-
Serious security threat to many Internet users identified
Researchers have identified a weakness in the Transmission Control Protocol (TCP) of all Linux operating systems since late 2012 that enables attackers to hijack users’ Internet communications completely remotely. Such a weakness could be used to launch targeted attacks that track users’ online activity, forcibly terminate a communication, hijack a conversation between hosts, or degrade the privacy guarantee by anonymity networks such as Tor.
-
-
If two countries waged cyber war on each another, here’s what to expect
Imagine you woke up to discover a massive cyberattack on your country. All government data has been destroyed, taking out healthcare records, birth certificates, social care records and so much more. The transport system isn’t working, traffic lights are blank, immigration is in chaos, and all tax records have disappeared. When countries declare war on one another in future, this sort of disaster might be the opportunity the enemy is looking for. Given the current level of international tension and the potential damage from a major cyberattack, this is an area that all countries need to take very seriously. Better to do it now rather than waiting until one country pays the price. For better and worse, the world has never been so connected.
-
-
Dominating cyberspace through advanced network security, capabilities
As the cyber domain continues to expand, the U.S. military and government have begun to place greater emphasis on cyber operations. As cyber operations have increased, the need for enhanced monitoring, security, and access technologies to promote advanced cyberspace operations have increased as well. The Defense Strategies Institute (DSI) has designed a forum in order to promote conversation that seeks to advance network security and cyber capabilities.
-
-
Fake ATM spotted by DefCon attendees
One of the curious features at the DefCon 24 even in Las Vegas is a fake ATM in the show’s venue. The fake ATM kiosk was placed in the lobby of the Riviera Hotel Casino sometime before the conference opened. As is appropriate at an event of sharp-eyed cybersecurity specialists and white hackers, the scam was uncovered when people noticed something wrong with the machine.
-
-
Hacking hotel magnetic-stripe based key cards is easy
If you travel a lot for business or pleasure, and stay at hotels at the places you visit, you may not like the information presented at the DefCon 24 event in Las Vegas. A security expert will tell the attendees that the magnetic-stripe based key cards guests are given to enter their rooms have major weaknesses which could allow an attacker to modify these cards to enter guests rooms.
-
-
Live-streaming crime incidents a challenge U.S. privacy law
In July, the fatal police shootings of Alton Sterling and Philando Castile went viral on social media. The aftermath of the Castile shooting was first shared via Facebook Live, which is a type of mobile streaming video technology (MSVT) that allows users to stream live video to followers, similar to Periscope and Meerkat. The two incidents focus attention on the legal rights of people to record and live stream and any potential right to be free from being recorded and streamed in public places.
-
-
Exploring automotive cybersecurity vulnerabilities at Def Con 24
In 2015, more than 16.5 million vehicles were sold in the United States. The Car Hacking Village helps researchers interested in the safety and security of the more than one billion vehicles on the road around the world. The Car Hacking Village made its debut at the Def Con 23 Conference last year in Las Vegas. This year, the Village returns to Def Con 24 in Vegas on 4 August.
-
-
U.S. Cyber Challenge hacking competition announces winners
Last Friday morning, seven teams competed in the U.S. Cyber Challenge (USCC) Capture-the-Flag (CTF) competition at Southern Utah University (SUU) in Cedar City, Utah. After four hours of hacking into systems and answering trivia questions, Team Dragon came out on top.
-
-
“Our president should be chosen by American citizens, not by foreign adversaries or interests”
Thirty-one members of the Aspen Institute Homeland Security Group, a bipartisan group of homeland security and counterterrorism experts, last week have issued a statement on the recent Democratic National Committee (DNC) hack. “[T]his is an attack not on one party but on the integrity of American democracy. And it may not be the end of such attacks. It is not unthinkable that those responsible will steal and release more files, and even salt the files they release with plausible forgeries,” members of the group write. “This is unacceptable. Our president should be chosen by American citizens, not by foreign adversaries or interests.”
-
-
How vulnerable to hacking is the US election cyber infrastructure?
Following the hack of Democratic National Committee e-mails and reports of a new cyberattack against the Democratic Congressional Campaign Committee, worries abound that foreign nations may be clandestinely involved in the 2016 American presidential campaign. Allegations swirl that Russia, under the direction of President Vladimir Putin, is secretly working to undermine the U.S. Democratic Party. Intelligence services around the world monitor other countries’ domestic political situations — what has changed, however, is the ability of individuals, governments, militaries, and criminal or terrorist organizations to use Internet-based tools — commonly called cyberweapons — not only to gather information but also to generate influence within a target group. Democracies endure based not on the whims of a single ruler but the shared electoral responsibility of informed citizens who trust their government and its systems. That trust must not be broken by complacency, lack of resources, or the intentional actions of a foreign power.
-
-
Will Putin pick the next U.S. president? He just might
Russian government hackers stealing and publicizing politically embarrassing e-mails from the DNC’s computer systems — or stealing analytical voter information and opposition research on Trump from the Clinton campaign’s own computers – is serious enough. As serious as the theft by these Russian hackers of Democratic campaign donors’ personal data from the computer systems of the Democratic Congressional Campaign Committee (DCCC). But as a recent article in Politico Magazine notes, there is even a more serious, and more disturbing, possibility: “The most extreme danger, of course, is that cyber intruders could hack the voting machinery to pick winners and losers.”
-
-
Recruiting technology companies to combat extremism on social media
Extremists are exploiting the Internet. A new study aims to shed light on how accessible extremist content is beyond social media, with a particular focus on the role played by the search engine Google. Initiatives for better understanding extremism on the Internet have predominantly been led by experts in extremist ideology or the sociological aspects of radicalization. Technology firms, key stakeholders in this fight, have played a less prominent role.
-
-
Trump urges Russia to hack, release Clinton’s e-mails
Donald Trump on Wednesday said he hoped Russia would hack Hillary Clinton’s e-mails, and release them to the press. In a press conference at his Doral golf course, Trump said: “Russia, if you’re listening, I hope you’re able to find the 30,000 e-mails that are missing,” he said. “I think you will probably be rewarded mightily by our press.” Analysts note that Trump’s breathtaking call for a foreign power to hack the e-mails of a major U.S. political party or the server of a former secretary of state was as extraordinary as it was unprecedented.
-
-
DNC hack: “All roads lead to Russia” says new cybersecurity report
New report by a cybersecurity firm ThreatConnect focuses on Guccifer 2.0, a hacker claiming to be behind the hack of the DNC computer system. The claim was made in order to deflect attention from Russian government hackers whose digital fingerprints were all over the DNC hack. A ThreatConnet report shows that Guccifer 2.0 is part of the Russian plot to steal and release politically embarrassing DNC e-mails.
-
-
New tool keeps track of violent groups without having to geolocate the tweets
Researchers have developed new sentiment analysis algorithms which can monitor the social network Twitter in search of violent groups. The system analyzes both the messages these individuals share and how their relationships develop. The police and other law enforcement agencies could use the tool to detect critical points, threats, and areas with concentrations of potentially dangerous people.
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.