-
Protecting against online privacy attacks
When Congress voted in March to reverse rules intended to protect internet users’ privacy, many people began looking for ways to keep their online activity private. One of the most popular and effective is Tor, a software system millions of people use to protect their anonymity online. But even Tor has weaknesses, and in a new paper, researchers recommend steps to combat certain types of Tor’s vulnerabilities.
-
-
New tool spots fake online profiles
People who use fake profiles online could be more easily identified, thanks to a new tool developed by computer scientists. Researchers have trained computer models to spot social media users who make up information about themselves — known as catfishes. The system is designed to identify users who are dishonest about their age or gender. Scientists believe it could have potential benefits for helping to ensure the safety of social networks.
-
-
Russian government hackers planted false news story which caused Gulf crisis: U.S. intelligence
U.S. intelligence officials say Russian government hackers planted a false news story into the text prepared for release by the official Qatari news agency. The release of the Russian-manufactured story by the official Qatari news agency prompted Saudi Arabia and several of its regional allies to suspend diplomatic relations with Qatar and impose economic sanctions on it. U.S. officials say the Russian goal appears to be to cause rifts among the U.S. and its allies.
-
-
Russian government hackers hacked U.S. voting system manufacturer last August: NSA report
The hacking by Russian government hackers of the DNC computers and the email accounts of senior Democrats during the campaign has been amply documented, but vote-tallying was believed to have been unaffected, despite the concerted effort exerted by the Russian hackers. A highly classified NSA report, published by the Intercept on Monday, offers evidence that Russian government agents hacked a U.S. voting systems manufacturer last August, three months before the November 2016 presidential election. Security experts say that the suggestion that Russian government hackers may have gained access – even if limited access — to electronic voting systems is likely to increase worries about Russian interference in the 2018 mid-term and 2020 presidential election, as well as worries about growing Russian meddling in the election processes in other countries.
-
-
Bolstering the credibility of attributing cyberattacks
Even as major cyber incidents receive high-profile press coverage, many segments of the general public are coming to dispute and question the credibility of the attribution findings — the declared identities of the perpetrators. Researchers review the state of cyber attribution and consider how to bolster the credibility of the process by making it more standardized and transparent. In particular, the report recommends the creation of an independent, global organization to investigate and publicly attribute major cyber-attacks.
-
-
Preventing 3D printing hacks
Additive manufacturing (AM), also called 3D printing, is growing fast. Worldwide, the AM market grew nearly 26 percent to more than $5 billion last year, versus 2015, and another 17.4 percent this year versus last. The rapid prototyping market alone is expected to reach $5 billion by 2020. But since the global supply chain for AM requires companies to share computer aided design (CAD) files within the organization or with outside parties via email or cloud, intellectual-property thieves and malefactors have many opportunities to filch a manufacturer’s design files to produce counterfeit parts.
-
-
Cybersecurity on the fly
When we think of cybersecurity, we think of applying protection measures to our desktop computers such as installing antivirus programs and using passcodes and pin numbers. Just like our computers, aircraft systems are vulnerable and are not exempt from a cyber-attack. If hacked, some examples of possible cyber effects on aircraft systems can be anything from breakdowns in communication and navigation systems to the more critical systems such as collision avoidance and life support systems.
-
-
Training cybersecurity professionals to protect critical infrastructure
Idaho National Laboratory and the Department of Homeland Security (DHS) announce the successful completion of the 100th iteration of the Industrial Control Systems Cybersecurity (301) training course; a course tailored to defending systems used across the critical infrastructure sectors. Since April 2007, over 4,000 cybersecurity professionals have participated in the advanced course.
-
-
Hackers could take control of missiles on U.K. subs, start a “catastrophic” nuclear war: Report
Britain’s Trident nuclear weapons deterrent program consists of four Vanguard-class submarines, each carrying up to sixteen Trident II D5 ballistic missiles with a nuclear warhead. Hackers could take control of nuclear weapons-carrying Vanguard-class submarines and start a “catastrophic” nuclear war, a new report warns. The 38-page report warns a security breach could “neutralize operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads (directly or indirectly).” Des Browne, former U.K. Defense Secretary, said: “To imagine that critical digital systems at the heart of nuclear weapon systems are somehow immune or can be confidently protected by dedicated teams of network managers is to be irresponsibly complacent.”
-
-
World heading toward “permanent cyber war”: France’s cyber chief
The world is heading towards a “permanent war” in cyberspace, Guillaume Poupard, director general of the National Cybersecurity Agency of France (ANSSI), has warned. Poupard said cyberattacks of growing frequency and intensity were coming from states which he did not name, as well as criminal and extremist groups. “We must work collectively, not just with two or three Western countries, but on a global scale,” he added, saying attacks could aim at espionage, fraud, sabotage, or destruction.
-
-
Cybercrime to cost global business more than $8 trillion in the next five years
A new report by Juniper Research has found that criminal data breaches will cost businesses a total of $8 trillion over the next five years, due to higher levels of internet connectivity and inadequate enterprise wide security. The new research forecasts that the number of personal data records stolen by cybercriminals will reach 2.8 billion in 2017, almost doubling to five billion in 2020, despite new and innovative cybersecurity solutions emerging.
-
-
Putin: “Patriotic,” “private” Russian hackers may have interfered in 2016 U.S. election
In a surprising shift, President Vladimir Putin for the first time admitted publicly that Russian hackers may have meddled in the 2016 U.S. elections. He said, however, that the hackers were not Russian government employees but rather “patriotically minded” private Russians. The U.S. intelligence community, and Western intelligence services more generally, have collected voluminous, and incontrovertible, evidence, based on both signal and human intelligence, that hackers and disinformation specialists working for the GRU and the FSB – Russia’s military and domestic intelligence services, respectively – have launched a broad disinformation and hacking campaign last year in order to influence the 2016 presidential election. The Russian leader seemed aware of the possibility that more information about the Russian government’ role in the hacking and disinformation campaign may be revealed, and was trying to get ahead of such disclosures by saying that digital technology can be manipulated.
-
-
Bug-bounty program to strengthen DHS cyber defenses
Congress is considering a bill would establish a bug bounty pilot program – modeled off of similar programs at the Department of Defense and major tech companies – in order to strengthen cyber defenses at DHS by utilizing “white-hat” or ethical hackers to help identify unique and undiscovered vulnerabilities in the DHS networks and data systems.
-
-
Bolstering the security of inter-domain routing
Since the creation of the internet, the Border Gateway Protocol (BGP) has been the default routing protocol to route traffic among organizations (Internet Service Providers [ISPs] and Autonomous Systems [ASes])). While the BGP protocol performs adequately in identifying viable paths that reflect local routing policies and preferences to destinations, the lack of built-in security allows the protocol to be exploited. To improve the security of inter-domain routing traffic exchange, NIST has begun development of a Special Publication (SP 800-189 – in preparation) that provides security recommendations for the use of Inter-domain protocols and routing technologies.
-
-
Judy malware may be the largest malware campaign found on Google Play: Check Point
Check Point researchers last week discovered a widespread malware campaign on Google Play, Google’s official app store. Check Point says that the malware, dubbed “Judy,” is an auto-clicking adware which was found on forty-one apps developed by a Korean company. The malicious apps reached an astonishing spread between 4.5 million and 18.5 million downloads.
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
By Zachary Roth
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
By Dino Jahic
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
By Trina West
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.