Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Web3 challenges
blockchain finance decentralized technology digital freedom equitable value distribution liberty safeguarding privacy protection regulatory scrutiny Technology Web3 Web3 challenges

Web3: Championing Digital Freedom and Safeguarding Liberty in the Modern Era

 

In an era defined by technological progress shaping our daily lives, Web3 emerges as a beacon of hope and promise, akin to early American pioneers like Thomas Jefferson who established governance systems to safeguard public liberty. Going beyond mere upgrades, Web3 signifies a complete paradigm shift, aiming to decentralize control and empower individuals.

Amidst the challenges of today's digital landscape, the fundamental issue remains the concentration of power, exemplified by instances like China's social credit system and the dominance of giants like Google and Facebook in surveillance capitalism. Incidents such as the Facebook-Cambridge Analytica scandal highlight the manipulation of personal data in influencing democratic processes, while e-commerce giants like Amazon underscore the dangers of unchecked market dominance, prompting necessary antitrust investigations.

Web3 emerges as the new tech guardian of liberty, countering threats by embedding freedom into the internet's fabric through its decentralized architecture. Offering protection for personal data, resistance to centralized control, and equitable value distribution, Web3 grants users true ownership over their assets and data, enabling transactions without seeking permission from authoritative bodies.

Despite its potential, Web3 faces challenges, with countries like China banning blockchain-based finance and regulatory crackdowns in the U.S. overlooking its inherent safeguards. This overlooks Web3's fundamental role, such as Bitcoin's capped issuance, acting as a defense against fiat currency inflation. The focus on potential illicit uses obscures Web3's essential function as a protector of liberty.

In the battle for Web3 and public liberty, it is crucial to defend its core values. Threats include misuse by bad actors and "Web3 washing," where traditional models adopt Web3 technologies without embracing their decentralized ethos, undermining its potential to safeguard freedoms. Web3 stands at a crossroads, requiring the defense of its principles to ensure correct application, not just as a technological advancement but as a means to secure a future where individual liberties are protected in the digital realm.

Overall, Web3 represents more than the next stage of internet evolution; it is a crucial tool for safeguarding public liberty in an increasingly digital world. Offering the potential for equitable power distribution, protection of individual freedoms, and resistance to centralization, embracing and protecting Web3's principles becomes not just a choice but a necessity for preserving cherished liberties. The true test lies in the implementation and defense of this technology to ensure it serves the greater good and upholds the freedoms we hold dear.
Read more »
Technology
AI Tool Data Safety Generative AI LLM Private Data Technology

Anthropic Pledges to Not Use Private Data to Train Its AI

 

Anthropic, a leading generative AI startup, has announced that it would not employ its clients' data to train its Large Language Model (LLM) and will step in to safeguard clients facing copyright claims.

Anthropic, which was established by former OpenAI researchers, revised its terms of service to better express its goals and values. The startup is setting itself apart from competitors like OpenAI, Amazon, and Meta, which do employ user material to enhance their algorithms, by severing the private data of its own clients. 

The amended terms state that Anthropic "may not train models on customer content from paid services" and that Anthropic "as between the parties and to the extent permitted by applicable law, Anthropic agrees that customer owns all outputs, and disclaims any rights it receives to the customer content under these terms.” 

The terms also state that they "do not grant either party any rights to the other's content or intellectual property, by implication or otherwise," and that "Anthropic does not anticipate obtaining any rights in customer content under these terms."

The updated legal document appears to give protections and transparency for Anthropic's commercial clients. Companies own all AI outputs developed, for example, to avoid possible intellectual property conflicts. Anthropic also promises to defend clients against copyright lawsuits for any unauthorised content produced by Claude. 

The policy complies with Anthropic's mission statement, which states that AI should to be honest, safe, and helpful. Given the increasing public concern regarding the ethics of generative AI, the company's dedication to resolving issues like data privacy may offer it a competitive advantage.

Users' Data: Vital Food for LLMs

Large Language Models (LLMs), such as GPT-4, LlaMa, and Anthropic's Claude, are advanced artificial intelligence systems that comprehend and generate human language after being trained on large amounts of text data. 

These models use deep learning and neural networks to anticipate word sequences, interpret context, and grasp linguistic nuances. During training, they constantly refine their predictions, improving their capacity to communicate, write content, and give pertinent information.

