• Is your VPN secure?

    About a quarter of internet users use a virtual private network, a software setup that creates a secure, encrypted data connection between their own computer and another one elsewhere on the internet. Many people use them to protect their privacy when using Wi-Fi hotspots, or to connect securely to workplace networks while traveling. Other users are concerned about surveillance from governments and internet providers. However, most people – including VPN customers – don’t have the skills to double-check that they’re getting what they paid for. A group of researchers I was part of do have those skills, and our examination of the services provided by 200 VPN companies found that many of them mislead customers about key aspects of their user protections.

  • Improving security for Internet of Things with “big-thinking” research

    Every day, more and more people interact with the Internet of Things (IoT) in daily life. The IoT includes the devices and appliances in our homes — such as smart TVs, virtual assistants like Amazon’s Alexa or learning thermostats like Nest — that connect to the internet. The IoT also includes wearables such as the Apple Watch or Bluetooth chips that keep track of car keys. Our cars themselves, if equipped with sensors and computers, are also part of the IoT. In an age where data theft and cyberattacks are increasingly routine, the IoT has security vulnerabilities that must be addressed as the popularity of IoT devices grows.

  • Review of the “Digitization of WMD” symposium

    The digitization of biological and medical science is providing exciting and promising new pathways for improving health and daily life for mankind and our environment. The possibilities for new treatments, better fitness, and less prevalence of genetic diseases are numerous. However, these technologies and the information associated with emerging techniques carry certain risks and vulnerabilities. It is through understanding these risks and continuing to develop mitigation strategies for them, especially during the technology conceptualization and development phases, that we can continue to build promising new tools to improve life with confidence while addressing how they should be properly used.

  • U.S. intel chiefs warn Washington risks losing friends, influence

    U.S. intelligence chiefs are sounding alarms about an ever more perilous future for the United States, one in which the country is in danger of seeing its influence wane, its allies waiver, and key adversaries team up to erode norms that once kept the country safe and the world more stable. “It is increasingly a challenge to prioritize which threats are of greatest importance,” Dan Coats, Director of National Intelligence, said, sharing testimony that often and repeatedly contradicted past assertions by President Donald Trump. “During my tenure as DNI now two years and I have told our workforce over and over that our mission was to seek the truth and speak the truth,” Coats pointedly stated. Driving many of the concerns, according to intelligence officials, is a growing alliance between Russia and China competing against the U.S. not just for military and technological superiority, but for global influence.

  • Russia’s hostile measures threaten Europe: Report

    A new RAND report examines current Russian hostile measures in Europe and forecasts how Russia might threaten Europe using these measures over the next few years. “Whatever the U.S. response, preparation for involvement in a wide range of conflicts can help reduce the risk of mismanagement, miscalculation, and escalation,” the report’s authos say.

  • Thwarting cyberattacks by giving attackers “false hope”

    With almost every online purchase, a person’s personal information — name, date of birth and credit card number — is stored electronically often in the “cloud,” which is a network of internet servers. Now, as more people buy from online businesses, researchers hope to employ a new strategy in the ongoing struggle to protect digital information in the cloud from targeted cyberattacks. The strategy establishes a new artificial intelligence system to combat digital intrusions.

  • Understudied terrorists put under a microscope

    Bombs exploding, hostages taken and masked gunmen firing machine guns are all types of terrorist attacks we’ve seen. According to a new study, it’s the attacks we don’t see – cyberattacks – that happen more often and can cause greater destruction. “Little work has been done around the use of the internet as an attack space,” said Thomas Holt, Michigan State University professor of criminal justice and lead author. “The bottom line is that these attacks are happening and they’re overlooked. If we don’t get a handle understanding them now, we won’t fully understand the scope of the threats today and how to prevent larger mobilization efforts in the future.”

  • Finding the secret doors into software

    The word “hacker” often conjures up the stereotype of a nefarious genius typing away on a computer in a darkened room, stealing personal information — or worse. And thirty years ago, hacking was viewed as criminal activity. But the culture has changed. Now companies like Google, Facebook, and United Airlines offer rewards to people who discover and report vulnerabilities in their software.

