-
New U.S. sanctions on Russia for election interference, infrastructure cyberattacks, NoPetya
The U.S. Treasury has issued its strongest sanctions yet against Russia in response to what it called “ongoing nefarious attacks.” The move targets five entities and nineteen individuals. Among the institutions targeted in the new sanctions for election meddling were Russia’s top intelligence services, Federal Security Service (FSB) and Main Intelligence Directorate (GRU), the two organizations whose hackers, disinformation specialists, and outside contractors such as the Internet Research Agency (IRA) troll farm were behind — and are still engaged in — a broad and sustained campaign to undermine U.S. democracy.
-
-
Off-the-shelf smart devices easy to hack
Off-the-shelf devices that include baby monitors, home security cameras, doorbells, and thermostats were easily co-opted by cyber researchers at Ben-Gurion University of the Negev (BGU). As part of their ongoing research into detecting vulnerabilities of devices and networks expanding in the smart home and Internet of Things (IoT), the researchers disassembled and reverse engineered many common devices and quickly uncovered serious security issues.
-
-
DHS S&T release new cybersecurity research portfolio and technology guides
DHS S&T has released two new guides — 2018 Cyber Security Division Portfolio Guide and the 2018 Cyber Security Division Technology Guide — that will boost opportunities to transition its mature cybersecurity solutions and spur community discussion about its research and development (R&D) priorities.
-
-
To stop fake news, internet platforms should choose quality over quantity: Study
“Fake news” has made headlines and dominated social media chatter since the 2016 presidential election. It appears to be everywhere, and researchers are still determining the scale of the problem. A new study examines fake news and its prevalence and impact across Google, Facebook, and Twitter. The authors offer recommendations for stemming the flow and influence of fake news, and in particular call for more interdisciplinary research—including more collaboration between internet platforms and academia — “to reduce the spread of fake news and to address the underlying pathologies it has revealed.”
-
-
Putin: “Jews” with Russian citizenship may have meddled in U.S. election
In a weekend interview on NBC News, President Vladimir Putin, in an effort to deflect attention from the role the Kremlin’s hackers and disinformation specialists played in meddling in the 2016 U.S. election, said that such meddling was probably the work of “Jews” or other minorities in the Russian Federation. American Jewish organizations criticized Putin for giving voice to conspiracy theories which were at the core of the Protocols of the Elders of Zion, an anti-Semitic fabricated text, first published in Russia in 1903, purporting to describe a Jewish plan for global domination.
-
-
Almost no progress on securing U.S. voting machines in last two years
By a number of key metrics, the United States has failed to make significant progress securing voting machines, despite increasing warnings about system vulnerabilities from election officials and national security experts. “The threats of both hacking and foreign interference are undeniable, yet we’re not doing all we can as a country to protect machines or ensure correct vote totals if a successful attack does occur,” says the author of a just-published study.
-
-
NSA, UWF partner to accelerate cybersecurity degree completion, workforce development
The University of West Florida and the National Security Agency announced a partnership to enhance cybersecurity workforce development and create accelerated pathways toward completion of an undergraduate cybersecurity degree program. The agreement allows students who complete the Joint Cyber Analysis Course to earn undergraduate credit hours at UWF. JCAC is open to active military. The six-month JCAC course is designed to train individuals with limited computer experience and make them proficient in cyber analysis.
-
-
Lawmakers seek answers from election equipment vendors on security of voting machines
The U.S. intelligence community has confirmed that Russia interfered with the 2016 elections; Russian actors attempted to hack a U.S. voting software company and at least twenty-one states’ election systems. Recent reports indicate that U.S.-based firms operating on U.S. government platforms gave Russian authorities access to their source code. Lawmakers are inquiring about the security of the voting machines of the major American vendors, and whether these vendors have been asked to share the source code or other sensitive or proprietary details associated with their voting machines with Russian entities.
-
-
Startup offering a solution to deter dangerous railway hacking
Rail transport is undergoing a huge transformation thanks to automated, wireless and connected technologies that whoosh passengers down the tracks faster and more efficiently than ever before possible. However, these same technologies have opened a door to new types of cyber-attacks that can threaten passenger safety, disrupt service and cause serious economic damage. A new startup has raised $4.7 million in seed money to develop its proactive solution to protect railways and metros.
