Microsoft

Artificial intelligence technology behind ChatGPT was built in Iowa — with a lot of water

Share this Story : Artificial intelligence technology behind ChatGPT was built in Iowa – with a lot of water Copy Link Email Facebook X Reddit LinkedIn Tumblr Breadcrumb Trail LinksPMN WorldPMN NewsArtificial intelligence technology behind ChatGPT was built in Iowa – with a lot of waterAuthor of the article:The Associated PressMatt O’brien And Hannah FingerhutPublished

Artificial intelligence technology behind ChatGPT was built in Iowa – with a lot of water

Article content

DES MOINES, Iowa (AP) — The cost of building an artificial intelligence product like ChatGPT can be hard to measure.

But one thing Microsoft-backed OpenAI needed for its technology was plenty of water, pulled from the watershed of the Raccoon and Des Moines rivers in central Iowa to cool a powerful supercomputer as it helped teach its AI systems how to mimic human writing.

Article content

As they race to capitalize on a craze for generative AI, leading tech developers including Microsoft, OpenAI and Google have acknowledged that growing demand for their AI tools carries hefty costs, from expensive semiconductors to an increase in water consumption.

Advertisement 2
Story continues below
Article content

But they’re often secretive about the specifics. Few people in Iowa knew about its status as a birthplace of OpenAI’s most advanced large language model, GPT-4, before a top Microsoft executive said in a speech it “was literally made next to cornfields west of Des Moines.”

Building a large language model requires analyzing patterns across a huge trove of human-written text. All of that computing takes a lot of electricity and generates a lot of heat. To keep it cool on hot days, data centers need to pump in water — often to a cooling tower outside its warehouse-sized buildings.

In its latest environmental report, Microsoft disclosed that its global water consumption spiked 34% from 2021 to 2022 (to nearly 1.7 billion gallons, or more than 2,500 Olympic-sized swimming pools), a sharp increase compared to previous years that outside researchers tie to its AI research.

“It’s fair to say the majority of the growth is due to AI,” including “its heavy investment in generative AI and partnership with OpenAI,” said Shaolei Ren, a researcher at the University of California, Riverside who has been trying to calculate the environmental impact of generative AI products such as ChatGPT.

Advertisement 3
Story continues below
Article content

In a paper due to be published later this year, Ren’s team estimates ChatGPT gulps up 500 milliliters of water (close to what’s in a 16-ounce water bottle) every time you ask it a series of between 5 to 50 prompts or questions. The range varies depending on where its servers are located and the season. The estimate includes indirect water usage that the companies don’t measure — such as to cool power plants that supply the data centers with electricity.

“Most people are not aware of the resource usage underlying ChatGPT,” Ren said. “If you’re not aware of the resource usage, then there’s no way that we can help conserve the resources.”

Google reported a 20% growth in water use in the same period, which Ren also largely attributes to its AI work. Google’s spike wasn’t uniform — it was steady in Oregon where its water use has attracted public attention, while doubling outside Las Vegas. It was also thirsty in Iowa, drawing more potable water to its Council Bluffs data centers than anywhere else.

In response to questions from The Associated Press, Microsoft said in a statement this week that it is investing in research to measure AI’s energy and carbon footprint “while working on ways to make large systems more efficient, in both training and application.”

Advertisement 4
Story continues below
Article content

“We will continue to monitor our emissions, accelerate progress while increasing our use of clean energy to power data centers, purchasing renewable energy, and other efforts to meet our sustainability goals of being carbon negative, water positive and zero waste by 2030,” the company’s statement said.

OpenAI echoed those comments in its own statement Friday, saying it’s giving “considerable thought” to the best use of computing power.

“We recognize training large models can be energy and water-intensive” and work to improve efficiencies, it said.

Microsoft made its first $1 billion investment in San Francisco-based OpenAI in 2019, more than two years before the startup introduced ChatGPT and sparked worldwide fascination with AI advancements. As part of the deal, the software giant would supply computing power needed to train the AI models.

To do at least some of that work, the two companies looked to West Des Moines, Iowa, a city of 68,000 people where Microsoft has been amassing data centers to power its cloud computing services for more than a decade. Its fourth and fifth data centers are due to open there later this year.