  • To protect us from the risks of advanced artificial intelligence, we need to act now

    Artificial intelligence can play chess, drive a car and diagnose medical issues. Examples include Google DeepMind’s AlphaGo, Tesla’s self-driving vehicles, and IBM’s Watson. This type of artificial intelligence is referred to as Artificial Narrow Intelligence (ANI) – non-human systems that can perform a specific task. With the next generation of AI the stakes will almost certainly be much higher. Artificial General Intelligence (AGI) will have advanced computational powers and human level intelligence. AGI systems will be able to learn, solve problems, adapt and self-improve. They will even do tasks beyond those they were designed for. The introduction of AGI could quickly bring about Artificial Super Intelligence (ASI). When ASI-based systems arrive, there is a great and natural concern that we won’t be able to control them.

  • Interview with "Virtual Terror" author Daniel Wagner

    “One of the characteristics of Virtual Terrorism is that it allows countries like North Korea (and Iran) to punch well above their weight in the cyber arena, and conduct their own form of ‘diplomacy’ on the cyber battlefield. These countries have already attacked the U.S. and other countries – all countries with the capability to do so, do so,” says Daniel Wagner. “The best way to fight it is to help ensure that as many people as possible understand what it is, what some of the challenges are in fighting it, and what can we do about it.”

  • Data breaches are inevitable – here’s how to protect yourself anyway

    It’s tempting to give up on data security altogether, with all the billions of pieces of personal data – Social Security numbers, credit cards, home addresses, phone numbers, passwords and much more – breached and stolen in recent years. But that’s not realistic – nor is the idea of going offline entirely. In any case, huge data-collection corporations vacuum up data about almost every American without their knowledge. As cybersecurity researchers, we offer good news to brighten this bleak picture. There are some simple ways to protect your personal data that can still be effective, though they involve changing how you think about your own information security.

  • Huawei industrial espionage in Poland leads to calls for boycott

    The Chinese telecom giant’s industrial espionage activities in Poland have prompted calls for the company to be banned. The United States is leading the push for a boycott, but many EU governments remain undecided. Huawei offers a capable 5G technology, which represents a quantum leap in wireless communication speed, and which will be key to developing the Internet of Things (IoT), including self-driving cars. Critics charge that much of that technology was stolen from Western companies by Chinese intelligence agencies, for which Huwawei serves as a front.

  • The quiet threat inside ‘internet of things’ devices

    As Americans increasingly buy and install smart devices in their homes, all those cheap interconnected devices create new security problems for individuals and society as a whole. The problem is compounded by businesses radically expanding the number of sensors and remote monitors it uses to manage overhead lights in corporate offices and detailed manufacturing processes in factories. Governments, too, are getting into the act – cities, especially, want to use new technologies to improve energy efficiency, reduce traffic congestion and improve water quality. The number of these “internet of things” devices is climbing into the tens of billions. They’re creating an interconnected world with the potential to make people’s lives more enjoyable, productive, secure and efficient. But those very same devices, many of which have no real security protections, are also becoming part of what are called “botnets,” vast networks of tiny computers vulnerable to hijacking by hackers.

  • Manafort wanted polling data sent to Ukrainians

    When, during the 2016 campaign, Paul Manafort sent Trump campaign’s internal polling data to Konstantin Kilimnik – a cut-out for the GRU, Russia’s military intelligence branch — he intended that data to be handed off to two Kremlin-allied Ukrainian oligarchs, Serhiy Lyovochkin and Rinat Akhmetov. Manafort told his accountant in August 2016 he was expecting $2.4 million from Ukraine in November 2016. His spokesman insists that money was payment for an old debt and not the data.

  • How Russia hacked U.S. power grid

    In an aptly titled investigative report — “America’s Electric Grid Has a Vulnerable Back Door—and Russia Walked Through It” — the Wall Street Journal has used “documents, computer records and interviews” to reconstruct exactly how Russian hackers accessed the U.S. electric grid in the spring of 2016, an attack that continued through 2017 and possibly 2018.