• Quiet so far, but not all clear

    Homeland Security and intelligence community officials continue to say that the we are not seeing the same level of online foreign election interference in the run-up to the midterms as we experienced in 2016, cybersecurity experts warn the United States is not necessarily in the clear.

  • Countering Russian election hacks

    According to a Center for Public Integrity report, the “U.S. military hackers have been given the go-ahead to gain access to Russian cyber systems as part of potential retaliation for any meddling in America’s elections.” Eric Jensen writes in Just Security that this signals a significant change to the U.S. cyber policy and is a clear indication that cyber actions have now entered the mainstream of national security tools. “For years, the “newness” of cyber capabilities have caused the level of authorization to remain at very high levels and subject to extensive interagency dialogue before even simple cyber tasks could be taken. These procedural requirements undoubtedly had the practical effect of limiting the number of cyber activities undertaken. By allowing DoD and other government agencies to function more autonomously within pre-approved guidelines reflects a normalization of cyber capabilities that has been too long in coming.”

  • Unhackable computer relying on firmware security rather than software patches

    By turning computer circuits into unsolvable puzzles, researchers aim to create an unhackable computer. The MORPHEUS project’s cybersecurity approach is dramatically different from today’s, which relies on software—specifically software patches to vulnerabilities that have already been identified. It’s been called the “patch and pray” model, and it’s not ideal. “Instead of relying on software Band-Aids to hardware-based security issues, we are aiming to remove those hardware vulnerabilities in ways that will disarm a large proportion of today’s software attacks,” says Linton Salmon, manager of DARPA’s System Security Integrated Through Hardware and Firmware program.

  • Fighting email scammers by taking a different view. Literally.

    A team of researchers is helping law enforcement crackdown on email scammers, thanks to a new visual analytics tool that dramatically speeds up forensic email investigations and highlights critical links within email data. Email scams are among the most prevalent, insidious forms of cybercrime.

  • White House MIA on midterm elections security

    The United States is less than a week away from the 2018 midterms, but the Trump administration has not put together a substantive, coordinated effort to fight disinformation or possible election interference. Law enforcement, homeland security, and intelligence officials held one 90-minute meeting at the Justice Department late last month and left without any answers. No one from the White House attended. In the absence of White House leadership or an overarching strategy, some agencies have taken individual actions. DHS Secretary Kirstjen Nielsen has stepped forward and convened her own meetings with agency leaders on election security issues.

  • New techniques expose your browsing history to attackers

    Security researchers have discovered four new ways to expose Internet users’ browsing histories. These techniques could be used by hackers to learn which websites users have visited as they surf the web. The techniques fall into the category of “history sniffing” attacks, a concept dating back to the early 2000s. But the attacks can profile or ‘fingerprint’ a user’s online activity in a matter of seconds, and work across recent versions of major web browsers.

  • Safeguarding the U.S. energy infrastructure

    Nearly every aspect of our daily lives — from shopping for groceries through a smartphone app to keeping up with friends and family on social media, or relying on smart grid technology to power homes and businesses – is connected to the vast world of the internet. Because of this, it might seem as if there’s nothing we can do to protect ourselves from a cyberattack. Experts disagree. “Even though computer systems are complex, the network-connected physical components that operate the power grid – such as the transformers, tap changers, and power inverters, for example – have characteristics about their operation that may make cybersecurity more tractable. Specifically, these physical components obey the laws of physics,” says LBL’s Sean Peisert.

  • Answering the pressing cyber-risk economics questions

    When it comes to improving the cybersecurity posture of the U.S. critical infrastructure and vital data assets, there are a host of questions that need to be answered before actionable cybersecurity risk-management strategies can be developed and resources deployed.

  • Court in Finland finds pro-Kremlin trolls guilty of harassing investigative journalist

    In a major ruling that exceeded prosecutors’ requests, a court in Finland sentenced a pro-Russian troll to prison for harassing journalist Jessikka Aro. an award-winning Finnish investigative journalist who was among the first reporters to expose the work of the Internet Research Agency (IRA), the Kremlin’s troll factory. Russia and its Finland-based internet trolls made her a prime target for harassment since her reports appeared in 2014.

  • Rosenstein defends Russia probe

    Deputy Attorney General Rod Rosenstein told the Wall Street Journal the American public will be able to trust the findings of Special Counsel Robert Mueller’s Russia investigation because the inquiry has been conducted appropriately and independently. “[A]t the end of the day, the public will have confidence that the cases we brought were warranted by the evidence, and that it was an appropriate use of resources,” he said.

  • Unhackable communication: Single particles of light could bring the “quantum internet”

    Hacker attacks on everything from social media accounts to government files could be largely prevented by the advent of quantum communication, which would use particles of light called “photons” to secure information rather than a crackable code. The problem is that quantum communication is currently limited by how much information single photons can help send securely, called a “secret bit rate.” Researchers created a new technique that would increase the secret bit rate 100-fold, to over 35 million photons per second.

  • Elections systems under attack

    The Department of Homeland Security is seeing an increase in the number of attacks on election databases in the run up to the midterm elections but has yet to identify who is behind the attempted hacks. DHS continues to insist Russia shows no signs of attacking voting systems the way it did in 21 states in 2016.

  • Estimated 35 Million voter records for sale on hacking forum

    Data on up to 35 million U.S. voters in as many as 19 states is for sale online, according to a new report from two cybersecurity firms – Anomlai and Intel471. DHS says, however, that much of the data is either public or available for purchase from state and local governments.

  • Twitter’s massive data release shows the Kremlin’s broad pro-Trump strategy

    Twitter today (Wednesday) released ten million tweets it says represent all of the foreign influence operations on the social media platform, including Russia’s consistent efforts to undermine Hillary Clinton’s presidential bid and support Donald Trump’s 2016 campaign. The Internet Research Agency, the St. Petersburg-based Kremlin’s troll farm, created 3,400 accounts to undermine Hillary Clinton’s campaign and support Trump. Before helping Trump defeat Clinton, the Kremlin helped Trump secure the GOP nomination by targeting former governor Jeb Bush and Senator Ted Cruz.

  • Exposing security vulnerabilities in terahertz data links

    Scientists have assumed that future terahertz data links would have an inherent immunity to eavesdropping, but new research shows that’s not necessarily the case. The study shows that terahertz data links, which may play a role in ultra-high-speed wireless data networks of the future, aren’t as immune to eavesdropping as many researchers have assumed. The research shows that it is possible for a clever eavesdropper to intercept a signal from a terahertz transmitter without the intrusion being detected at the receiver.