Advertisement 5
Story continues below
Article content

“They’re building them as fast as they can,” said Steve Gaer, who was the city’s mayor when Microsoft came to town. Gaer said the company was attracted to the city’s commitment to building public infrastructure and contributed a “staggering” sum of money through tax payments that support that investment.

“But, you know, they were pretty secretive on what they’re doing out there,” he added.

Microsoft first said it was developing one of the world’s most powerful supercomputers for OpenAI in 2020, declining to reveal its location to AP at the time but describing it as a “single system” with more than 285,000 cores of conventional semiconductors, and 10,000 graphics processors — a kind of chip that’s become crucial to AI workloads.

Experts have said it can make sense to “pretrain” an AI model at a single location because of the large amounts of data that need to be transferred between computing cores.

It wasn’t until late May that Microsoft’s president, Brad Smith, disclosed that it had built its “advanced AI supercomputing data center” in Iowa, exclusively to enable OpenAI to train what has become its fourth-generation model, GPT-4. The model now powers premium versions of ChatGPT and some of Microsoft’s own products and has accelerated a debate about containing AI’s societal risks.

Advertisement 6
Story continues below
Article content

“It was made by these extraordinary engineers in California, but it was really made in Iowa,” Smith said.

In some ways, West Des Moines is a relatively efficient place to train a powerful AI system, especially compared to Microsoft’s data centers in Arizona that consume far more water for the same computing demand.

“So if you are developing AI models within Microsoft, then you should schedule your training in Iowa instead of in Arizona,” Ren said. “In terms of training, there’s no difference. In terms of water consumption or energy consumption, there’s a big difference.”

For much of the year, Iowa’s weather is cool enough for Microsoft to use outside air to keep the supercomputer running properly and vent heat out of the building. Only when the temperature exceeds 29.3 degrees Celsius (about 85 degrees Fahrenheit) does it withdraw water, the company has said in a public disclosure.

That can still be a lot of water, especially in the summer. In July 2022, the month before OpenAI says it completed its training of GPT-4, Microsoft pumped in about 11.5 million gallons of water to its cluster of Iowa data centers, according to the West Des Moines Water Works. That amounted to about 6% of all the water used in the district, which also supplies drinking water to the city’s residents.

Advertisement 7
Story continues below
Article content

In 2022, a document from the West Des Moines Water Works said it and the city government “will only consider future data center projects” from Microsoft if those projects can “demonstrate and implement technology to significantly reduce peak water usage from the current levels” to preserve the water supply for residential and other commercial needs.

Microsoft said Thursday it is working directly with the water works to address its feedback. In a written statement, the water works said the company has been a good partner and has been working with local officials to reduce its water footprint while still meeting its needs.

_-

O’Brien reported from Providence, Rhode Island.

__

The Associated Press and OpenAI have a licensing agreement that allows for part of AP’s text archives to be used to train the tech company’s large language model. AP receives an undisclosed fee for use of its content.

Article content
Comments

Postmedia is committed to maintaining a lively but civil forum for discussion and encourage all readers to share their views on our articles. Comments may take up to an hour for moderation before appearing on the site. We ask you to keep your comments relevant and respectful. We have enabled email notifications—you will now receive an email if you receive a reply to your comment, there is an update to a comment thread you follow or if a user you follow comments. Visit our Community Guidelines for more information and details on how to adjust your email settings.

SHARE YOUR THOUGHTS

To contribute to the conversation, you need to be logged in. If you are not yet registered, create your account now – it’s FREE.

Login/Create an AccountSubscribe for Unlimited Online Access
Join the Conversation
Latest from Shopping Essentials
  1. Chatbooks review: Custom photo books made simple

    Easily make beautiful photo books from your phone

    5 hours ago Shopping Essentials
    Premium Layflat Photo Books.
  2. Do wrinkle creams work? You asked | Expert answers

    A dermatologist tells us what we need to know

    8 hours ago Shopping Essentials
    A dermatologist weighs in on how to minimize wrinkles.
  3. Advertisement 2
    Story continues below
  4. Style Q&A: More than just a yoga brand, b, halfmoon aims to prompt you to pause

    Canadian company offers lifestyle options that inspire mindfulness, movement and wellness.

    8 hours ago Fashion & Beauty
    b, halfmoon is a Canadian-born and female-founded lifestyle brand.
  5. This Just In: Hermès Beauty Trait d’Hermès mascara, Shiseido Revitalessence Skin Glow Foundation, and Quo Beauty Glow On Face Powder

    Three buzzed-about beauty products we tried this week.