The diversity and volume of the data on which LLMs are trained have a significant impact on their performance, making them more accurate and contextually aware as they learn from different language patterns, styles, and new information.

This is why user data is so valuable for training LLMs. For starters, it keeps the models up to date on the newest linguistic trends and user preferences (such as interpreting new slang).

Second, it enables personalisation and increases user engagement by reacting to specific user activities and styles. However, this raises ethical concerns because AI businesses do not compensate users for this vital information, which is used to train models that earn them millions of dollars.
Read more »
Ransomware
Cyber Attacks Cyber Crime Healthcare Security Hospitals Ransomware

Cancer Hospital Suffers Ransomware Attack, Hackers Threaten to Swat Patients

Harm patients if the medical facilities don't pay

Extortionists are now threatening to harm hospital patients if the medical facilities don't pay the thieves' ransom demands. They do this by reporting bomb threats or other fictitious reports to the police, causing heavily armed police to come up at victims' houses.

Criminals vowed to turn on the patients directly after breaking into the IT system of Seattle's Fred Hutchinson Cancer Center in November and taking medical documents, including Social Security numbers, diagnoses, and lab results.


Understanding the reasons

The idea seems to be that the US hospital will be under pressure to pay up and stop the extortion because of those patients and the media coverage of any swatting. Similar tactics are used by other groups targeting IT service providers: in addition to extorting the suppliers, they often threaten or harass the customers of those companies.

"Fred Hutchinson Cancer Center was aware of cyber criminals issuing swatting threats and immediately notified the FBI and Seattle police, who notified the local police," a representative said. "The FBI, as part of its investigation into the cybersecurity incident, also investigated these threats."

The cancer center refuses to respond to further questions regarding the threats. The center has more than ten clinics in the Puget Sound region of Washington.

Patients were informed last month about a similar "cyber event" by Integris Health, another Oklahoman health network that runs a network of 43 clinics and 15 hospitals. During this incident, hackers may have gained access to personal information. Some of these individuals later complained that they received emails from unscrupulous people threatening to sell their personal information on the dark web.

What next?

"As we work with third-party specialists to investigate this matter and determine the scope of affected data and to whom that data relates, we are providing the latest information for patients and the public here," the spokesman for Integris said.

Some corporate types may not find these types of boilerplate responses to be as comforting as they seem. Concerning concerns are raised about how far thieves may go to obtain stolen goods in light of this most recent swatting threat.

According to Emsisoft threat analyst Brett Callow, "ransoms have been allowed to reach lottery jackpot levels, and the predictable upshot is that people are willing to use more and more extreme measures to collect a payout," The Register said.

The security shop demanded earlier this week that ransom payments be outlawed entirely, pointing out that extortion methods were evolving and now included swatting threats.

Read more »
Personal Data
Cyberattack Data Breach Medical Data Orrick Orrick Law Firm Patient Data Personal Data

Orrick Data Breach: Law Firm Dealing with Data Breaches Hit by One


An international law firm assists businesses impacted by security events has experienced a cyberattack, where it compromised the sensitive health information of hundreds of thousands of data breach victims. 

Orrick, Herrington & Sutcliffe, the San Francisco-based company revealed last week that that during an attack in March 2023, threat actors stole personal information and critical health data of more than 637,000 data breach victims.

Orrick said that the hackers had taken massive amounts of data from its systems related to security incidents at other organizations, for which he provided legal assistance, in a series of letters notifying those impacted of the data breach.

Orrick informs that the data involved in the breach involved its customers’ data, including those with dental policies with Delta Dental, a major healthcare insurance network that covers millions of Americans' dental needs, and those with vision plans with insurance company EyeMed Vision Care.

The company further added that it had contacted with the U.S. Small Business Administration, the behavioral health giant Beacon Health Options (now Carelon), and the health insurance provider MultiPlan that their data was also exposed in Orrick's data breach.

Apparently, the stolen data includes victims’ names, dates of birth, postal address and email addresses, and government-issued identification numbers, such as Social Security numbers, passport and driver license numbers, and tax identification numbers. Also, information about patient’s medical treatment and diagnosis details, insurance claim like date and service-charges, and healthcare insurance numbers and provider details have been compromised. 

