• Fake news: Studying cyber propaganda and false information campaigns

    Dr. Nitin Agarwal of the University of Arkansas at Little Rock will use $1.5 million grant from the Office of Naval Research to study the sources of false information on the Internet, how it is spread through social media, and how people and groups strategically use this false information to conduct cyber propaganda campaigns.

  • New director for CMU’s Software Engineering Institute's CERT Division

    Carnegie Mellon University’s Software Engineering Institute the other day announced the appointment of Roberta G. (Bobbie) Stempfley as director of the SEI’s CERT Division. A federally funded research and development center, SEI helps government and industry organizations develop and operate software systems that are secure and reliable. The CERT Coordination Center was founded at the SEI in 1988 as the world’s first computer security incident response team.

  • Random numbers will make life difficult for hackers

    Whenever we need to communicate in secret, a cryptographic key is needed. For this key to work, it must consist of numbers chosen at random without any structure – just the opposite of using the birthdate of our favorite pet. But, for a human, it is extremely difficult to choose without creating any bias, even by hitting the keyboard chaotically. To solve this problem, researchers have developed a new random numbers generator based on the principles of quantum physics.

  • Stuxnet, the sequel: Dangerous malware aims to disrupt industrial control systems

    A cybersecurity firm has identified a new, dangerous malware, dubbed Industroyer, capable of performing an attack on power supply infrastructure. The malware was likely involved in the December 2016 cyberattack on Ukraine’s power grid that deprived part of its capital, Kiev, of power for over an hour. is capable of directly controlling electricity substation switches and circuit breakers. It uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure. The potential impact may range from simply turning off power distribution, triggering a cascade of failures, to more serious damage to equipment.

  • Preventing voice hacking

    While convenient, Siri, WeChat, and other voice-based smartphone apps can expose you to a growing security threat: voice hacking. With just a few minutes of audio samples, attackers can replay your voice convincingly enough to trick people as well as top digital security systems. The consequences, from impersonating you with your friends to dipping into your bank account, are terrifying. An app, soon to be available, will help thwart growing cybersecurity threat

  • Preventing autonomous vehicles from being hacked

    Although autonomous vehicles are essentially large computers on wheels, securing them is not the same as securing a communication network that connects desktop computers and smartphones to large geographical areas due to the roles that the sensors and actuators play in the physical layer of the network. Researchers have developed an intelligent transportation system prototype designed to avoid collisions and prevent hacking of autonomous vehicles.

  • Can the world ever really keep terrorists off the internet?

    After London’s most recent terror attacks, British Prime Minister Theresa May called on countries to collaborate on internet regulation to prevent terrorism planning online. May criticized online spaces that allow such ideas to breed, and the companies that host them. Internet companies and other commentators, however, have pushed back against the suggestion that more government regulation is needed, saying weakening everyone’s encryption poses different public dangers. Many have also questioned whether some regulation, like banning encryption, is possible at all. As a law professor who studies the impact of the internet on society, I believe the goal of international collaboration is incredibly complicated, given global history.

  • Network routers can covertly leak data

    Researchers have demonstrated for the first time that it is possible to covertly siphon sensitive files, passwords or other critical data from any common router. “Unlike network traffic that is heavily monitored and controlled by firewalls, this covert channel is currently not monitored,” one researcher says. “As a result, it enables attackers to leak data while evading firewalls, air-gaps (computers not hooked up to the internet) and other data-leakage prevention methods.”

  • "That is a big deal": Russia's effort to subvert American democracy

    Russia’s broad, systematic attacks on the U.S. political process, attacks which are only going to intensify in years to come, are of far greater, and lasting, importance relative to all other issues raised in James Comey’s Thursday testimony before the Senate Intelligence Committee. “We’re talking about a foreign government that, using technical intrusion, lots of other methods, tried to shape the way we think, we vote, we act. That is a big deal,” Comey said.

  • Protecting against online privacy attacks

    When Congress voted in March to reverse rules intended to protect internet users’ privacy, many people began looking for ways to keep their online activity private. One of the most popular and effective is Tor, a software system millions of people use to protect their anonymity online. But even Tor has weaknesses, and in a new paper, researchers recommend steps to combat certain types of Tor’s vulnerabilities.

  • New tool spots fake online profiles

    People who use fake profiles online could be more easily identified, thanks to a new tool developed by computer scientists. Researchers have trained computer models to spot social media users who make up information about themselves — known as catfishes. The system is designed to identify users who are dishonest about their age or gender. Scientists believe it could have potential benefits for helping to ensure the safety of social networks.

  • Russian government hackers planted false news story which caused Gulf crisis: U.S. intelligence

    U.S. intelligence officials say Russian government hackers planted a false news story into the text prepared for release by the official Qatari news agency. The release of the Russian-manufactured story by the official Qatari news agency prompted Saudi Arabia and several of its regional allies to suspend diplomatic relations with Qatar and impose economic sanctions on it. U.S. officials say the Russian goal appears to be to cause rifts among the U.S. and its allies.

  • Russian government hackers hacked U.S. voting system manufacturer last August: NSA report

    The hacking by Russian government hackers of the DNC computers and the email accounts of senior Democrats during the campaign has been amply documented, but vote-tallying was believed to have been unaffected, despite the concerted effort exerted by the Russian hackers. A highly classified NSA report, published by the Intercept on Monday, offers evidence that Russian government agents hacked a U.S. voting systems manufacturer last August, three months before the November 2016 presidential election. Security experts say that the suggestion that Russian government hackers may have gained access – even if limited access — to electronic voting systems is likely to increase worries about Russian interference in the 2018 mid-term and 2020 presidential election, as well as worries about growing Russian meddling in the election processes in other countries.

  • Bolstering the credibility of attributing cyberattacks

    Even as major cyber incidents receive high-profile press coverage, many segments of the general public are coming to dispute and question the credibility of the attribution findings — the declared identities of the perpetrators. Researchers review the state of cyber attribution and consider how to bolster the credibility of the process by making it more standardized and transparent. In particular, the report recommends the creation of an independent, global organization to investigate and publicly attribute major cyber-attacks.

  • Preventing 3D printing hacks

    Additive manufacturing (AM), also called 3D printing, is growing fast. Worldwide, the AM market grew nearly 26 percent to more than $5 billion last year, versus 2015, and another 17.4 percent this year versus last. The rapid prototyping market alone is expected to reach $5 billion by 2020. But since the global supply chain for AM requires companies to share computer aided design (CAD) files within the organization or with outside parties via email or cloud, intellectual-property thieves and malefactors have many opportunities to filch a manufacturer’s design files to produce counterfeit parts.