• FBI investigating fake documents targeting Clinton campaign

    The FBI, as part of a broader investigation into attempts by Russia to interfere in and influence the U.S. presidential election, is examining forged documents aiming to discredit and disrupt the Hillary Clinton campaign. Senator Tom Carper (D-Delaware), who sits on the Senate Homeland Security Committee, has referred one of the fake documents to FBI investigators, one of several documents handed over to the FBI and the U.S. Department of Justice for review in recent weeks. U.S. officials have been privately warning since August that the Russian government agencies orchestrating the hacking campaign could move beyond hacking the e-mail systems of the Democratic Party and the Clinton campaign, to include posting fictional “evidence” of voter fraud or other disinformation in the run-up to Election Day.

  • Replacing vulnerable password with secure keystroke biometrics

    Lapses in computer security can be seen as downright negligent, in a time when major data breaches and leaks dominate international headlines on a regular basis. But it also draws attention to a more compelling question: just how secure are text-based passwords, really? Experts believe that there should be alternatives to the ubiquitous, text-based user authentication method – and that one such alternative is a new method of user authentication using keystroke biometrics.

  • Cyberwar: Growing worries about Russia hacking, disrupting the U.S. election

    The U.S. government is worried that Russian government hackers may try to hack and disrupt the upcoming presidential election. The U.S. intelligence community, DHS, and private cybersecurity experts have already identified a broad and sustained hacking effort by hackers working for two Russian government agencies aiming to undermine the campaign of Hilary Clinton and help Donald Trump. The United States has privately warned Russia in no uncertain terms that any attempt to manipulate vote counts would result in serious breaches — still, federal and state officials are focusing on five possible ways Russia may hack the election. Experts warn that Russia’s long-term goal is to undermine the American political system by disrupting and discrediting the election process, sowing doubts and suspicion, and providing “proof” for the conspiratorial beliefs about a corrupt political system in which the electoral process is “rigged” and where “international bankers” are conspiring to “steal” the election.

  • How hard is it to rig an election?

    How do you rig an election? Republican presidential nominee Donald Trump claims our system of elections are rigged – asserting that widespread voter impersonation exists, that large numbers of dead people vote, and that many noncitizens have successfully registered to vote and regularly do so. Don’t believe it. One roadblock to rigging the elections is the fact that the American system of election administration is hyper-localism. More than 5,000 municipal and county election officials administer elections across more than 8,000 local jurisdictions across the United States. Another roadblock is the sheer number of votes involved. Presidential elections generally prompt higher turnout than any other election — in the 2012 presidential election, 130 million people cast their ballots. The sheer size of the electorate, and the sheer number of different local jurisdictions, suggest that attempting to “rig” the system would require a level of coordination even greater than the coordination needed to “get out the vote” on Election Day itself. Such a vast conspiracy cannot possibly be concealed. All of this adds up to a system of election administration that is virtually impossible to penetrate in the name of massive fraud that would shift the results of an election. So don’t believe it when someone tries to tell you the vote is rigged.

  • NICE framework provides resource for stronger cybersecurity workforce

    NIST released a resource that will help U.S. employers more effectively identify, recruit, develop, and maintain cybersecurity talent. The draft NICE Cybersecurity Workforce Framework (NCWF) provides a common language to categorize and describe cybersecurity work to help organizations build a strong staff to protect their systems and data.

  • The risk of cyber 9/11 or cyber Pearl Harbor exaggerated: Expert

    Addressing the implications of cybersecurity threats for the stability of international world order, an expert acknowledged that states will find it difficult to maintain cybersecurity in an increasingly porous and congested cyberspace, but said that cyber-experts exaggerate the threat to essential state infrastructures.

  • Cybersecurity requires better collaboration between private, public sectors

    A key difference between cybersecurity threats and other security threats is the mismatch between public and private capabilities and levels of authority in responding to these threats. The lack of government resources to defend the private sector from digital threats places businesses on the front lines of the cyber conflict and can put national security, economic vitality, and privacy at risk. A new report calls for increased collaboration between the public and private sectors to use available tools more effectively to disrupt and deter cyber threats, noting the collaboration between the private sector and policymakers is long overdue.