    8 hours ago Fashion & Beauty
    Hermès Beauty Trait d'Hermès Revitalizing care mascara.
  6. Get lifetime access to Microsoft Office 2021 for $69-$96

    Don’t miss this deal on Microsoft Office’s full suite of applications and tools

    11 hours ago Business Essentials
    working from a computer.
This Week in Flyers

Article content

DES MOINES, Iowa (AP) — The cost of building an artificial intelligence product like ChatGPT can be hard to measure.

But one thing Microsoft-backed OpenAI needed for its technology was plenty of water, pulled from the watershed of the Raccoon and Des Moines rivers in central Iowa to cool a powerful supercomputer as it helped teach its AI systems how to mimic human writing.

Article content

As they race to capitalize on a craze for generative AI, leading tech developers including Microsoft, OpenAI and Google have acknowledged that growing demand for their AI tools carries hefty costs, from expensive semiconductors to an increase in water consumption.

Advertisement 2
Story continues below
Article content

But they’re often secretive about the specifics. Few people in Iowa knew about its status as a birthplace of OpenAI’s most advanced large language model, GPT-4, before a top Microsoft executive said in a speech it “was literally made next to cornfields west of Des Moines.”

Building a large language model requires analyzing patterns across a huge trove of human-written text. All of that computing takes a lot of electricity and generates a lot of heat. To keep it cool on hot days, data centers need to pump in water — often to a cooling tower outside its warehouse-sized buildings.

In its latest environmental report, Microsoft disclosed that its global water consumption spiked 34% from 2021 to 2022 (to nearly 1.7 billion gallons, or more than 2,500 Olympic-sized swimming pools), a sharp increase compared to previous years that outside researchers tie to its AI research.

“It’s fair to say the majority of the growth is due to AI,” including “its heavy investment in generative AI and partnership with OpenAI,” said Shaolei Ren, a researcher at the University of California, Riverside who has been trying to calculate the environmental impact of generative AI products such as ChatGPT.

Advertisement 3
Story continues below
Article content

In a paper due to be published later this year, Ren’s team estimates ChatGPT gulps up 500 milliliters of water (close to what’s in a 16-ounce water bottle) every time you ask it a series of between 5 to 50 prompts or questions. The range varies depending on where its servers are located and the season. The estimate includes indirect water usage that the companies don’t measure — such as to cool power plants that supply the data centers with electricity.

“Most people are not aware of the resource usage underlying ChatGPT,” Ren said. “If you’re not aware of the resource usage, then there’s no way that we can help conserve the resources.”

Google reported a 20% growth in water use in the same period, which Ren also largely attributes to its AI work. Google’s spike wasn’t uniform — it was steady in Oregon where its water use has attracted public attention, while doubling outside Las Vegas. It was also thirsty in Iowa, drawing more potable water to its Council Bluffs data centers than anywhere else.

In response to questions from The Associated Press, Microsoft said in a statement this week that it is investing in research to measure AI’s energy and carbon footprint “while working on ways to make large systems more efficient, in both training and application.”

Advertisement 4
Story continues below
Article content

“We will continue to monitor our emissions, accelerate progress while increasing our use of clean energy to power data centers, purchasing renewable energy, and other efforts to meet our sustainability goals of being carbon negative, water positive and zero waste by 2030,” the company’s statement said.

OpenAI echoed those comments in its own statement Friday, saying it’s giving “considerable thought” to the best use of computing power.

“We recognize training large models can be energy and water-intensive” and work to improve efficiencies, it said.

Microsoft made its first $1 billion investment in San Francisco-based OpenAI in 2019, more than two years before the startup introduced ChatGPT and sparked worldwide fascination with AI advancements. As part of the deal, the software giant would supply computing power needed to train the AI models.

To do at least some of that work, the two companies looked to West Des Moines, Iowa, a city of 68,000 people where Microsoft has been amassing data centers to power its cloud computing services for more than a decade. Its fourth and fifth data centers are due to open there later this year.

Advertisement 5
Story continues below
Article content

“They’re building them as fast as they can,” said Steve Gaer, who was the city’s mayor when Microsoft came to town. Gaer said the company was attracted to the city’s commitment to building public infrastructure and contributed a “staggering” sum of money through tax payments that support that investment.

