• Hacking One of the World's Most Secure Industrial Programmable Logic Controllers (PLC)

    Researchers have managed to take control of a Siemens PLC, which is considered to be one of the safest controllers in the world. As part of the attack, the researchers analyzed and identified the code elements of the Siemens proprietary cryptographic protocol, and on the basis of their analysis, created a fake engineering station, an alternative to Siemens’ official station. The fake engineering station was able to command the controller according to the will of the attackers.

  • A Hacker’s Treasure: IoT Data Not Trashed

    While consumers are aware that data needs to be wiped from smart phones and computers before discarding, the proliferation of internet connected (IoT) devices poses new challenges and risks, as they too retain valuable data.

  • Disinformation Moves from Fringe Sites to Facebook, YouTube

    Lawmakers and regulators focusing their attention on Facebook, Twitter and YouTube for the platforms’ role in propagating disinformation may be missing a big chunk of other online sites and portals that drive conspiracies and outright falsehoods, according to a nonprofit group that is studying how disinformation works.

  • Foreign Campaign Intervention May Go Way Beyond Russia to China, Iran, North Korea, and Saudi Arabia

    The risk of foreign intervention goes far beyond Russia. Indeed, this type of action has happened many times in U.S. history. What’s new in 2020 is that, over the past few years, Russians have shown other nations how easy it is to sow disinformation and disrupt democratic elections. Many countries, including the United States, seek to make the voting process easy so balloting is designed much more for user-friendliness than electoral security. At the same time, technology companies have created social media platforms that are easily exploited through disinformation, false news, and fake videos. What’s more, the use of this technology to disrupt campaigns is cheap and difficult to trace.

  • Hatechan: The Hate and Violence-Filled Legacy of 8chan

    El Paso, Texas. Poway, California. Christchurch, New Zealand. Three White Power-inspired attacks by three white supremacists who posted paranoid racist manifestos right before the attacks. Three killing sprees. One targeted Muslims, another Jews, the third Hispanics. What they all had in common was 8chan. In just six years, 8chan has achieved a rather unenviable reputation as one of the vilest places on the Internet.

  • Action Needed to Stem Online Hate: Researchers

    As Americans reflect on two mass shootings that claimed 31 lives last weekend, they’re asking how to stop the carnage. Researchers at a Los Angeles center devoted to tolerance say part of the answer lies in ending hate online. Political leaders and social media companies, they add, must help to tone down the hateful rhetoric.

  • From Across the Globe to El Paso, Changes in the Language of the Far-Right Explain Its Current Violence

    In the past decade, the language of white supremacists has transformed in important ways. It crossed national borders, broadened its focus and has been influenced by current mainstream political discourse. I study political violence and extremism. In my recent research, I have identified these changes and believe that they can provide important insights into the current landscape of the American and European violent far-right. The changes also allow us to understand how the violent far-right mobilizes support, shapes political perceptions and eventually advances their objectives.

  • Unlocking Market Forces to Solve Cyber Risk

    Markets have been slow to adjust to the multi-dimensional perils of cyber risk. Even headline-grabbing cyber incidents such as breaches of Equifax, Target, Anthem, Sony and Home Depot—along with NotPetya’s devastation of Merck, FedEx, and Maersk—have thus far had only fleeting impacts on assessments of major corporations’ prospects by investors, credit rating agencies and insurers. This disparity reflects the broader problem of a “cyber risk gap” between corporations’ exposure to cyber risks and the adequacy of their efforts to address it. Investors, insurers, credit rating agencies and others presently face this gap, and have been only slowly waking up to its magnitude.

  • Winning the Cyber War Is Not a Job the Army Can Do Alone

    Britain has not been legally at war since 1945. Despite this, we have been in perpetual conflict since then and, apart from 1969, have lost soldiers on operations every single year. Today the sphere of that conflict now very much includes the online world where our adversaries – from Russian disinformation disseminators to IS’s terrorist cyber warriors – are a shadowy, but perpetual threat. In this increasingly antagonistic world, we must organize ourselves accordingly.

  • Practicing Cybersecurity Gets Easier

    It’s expensive to train the people who defend us from cyberattacks. When big companies hold a large-scale exercise, they often take several months to prepare for it. Lots of people and computers, routers and other hardware form a complex infrastructure to create an attack that is as realistic as possible. That’s a good approach, but at the same time it is time consuming and expensive. This is where the Norwegian Cyber Range comes in, enabling medium and smaller players to train, too.

  • Combatting Russia’s Assault on Democracies: Lessons from Europe

    A 2018 report by the Senate Foreign Relations Committee says: “For years, Vladimir Putin’s government has engaged in a relentless assault to undermine democracy and the rule of law in Europe and the United States. Mr. Putin’s Kremlin employs an asymmetric arsenal that includes military invasions, cyberattacks, disinformation, support for fringe political groups, and the weaponization of energy resources, organized crime, and corruption.” For people pondering the potential effects of Russian interference in the 2020 elections here in the United States, it is worth understanding what other democracies are doing to confront the same problem and what lessons can be learned from their experiences.

  • British Army to Engage in Social Media Warfare as New Cyber Division Unveiled

    The British Army is to engage in social media warfare, its most senior soldier has announced as he launched a new division of the military dedicated to fighting cyber threats. The new formation, titled 6 Division (6 Div), will seek to influence the behavior of the public and adversaries by specializing in “information warfare.” It is expected to react to social media “attacks” on Britain, and proactively launch similar offensives.

  • Facebook Isn’t Responsible as Terrorist Platform, Court Says

    Facebook Inc. doesn’t have to face a lawsuit by victims of Hamas attacks and their relatives who claimed that the social network unlawfully assisted the terror group, a federal appeals court ruled. the lawsuit was among several around the U.S. testing whether victims of terrorist attacks and their families can hold social-media companies to account for allowing violent extremists to use their platforms to recruit followers. The terrorism victims attempted for the first time to argue that social-media companies could be held liable under the U.S. Anti-Terrorism Act.

  • Tech Companies Not Doing Enough to Fight Phishing Scams

    Technology companies could be doing much more to protect individuals and organizations from the threats posed by phishing, according to new research. However, users also need to make themselves more aware of the dangers to ensure potential scammers do not obtain access to personal or sensitive information.

  • State Election Offices Made for an Easy Target for Russian Hackers

    In the months before the 2016 presidential election, one U.S. state received a notification from a federally backed cybersecurity group, warning about suspicious cyber activity directed at its networks. The state IT officials did not share the alert with other state government leaders and as late at January 2018, the same officials reported nothing “irregular, inconsistent, or suspicious” took place before the vote. In fact, GRU, Russia’s military intelligence agency, had scanned one of the state’s “election-related” domains, according to a new Senate report.