  • NSF awards FSU $4.6 million grant to support cybersecurity scholars

    A new multimillion grant to the Florida State University Department of Computer Science will help dozens of students finance their education and help prepare them for careers in cybersecurity. The NSF awarded the department a $4.6 million grant to help fund the education of students who are specifically pursuing cybersecurity studies. It is the largest grant in the department’s history.

  • Russia has “cultivated” Trump, aiming to weaken Western alliance: Ex-spy

    A former Western intelligence official, whose career involved decades in conducting Russian counterintelligence operations, has handed the FBI a batch of memos in which he suggested that there was “an established exchange of information between the Trump campaign and the Kremlin of mutual benefit.” The retired spook consulted with Russian sources, and said that: “Russian regime has been cultivating, supporting, and assisting Trump for at least five years. Aim, endorsed by Putin, has been to encourage splits and divisions in Western alliance.” The FBI asked to former intelligence official for all the information he had on Trump, and specifically asked the former spy how he had come by this information.

  • Massive cyberattack poses policy dilemma, cybersecurity expert says

    Stanford cybersecurity expert Herb Lin says the 21 October cyberattack that snarled traffic on major Web sites reveals weaknesses in the Internet of Things that need to be addressed. But stricter security requirements could slow innovation, cost more and be difficult to enforce. 

  • What CSPs can learn from the latest DDoS attacks

    Around the world, communications service providers (CSPs) and subscribers were affected by the 21 October 2016 DDoS attack, making it virtually impossible to reach many popular Web sites for several hours. Although CSPs weren’t targeted directly, they were still affected since the outages drove additional caching DNS traffic caused by the errors from failed DNS requests. This spike in traffic slowed overall network performance, likely driving up customer support call volumes from unhappy subscribers. The attacks highlighted the easily overlooked — yet vital — role that DNS plays on the Internet. An expert offers a few key steps CSPs can take to prepare for similar attacks in the future.

  • Detecting malicious Web sites before they do harm

    Malicious Web sites promoting scams, distributing malware, and collecting phished credentials pervade the Web. As quickly as we block or blacklist them, criminals set up new domain names to support their activities. Now a research have developed a technique to make it more difficult to register new domains for nefarious purposes.

  • Can you be anonymous on the Internet? No, you cannot

    If you still think you can be anonymous on the Internet, a team of Stanford and Princeton researchers has news for you: You cannot. Researchers say most people do not realize how much information they are leaving behind as they browse the Web. Online privacy risks are not new, but the researchers say their research is “another nail in the coffin” to the idea that the average person with the average Web browser can be private online.

  • Internet of Things vulnerability: Analyzing the 21 October DDoS attack

    The Friday, 21 October 2016 Distributed Denial of Service (DDoS) has been analyzed as a complex and sophisticated attack, using maliciously targeted, masked TCP, and UDP traffic over port 53. Dyn has confirmed that Mirai botnet was the primary source of the malicious attack traffic. The attack generated compounding recursive DNS retry traffic, further exacerbating the attack’s impact. Dyn says it will not speculate on the motivation or the identity of the attackers, but suggests that, but says that the attack has opened up an important conversation about Internet security and volatility. The attack has not only highlighted vulnerabilities in the security of Internet of Things (IOT) devices that need to be addressed, but it has also sparked further dialogue in the internet infrastructure community about the future of the Internet.

  • DHS S&T awards UCSD $1.4 million to measure Internet vulnerabilities

    DHS S&T has awarded $1,356,071 to UCSD to develop new capabilities better to enable cyber security researchers to measure the Internet’s vulnerabilities to cyberattacks. The award is part of S&T’s Cyber Security Division’s (CSD) larger Internet Measurement and Attack Modeling (IMAM) project.