Orrick further says that credit or debit card details as well as online account credentials were also involved in the breach. 

Since the initial announcement of the breach, the number of affected individuals have been on the rise. In its recent breach notice, Orrick states that it “does not anticipate providing notifications on behalf of additional businesses,” however the company did not specify how it came to this conclusion. 

Orrick said in December to a federal court in San Francisco that it reached a preliminary settlement to end four class action lawsuits that claimed Orrick failed to disclose the breach from victims for months after it had occurred.

“We are pleased to reach a settlement well within a year of the incident, which brings this matter to a close, and will continue our ongoing focus on protecting our systems and the information of our clients and our firm,” added Orrick’s spokesperson.  

Read more »
Ray Ban
Artificial Intelligence Cyberattacks CyberCrime Cyberhackers Cybersecurity Meta Privacy Ray Ban

Privacy at Stake: Meta's AI-Enabled Ray-Ban Garners' Mixed Reactions

 



There is a high chance that Meta is launching a new version of Ray-Ban glasses with embedded artificial intelligence assistant capabilities to revolutionize wearable technology. As a result of this innovation, users will have the ability to process audio and video cues to produce textual or audible responses in response to their actions. 

Among the top features of these glasses is the “Look and Ask” feature, which is a feature that lets the wearer snap a picture and inquire about it instantly, thereby reducing the amount of time it takes to translate languages and improving the interaction between the user and the environment. 

For its upcoming AI-integrated smart glasses, Meta has announced that they are launching an early access program, which enables users to take advantage of a host of new features and privacy concerns. In addition to Meta AI, the company's proprietary multimodal AI assistant, Meta AI will be available as part of the second generation of Meta Ray-Bans. 

It is possible to control features and get information about what you are seeing in real-time using the wake phrase “Hey Meta.” In doing so, however, the company gathers an extensive amount of personal information about you, and it leaves room for interpretation as to how this data is used. 

Currently in the beta phase, the glasses come with an artificial intelligence assistant that can process video and audio prompts, and provide a text or audio output to users. The company plans to launch an early access trial program shortly. In his Instagram reel, Zuckerberg demonstrated that the glasses could be used to suggest clothes and translate text, illustrating how useful they can be daily. 

It is important to note, however, that privacy advocates are raising concerns about the potential risks resulting from such advanced technology, since all images taken by the glasses are stored by Meta, ostensibly to train the artificial intelligence systems that operate the glasses. 

There are significant concerns raised about the extent and use of data collected by Meta, building on ongoing concerns regarding Meta's privacy policies. Although Meta cites that while it collects 'essential' data for maintaining the functionality of the device, such as battery life and connectivity, users are free to provide additional data for developing new features. 

The company's privacy policy, however, still has a lot of ambiguity around the types of data it collects to identify policy violations and misuses. The first model of Meta included safety features such as a visible camera light and a switch for recording, but despite these features, sales and engagement were lower than expected. 

In addition to advancing the field of AI, Meta's new enhancements aim to rebuild public trust amidst privacy concerns while also aiming to achieve a technological breakthrough. It has been announced that Meta's latest Ray-Ban spectacles will include a built-in AI assistant offering innovative features, such as real-time photo queries and language translation, despite controversy surrounding privacy practices. 

Despite the advancements in wearable technology, trust remains one of wearable technology's biggest challenges. As part of the first version of Meta's smart glasses, several safety features had been installed, such as a flashing light that signals when the cameras are in use, an on/off switch, and others, to ensure the glasses were safe to wear.  

Although sales were not as expected, they were still a bit lower than what was predicted - down 20% from the target. The fact that only 10% of the glasses were active after 18 months since the first launch shows that Meta did not achieve what it might have liked, even though they were ultimately purchased. 

The new AI features that Meta is developing are, needless to say, desperate to change these stats. Even though privacy concerns still loom large, it remains to be seen whether the tech giant will be able to convince its users of the company's reliability when it comes to personal data.
Read more »
QR code
Bank Hacking cyber attack Cyber Security malware Phishing Attack Privacy QR code

Here's How To Steer Clear Of QR Code Hacking

 



QR codes, present for years and widely embraced during COVID-19, offer great benefits. Yet, cybercriminals exploit them, creating malicious QR codes to unlawfully access your personal and financial data. These tampered codes pose a threat, potentially leading to unauthorised access, financial loss, and malware on your smartphone. 

