-
Canadian “sha’hid” used by ISIS in Jihadi recruitment video
The Islamic State in Iraq and Syria’s (ISIS) strategy to use English-speaking Westerns and social media to recruit militants is unprecedented. ISIS has used World Cup hashtags on Twitterand Facebookto spread propaganda and generate death threats. The group’s adoption of new media could be seen as a move better to compete with rival militant groups. One of the more popular YouTube ISI video featuring a Canadian of was killed in an attack on a Syrian military airport.
-
-
Demand for cyberattack insurance grows, but challenges remain
The surge in cyberattacks against the private sector and critical infrastructure has led to a growth in demand for cyber insurance; yet most insurers are unable properly to assess their clients’ cyber risk, let alone issue the appropriate pricing for their cyber coverage.Insurers which traditionally handle risks like weather disasters and fires, are now rushing to gain expertise in cyber technology.On average, a $1 million cyber coverage could cost $20,000 to $25,000.
-
-
Cloud computing poses technical challenges for digital crime-fighters
The ultimate in distributed computing, cloud computing is revolutionizing how digital data is stored, processed, and transmitted. It enables convenient, on-demand network access to a shared pool of configurable computing resources, including servers, storage, and applications. The characteristics that make this new technology so attractive also create challenges for forensic investigators who must track down evidence in the ever-changing, elastic, on-demand, self-provisioning cloud computing environments.
-
-
Chinese government hackers collected information on U.S. security clearance applicants
Chinese government hackers last March broke into the computer networks of the U.S. Office of Personnel Management, the agency which keeps the personal information of all federal employees. The hackers targeted the information of tens of thousands of employees who had applied for top-secret security clearances. Experts note that the hacking of OPM files containing information about federal employees applying for security clearance is especially disturbing since federal employees applying for security clearances enter their most personal information.
-
-
Pennsylvania cybersecurity group takes down international criminal network
Over the past month, a coalition of cybersecurity forces in Pittsburgh, Pennsylvania made of regional FBI officers and members of Carnegie Mellon University’s CERT cyberteam, took down the Gameover Zeus cyber theft network, which had employed data ransom and theft schemes. The criminal group was able to snatch funds up to seven figures from owners’ bank accounts.
-
-
Leaked documents reveal law enforcement hacking methods
Through the sourcing of a leaked documents cache from the Italian firm Hacking Team, members of the University of Toronto’s Citizen Lab have revealed the methods of law-enforcement hackers. While much of Snowden’s revelations concerned broad international surveillance, documents from Hacking Team reveal more specific methods such as the actual techniques for tapping phones and computers to operate as eavesdropping devices.
-
-
Syrian Electronic Army’s attack on Reuters makes a mockery of cyber-security (again)
One big security issue that has arisen lately concerns control of news media. National boundaries have become blurred on the Internet, and the control any nation can have over information dissemination has been eroded — on news Web sites but especially on open platforms such as Twitter and Facebook. One lesson from all the attacks on open platforms is that a focus of any attempted hack will be a spear phishing e-mail. Tricking users into entering their details may be simple, but it can be very serious. For example the Reuters site, which was attacked by the Syrian Electronic Army (SEA), a pro-Assad group of “hacktivists,” integrates more than thirty third-party/advertising network agencies into its content. A breach on any of these could compromise the agency’s whole infrastructure.
-
-
DHS receives top FISMA score for the second year in a row
DHS has received the top score in the annual Federal Information Security Management Act (FISMA), making it the only agency to achieve a score of ninety-nine two years in a row. The act, passed in 2002, requires the Office of Management and Budget to report on federal agencies’ implementation of set processes designed to secure federal IT infrastructures.Analysts credit the achievement to DHS’ Office of Inspector General’s (OIG) push for continuous monitoring of IT systems and standards. The OIG uses commercial vulnerability scanning tools and open source management software to form a system that routinely scans the agency’s networks for compliance with FISMA metrics.
-
-
Is Facelock the password alternative we’ve been waiting for?
One of the problems with using passwords to prove identity is that passwords that are easy to remember are also easy for an attacker to guess, and vice versa. Nevertheless, passwords are cheap to implement and well understood, so despite the mounting evidence that they are often not very secure, until something better comes along they are likely to remain the main mechanism for proving identity. But maybe something better has come along. Researchers propose a new system based on the psychology of face recognition called Facelock. But how does it stack up against existing authentication systems? The idea certainly sounds interesting and the technical challenges in implementing such a system do not seem great. But there are difficult questions regarding cost, selection and security of images that need to be answered before it becomes a practical alternative to passwords.
-
-
Research identifies Android security weaknesses caused by performance design
Researchers have identified a weakness in one of Android’s security features. Their research, titled Abusing Performance Optimization Weaknesses to Bypass ASLR, identifies an Android performance feature that weakens a software protection called Address Space Layout Randomization (ASLR), leaving software components vulnerable to attacks that bypass the protection. The work is aimed at helping security practitioners identify and understand the future direction of such attacks.
-
-
“Marked ghost imaging” offers enhanced security for data storage, transmission
“Ghost imaging” sounds like the spooky stuff of frivolous fiction, but it is an established technique for reconstructing hi-res images of objects partly obscured by clouds or smoke. Now researchers are applying the same idea in reverse to securing stored or shared electronic data. Their work establishes “marked ghost imaging” technology as a new type of multi-layer verification protocol for data storage or transmission.
-
-
Shortage of cybersecurity professionals a risk to U.S. national security
The nationwide shortage of cybersecurity professionals — particularly for positions within the federal government — creates risks for national and homeland security, according to a new RAND study. Demand for trained cybersecurity professionals who work to protect organizations from cybercrime is high nationwide, but the shortage is particularly severe in the federal government, which does not offer salaries as high as the private sector.
-
-
Security flaw: Researchers find thousands of secret keys in Android apps
Researchers have discovered a crucial security problem in Google Play, the official Android app store where millions of users of Android, the most popular mobile platform, get their apps. “Google Play has more than one million apps and over 50 billion app downloads, but no one reviews what gets put into Google Play — anyone can get a $25 account and upload whatever they want. Very little is known about what’s there at an aggregate level,” says one of the researchers.
-
-
Carnegie Mellon recognized for excellence in cybersecurity education, research
The NSA and DHS have designated Carnegie Mellon University as a National Center of Academic Excellence in Information Assurance/Cyber Defense Education and a National Center of Academic Excellence in Information Assurance/Cyber Defense Research for academic years 2014 through 2021. As a CAE, Carnegie Mellon will continue to be eligible to participate in federal scholarship and research opportunities.
-
-
A first: San Francisco to feature encrypted Wi-Fi service
The Chief Information Officer (CIO) for the city of San Francisco has announced that the city will implement a small, free Wi-Fi spot within the city which will offer encrypted service and, it is hoped, usher in a new standard for other urban centers.
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
By Zachary Roth
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
By Dino Jahic
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
By Trina West
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.