• Donald Trump’s fight with his own intelligence services will only get worse

    By Dan Lomas

    Those wanting a robust response by the United States to Russian foreign policy in Europe and the Middle East were worried about the Trump. But the worst was yet to come: in an extraordinary 46-minute joint news conference after the two men met, Trump refused to support the intelligence community’s assessment that Russia had intervened in the 2016 U.S. presidential election. While it’s foolhardy to predict the future at the best of times, never mind under the Trump administration, it’s certain that America’s spies and President Trump face a stormy future.

  • Helping state, local election officials enhance cybersecurity

    The University of West Florida Center for Cybersecurity recently partnered with the Florida Department of State and election officials across Florida to provide training for supervisors of elections and key personnel to enhance cybersecurity resiliency ahead of the 2018 elections. In January 2017, DHS designated voting systems as critical infrastructure. In May 2018, DHS, the FBI, and the Office of the Director of National Intelligence spoke to Congress about the importance of preparing state and local election officials for the coming Russian government cyberattacks on U.S. election systems, attacks which experts expect to be more sophisticated – and disruptive — than those the Kremlin launched in 2016.

  • U.S. intel chief on Russia’s unrelenting cyberattacks: “The warning lights are blinking red”

    Director of National Intelligence Dan Coats said Friday that the U.S. digital infrastructure “is literally under attack” by Russia. “These actions are persistent, they’re pervasive, and they are meant to undermine America’s democracy on a daily basis, regardless of whether it is election time or not.” Coats emphasized that Russia’s hostile cyber activities go beyond targeting elections and sowing division, to attempts to target vulnerabilities in critical U.S. infrastructure, trying to infiltrate energy, water, nuclear, and manufacturing sectors. He compared today’s warning indicators related to Russian cyberattacks to the warning indicators in the run-up to 9/11. “It was in the months prior to September 2001, when according to then-CIA director George Tenet, the system was blinking red,” he said. “And here we are nearly two decades later, and I’m here to say the warning lights are blinking red again.”

  • U.S. Homeland Security chief: Russia sowing divisions among Americans

    Homeland Security Secretary Kirstjen Nielsen said U.S. intelligence officials are seeing “persistent Russian efforts” to use social media and other resources to create divisions among the American people. She said the Russians are using social media, “sympathetic spokespeople, and other fronts to sow discord and divisiveness amongst the American people.” “Though votes were not changed” during the 2016 election, she said, “any attempt to interfere in our elections — successful or unsuccessful — is a direct attack on our democracy.”

  • 12 Russian intelligence operatives criminally charged for hacking, leaking DNC emails in 2016

    The U.S. Justice Department today (Friday) has criminally charged twelve Russian intelligence officers for the hacking and leaking emails of senior Democratic Party officials during the 2016 presidential campaign. The hacking and leaking of the emails were part of a broad and effective Kremlin effort to help Donald Trump win the November 2016 election. The 11-count indictment spells out in granular detail a carefully planned and executed attack on the information security of Democrats, planting hundreds of malware files on Democrats’ computer systems, stealing information, and then laundering the pilfered material through fake personas and others to try to influence voters’ opinions. The twelve Russian intelligence operatives indicted on Friday join thirteen other Russian individuals and three Russian companies who, in February, were criminally charged by Mueller’s team for interfering in the presidential campaign, using social media, and coordinating with low-level Trump campaign activists.

  • Fitness app Polar revealed military personnel’s sensitive location data

    The Flow fitness app produced by the Finnish sports activity tracking firm Polar has been found to reveal users’ sensitive location data, according to an investigation by several news organizations. The investigation found that it is possible to use Polar’s Flow app to track down the home addresses of military and intelligence personnel.

  • Your smartphone may be spying on you

    Some popular apps on your phone may be secretly taking screenshots of your activity and sending them to third parties, according to a new study. The researchers said this is particularly disturbing because these screenshots—and videos of your activity on the screen—could include usernames, passwords, credit card numbers, and other important personal information.