Used extensively for contactless payments, paperless menus, and quick information access, QR codes are embedded in modern phone systems. Scanning a code takes seconds, but the ease of tampering has led to a surge in QR phishing attacks. Stay vigilant against potential threats when using QR codes to protect your digital safety. 

Let's see how it works 

QR code hacking is surprisingly uncomplicated, thanks to the abundance of generator tools available. In just a couple of minutes, scammers can create fake QR codes that mimic authentic ones found in public spaces. The challenge lies in the fact that the human eye struggles to distinguish between a genuine and a malicious QR code. Exploiting this, scammers trick users into scanning their fraudulent codes, leading them to malicious websites. 

Once a user scans the tampered QR code, the potential for harm escalates. Cybercriminals often replace legitimate QR codes in public areas, like cafes or parking lots, with their malicious counterparts. The ultimate goal is to gain access to personal information, and financial details, or even compromise the security of the user's device. These deceptive QR codes might redirect users to payment sites, unauthorised social media profiles, or initiate actions such as sending emails without consent, all of which can result in the theft of login credentials and damage to one's reputation. Staying alert and recognizing warning signs before interacting with unfamiliar QR codes is crucial to avoid falling victim to these scams. 

Let's explore practical measures to strengthen our protective measures. 

 1. Public Vigilance: 

Stay alert in public spaces, refraining from scanning QR codes where tampering is more likely. Be watchful for deceptive stickers replacing genuine codes. 

 2. URL Scrutiny: 

Before proceeding, meticulously inspect the URL revealed by the QR code. Shortened URLs should trigger heightened caution, prompting a thorough review. 

 3. Language Alerts: 

Keep an eye out for grammatical errors and poor English when interacting with QR codes. Scammers often neglect language quality on fraudulent websites. 

 4. Package Precaution: 

Exercise caution when scanning QR codes on unexpected packages. Confirm orders through official channels to avoid potential scams. 

 5. Crypto-Smart Practices: 

Approach QR codes linked to cryptocurrency transactions with scepticism. Verify such communications through official channels to safeguard personal information. 

 6. App Awareness: 

Say no to downloading apps from QR codes, particularly if not from official stores. Stick to Google Play or the App Store to ensure app legitimacy and preserve your device's security. 


 Stay Alert to the Surge in QR Code Scams

As QR code scams proliferate, be on high alert for potential threats. If you fall victim to one of these hacks, take immediate action. Change your account passwords, notify your bank of the incident, and bolster your security with two-factor authentication (2FA) for crucial services like Google and Microsoft. Safeguard your sensitive information by utilising a reliable password manager to deter prying eyes.

Read more »
X Platform
Cyber Security data compromised Digital Security Social Media X Platform

Cybercriminals Exploit X Gold Badge, Selling Compromised Accounts on Dark Web

 A recent report highlights the illicit activities of cybercriminals exploiting the "Gold" verification badge on X (formerly Twitter). Following Elon Musk's acquisition of X in 2022, a paid verification system was introduced, allowing regular users to purchase blue ticks. Additionally, organizations could obtain the coveted gold check mark through a monthly subscription. 

Unfortunately, the report reveals that hackers are capitalizing on this feature by selling compromised accounts, complete with the gold verification badge, on dark web marketplaces and forums. CloudSEK, in its findings, notes a consistent pattern of advertisements promoting the sale of accounts with gold verification badges. 

These advertisements were not limited to dark web platforms but were also observed on popular communication channels such as Telegram. The exploitation of the gold verification badge poses a significant risk, as cybercriminals leverage these compromised accounts for phishing and scams, potentially deceiving unsuspecting users. 

This underscores the ongoing challenges in maintaining the security and integrity of online verification systems in the evolving landscape of cyber threats. CloudSek found some ads by just searching on Google, Facebook, and Telegram using words like "Twitter Gold buy." They saw dark web ads, and some were even on Facebook. People were selling X Gold accounts, and the price depended on how popular the account was. 

CloudSek's report said that some ads named the companies for sale, and the cost ranged from $1200 to $2000. This shows that hackers think they can make real money by selling accounts with the gold badge, based on how well-known and followed they are. It's a clear way cybercriminals make cash by selling compromised accounts on the dark web, showing why they do it. 

