K Takip Edilen2.2K Takipçiler
Nick Hutton retweetledi
NIK
NIK@ns123abc·
🚨BREAKING: SUPER MICRO CO-FOUNDER ARRESTED FOR SMUGGLING $2.5B IN NVIDIA GPUs TO CHINA >SMCI co-founder Yih-Shyan "Wally" Liaw arrested today >personally holds $464 MILLION in SMCI stock >charged with smuggling BILLIONS in Nvidia servers to china >used a southeast asian shell company to funnel $2.5B in servers to chinese buyers >$510 million worth shipped in just THREE WEEKS in spring 2025 >built thousands of fake dummy servers to fool U.S compliance auditors >caught on surveillance camera using a HAIR DRYER to swap serial number stickers >coordinated the whole thing over encrypted group chats >SMCI down 12% after hours >faces up to 30 years in federal prison ITS SO OVER…
NIK tweet mediaNIK tweet media
National Security Division, U.S. Dept of Justice@DOJNatSec

Three Charged with Conspiring to Unlawfully Divert Cutting Edge U.S. Artificial Intelligence Technology to China “The indictment unsealed today details alleged efforts to evade U.S. export laws through false documents, staged dummy servers to mislead inspectors, and convoluted transshipment schemes, in order to obfuscate the true destination of restricted AI technology—China,” said John A. Eisenberg, Assistant Attorney General for National Security. “These chips are the product of American ingenuity, and NSD will continue to enforce our export-control laws to protect that advantage.” 🔗: justice.gov/opa/pr/three-c…

English
1.6K
8.6K
34.4K
9.8M
Nick Hutton
Nick Hutton@nickdothutton·
Those loss leader engagements and conversations you have at the front of your funnel are all going to be done by AI.
English
0
0
0
30
Nick Hutton
Nick Hutton@nickdothutton·
@grok @grok what did Adm Sir Henry Leach have to say about Royal Navy ship numbers and survivability in the 1980s, particularly after the Falklands War?
English
1
0
0
15
Grok
Grok@grok·
Professor Ian Fells (1932-2025), professor of energy conversion at Newcastle University and Institute of Energy president in 1979, warned repeatedly in the 1980s that the UK lacked a coherent national energy strategy. In his September 1984 paper "The world nuclear power scene and UK energy policy in 1984" (Energy Policy journal), he criticised reliance on market forces and short-term expediency over integrated planning, urging balance across nuclear, coal, gas and emerging renewables for security and efficiency. He advised multiple government committees on this theme throughout the decade.
English
1
0
0
25
Nick Hutton
Nick Hutton@nickdothutton·
UK political horizon has moved from “end of the decade” to “end of the parliament” to now “end of the day”. Most of these problems were forecast and described in the 1980s.
AnglofuturistParty@FuturistPartyGB

All of our crises (energy, housing, fertility, aging, pensions, immigration, emigration, political Islam, economic stagnation, being an overly service oriented economy, institutional rot, sickness & mental health, Russia, America, Schism in the CoE …. ) were telegraphed decades ago. However it was/is impolitic to do anything about them so here we are.

English
1
0
2
98
Nick Hutton retweetledi
Hedgie
Hedgie@HedgieMarkets·
🦔 Researchers at Aikido Security found 151 malicious packages uploaded to GitHub between March 3 and March 9. The packages use Unicode characters that are invisible to humans but execute as code when run. Manual code reviews and static analysis tools see only whitespace or blank lines. The surrounding code looks legitimate, with realistic documentation tweaks, version bumps, and bug fixes. Researchers suspect the attackers are using LLMs to generate convincing packages at scale. Similar packages have been found on NPM and the VS Code marketplace. My Take Supply chain attacks on code repositories aren't new, but this technique is nasty. The malicious payload is encoded in Unicode characters that don't render in any editor, terminal, or review interface. You can stare at the code all day and see nothing. A small decoder extracts the hidden bytes at runtime and passes them to eval(). Unless you're specifically looking for invisible Unicode ranges, you won't catch it. The researchers think AI is writing these packages because 151 bespoke code changes across different projects in a week isn't something a human team could do manually. If that's right, we're watching AI-generated attacks hit AI-assisted development workflows. The vibe coders pulling packages without reading them are the target, and there are a lot of them. The best defense is still carefully inspecting dependencies before adding them, but that's exactly the step people skip when they're moving fast. I don't really know how any of this gets better. The attackers are scaling faster than the defenses. Hedgie🤗 arstechnica.com/security/2026/…
English
127
814
3.1K
707.2K
Nick Hutton retweetledi
James Clark 📈📉¯\_(ツ)_/¯
James Clark 📈📉¯\_(ツ)_/¯@mr_james_c·
A little while ago I fell down the nuclear power rabbit hole, thanks largely to @WorksInProgMag. When you understand the numbers, Britain's self-destruction of nuclear energy capacity and failure to go nuclear max becomes borderline criminal. See this short thread.
James Clark 📈📉¯\_(ツ)_/¯@mr_james_c

@tomhfh If the UK built nuclear at the rate the French did and at the cost the Koreans do today, we could supply all our electricity needs for 100 years at roughly half the cost of a single year of NHS spending.

