-
Russia already moving to the next cyber incursion in U.S.
“From a technological point of view, this [hacking U.S. voting machines] is something that is clearly doable,” said Sherri Ramsay, the former director of the federal Central Security Service Threat Operations Center, which handles cyber threats for the military and the National Security Agency. “For us to turn a blind eye to this, I think that would be very irresponsible on our part.” Cybersecurity experts are increasingly concerned that Russia and others are already moving to the next incursion. “What really concerns me is having suffered these probing attacks last year, we may be in for an even more sophisticated, more potentially effective assault next time around—and oh, by the way, others were watching,” said Ambassador Doug Lute, a retired Army lieutenant general who served as the permanent representative to NATO from 2013 to 2017.
-
-
Kaspersky antivirus hack a wake-up call for business
Russian state-sponsored hackers were able to steal National Security Agency (NSA) material on methods the NSA uses to conduct cyber espionage as well as how the agency helps defend critical U.S. government networks. An NSA contractor placed the material on his or her private computer – a violation of the agency’s security policy – and the private computer reportedly had anti-virus software belonging Moscow-based Kaspersky Lab installed. The software detected the unsecured classified material and alerted Russian intelligence to its presence. Michael Sulmeyer, the director of the Belfer Center’s Cyber Security Project at Harvard University, says geopolitics should guide some in the private sector to follow the U.S. government’s lead in removing Kaspersky’s software from their networks.
-
-
Microsoft investigating Russian government operatives’ purchase of campaign ads
Microsoft is reviewing its accounts to determine whether Russian government operatives and trolls aligned with the Russian government purchased ads on Bing or other company products in the run-up to the 2016 U.S. presidential race. The company’s decision to conduct an internal investigation comes as Microsoft’s tech industry peers — Facebook, Google, and Twitter — are dealing with probes by the U.S. Congress into the extent to which Kremlin-backed agents spread disinformation on their platforms around Election Day.
-
-
Russia-focused extremists, conspiracy peddlers spread junk news on U.S. military, national security
Social media provides political news and information for both active duty military personnel and veterans. Oxford University’s Oxford Internet Institute (OII) analyzed the subgroups of Twitter and Facebook users who spend time consuming junk news from websites that target U.S. military personnel and veterans with conspiracy theories, misinformation, and other forms of junk news about military affairs and national security issues. Among the findings: Over Twitter, there are significant and persistent interactions between current and former military personnel and a broad network of extremist, Russia-focused, and international conspiracy subgroups
-
-
Russia recruited YouTubers to bash “Racist B*tch” Hillary Clinton over rap beats
According to the YouTube page for “Williams and Kalvin,” the Clintons are “serial killers who are going to rape the whole nation.” Donald Trump can’t be racist because he’s a “businessman.” Hillary Clinton’s campaign was “fund[ed] by the Muslim.” Williams and Kalvin’s content was pulled from Facebook in August after it was identified as a Russian government-backed propaganda account. According to Clint Watts, a former FBI counterterrorism agent, using third party contractors from both inside Russia and countries with cheap labor is a method used by the Kremlin to “muddy the waters on attribution” of propaganda. “Often, (the Kremlin) will contract out entities to do this so they can say, ‘You can’t prove that it’s us,’” Watts told the Daily Beast. “It’s pretty routine for them to try to gain resources through third parties and contract cutouts.”
-
-
Russian agents bought ads on Google platforms, targeting voters in crucial swing states
Google says Russian agents have purchased ads on YouTube, Google Search, Gmail, and the company’s DoubleClick ad network. Some of the ads touted Donald Trump, while other ads aimed to help Trump indirectly: They promoted the candidacies of Bernie Sanders and the Green party candidate Jill Stein in order to weaken Hillary Clinton among left-leaning voters. The purpose of other ads was to sow discord, deepen social divisions, and intensify racial animosity: These ads talked about the threat to America posed by immigrants, African American activists, and members of the LGBT community, aiming to intensify backlash against these groups, and the politicians who spoke on their behalf, among White and more traditional voters. Many of the ads targeted voters in crucial swing states.
