-
George Mason’s new Center of Excellence for Criminal Investigations and Network Analysis
DHS S&T has selected George Mason University in Fairfax, Virginia to lead a consortium of U.S. academic institutions and other partners for a new Center of Excellence (COE) in Criminal Investigations and Network Analysis (CINA). The Center’s research will focus on criminal network analysis, dynamic patterns of criminal activity, forensics, and criminal investigative processes.
-
-
ISIS and climate change leading security threats: Global survey
People around the globe identify ISIS and climate change as the leading threats to national security, according to a new Pew Research Center report based on a survey of thirty-eight countries. The survey asked about eight possible threats: ISIS, global climate change, cyberattacks, the condition of the global economy, the large number of refugees leaving Iraq and Syria, and the power and influence of the United States, Russia, and China. While the level and focus of concern varies by region and country, ISIS and climate change clearly emerge as the most frequently cited security risks across the thirty-eight countries polled.
-
-
Europol’s No More Ransom initiative celebrates its first year
Ransomware has soared since 2012, with criminals attracted by the promise of profit and ease of implementation. The total number of users who encountered ransomware between April 2016 and March 2017 rose by 11.4 percent compared to the previous twelve months, from 2,315,931 to 2,581,026 users around the world. A year ago, Europol and partners the No More Ransom initiative, which now has 109 partners, including government agencies and private organizations and companies.
-
-
Refusal to accept reality of Russian hacking hobbles U.S. cyber defense efforts: Experts
The evidence of a broad, systemic effort by Russian government hackers and disinformation specialists – on instructions from President Vladimir Putin — to undermine the U.S. electoral process and ensure a Trump victory in November 2016 is incontrovertible, and it is mounting. The evidence has not persuaded President Donald Trump, however. He cites Putin’s denial of the Russian cyber effort as a reason why he – Trump — does not trust the unanimous conclusions of the U.S. intelligence community. Cyber experts say that Trump’s refusal to accept the reality of the 2016 Russian government hacking and disinformation campaign is creating a dangerous policy vacuum. This vacuum, the security experts fear, is only encouraging more cyber warfare.
-
-
Applied cybersecurity research for better protection of critical national infrastructure sectors
DHS S&T awarded a five-year Other Transaction Agreement (OTA), with a maximum value of $70 million, to Arlington, Virginia-based Cyber Apex Solutions, LLC, to facilitate applied research of prototype cyberdefenses for critical national infrastructure sectors.
-
-
U.S. weapons main source of trade in illegal arms on the Dark Web
New report, based on first-ever study, looks at the size and scope of the illegal arms trade on the dark web. European purchases of weapons on the dark web generate estimated revenues five times higher than the U.S. purchases. The dark web’s potential to anonymously arm criminals and terrorists, as well as vulnerable and fixated individuals, is “the most dangerous aspect.”
-
-
“Stalking software”: Surveillance made simpler
The controversial Snap Map app enables Snapchat users to track their friends. The app makes it possible for users to monitor their friends’ movements, and determine – in real time – exactly where their posts are coming from (down to the address). Many social media users expressed their indignation, referring to the app as “stalking software.” This is the latest in a series of monitoring tools to be built on social media platforms. A new study assesses the benefits and risks associated with their use.
-
-
The real costs of cheap surveillance
Surveillance used to be expensive. Even just a few years ago, tailing a person’s movements around the clock required rotating shifts of personnel devoted full-time to the task. Not any more, though. Governments can track the movements of massive numbers of people by positioning cameras to read license plates, or by setting up facial recognition systems. Private companies’ tracking of our lives has also become easy and cheap too. Advertising network systems let data brokers track nearly every page you visit on the web, and associate it with an individual profile. It is worth thinking about all of this more deeply. U.S. firms – unless they’re managed or regulated in socially beneficial ways – have both the incentive and the opportunity to use information about us in undesirable ways. We need to talk about the government’s enacting rules constraining that activity. After all, leaving those decisions to the people who make money selling our data is unlikely to result in our getting the rules we want.
-
-
New questions in Russia probe
“It has become clear that the Russian intention was to attempt to enter into a collaborative or cooperative relationship with the Trump campaign in order to sabotage Hillary Clinton’s campaign to their mutual benefit,” a former CIA official says. “To that end, the Russian government employed hacking activity to collect information and then embarked on an ambitious intelligence operation to leak that information to Trump’s advantage and to Clinton’s detriment. The question that remains, and is most important to answer, is did the Trump campaign willfully accept this assistance from the Russian government and enter into a conspiracy to benefit the campaign?” the former official said. “I would say it’s the most consequential Russian intelligence operation in my lifetime in terms of the attempted scope of their intention to penetrate our domestic politics and influence an American election. I can’t recall a precedent where they were that ambitious and that aggressive in pursuing that kind of goal. It’s hard to imagine that they would have done so with a completely unwilling partner.”
-
-
Petya variant hobbles European businesses
In the wake of May’s WannaCry attack, which affected more than 230,000 computers in over 150 countries, a fast-moving malware malware outbreak was reported 27 June at targets in Spain, France, Ukraine, Russia, and other countries. The attack infected large banks, law firms, shipping companies, and even the Chernobyl nuclear facility in the Ukraine. The new malware is thought to be a variant of Petya, a wiper malware designed to destroy systems and data with no hope of recovery.
-
-
Cybercrime fighting tool moves from government to private sector
Some Department of Energy facilities experience thousands of attempted cyberattacks every day. But the FLOWER software app, developed and patented by DOE’s Pacific Northwest National Laboratory, has been used by other tools and cyber analysts to detect, deter, and mitigate coordinated attacks.
-
-
The Russian government’s disinformation campaign failed to influence the French election. Why?
A few days before the presidential election in France this year, Russian government hackers leaked documents purported to contain unverified information which was damaging to Emmanuel Macron’s campaign. Nonetheless, Macron won the French presidency by a wide margin over Marie Le Pen. The Russian government’s hacking and disinformation campaign had limited effect on French voters. Why? One answer: Most of the Russian government’s disinformation was consumed and distributed by alt-right Americans – and more than half of it was in English, not French.
-
-
“Social media triangulation” to help emergency responders
During emergency situations like severe weather or terrorist attacks, local officials and first responders have an urgent need for accessible, reliable and real-time data. Researchers are working to address this need by introducing a new method for identifying local social media users and collecting the information they post during emergencies.
-
-
Why has healthcare become such a target for cyber-attackers?
More than 16m patient records were stolen from healthcare organizations in the United States and related parties in 2016. That year, healthcare was the fifth most targeted industry when it came to cyber-attacks. And earlier this year, Britain’s National Health Service was crippled by a ransomware attack that locked up the computers holding many of its records and booking systems. As connected technology becomes even more embedded in healthcare, this cyber-threat is only likely to grow. But if we want to protect our health from cyber-attacks, we shouldn’t fear technology. Instead, we need to understand it better and realize that the threat becomes much worse when people make simple mistakes.
-
-
NSA funds cybersecurity project to bolster security of cloud-based computing
A University of Arkansas at Little Rock researcher has received funding from the U.S. National Security Agency (NSA) to improve cybersecurity skills for students and the general population. The cybersecurity lab project, “Networking and Network Security in the Cloud (NetSiC),” will address issues related to cloud-based computing environments and help students practice networking and cyber defense skills.
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.