“But, you know, they were pretty secretive on what they’re doing out there,” he added.

Microsoft first said it was developing one of the world’s most powerful supercomputers for OpenAI in 2020, declining to reveal its location to AP at the time but describing it as a “single system” with more than 285,000 cores of conventional semiconductors, and 10,000 graphics processors — a kind of chip that’s become crucial to AI workloads.

Experts have said it can make sense to “pretrain” an AI model at a single location because of the large amounts of data that need to be transferred between computing cores.

It wasn’t until late May that Microsoft’s president, Brad Smith, disclosed that it had built its “advanced AI supercomputing data center” in Iowa, exclusively to enable OpenAI to train what has become its fourth-generation model, GPT-4. The model now powers premium versions of ChatGPT and some of Microsoft’s own products and has accelerated a debate about containing AI’s societal risks.

Advertisement 6
Story continues below
Article content

“It was made by these extraordinary engineers in California, but it was really made in Iowa,” Smith said.

In some ways, West Des Moines is a relatively efficient place to train a powerful AI system, especially compared to Microsoft’s data centers in Arizona that consume far more water for the same computing demand.

“So if you are developing AI models within Microsoft, then you should schedule your training in Iowa instead of in Arizona,” Ren said. “In terms of training, there’s no difference. In terms of water consumption or energy consumption, there’s a big difference.”

For much of the year, Iowa’s weather is cool enough for Microsoft to use outside air to keep the supercomputer running properly and vent heat out of the building. Only when the temperature exceeds 29.3 degrees Celsius (about 85 degrees Fahrenheit) does it withdraw water, the company has said in a public disclosure.

That can still be a lot of water, especially in the summer. In July 2022, the month before OpenAI says it completed its training of GPT-4, Microsoft pumped in about 11.5 million gallons of water to its cluster of Iowa data centers, according to the West Des Moines Water Works. That amounted to about 6% of all the water used in the district, which also supplies drinking water to the city’s residents.

Advertisement 7
Story continues below
Article content

In 2022, a document from the West Des Moines Water Works said it and the city government “will only consider future data center projects” from Microsoft if those projects can “demonstrate and implement technology to significantly reduce peak water usage from the current levels” to preserve the water supply for residential and other commercial needs.

Microsoft said Thursday it is working directly with the water works to address its feedback. In a written statement, the water works said the company has been a good partner and has been working with local officials to reduce its water footprint while still meeting its needs.

_-

O’Brien reported from Providence, Rhode Island.

__

The Associated Press and OpenAI have a licensing agreement that allows for part of AP’s text archives to be used to train the tech company’s large language model. AP receives an undisclosed fee for use of its content.

Article content
Comments

Postmedia is committed to maintaining a lively but civil forum for discussion and encourage all readers to share their views on our articles. Comments may take up to an hour for moderation before appearing on the site. We ask you to keep your comments relevant and respectful. We have enabled email notifications—you will now receive an email if you receive a reply to your comment, there is an update to a comment thread you follow or if a user you follow comments. Visit our Community Guidelines for more information and details on how to adjust your email settings.

SHARE YOUR THOUGHTS

To contribute to the conversation, you need to be logged in. If you are not yet registered, create your account now – it’s FREE.

Login/Create an AccountSubscribe for Unlimited Online Access
Join the Conversation
Latest from Shopping Essentials
  1. Chatbooks review: Custom photo books made simple

    Easily make beautiful photo books from your phone

    5 hours ago Shopping Essentials
    Premium Layflat Photo Books.
  2. Do wrinkle creams work? You asked | Expert answers

    A dermatologist tells us what we need to know

    8 hours ago Shopping Essentials
    A dermatologist weighs in on how to minimize wrinkles.
  3. Advertisement 2
    Story continues below
  4. Style Q&A: More than just a yoga brand, b, halfmoon aims to prompt you to pause

    Canadian company offers lifestyle options that inspire mindfulness, movement and wellness.

    8 hours ago Fashion & Beauty
    b, halfmoon is a Canadian-born and female-founded lifestyle brand.
  5. This Just In: Hermès Beauty Trait d’Hermès mascara, Shiseido Revitalessence Skin Glow Foundation, and Quo Beauty Glow On Face Powder

    Three buzzed-about beauty products we tried this week.

