Exclusive | Details of ByteDance interns attacking their own model exposed, how big is the impact?
Abstract:
On October 19th, the incident where ByteDance's internal commercial model training was attacked by an intern has attracted widespread attention. According to multiple insiders, a technical team at ByteDance experienced an internal technical attack incident in June this year. An intern, dissatisfied with the team's resource allocation, used attack code to disrupt the team's model training tasks.
It is reported that the main person involved in the incident is an intern surnamed Tian, who exploited a vulnerability in the Huggingface (HF) platform to inject destructive code into the company's shared models, resulting in unstable training performance and the failure to produce the expected training outcomes.
A former ByteDance employee said, "The intern's permissions at ByteDance are not much different from the full-time employees, which also provided the opportunity for this incident to occur." They also expressed concerns about the harmful impact of this incident, saying, "After this incident, the permissions of interns will definitely be greatly reduced."
After the news was exposed, the intern involved attempted to debunk on social media, shifting the blame to others. However, it was quickly denied by individuals close to ByteDance.
According to sources familiar with the matter on GitHub, "You (referring to Mr. Tian) maliciously attacked the cluster code for a period of 2 months, causing significant harm to nearly 30 employees at all levels of the company, rendering the work of your colleagues for the past quarter ineffective. All records and reviews prove that this is an indisputable fact!"
The celebrity also shared a recording of investigators questioning the intern named Tian Keyu. In the recording, the conversation reconstructs the process of the attack: Tian initially entered a code that was supposed to influence communication and randomness. "At the beginning, it wasn't for the purpose of attack, it was for debugging, but it did involve some operational situations with the program. However, later on, after going through some files, such as those upload files, the code also got updated, and it became an attacking code. Its general function was to modify the code, which then would lead to some consequences."
In the recording, Mr. Tian's suspected response admits that he made the code malicious through an update. He also clearly stated to the inquirers, "It's just that certain reasons have made us all very dissatisfied."
According to rumors, the losses this time could exceed tens of millions of dollars, but insiders say that the actual losses are not as severe as rumored.
According to reports, the incident took place at the end of June this year. By now, ByteDance has dismissed the intern surnamed Tian and reported the matter to the relevant industry alliance and the intern's school.
However, the aforementioned informed sources stated that, apart from being dismissed by ByteDance, Mr. Tian has not faced any other punishment at present.
According to multiple sources, the intern surnamed Tian is a doctoral student currently studying at a domestic university in China. Starting from September 2021, they have been interning at ByteDance. Their team, in collaboration with the Wang Liwei team from Peking University, proposed a VAR study in April this year, surpassing DiT in areas such as image generation quality, inference speed, data efficiency, and scalability. Moreover, the inference speed of VAR is about 20 times faster than traditional auto-regressive models.
As of press time, ByteDance has not yet made a public response to this matter.
Note: Some images in this article are sourced from the internet. If there is any infringement, please contact us to have them removed.