• Alphabet-owned jigsaw bought a Russian troll campaign as an experiment

    For more than two years, the notion of social media disinformation campaigns has conjured up images of Russia’s Internet Research Agency, an entire company housed on multiple floors of a corporate building in St. Petersburg, concocting propaganda at the Kremlin’s bidding. But a targeted troll campaign today can come much cheaper—as little as $250, says Andrew Gully, a research manager at Alphabet subsidiary Jigsaw. He knows because that’s the price Jigsaw paid for one last year. Andy Greenberg writes in Wired that as part of research into state-sponsored disinformation that it undertook in the spring of 2018, Jigsaw set out to test just how easily and cheaply social media disinformation campaigns, or “influence operations,” could be bought in the shadier corners of the Russian-speaking web. In March 2018, after negotiating with several underground disinformation vendors, Jigsaw analysts went so far as to hire one to carry out an actual disinformation operation, assigning the paid troll service to attack a political activism website Jigsaw had itself created as a target.

  • A top voting-machine firm is finally taking security seriously

    Over the past 18 months, election-security advocates have been pushing for new legislation shoring up the nation’s election infrastructure. Election-security reform proposals enjoy significant support among Democrats—who control the House of Representatives—and have picked up some Republican cosponsors, too. Timothy B. Lee writes in Wired that such measures, however, have faced hostility from the White House and from the Republican leadership of the Senate. Legislation called the Secure Elections Act, cosponsored by senators James Lankford (R-Oklahoma) and Amy Klobuchar (D-Minnesota) last year, aimed to shore up the nation’s election security by providing states with new money to phase out paperless systems. But the Lankford-Klobuchar bill stalled in the face of opposition from the Trump administration and Senate Republicans. At this point, any election reform legislation looks unlikely to pass before the 2020 election.

  • Ahead of the 2020 election: National response to confront foreign interference

    Stanford University scholars outline a detailed strategy for how to protect the integrity of American elections – including recommendations such as requiring a paper trail of every vote cast and publishing information about a campaign’s connections with foreign nationals.

  • Eliminating infamous security threats

    Meltdown and Spectre are speculative side-channel attacks exploit a fundamental functionality in microprocessors to expose security vulnerabilities. No efficient protection against such attacks has been found. Until now.

  • Nuclear energy regulators need to bring on more cyber experts, watchdog says

    The Nuclear Regulatory Commission is facing a mass exodus of cybersecurity experts in the years ahead, which could limit its ability to ensure the nation’s nuclear power plants are safe from digital attacks, an internal watchdog found. Jack Corrigan writes in Defense One that Nearly one-third of NRC’s cybersecurity inspectors will be eligible for retirement by the end of fiscal 2020, and agency officials worry they aren’t training enough people to take their place, according to the NRC Inspector General. With nuclear power stations becoming increasingly popular targets for online adversaries, the shortage of cyber expertise could leave the agency struggling to do its job, auditors said.

  • Russia's 2016 Twitter campaign far broader, deeper, and incredibly successful: Symantec

    The archives of the Internet Research Agency, the St. Petersburg-based troll farm, show a broad, coordinated, and effective campaign which was, in the words of one report, “incredibly successful at pushing out and amplifying its messages.” The Internet Research Agency conducted a campaign on Twitter before the 2016 elections that was larger, more coordinated and more effective than previously known.

  • Secure multiparty computation protecting privacy at the ballot box

    Shortly after the start of the new year, Americans around the nation will start returning to polling stations to vote in presidential primaries. How confident they feel in the voting process could depend on this thing called secure multiparty computation.

  • New computer attack mimics user's keystroke characteristics, evading detection

    Researchers have developed a new attack called “Malboard,” which evades several detection products that are intended to continuously verify the user’s identity based on personalized keystroke characteristics. 

  • Hackers seek ransoms from Baltimore and communities across the U.S.

    The people of Baltimore are beginning their fifth week under an electronic siege that has prevented residents from obtaining building permits and business licenses – and even buying or selling homes. These types of attacks are becoming more frequent and gaining more media attention. Every user of technology must consider not only threats and vulnerabilities, but also operational processes, potential points of failure and how they use technology on a daily basis.

  • WhatsApp's loophole reveals role of private companies in cyber-surveillance

    Last month, WhatsApp’s latest security flaw was discovered, a flaw which allow governments to spy on dissidents, activists, and journalists. An Israeli cyber company is reportedly behind the loophole — and not for the first time.

  • Undeterred cyber adversaries require a more aggressive American response

    America is under attack. In this case, rather than bombs and bullets, undeterred adversaries are using the cyber domain. Every day, they launch thousands of cyberattacks against American individuals, companies, and government agencies—persistently and incrementally chipping away at our security. Bradley Bowman and Annie Fixler write in RealClear Defense that this relentless barrage may seem like an inevitable reality of 21st century life. However, given the stakes for American national security, simply shrugging and accepting the cyber status quo would be a dangerous mistake. The U.S. has established deterrence in other warfighting domains. Washington can—and must—do the same in the cyber domain.

  • A modest proposal for preventing election interference in 2020

    The years since the 2016 election have been a national trauma that the U.S. shouldn’t be eager to revisit. Yet almost no policy changes have been made as a result of what the country has learned from the Mueller investigation and related events. In this post, I’d like to start assembling a menu of possible reforms that address the lessons learned from what Lawfare sometimes calls L’Affaire Russe. Stewart Baker writes in Lawfare that this is a fraught exercise because the narratives about L’Affaire Russe have diverged so far between Trump supporters and Trump detractors that almost any proposal for change will implicitly contradict the narrative of one camp or the other. “So, to save time, here are my most salient biases in the matter: I’m generally comfortable with most of President Trump’s policy instincts; I’ve spent a lifetime working with intelligence and law enforcement professionals who do battle every day with very real enemies of the United States, Russia among them; and I believe in them and in making government work, which makes me uncomfortable with President Trump’s character and lack of policy-making fine-motor skills,” Baker writes. “With that mixed perspective, I am hopeful there may be room for at least some agreement on things we ought to do differently in future.”

  • Information operations in the digital age

    From the Cambridge Analytica scandal to the spread on social media of anti-Rohingya content in Myanmar and the interference with elections the world over, the past decade has seen democracies around the world become the target of a new kind of information operations.

  • ARCHANGEL: Securing national archives with AI and blockchain

    Researchers are using its state-of-the-art blockchain and artificial intelligence technologies to secure the digital government records of national archives across the globe – including the U.K., Australia, and the United States of America.

  • Outsmarting deep fakes: AI-driven imaging system protects authenticity

    To thwart sophisticated methods of altering photos and video, researchers have demonstrated an experimental technique to authenticate images throughout the entire pipeline, from acquisition to delivery, using artificial intelligence (AI).