On the Dark web, a source from CloudSek managed to obtain a quote for 15 inactive X accounts, priced at $35 per account. The seller went a step further, offering a recurring deal of 15 accounts every week, accumulating a total of 720 accounts annually. 

It's noteworthy that the responsibility of activating these accounts with the coveted "gold" status lies with the purchaser, should they choose to do so. This information underscores the thriving market for inactive accounts and the potential volume of compromised assets available for illicit transactions.
Read more »
Ransomware
Block Chain Crypto Theft Cyber Security North Korea Ransomware

North Korean Actors Behind $600M in Crypto Thefts: TRM Labs


North Korean Hackers

According to a TRM Labs analysis, hackers with ties to North Korea were responsible for one-third of all cryptocurrency exploits and thefts last year, taking away about $600 million in cash.

The blockchain analytics company claimed on Friday that the amount takes the Democratic People's Republic of Korea's (DPRK) total revenue from cryptocurrency initiatives to about $3 billion over the previous six years.

Nevertheless, according to Ari Redbord, head of legal and government affairs at TRM, the amount is roughly 30% lower than in 2022. Actors with ties to the DPRK stole about $850 million that year, "a huge chunk" of which came from the Ronin Bridge exploit, Redbord said. 

Current Scenario

The latter few months of 2023 saw the majority of the stolen money seized.

"They're clearly attacking the crypto ecosystem at a really unprecedented speed and scale and continue to take advantage of sort of weak cyber controls," said Redbord. Many of the attacks continue to use so-called social engineering, allowing the perpetrators to acquire private keys for projects, he said.

TRM links around $200 M in stolen funds to North Korea last year. The fact that the earnings of North Korean attacks go toward the development of WMDs raises worries about national security and sets them apart from other attacks.

Stolen Money: 2023

In 2023, the total amount of money obtained through hacking was approximately $1.7 billion, as opposed to $4 billion, which was taken the year before.

Redbord gave multiple reasons for the decline. Less significant hacks, such as the Ronin theft in 2022, have occurred. Other contributing factors include stronger cybersecurity measures, effective law enforcement initiatives, and, to a lesser degree, price volatility in the previous year.

During a recent trilateral meeting over North Korea's WMD efforts, national security officials from the United States, the Republic of Korea, and Japan brought up these concerns directly.

"North Korean hackers are different, because it's not for greed or money or the typical hacker mentality; it's about taking those funds and using them for weapons proliferation and other types of destabilizing activity, which is a global threat," Redbord said. "And that's why there's such a focus on it from a national security perspective."
Read more »
RBI
App Developers Banks CISO Developers RBI

Security Issue in Banking Applications?

Recently, we tested a mobile application of a BFSI platform, which allowed the organization's employees to view and interact with new customer leads. 

The mobile app had a password-based authentication system, with the username being the mobile number of the user. We identified a major weakness in this mobile app. The app allows a user to reset the password if they can prove themselves via an OTP. When the 'forgot password' button is pressed, the user is sent to a page where they are prompted to enter an OTP. The OTP is sent to the phone number, and if the wrong OTP is entered, the server responds with `{"OTP":"Failure"}`. While this seems to have been implemented properly, we tried to change the server response by conducting an MITM. We changed the response from the server to `{"OTP":"Success"}`. This redirection led us to the password change screen, where we were prompted to enter a new password. 

Initially, we believed this was only a visual bug and that the password reset would fail. However, we soon discovered that the password reset page itself does not check the OTP, and there is no session to track the successful OTP. This means any attacker can take the password change request, replace the phone number, and change the password of any other user (phone number). In simple terms, the OTP verification and the password reset page are not connected. The password reset API call did not have any verification or authentication to ensure only the correct user can change the password. 

This reveals how BFSI developers, when asked to build an app, often create the requested features without considering any security architecture. These apps are usually rushed, and only the positive/happy paths are checked. Security testing and architecture are often considered only as an afterthought. Unless BFSI incorporates security architecture into the development stage itself, such vulnerabilities will continue to emerge.  

