INSUBCONTINENT EXCLUSIVE:
A California man has pleaded guilty to hacking an employee of The Walt Disney Company by tricking the person into running a malicious
version of a widely used open source AI image-generation tool.Ryan Mitchell Kramer, 25, pleaded guilty to one count of accessing a computer
and obtaining information and one count of threatening to damage a protected computer, the US Attorney for the Central District of
In a plea agreement, Kramer said he published an app on GitHub for creating AI-generated art
The program contained malicious code that gave access to computers that installed it
Kramer operated using the moniker NullBulge.According to researchers at VPNMentor, the program Kramer used was ComfyUI_LLMVISION, which
purported to be an extension for the legitimate ComfyUI image generator and had functions added to it for copying passwords, payment card
data, and other sensitive information from machines that installed it
The fake extension then sent the data to a Discord server that Kramer operated
To better disguise the malicious code, it was folded into files that used the names OpenAI and Anthropic.
Two files automatically
downloaded by ComfyUI_LLMVISION, as displayed by a user's Python package manager.
Credit:
VPNMentor
The Disney employee downloaded ComfyUI_LLMVISION in April 2024
In May, he downloaded roughly 1.1 terabytes of confidential data from thousands of the channels.In early July, Kramer contacted the employee
and pretended to be a member of a hacktivist group
Later that month, after receiving no reply from the employee, Kramer publicly released the stolen information, which, besides private Disney
had installed ComfyUI_LLMVISION, and he gained unauthorized access to their computers and accounts as well
Kramer is expected to make his first court appearance in the coming weeks.
