-
Huge, Sophisticated Black Market for Trade in Online “Fingerprints”
Security on the internet is a never-ending cat-and-mouse game. Security specialists constantly come up with new ways of protecting our treasured data, only for cyber criminals to devise new and crafty ways of undermining these defenses. A thriving black market for user profiles is used by criminals to circumvent authentication methods that secure our online secrets.
-
-
Predicting the Likelihood of Cyberattacks Between Nations
Where in the world might the next cyberattack between nations take place? A new online database developed by a team computer scientists and international studies students predicts that there is an “extremely high likelihood” of a Russian cyberattack on Ukraine. The second most likely? The United States against Iran.
-
-
U.S. Says Russian Hackers Targeted State, Local Governments Ahead of Election
Russian state-sponsored hackers have targeted dozens of U.S. state and local government networks in recent weeks and stolen data from at least two servers, the U.S. government says. In an advisory released on October 22, the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) described a range of activity from Russian-backed hackers since at least September.
-
-
Finally: A Usable, Secure Password Policy Backed by Science
After nearly a decade of studies, the passwords research group in Carnegie Mellon’s CyLab Security and Privacy Institute has developed a policy for creating passwords that maintains balance between security and usability—one backed by hard science.
-
-
Intelligence Agencies Accuse Iran, Russia of Trying to Use Voter Registration Data to Sow Chaos Ahead of US Election
U.S. intelligence agencies are accusing Iran and Russia of trying to use voter registration data in “desperate attempts” to sow chaos and confusion ahead of the November 3 U.S. presidential election. In a hastily called news conference late Wednesday, Director of National Intelligence John Ratcliffe said that “We have confirmed that some voter registration information has been obtained by Iran, and separately, by Russia,” he said, adding both countries “have taken specific actions to influence public opinion relating to our elections.”
-
-
Adversaries May Launch Efforts to Undermine Americans’ “Confidence in the Integrity of the Electoral Process”: CISA
“We remain confident that no foreign cyber actor can change your vote, and we still believe that it would be incredibly difficult for them to change the outcome of an election at the national level. But that doesn’t mean various actors won’t try to introduce chaos in our elections and make sensational claims that overstate their capabilities. In fact, the days and weeks just before and after Election Day is the perfect time for our adversaries to launch efforts intended to undermine your confidence in the integrity of the electoral process”: Christopher Krebs, director of CISA.
-
-
Kathleen Hall Jamieson on the 2020 Election
Professor Kathleen Hall Jamieson discusses what we learned from the election four years ago plus how journalists can responsibly share hacked content and what role the public at large can play. She says that in some ways, the country is better prepared today than during the 2016 election cycle, which was fraught with cybertrolls, hacked emails, and leaked content. In other ways, the United States hasn’t learned much from that experience.
-
-
Details of Russia’s Cyberattacks against Olympic, Paralympic Games Revealed
The U.K. On Monday (19 October) exposed malicious cyberactivity from Russia’s GRU military intelligence service against organizations involved in the 2020 Olympic and Paralympic Games before they were postponed. The U.K. National Cyber Security Center (NCSC) said that the incident was intended to sabotage the running of the Winter Olympic and Paralympic Games, as the malware was designed to wipe data from and disable computers and networks.
-
-
Fooling Deepfake Detectors
Because new security measures consistently catch many deepfake images and videos, people may be lulled into a false sense of security and believe we have the situation under control. Unfortunately, that might be further from the truth than we realize.
-
-
Protecting Device Software from Zero-Day Attacks with TrustMS
An essential step to protecting mobile and embedded devices from cyberattacks is ensuring that software is not vulnerable to malicious attacks. More than 12,000 new common vulnerabilities were identified in 2019 alone. Verifying that devices are secure is a daunting challenge, as thousands of apps and driver updates are released each year and many will contain vulnerabilities that have not yet been discovered. Thanks to the newly-developed Trusted Mobile System (TrustMS), it is now possible to secure app software by preventing attackers from taking advantage of these vulnerabilities.
-
-
Beyond 9/11: U.S. Security Needs in the 21st Century
The year 2020 has featured an array of safety and security concerns for ordinary Americans, including disease and natural disasters. How can the U.S. government best protect its citizens? That is the focus of a new scholarly book with practical aims, Beyond 9/11: Homeland Security for the Twenty-First Century, The volume features chapters written by 19 security experts, and closely examines the role of the Department of Homeland Security (DHS), which was created after the September 2001 terrorist attacks on the U.S.
-
-
Finding the Origins of a Hacker
Industrial control systems run utilities that provide the electricity to keep the lights on or that deliver the water that people expect to gush out when they turn on a tap. Today those systems can be attacked via malicious code that an adversary inserts into the normal operating instructions.
-
-
The Clean Network Program: Digital Age Echoes of the “Long Telegram”?
In August, Secretary of State Mike Pompeo launched the Clean Network program—“the Trump administration’s comprehensive approach to guarding our citizens’ privacy and our companies’ most sensitive information from aggressive intrusions by malign actors, such as the Chinese Communist Party.” The Clean Network program’s scope—stretching from submarine cables traversing the oceans to citizens downloading smartphone apps—reveals the breadth of the administration’s concerns about the political, ideological, and technological inroads China has made in cyberspace. These concerns recall the warning George Kennan gave in his famous “long telegram” in 1946 about the Soviet Union’s “elaborate and far flung apparatus for exertion of its influence in other countries.”
-
-
War, Terrorism, and Catastrophe in Cyber Insurance: Understanding and Reforming Exclusions
Insurance is one of the most promising tools for addressing pervasive cyber insecurity. A robust market for insuring cyber incidents could, among other things, financially incentivize organizations to adopt better cyber hygiene—thereby reducing cyber risk for society as a whole. But cyber insurance, however, is not yet mature enough to fulfill its potential, Jon Bateman writes, and endless lawsuits hamper its effectiveness. Reforms and new solutions are sorely needed.
-
-
Foreign Interference in U.S. Elections Focuses on Cultivating Distrust to Reduce Political Consensus
The Soviet Union and then Russia institutionalized active political interference measures over many decades and advanced them into a comprehensive foreign policy tool. The strategy is used to undermine democratic governance processes in the United States and its allies, with the overarching aim to weaken the United States and its allies, while advancing Russia as a global power. Russian-backed attempts to create discord in the United States have made use of existing movements across the American political ideological spectrum and worked to create new ones.
-
More headlines
The long view
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.