  • “A clear preference for President-elect Trump”: Senate Intel Committee on Russia’s 2016 influence campaign

    On Tuesday, the GOP-led Senate Intelligence Committee, after sixteen months of investigation, has released the second unclassified installment of its report on the Russian election activities in 2016. The report was unanimously approved by all members of the committee. The three main takeaways: First, the January 2017 ICA [the Intelligence Community Assessment of Russia active-measures campaign to compromise the 2016 presidential election] “is a sound intelligence product”; second, “Russian efforts to influence the 2016 U.S. presidential election represent the most recent expression of Moscow’s longstanding desire to undermine the U.S.-led liberal democratic order, but these activities demonstrated a significant escalation in directness, level of activity, and scope of effort compared to previous operation”; third, “We assess Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the U.S. presidential election. Russia’s goals were to undermine public faith in the U.S. democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency. We further assess Putin and the Russian Government developed a clear preference for President-elect Trump.”

  • The West is ill-prepared for the wave of “deep fakes” that artificial intelligence could unleash

    By Chris Meserole and Alina Polyakova

    Russian disinformation has become a growing problem for Western countries. European nations are finally taking action, which is an important first step, but Chris Meserole and Alina Polyakova write “to get ahead of the problem, policymakers in Europe and the United States should focus on the coming wave of disruptive technologies. Fueled by advances in artificial intelligence and decentralized computing, the next generation of disinformation promises to be even more sophisticated and difficult to detect.” Bigger data, better algorithms, and custom hardware promise to democratize the creation of fake print, audio, and video stories. “Deep fakes and the democratization of disinformation will prove challenging for governments and civil society to counter effectively,” Meserole and Alina Polyakova warn.

  • New phishing protection for mobile devices

    DHS S&T said that new and enhanced mobile phishing and content protection capabilities are being transitioned to the government and private-sector. Phishing protection, an important and first-of-its kind feature for mobile devices, was introduced to block mobile phishing attacks designed to steal user credentials or deliver malware. Beyond simply detecting phishing attempts in SMS messages, the system also detects and prevents attacks that hide inside mobile apps, social media messages, and in personal and corporate email.

  • Better detection, analysis of malicious attacks

    DHS S&T has selected Cyber 20/20, Inc. of Newark, Delaware to develop security capabilities for financial services as part of S&T’s Silicon Valley Innovation Program (SVIP). Cyber 20/20’s project—Trained Using Runtime Analysis from Cuckoo Outputs (TURACO)—expands the capabilities of Cuckoo, an open-source sandbox, to better detect and analyze malicious attacks.

  • Facing “a new era of catastrophes,” book by Wharton profs offers tips for business leaders

    By Lauren Hertzler

    Wharton’s Howard Kunreuther and Michael Useem’s recent book Mastering Catastrophic Risk: How Companies are Coping with Disruption dives into the ways top companies have rebounded after their own worst-case scenarios. “The ‘unthinkable’ has gone from not being on anyone’s radar screen to now being central,” says Useem. “But to think about it, you need tools, and wisdom.”

  • Fears of Russian cyberattacks ahead of Mexico’s Sunday elections

    Mexico is holding its presidential and parliamentary election on 1 July, and the last six months provided further evidence that Russia is doing in Mexico what it has effectively done in the United States, Germany, France, the Netherlands, Britain, Spain, Italy, Sweden, the western Balkans, and many other places: Using a broad and sophisticated campaign, combining disinformation on social media and hacking, to promote the political candidates, parties, and causes which would serve Russia’s interests.

  • Putin ready to reiterate denials of election meddling to Trump

    The Kremlin says Russian President Vladimir Putin is prepared to reiterate to U.S. President Donald Trump that Moscow did not meddle in the 2016 U.S. elections if Trump raises the issue during their upcoming summit. In a tweet Thursday morning, Trump reiterated his refusal to accept the fact of Russia’s interference, a position which runs counter to the entire U.S. intelligence community as well as all high ranking officials within his own cabinet and the entire Senate Intelligence Committee.

  • Security gaps in LTE mobile telephony standard

    Attackers are able to not only monitor who visits which web pages, but also to reroute users to scam websites. At present, there are no ways to guarantee secure mobile communication. By abusing security weaknesses in the LTE mobile telephony standard, attackers are able to identify which web pages a user visits and to reroute him to a scam website.