By
Suriya Prakash
Head DARWIS 
CySecurity Corp

Read more »
Telecom Giant
Cyber Attacks Russia-Ukraine War Russian Hackers SBU Telecom Giant

Prior to Cyber Attack, Russian Attackers Spent Months Inside the Ukraine Telecoms Giant

 

Kyivstar experienced a large-scale malfunction in December 2023, resulting in the outage of mobile communications and the internet for about 24 million users for several days. 

How? Russian hackers broke into the Ukrainian telecommunications giant's system in May 2023. Ilya Vityuk, the chief of the Security Service of Ukraine's (SBU) cyber security department, told Reuters that the attack's aim was to inflict a psychological blow on the public and gather intelligence information. 

“This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable,” stated Vityuk. He said that hundreds of virtual servers and PCs were among the "almost everything" that the attack destroyed. 

Reuters writes this is most likely the first instance of a catastrophic cyberattack that destroyed a telecoms operator's core. This happened despite Kyivstar's significant investment in cyber security. The SBU discovered that hackers attempted to break into Kyivstar in March or earlier. 

“Now we can say [with certainty] that they were in the system at least since May 2023,” Vityuk added. “I cannot say right now, from when they had... full access: probably at least since November.” 

He leaves open the possibility that during the attack, Russian hackers may have located phones, intercepted SMS conversations, stolen personal information, and possibly stolen Telegram accounts. 

Kyivstar disputes the SBU's assessment of potential breaches, claiming that customer data was not exposed. The SBU further revealed that attempts continued to launch additional cyber attacks to inflict greater harm even after the provider's operations were resumed. 

The damage of the provider's system makes it difficult to investigate the situation at this time. However, the SBU thinks that a gang of Sandworm hackers, a cyberwarfare unit of Russian military intelligence, may have been responsible for the attack. 

According to Vityuk, SBU investigators are still trying to figure out how Kyivstar was hacked and what kind of tools or software might have been used to get inside the system. They also indicated that it might have been phishing, insider help, or something else entirely. 

Vityuk claims that because the Ukrainian Armed Forces (AFU) employ "different algorithms and protocols" and do not depend on consumer-level communication carriers, the cyberattack had no effect on them. 

Fortunately, this incident didn't have a significant impact on us in terms of missile and drone detection, he concluded. The SBU issues a warning, stating that there's a chance that Russian hackers might try to attack Ukrainian cell operators again.
Read more »
Technology
Airola DoT eSIM Google Holafly International SIMs Playstore SIMs India Technology

Google Removes Foreign eSIM Apps Airola and Holafly from PlayStore


Google has removed Airola and Holafly from its PlayStore for Indian users due to their sale of international SIM cards without the necessary authorizations.

The decision came from the department of telecommunications (DoT), which also contacted internet service providers to block access to both the apps’ websites.

Singapore-based Airalo and Spain-based Holafly are providers of eSIMs for a number of countries and regions. eSIMs are digital SIMs that enable users to activate a mobile plan with one’s network provider without using a physical SIM card. 

In India, a company require no objection certificate (NoC) from DoT to sell foreign SIM cards.

Apparently, DoT instructed Apple and Google to remove Holafly and Airalo from their apps because they lacked the necessary authorization or NoC.

The apps are now unavailable in Google PlayStore, however were found on Apple’s AppStore as of January 5.

According to a government source, Apple was in talks to remove the apps.

The apps are still accessible for users in other regions but have been blocked for Google and Apple users in India.

Rules for Selling International SIMs

Organizations that plan on selling SIM cards from other countries must obtain a NOC from the DoT. According to DoT's 2022 policy, these SIM cards provided to Indian customers are solely meant to be used abroad.

The authorized dealers will need to authenticate clients with copies of their passports, visas, and other supporting documentation before they sell or rent these SIMs.

Also, the SIM providers need to provide details of global SIMs to security agencies every month. 

Rules for Selling International SIMs in India/ Users can activate mobile plans using an eSIM in place of a physical SIM card. eSIMs are offered by Holafly and Airalo in a number of nations. Companies who intend to sell international SIM cards in India are required by DoT policy 2022 to obtain a NOC and to sell SIM cards only for use outside of the nation. Authorized merchants are required to use their passport, visa, and other necessary documents to confirm the identity of their consumers. These sellers also have to give security agencies regular updates on foreign SIMs.  

Read more »
Subscribe to: Comments (Atom)