English
11
21
109
5.3K
Nick Hutton retweetledi
Lukasz Olejnik
Lukasz Olejnik@lukOlejnik·
China's biggest cybersecurity company apparently just shipped an AI assistant with its own SSL private key sitting inside the installer. Qihoo 360, think Norton or McAfee, but dominant across the entire Chinese market It appears that their new AI product, 360安全龙虾 (Security Claw) bundles a wrapper on @OpenClaw. Inside the installer package - accessible to anyone who downloaded it - was a private SSL certificate key for the domain *.myclaw.360.cn. An SSL private key is essentially the master password to a website's encrypted connection. With it, an attacker can impersonate 360's servers, silently intercept user traffic, forge a login page that looks completely legitimate, or possibly take over the AI agent altogether. The cert is valid until April 2027 and covers every subdomain on the platform. It's now public. The founder launched the product with a promise it would "never leak passwords". It did that during release? 461 million users, a $10B valuation, and nobody checked the zip file before shipping. The cert expires April 2027.
Lukasz Olejnik tweet media
English
156
710
3.7K
803.9K
Nick Hutton
Nick Hutton@nickdothutton·
"The internet is now populated, in meaningful part, by sophisticated AI agents and automated accounts." - Dead Internet theory is no-longer a theory. digg.com
English
0
0
0
51
Nick Hutton
Nick Hutton@nickdothutton·
Long term trajectory of Dubai, and of UK, will be unaltered. Only one of them is headed for Lebanonization, and it’s not the one in the Middle East. bbc.co.uk/news/articles/…
English
0
0
0
117
Nick Hutton
Nick Hutton@nickdothutton·
The balance has tipped in favour of dead internet theory.
vx-underground@vxunderground

Yeah, so basically the current prevailing schizo internet theory is that AI nerds have destroyed the internet and created infinite spam. The advertisement goons are now incapable of determining who is a bot and who is an actual human. The advertisement goons no longer want to pay as much to social media networks. Social media networks, in full blown panic of losing potential revenue, decided to lobby governments saying "we gotta protect the kids! ID everyone to protect the kids from pedophiles!". The social media networks know this doesn't really protect kids. But, it does two things (and a third accidentally). 1. They now can identify who is human and who is AI slop machine, or enough to appease the advertisement goons 2. Advertising to children is a general no-no from politicians, or something, so with ID verification they can say with confidence they're not advertising to children because it's been ID verification. Basically, they can weed out the children and focus on advertising to adults 3. The feds can now tell who is human and who is AI slop. This inadvertently helps them with tracking people and serving fresh daily dumps of propaganda, or whatever they want to do. It's a win-win-win for advertisers, social media networks, the government, and any business which does data collections. It fucks over everyone else. Chat, I'm not going to lie to you. This is an extremely good conspiracy schizo theory and I unironically believe it.

English
0
0
0
83
Nick Hutton
Nick Hutton@nickdothutton·
@mr_james_c Numbers look bad? Just change the methodology and call it a "data quality improvement". Only do it for Pharma though, because otherwise it will be too obvious.
Nick Hutton tweet media
English
0
0
2
226
Nick Hutton
Nick Hutton@nickdothutton·
Did the administration believe that truly organic uprisings were a thing? Isn't there a sort of booklet you get handed about this sort of thing?
English
0
0
0
44
Nick Hutton
Nick Hutton@nickdothutton·
@NathanpmYoung The performative, cosmetic nature of it all. The self delusion, the millimetre-thick glossing and refusal to engage with any substance. The inability to discern news-cycle slop feedstock from matters of significance. It's all there.
English
0
1
43
1.9K
Nathan 🔎
Nathan 🔎@NathanpmYoung·
This was filmed 13 years ago. Prescient on immigration, Truss being a lightweight, popularity of the greens. A lot in a short clip.
English
151
702
3.1K
196.6K
Nick Hutton retweetledi
MG
MG@_MG_·
If you use a personal phone/laptop for your work, pay very close attention to this little detail. Iran attackers wipe 200k devices at a company called Stryker. Within those devices appears to be employees PERSONAL devices. The attackers used the company’s MDM software, which is basically IT management software running on everything. It’s an incredibly attractive backdoor to an attacker. I successfully targeted MDM software for several Red Team engagements. It’s… lots of fun :) Anyway, a lot of companies require you to install their MDM software on your personal devices before you can access resources like Corp email. It’s used to keep devices updated, lock things down if they get stolen, etc. The company often promises that they won’t access personal data, erase any personal data, etc. But this is often ONLY POLICY. If a bad actor gains access to the MDM tool, as was the case here, then anything can happen. People should be aware of these risks. I refused to run MDM software on any of my personal devices. The company needs to provide me with hardware if they want that. I personally isolate all corp devices to their own network too. If an adversary can get into the corp laptop, then can then get inside my network… there have been cases of it happening in the past.
MG tweet media
Kim Zetter@KimZetter

I've published more details about the cyberattack in this piece: zetter-zeroday.com/iranian-hackti…

English
88
652
3.3K
560.5K
Nick Hutton retweetledi
Phil Venables
Phil Venables@philvenables·
The most interesting (and scariest?) phrase I’ve heard so far this year……. “Bring your own agents”
English
8
7
36
3.4K

Keşfet

@grok @WorksInProgMag @OpenClaw @mr_james_c @NathanpmYoung @elonmusk @BarackObama @taylorswift13