    8 hours ago Fashion & Beauty
    Hermès Beauty Trait d'Hermès Revitalizing care mascara.
  6. Get lifetime access to Microsoft Office 2021 for $69-$96

    Don’t miss this deal on Microsoft Office’s full suite of applications and tools

    11 hours ago Business Essentials
    working from a computer.
This Week in Flyers

Read More

Be the first to write a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

Microsoft

The Outer Worlds 2 is now $10 cheaper, as Obsidian details how to get a refund on your pre-order

If you click on a link and make a purchase we may receive a small commission. Read our editorial policy. The Outer Worlds 2 is now $10 cheaper, as Obsidian details how to get a refund on your pre-order Cash in hand. Image credit: Obsidian News by Connor Makar Staff Writer Published on July 23

If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

The Outer Worlds 2 is now $10 cheaper, as Obsidian details how to get a refund on your pre-order

Cash in hand.

A character in a leafy ghilli suit leaps over a platform towards the camera while being shot at from afar.
Image credit: Obsidian

The Outer Worlds 2, the upcoming sci-fi FPS by Obsidian Entertainment will now be sold at $70 dollars, rather than the planned $80. This follows a statement by Microsoft confirming the U-turn earlier today.

Those who have already purchased the game at the $80 price point on Steam will have the purchase refunded and re-bought at the lower figure. On Battle.net, those who pre-ordered the game will have their orders cancelled and refunded, and will have to re-buy the game. Those on Xbox and PlayStation will have the difference refunded in the upcoming days.

This announcement was made on The Outer Worlds official social media accounts, with a cute in-universe statement and graphic. On the official Obsidian website, further explanation on how the price change will affect those who’ve already spent money has been provided.

Cover image for YouTube videoThe Outer Worlds 2 – Official Gameplay Trailer

Watch the gameplay trailer

Read More

Continue Reading
Microsoft

Microsoft reverses $80 first-party price hike to keep “full priced holiday releases in line with current conditions”

If you click on a link and make a purchase we may receive a small commission. Read our editorial policy. Home News Microsoft reverses $80 first-party price hike to keep “full priced holiday releases in line with current conditions” Starting with The Outer Worlds 2 Image credit: Obsidian Entertainment News by Vikki Blake Contributor Published

If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Microsoft reverses $80 first-party price hike to keep “full priced holiday releases in line with current conditions”

Starting with The Outer Worlds 2

Image credit: Obsidian Entertainment

Just weeks after confirming The Outer Worlds 2 will be the first Microsoft game to retail for $80, Microsoft has reversed the decision, revealing the highly-anticipated sequel will now launch for $69.99 in keeping with typical AAA pricing.

This will apply not just to The Outer Worlds 2, but indeed other “full priced holiday releases” launched across the period.

In a statement, a Microsoft spokesperson said Xbox was “focused on bringing players incredible worlds to explore, and will keep our full priced holiday releases, including The Outer Worlds 2, at $69.99, in line with current market conditions.”

On social media, developer Obsidian posted: “We have received your SOS via skip drone about the pricing. As an organization devoted to making sure that corporations do not go unfettered, we at the Earth Directorate have worked with [REDACTED] to revise the price of The Outer Worlds 2. While this will not bring peace to the galaxy, or even your local colony, we assure you all that we are here to fight for all colonies in every way that we can.”

Microsoft announced last month that The Outer Worlds 2 would be the first Xbox title to retail at $80 following Microsoft’s planned price rises in May.

“We understand that these changes are challenging, and th

Read More

Continue Reading
Microsoft

Coyote malware abuses Windows accessibility framework for data theft

A new variant of the banking trojan ‘Coyote’ has begun abusing a Windows accessibility feature, Microsoft’s UI Automation framework, to identify which banking and cryptocurrency exchange sites are accessed on the device for potential credential theft. …

A new variant of the banking trojan ‘Coyote’ has begun abusing a Windows accessibility feature, Microsoft’s UI Automation framework, to identify which banking and cryptocurrency exchange sites are accessed on the device for potential credential theft. …
Read More

Continue Reading
Microsoft

Microsoft Server Software Comes Under Widespread Cyberattack

Breadcrumb Trail Links Home PMN Business Share this Story : Microsoft Rushes to Stop Hackers from Wreaking Global Havoc Copy Link Email X Reddit Pinterest LinkedIn Tumblr Microsoft Rushes to Stop Hackers from Wreaking Global Havoc Hackers exploited a security flaw in common Microsoft Corp. software to breach governments, businesses and other organizations across the

Microsoft Rushes to Stop Hackers from Wreaking Global Havoc

Hackers exploited a security flaw in common Microsoft Corp. software to breach governments, businesses and other organizations across the globe and steal sensitive information, according to officials and cybersecurity researchers.

