• World’s biggest student-led cybersecurity games announce winners of CSAW 2018

    A team of four computer science students from Rensselaer Polytechnic Institute (RPI) once again took home top honors at the 15th anniversary edition of  Cyber Security Awareness Week (CSAW), the world’s largest student-run cyber security event.

  • Iran may launch cyberattacks in retaliation for new U.S. sanctions

    As new U.S. sanctions on Iran’s economy take effect, a desperate Tehran is likely to retaliate with more aggressive cyber attacks on its regional neighbors and expand its global cyber infiltration operations, according to a new study. The report comes as the United States imposed sanctions against Iranian oil imports, the regime’s most important source of hard currency, on 5 November.

  • Russia influence operations taking aim at U.S. military

    With the U.S. midterm elections taking place Tuesday, there are growing fears that Russia’s efforts to undermine U.S. democracy extend far beyond the polls on 6 November or the presidential election in 2020. Defense and security officials worry that as part of Moscow’s plan to sow division and discord, it is trying to conquer the U.S. military — not with bullets or missiles but with tweets and memes. The tactic is an outgrowth of Russia’s overarching strategy to find seams within U.S. society where distrust or anger exist and widen those divisions with targeted messaging.

  • Next-gen cybersecurity solutions for Internet of Things

    Industry experts forecast that more than 20 billion wireless devices of all types—from smart TVs, phones and home appliances to health care monitors and manufacturing process controls—will be connected worldwide via the emerging Internet of Things (IoT) by 2020. Malicious cyber activity, which cost the U.S. economy $57 to $109 billion in 2016 alone, is expected to rise by 22 percent each year, disrupting both consumer and business use of these devices and putting the economy at risk.

  • 30 years ago, the world’s first cyberattack set the stage for modern cybersecurity challenges

    Back in November 1988, Robert Tappan Morris, son of the famous cryptographer Robert Morris Sr., was a 20-something graduate student at Cornell who wanted to know how big the internet was – that is, how many devices were connected to it. So he wrote a program that would travel from computer to computer and ask each machine to send a signal back to a control server, which would keep count. The program worked well – too well, in fact. Morris had known that if it traveled too fast there might be problems, but the limits he built in weren’t enough to keep the program from clogging up large sections of the internet, both copying itself to new machines and sending those pings back. His program became the first of a particular type of cyber attack called “distributed denial of service.”

  • Quiet so far, but not all clear

    Homeland Security and intelligence community officials continue to say that the we are not seeing the same level of online foreign election interference in the run-up to the midterms as we experienced in 2016, cybersecurity experts warn the United States is not necessarily in the clear.

  • Countering Russian election hacks

    According to a Center for Public Integrity report, the “U.S. military hackers have been given the go-ahead to gain access to Russian cyber systems as part of potential retaliation for any meddling in America’s elections.” Eric Jensen writes in Just Security that this signals a significant change to the U.S. cyber policy and is a clear indication that cyber actions have now entered the mainstream of national security tools. “For years, the “newness” of cyber capabilities have caused the level of authorization to remain at very high levels and subject to extensive interagency dialogue before even simple cyber tasks could be taken. These procedural requirements undoubtedly had the practical effect of limiting the number of cyber activities undertaken. By allowing DoD and other government agencies to function more autonomously within pre-approved guidelines reflects a normalization of cyber capabilities that has been too long in coming.”

  • Unhackable computer relying on firmware security rather than software patches

    By turning computer circuits into unsolvable puzzles, researchers aim to create an unhackable computer. The MORPHEUS project’s cybersecurity approach is dramatically different from today’s, which relies on software—specifically software patches to vulnerabilities that have already been identified. It’s been called the “patch and pray” model, and it’s not ideal. “Instead of relying on software Band-Aids to hardware-based security issues, we are aiming to remove those hardware vulnerabilities in ways that will disarm a large proportion of today’s software attacks,” says Linton Salmon, manager of DARPA’s System Security Integrated Through Hardware and Firmware program.

  • Fighting email scammers by taking a different view. Literally.

    A team of researchers is helping law enforcement crackdown on email scammers, thanks to a new visual analytics tool that dramatically speeds up forensic email investigations and highlights critical links within email data. Email scams are among the most prevalent, insidious forms of cybercrime.

  • White House MIA on midterm elections security

    The United States is less than a week away from the 2018 midterms, but the Trump administration has not put together a substantive, coordinated effort to fight disinformation or possible election interference. Law enforcement, homeland security, and intelligence officials held one 90-minute meeting at the Justice Department late last month and left without any answers. No one from the White House attended. In the absence of White House leadership or an overarching strategy, some agencies have taken individual actions. DHS Secretary Kirstjen Nielsen has stepped forward and convened her own meetings with agency leaders on election security issues.

  • New techniques expose your browsing history to attackers

    Security researchers have discovered four new ways to expose Internet users’ browsing histories. These techniques could be used by hackers to learn which websites users have visited as they surf the web. The techniques fall into the category of “history sniffing” attacks, a concept dating back to the early 2000s. But the attacks can profile or ‘fingerprint’ a user’s online activity in a matter of seconds, and work across recent versions of major web browsers.

  • Safeguarding the U.S. energy infrastructure

    Nearly every aspect of our daily lives — from shopping for groceries through a smartphone app to keeping up with friends and family on social media, or relying on smart grid technology to power homes and businesses – is connected to the vast world of the internet. Because of this, it might seem as if there’s nothing we can do to protect ourselves from a cyberattack. Experts disagree. “Even though computer systems are complex, the network-connected physical components that operate the power grid – such as the transformers, tap changers, and power inverters, for example – have characteristics about their operation that may make cybersecurity more tractable. Specifically, these physical components obey the laws of physics,” says LBL’s Sean Peisert.

  • Answering the pressing cyber-risk economics questions

    When it comes to improving the cybersecurity posture of the U.S. critical infrastructure and vital data assets, there are a host of questions that need to be answered before actionable cybersecurity risk-management strategies can be developed and resources deployed.

  • Court in Finland finds pro-Kremlin trolls guilty of harassing investigative journalist

    In a major ruling that exceeded prosecutors’ requests, a court in Finland sentenced a pro-Russian troll to prison for harassing journalist Jessikka Aro. an award-winning Finnish investigative journalist who was among the first reporters to expose the work of the Internet Research Agency (IRA), the Kremlin’s troll factory. Russia and its Finland-based internet trolls made her a prime target for harassment since her reports appeared in 2014.

  • Rosenstein defends Russia probe

    Deputy Attorney General Rod Rosenstein told the Wall Street Journal the American public will be able to trust the findings of Special Counsel Robert Mueller’s Russia investigation because the inquiry has been conducted appropriately and independently. “[A]t the end of the day, the public will have confidence that the cases we brought were warranted by the evidence, and that it was an appropriate use of resources,” he said.