-
Russian government hackers leaked DNC e-mails: Cybersecurity experts
Robby Mook, Hillary Clinton’s campaign manager, said on Sunday that Friday’s release by WikiLeaks of Democratic National Committee (DNC) internal e-mails was the work of Russian government hackers. The leak, Mook said, was part of an effort by President Vladimir Putin and people in his circle to weaken Clinton and increase the chances of a Donald Trump victory in November. Cybersecurity experts support Mook’s claims.
-
-
DHS S&T awards $3.66 million for privacy-enhancing technology R&D
DHS S&T has announced the award of three contracts totaling $3.66 million to fund the research and development of privacy-enhancing technologies that better defend personally identifying information and protect privacy in cyber space.
-
-
Protecting against “browser fingerprint”
Imagine that every time a person goes out in public, they leave behind a track for all to see, so that their behavior can be easily analyzed, revealing their identity. This is the case with people’s online browser “fingerprints,” which are left behind at each location they visit on their internet browser. Almost like a regular fingerprint, a person’s browser fingerprint — or “browserprint” — is often unique to the individual. Such a fingerprint can be monitored, tracked, and identified by companies and hackers.
-
-
Automated cybersecurity systems get set for final face-off at DARPA’s Cyber Grand Challenge
The Heartbleed security bug existed in many of the world’s computer systems for nearly two-and-a-half years before it was discovered and a fix circulated in the spring of 2014. The reason for this time lag? In contrast to the sophistication and automation that characterize so much of today’s computer systems, the process of finding and countering bugs, hacks, and other cyber infection vectors is still effectively artisanal. But what if that system of finding and fixing flaws were just as fast and automated as the computer systems they are trying to protect? What if cyber defense were as seamless, sophisticated, and scalable as the Internet itself? These are questions at the heart of DARPA’s Cyber Grand Challenge.
-
-
DHS seeking input to study safeguards to mobile devices
DHS is seeking input from the mobile and cellular industry to study defense capability gaps and additional safeguards for government devices. The DHS S&T will additionally hold two Industry Day events – 20 July in Washington, D.C. and 2 August in Menlo Park, California — to provide additional insight about the request for information (RFI) to the mobile and cellular industry and researchers.
-
-
Cybersecurity risks in 3D printing
Additive manufacturing (AM), commonly called 3D printing, is a $4 billion business set to quadruple by 2020. One day, manufacturers may print everything from cars to medicines, disrupting centuries-old production practices. But the new technology poses some of the same dangers unearthed in the electronics industry, where trusted, partially trusted, and untrusted parties are part of a global supply chain. Researchers report of their examination of two aspects of 3D printing that have cybersecurity implications: printing orientation and insertion of fine defects.
-
-
Better computer bug finder
Individuals and corporations spend millions of dollars every year on software that sniffs out potentially dangerous bugs in computer programs. And whether the software finds ten bugs or 100, there is no way determine how many go unnoticed, nor to measure the efficacy of bug-finding tools. Researchers are taking an unorthodox approach to tackling this problem: Instead of finding and remediating bugs, they are adding them by the hundreds of thousands.
-
-
How to stay anonymous online
Anonymity networks protect people living under repressive regimes from surveillance of their Internet use. But the recent discovery of vulnerabilities in the most popular of these networks — Tor — has prompted computer scientists to try to come up with more secure anonymity schemes. These scientists have developed a new anonymity scheme that provides strong security guarantees but uses bandwidth much more efficiently than its predecessors, making it possible for network to protect users’ anonymity if all but one of its servers are compromised.
-
-
Increasing power grid cybersecurity
Cybersecurity experts are leading a new program to develop new data analysis methods better to protect the nation’s power grid. The goal of this project is to develop technologies and methodologies to protect the grid from advanced cyber and threats by developing the means to distinguish between power grid failures caused by cyber attacks and failures caused by other means, including natural disasters, “normal” equipment failures, and even physical attacks.
-
-
Ending extortion: Researchers develop a way to stop ransomware
Ransomware — what hackers use to encrypt your computer files and demand money in exchange for freeing those contents — is an exploding global problem with few solutions. The FBI issued a warning in May saying the number of attacks has doubled in the past year and is expected to grow even more rapidly this year. It said it received more than 2,400 complaints last year and estimated losses from such attacks at $24 million last year for individuals and businesses. Researchers have developed a way to stop ransomware dead in its tracks.
-
-
Your smart watch and fitness tracker may give away your PIN
Wearable devices — Fitbits, Jawbones, Nike+, Apple Watches, and the like — are white-hot. The tech segment is already producing an estimated $14 billion in sales worldwide, and expected to more than double within four years, climbing to north of $30 billion. But a new research report reveals those cool wearables just may leak information as you use them.
-
-
ISIS uses Whatsapp, Telegram to sell girls and women as sex slaves
ISIS has been using instant messenger apps Whatsapp and Telegram to advertise Yazidi women and girls as young as 12 for sale as sex slaves. These apps are also being used to share photos databases of women held by ISIS as sex slaves. ISIS uses the apps to distribute these of photographs to ISIS militants manning the group’s checkpoints so that these women can be identified if they try to escape ISIS-controlled territory. Telegram and Facebook-owned Whatsapp both use end-to-end encryption, preventing the two companies from accessing users’ communications.
-
-
DHS S&T funds efforts to make Internet of Things safer
DHS S&T the other day awarded $119,000 to Ionic Security, Inc. based in Atlanta, Georgia, to advance detection and monitoring for Internet of Things (IoT) systems security. The Ionic Security team proposes to apply a novel distributed data protection model to solve the authentication, detection, and confidentiality challenges that impact distributed IoT devices.
-
-
House committee releases encryption report, laying foundation for a national dialogue
Terrorist attacks in Paris and San Bernardino have sparked a public debate on the use of encryption in the United States because the attackers used encrypted communications to evade detection, a phenomenon known as “going dark.” Earlier this week, the Majority Staff of the House Homeland Security Committee released a new report, titled Going Dark, Going Forward: A Primer on the Encryption Debate. The summarizes the committee’s findings, based on more than 100 meetings and briefings committee staff and members have held with key stakeholders over the past year.
-
-
Effective defense against Internet attacks
The brute force and sheer scale of current Internet attacks put a heavy strain on classic methods of intrusion detection. Moreover, these methods are not prepared for the rapidly growing number of connected devices. Researchers have developed a “flow based” approach, which looks at the data flow from a higher level and detects suspicious patterns.
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.