Article content

(Bloomberg) — Hackers exploited a security flaw in common Microsoft Corp. software to breach governments, businesses and other organizations across the globe and steal sensitive information, according to officials and cybersecurity researchers.

Article content

Microsoft over the weekend released a patch for the vulnerability in servers of the SharePoint document management software. The company said it was still working to roll out other fixes after warnings that hackers were targeting SharePoint clients, using the flaw to enter file systems and execute code.

Article content
Article content

Story continues below

Article content

Multiple different hackers are launching attacks through the Microsoft vulnerability, according to representatives of two cybersecurity firms, CrowdStrike Holdings, Inc. and Google’s Mandiant Consulting.

Article content
Article content

Hackers have already used the flaw to break into the systems of national governments in Europe and the Middle East, according to a person familiar with the matter. In the US, they’ve accessed government systems, including ones belonging to the US Department of Education, Florida’s Department of Revenue and the Rhode Island General Assembly, said the person, who spoke on condition that they not be identified discussing the sensitive information.

Article content

Representatives of the Department of Education and Rhode Island legislature didn’t respond to calls and emails seeking comment Monday. A Florida Department of Revenue spokesperson, Bethany Wester Cutillo, said in an email that the SharePoint vulnerability is being investigated “at multiple levels of government” but that the state agency “does not comment publicly on the software we use for operations.”

Article content

Story continues below

Article content

The hackers also breached the systems of a US-based health-care provider and targeted a public university in Southeast Asia, according to a report from a cybersecurity firm reviewed by Bloomberg News. The report doesn’t identify either entity by name, but says the hackers have attempted to breach SharePoint servers in countries including Brazil, Canada, Indonesia, Spain, South Africa, Switzerland, the UK and the US. The firm asked not to be named because of the sensitivity of the information. 

Article content

In some systems they’ve broken into, the hackers have stolen sign-in credentials, including usernames, passwords, hash codes and tokens, according to a person familiar with the matter, who also spoke on condition that they not be identified discussing the sensitive information.

Article content

“This is a high-severity, high-urgency threat,” said Michael Sikorski, chief technology officer and head of threat intelligence for Unit 42 at Palo Alto Networks Inc. 

Article content

“What makes this especially concerning is SharePoint’s deep integration with Microsoft’s platform, including their services like Office, Teams, OneDrive and Outlook, which has all the information valuable to an attacker,” he said. “A compromise doesn’t stay contained—it opens the door to the entire network.” 

Article content

(Bloomberg) — Hackers exploited a security flaw in common Microsoft Corp. software to breach governments, businesses and other organizations across the globe and steal sensitive information, according to officials and cybersecurity researchers.

Article content

Microsoft over the weekend released a patch for the vulnerability in servers of the SharePoint document management software. The company said it was still working to roll out other fixes after warnings that hackers were targeting SharePoint clients, using the flaw to enter file systems and execute code.

Article content
Article content

Story continues below

Article content

Multiple different hackers are launching attacks through the Microsoft vulnerability, according to representatives of two cybersecurity firms, CrowdStrike Holdings, Inc. and Google’s Mandiant Consulting.

Article content
Article content

Hackers have already used the flaw to break into the systems of national governments in Europe and the Middle East, according to a person familiar with the matter. In the US, they’ve accessed government systems, including ones belonging to the US Department of Education, Florida’s Department of Revenue and the Rhode Island General Assembly, said the person, who spoke on condition that they not be identified discussing the sensitive information.

Article content

Representatives of the Department of Education and Rhode Island legislature didn’t respond to calls and emails seeking comment Monday. A Florida Department of Revenue spokesperson, Bethany Wester Cutillo, said in an email that the SharePoint vulnerability is being investigated “at multiple levels of government” but that the state agency “does not comment publicly on the software we use for operations.”

