-
Police turning to Facebook to fight crime
Local police departments across the United States have are beginning to use Facebook and Twitter to communicate with local residents and track down criminals and missing persons; departments have successfully apprehended suspects minutes after posting photos online; police have also received tips on the whereabouts of wanted criminals and Facebook has become a part of the investigative process; Facebook’s traditional functions of outreach and communication have helped departments keep residents informed and build trust; critics of police patrolling Facebook and Twitter for tips say that it is an invasion of privacy; police have been careful to only use publicly posted information that users choose to display
-
-
Wisconsin introduces law to ban fake caller IDs
Republican legislators in Wisconsin have introduced a bill that would make it illegal to use a fake caller ID number to “defraud, cause harm, or gain anything of value”; last year Congress passed a similar bill that banned the use of “phone spoofing” technologies — technology that allow an individual to choose what number they wish to appear on another person’s caller ID; the new bill would allow law enforcement officials to target individuals making prank calls in addition to prosecuting companies that provide spoofing technology; critics question the timing of the bill as it comes after a high-profile prank call to Wisconsin governor Scott Walker
-
-
Smartphones are now audio bugs of choice
In an increasing trend, cell phones have become the tool of choice for eavesdroppers; with new smartphones, spies can easily plant a tracking device that can follow a user’s every move including their location, calls, text messages, emails, and even video; with the proliferation of smartphones, thousands of sites are now selling spy software; for as little as $25, someone can tap into all the features of Blackberries, iPhones, and Google Android phones; the software takes minutes to install and can be disguised as an email link; it can take days of searching through thousands of lines of code to discover the spy software
-
-
Tainted apps make their way into official Android store
More than fifty applications have been found to be infected with a new type of Android malware called DroidDream, an information stealer; fraudsters repackaged legitimate apps (mostly games) so that they included malicious code before uploading them to the marketplace; the tactic has been seen in mobile marketplaces in China and elsewhere but this is the first time the approach has been successfully applied in the United States
-
-
Contradictions in U.S. cybersecurity policy
The United States wants a secure cyberspace, but its intelligence agencies have found enormous utility in using their own computer hacking capabilities to collect confidential information from foreign adversaries; this raises the question of how the U.S. government can push for global cybersecurity while at the same time using cyber means to collect intelligence on potentially threatening regimes such as Iran
-
-
Law enforcement, and domain name registrars discuss ways to tackle net crooks
Police and other law enforcement agencies in the United States and the United Kingdom are increasingly turning their attention to domain names as an Internet choke-point that can be used to shut down Web sites selling counterfeit goods and enabling the trading of pirated movies and child pornography
-
-
Are your phones really secure?
Breakthroughs in technology have enabled malicious actors to listen in on any conversation using your phone even when not in use; eavesdroppers have circumvented encrypted audio channels by relying on a relatively simple principle in physics — resonance; by tapping into an object’s natural resonance, spies have turned phones and phone cables into listening devices even when they are not in use; researchers at Teo, a manufacturer of secure telecommunications equipment, were able to capture human voices using standard phones, unplugged Ethernet cables, or even a rock; to address this security gap, Teo has designed its IP TSG-6 phones with special vibration dampening circuitry and materials that render them impervious to these types of listening devices
-
-
Android apps send private data in the clear
Cell phones running the Android operating system fail to encrypt data sent to and from Facebook and Google Calendar, shortcomings that could jeopardize hundreds of millions of users’ privacy; Facebook’s recently unveiled always-on SSL encryption setting to prevent snooping over insecure networks — but the encryption is no good, meaning that all private messages, photo uploads, and other transactions are visible to eavesdroppers
-
-
CyberCom commander calls for government protection of critical infrastructure
General Keith Alexander, the head of the U.S. Cyber Command, is calling for the creation and implementation of a government strategy to protect critical infrastructure in the United States from cyber attacks; in a speech yesterday, General Alexander emphasized the importance of securing critical infrastructure like the stock market, the electrical grid, and power plants against cyber attacks; he sought to ease fears by assuring the audience that the government could protect critical infrastructure and preserve civil liberties; Alexander’s remarks come as civil rights advocates and internet freedom groups have grown more vociferous in their criticism of a recent Senate bill that would help secure the nation’s critical infrastructure from cyber attacks; supporters of the bill say that it is impossible to create an internet “kill switch” and that is not their goal
-
-
U.K. rethinking cyber security
U.K. cyber crime could cost more than 27 billion Pounds a year; the estimate of 21 billion Pounds to businesses, 2.2 billion Pounds to government, and 3.1 billion Pounds to citizens may be an under-estimation due to a possible lack of reporting for fear of reputational damage; the hardest-hit sectors being pharmaceuticals, biotech, electronics, IT, and chemicals
-
-
Defining cyber warfare
Several high-profile cyberattack incidents lead commentators to worry that we may be using the wrong metaphor to describe the phenomena; Bruce Schneier, for example, says that “What we are seeing is not cyber war but an increasing use of war-like tactics and that is what is confusing us. We don’t have good definitions of what cyber war is, what it looks like and how to fight it”
-
-
FBI says it does not demand encryption back doors
The FBI says that it is not calling for restrictions on encryption without back doors for law enforcement; only last fall the agency said discussions should focus on requiring that communication providers and Web sites have legally mandated procedures to divulge unencrypted data in their possession; the FBI says that because of the rise of Web-based e-mail and social networks, it’s “increasingly unable” to conduct certain types of surveillance that would be possible on cellular and traditional telephones
-
-
Police using text messages to fight crime
In an increasing trend police departments across the United States are using text messages to help fight crime; various police departments have set up a text message service that allows citizens to report any crimes that they see; informants can stay anonymous while department officials can exchange texts with them to learn more; police departments have long had anonymous hotlines in place, and text messages are the technological upgrade to these hotlines; text message systems were first introduced in 2007 in Boston and Cincinnati; this year several smaller police departments will implement a text based tip system including those in Apex, North Carolina and Colorado Springs, Colorado
-
-
DHS requesting boost in cybersecurity funds
Government, industry, and academia have labeled the shortage of cyber specialists in the government as a national security problem; the United States is looking to hire 30,000 security experts to safeguard cyberspace as opposed to the 1,000 personnel currently staffed government wide; DHS has requested $936 million in funding for FY 2012 to grow the federal cybersecurity workforce and enhance network protections
-
-
IT organization surveys potential insider-threats
Employees are being overloaded with passwords; 10 percent of IT professionals are still able to access accounts from a prior job; 52 percent of employees admit that they have shared their work log-ins and passwords with other co-workers, and vice versa
-
More headlines
The long view
States Rush to Combat AI Threat to Elections
This year’s presidential election will be the first since generative AI became widely available. That’s raising fears that millions of voters could be deceived by a barrage of political deepfakes. Congress has done little to address the issue, but states are moving aggressively to respond — though questions remain about how effective any new measures to combat AI-created disinformation will be.
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.
Tantalizing Method to Study Cyberdeterrence
Tantalus is unlike most war games because it is experimental instead of experiential — the immersive game differs by overlapping scientific rigor and quantitative assessment methods with the experimental sciences, and experimental war gaming provides insightful data for real-world cyberattacks.