-
-
Russians are hacking our public-commenting system, too
Russia has found yet another way surreptitiously to influence U.S. public policy: Stealing the identities of real Americans and then using these identities to file fake comments during the comment submission period preceding the formulation of public policies. For example, in the course of its deliberations on the future of Internet openness, the FCC logged about half a million comments sent from Russian email addresses – but, even more unnerving, it received nearly eight million comments from email domains associated with FakeMailGenerator.com with almost identical wording. Researchers, journalists, and public servants have found a wide range of fake comments and stolen identities in the public proceedings of the Labor Department, Consumer Financial Protection Bureau, Federal Energy Regulatory Commission, and Securities and Exchange Commission.
-
-
Combining old and new to create a novel power grid cybersecurity tool
An innovative R&D project that combines cybersecurity, machine learning algorithms and commercially available power system sensor technology to better protect the electric power grid has sparked interest from U.S. utilities, power companies and government officials. Creating innovative tools and technologies to reduce the risk that energy delivery might be disrupted by a cyber incident is vital to making the nation’s electric power grid resilient to cyber threats.
-
-
“We can't let Putin and his allies succeed”: Sen. Mark Warner
In one of the more important speeches by a political leader in the last few years, Senator Mark Warner (D-Virginia), the vice chair of the Senate Intelligence Committee, offered a sobering assessment of the challenge to U.S. interests and values posed by a resurgent Russia. “[W]hile our gaze shifted away from Russia, which we began to kind of write off and at a certain level dismiss as simply a regional power, Russia really never lost its focus on us,” Warner said. “Its geostrategic aim remains squarely targeted on the Western liberal order and, more specifically, on what its KGB-trained leadership views as the main enemy: The United States,” Warner said. “So Russia diligently honed and updated its toolkit for a different kind of Great Power rivalry. They couldn’t match us in the old Cold War paradigm, so Russia needed a strategy that would allow them to compete with us on a new, emerging battlefield,” Warner noted, adding that that the U.S. response is inadequate. “We need a president who will lead not just a whole-of-government effort, but in a sense a whole-of-society effort to try to take on these challenges. We need someone that will actually unify our nation against this growing asymmetric threat. We can’t let Putin and his allies succeed.”
-
-
Russia used social media extensively to influence U.S. energy markets: Congressional panel
The U.S. House Science, Space, and Technology Committee last week released a staff report uncovering Russia’s extensive efforts to influence U.S. energy markets through divisive and inflammatory posts on social media platforms. The report details Russia’s motives in interfering with U.S. energy markets and influencing domestic energy policy and its manipulation of Americans via social media propaganda. The report includes examples of Russian-propagated social media posts.
-
-
Kremlin hackers infiltrated the most secure German government communication network
The German government yesterday (Wednesday) confirmed that it had suffered a large cyberattack which infiltrated federal computer networks in search of sensitive information. Anonymous German law enforcement sources said that the Russia hacking group APT28, aka Fancy Bear, had placed malware in a government network and infiltrated both the Foreign Ministry and the Defense Ministry. Fancy Bear, which is one of the hacking groups operated by the GRU (Russia’s military intelligence branch), conducted the 2016 hacking campaign of the DNC and the Hillary Clinton campaign. The Russian government hackers managed to infiltrate the German government’s “Informationsverbund Berlin-Bonn” (IVBB) network, a communication network which was specially designed as a secure communications platform.
-
-
Basic password guidance can dramatically improve account security
Technology users should be offered more detailed support and guidance when creating account passwords in order to make them more secure and harder to crack, a new study suggests. found those who receive basic guidance including password meters were up to 40 percent more likely to make their choices secure. However, those given feedback such as how likely it was that hackers could guess their passwords – and therefore access private information held in their accounts – were up to 10 times more likely to change their original choice to something more secure.
-
More headlines
The long view
Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages
A ransomware attack on Change Healthcare, a company that processes 15 billion health care transactions annually and deals with 1 in 3 patient records in the United States, is continuing to cause massive disruptions nearly three weeks later. The incident, which started on February 21, has been called the “most significant cyberattack on the U.S. health care system” by the American Hospital Association. It is just the latest example of an increasing trend.
Chinese Government Hackers Targeted Critics of China, U.S. Businesses and Politicians
An indictment was unsealed Monday charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
Autonomous Vehicle Technology Vulnerable to Road Object Spoofing and Vanishing Attacks
Researchers have demonstrated the potentially hazardous vulnerabilities associated with the technology called LiDAR, or Light Detection and Ranging, many autonomous vehicles use to navigate streets, roads and highways. The researchers have shown how to use lasers to fool LiDAR into “seeing” objects that are not present and missing those that are – deficiencies that can cause unwarranted and unsafe braking or collisions.