-
-
Social media is “first tool” of 21st-century warfare – and it’s cheaper than F-35: Sen. Warner
Senator Mark Warner (D-Virginia), the ranking member of the Senate Intelligence Committee, said that there are three things the committee has already established beyond doubt: Russia hacked both political parties and used that information in President Donald Trump’s favor; Russia attacked but did not fully break into the voter registration systems of twenty-one states; Russia used paid advertising and fake accounts on social media to disseminate misinformation to voters. The sophistication of Russia’s cyber campaign was “unprecedented,” Warner said. It was also cheap. Warner noted the amount Moscow spent in total influencing the American, French, and Dutch elections was about a quarter the cost of building an F-35 fighter jet. “If Russia’s goal was primarily to sow chaos … and secondarily elect Mr. Trump, they had a pretty good rate of return,” he said.
-
-
Software “containers” increase computer security
ONR has awarded the University of Wisconsin–Madison $6.1 million to research what are known as containers. While not a household word for average computer users, containers are increasingly popular in the tech world. Containers help software run reliably when moved from one computing environment to another, such as from an individual’s laptop to the cloud. These complex programs pull together everything an application needs to work so those elements stay together when the application migrates.
-
-
ONR awards GrammaTech $9 million for cyber-hardening security research
Ithaca-based GrammaTech has been awarded a $9 million, three-year contract from the Office of Naval Research (ONR), a division of the United States Department of the Navy, to perform research and development into cutting-edge techniques for protecting software from cyber-attacks. The goal is for end users to be able to transform their critical applications to shrink the attack surface, improve performance, lower memory consumption, and reduce complexity—all without breaking the application or disrupting operations.
-
-
App-based citizen science experiment to help predict future pandemics
There are flu outbreaks every year, but in the last 100 years, there have been four pandemics of a particularly deadly flu, including the Spanish Influenza outbreak which hit in 1918, killing up to 100 million people worldwide. Nearly a century later, a catastrophic flu pandemic still tops the U.K. government’s Risk Register of threats to the United Kingdom. A new app gives U.K. residents the chance to get involved in an ambitious science experiment that could save lives.
-
-
BullyBlocker app tackles SU cyberbullying
Researchers say that more than half of adolescents have been bullied online. Faculty and students at ASU’s New College of Interdisciplinary Arts and Sciences last month announced the public availability of BullyBlocker, a smartphone application that allows parents and victims of cyberbullying to monitor, predict and hopefully prevent incidents of online bullying.
-
-
Russia breaks into U.S. soldiers' iPhones in apparent hybrid warfare attacks
The U.S. Army’s Asymmetric Warfare Group, in charge of finding ways to counter emerging threats, recently issued warning about the dangers of Russia’s hybrid warfighting concepts, saying that the U.S. military as a whole may be ill-suited to respond to them in a crisis. Now, American troops and troops from NATO member states say they have been subjected to a campaign of surveillance and harassment via their cellphones, the internet, and social media, a campaign which is the hallmark of the “Russian New Generation Warfare.”
-
-
Lawmaker questions voting machine manufacturers on security measures
Following interference by Russian government operatives in the 2016 election, Senator Ron Wyden (D-Oregon) has asked the top six U.A. manufactures of voting machines how they are protecting Americans’ votes from hacking. Wyden sent similar letters to two voting system test laboratories accredited by the U.S. Election Assistance Commission.
-
-
DOD wants to be able to detect the online presence of social bots
Russian government operatives used social bots in the run up to the 2016 presidential campaign to sow discord and dissention, discredit political institutions, and send targeted messages to voters to help Donald Trump win the election. DARPA is funding research to detect the online presence of social bots.
-
-
Senate panel passes bipartisan “Hack DHS” bill
On Wednesday, 4 October, the U.S. Senate Homeland Security and Governmental Affairs Committee passed the bipartisan Hack Department of Homeland Security (DHS) Act, whichwould establish a bug bounty pilot program – modeled off of similar programs at the Department of Defense and major tech companies – in order to strengthen cyber defenses at DHS by utilizing “white-hat” or ethical hackers to help identify unique and undiscovered vulnerabilities in the DHS networks and information technology.
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.