Article content

Story continues below

Article content

The hackers also breached the systems of a US-based health-care provider and targeted a public university in Southeast Asia, according to a report from a cybersecurity firm reviewed by Bloomberg News. The report doesn’t identify either entity by name, but says the hackers have attempted to breach SharePoint servers in countries including Brazil, Canada, Indonesia, Spain, South Africa, Switzerland, the UK and the US. The firm asked not to be named because of the sensitivity of the information. 

Article content

In some systems they’ve broken into, the hackers have stolen sign-in credentials, including usernames, passwords, hash codes and tokens, according to a person familiar with the matter, who also spoke on condition that they not be identified discussing the sensitive information.

Article content

“This is a high-severity, high-urgency threat,” said Michael Sikorski, chief technology officer and head of threat intelligence for Unit 42 at Palo Alto Networks Inc. 

Article content

“What makes this especially concerning is SharePoint’s deep integration with Microsoft’s platform, including their services like Office, Teams, OneDrive and Outlook, which has all the information valuable to an attacker,” he said. “A compromise doesn’t stay contained—it opens the door to the entire network.” 

Advertisement 2
Advertisement
Article content

Tens of thousands — if not hundreds of thousands — of businesses and institutions worldwide use SharePoint in some fashion to store and collaborate on documents. Microsoft said that attackers are specifically targeting clients running SharePoint servers from their own on-premise networks, as opposed to being hosted and managed by the tech firm. That could limit the impact to a subsection of customers.

Article content

A Microsoft spokesperson declined to comment beyond an earlier statement.

Article content

“It’s a dream for ransomware operators,” said Silas Cutler, a researcher at Michigan-based cybersecurity firm Censys. He estimated that more than 10,000 companies with SharePoint servers were at risk. The US had the largest number of such firms, followed by the Netherlands, the UK and Canada, he said. 

Article content

The breaches have drawn new scrutiny to Microsoft’s efforts to shore up its cybersecurity after a series of high-profile failures. The firm has hired executives from places like the US government and holds weekly meetings with senior executives to make its software more resilient. The company’s tech has been subject to several widespread and damaging hacks in recent years, and a 2024 US government report described the company’s security culture as in need of urgent reforms.

Article content

Story continues below

Article content

The Center for Internet Security, which operates a cybersecurity information sharing system for state and local governments in the US, found more than 1,100 servers that are at risk from the SharePoint vulnerability, said Randy Rose, the organization’s vice president of security operations and intelligence. Rose said more than 100 were likely hacked.

Article content

The Washington Post reported that the breach had affected US federal and state agencies, universities, energy companies and an Asian telecommunications company, citing state officials and private researchers.

Article content

Eye Security was the first to identify that attackers were actively exploiting the vulnerabilities in a wave of cyberattacks that began on Friday, said Vaisha Bernard, the company’s chief hacker and co-owner.

Article content

Eye Security said the vulnerability allows hackers to access SharePoint servers and steal keys that can let them impersonate users or services even after the server is patched. It said hackers can maintain access through backdoors or modified components that can survive updates and reboots of systems.

Article content

Story continues below

Article content

The SharePoint vulnerabilities, known as “ToolShell,” were first identified in May by researchers at a Berlin cybersecurity conference. In early July, Microsoft issued patches to fix the security holes, but hackers found another way in.

Article content

“There were ways around the patches,” which enabled hackers to break into SharePoint servers by tapping into similar vulnerabilities, said Bernard. “That allowed these attacks to happen.” The intrusions, he said, were not targeted and instead were aimed at compromising as many victims as possible. After scanning about 8,000 SharePoint servers, Bernard said he has so far identified at least 50 that were successfully compromised.

Article content

He declined to identify the identity of organizations that had been targeted, but said they included government agencies and private companies, including “bigger multinationals.” The victims were located in countries in North and South America, the EU, South Africa, and Australia, he added.

Article content
Article content

—With assistance from Lynn Doan, Cameron Fozi, Daniel Cancel, Aashna Shah, Jane Lanhee Lee and Patrick Howell O’Neill.

Article content

(Updates with additional information beginning in third paragraph.)

Article content

Comments
You must be logged in to join the discussion or read more comments.
Create an AccountSign in
Join the Conversation

Postmedia is committed to maintaining a lively but civil forum for discussion. Please keep comments relevant and respectful. Comments may take up to an hour to appear on the site. You will receive an email if there is a reply to your comment, an update to a thread you follow or if a user you follow comments. Visit our Community Guidelines for more information.

Read More

Continue Reading