• “Instant replay” quickly pinpoints cyberattack details

    Until now, assessing the extent and impact of network or computer system attacks has been largely a time-consuming manual process. A new software system being developed by cybersecurity researchers will largely automate that process, allowing investigators to quickly and accurately pinpoint how intruders entered the network, what data they took, and which computer systems were compromised.

  • North Korea behind May 2017 WannaCry attack on British health services: U.K.

    The British government has said it was all but certain North Korea carried out the “WannaCry” malware attack which hobbled the IT systems of the NHS, Britain’s national health service, in May. The National Audit Office (NAO) released a report on Friday which found that hospitals and clinics were left exposed to cyberattack because they failed to follow basic cybersecurity recommendations. WannaCry attacks were not limited to the United Kingdom: More than 300,000 computers in 150 countries were also infected with the WannaCry ransomware. The malware crippled organizations — government agencies, global companies, small firms — by targeting computers with outdated security.

  • EU set to define cyberattacks as “acts of war,” allowing collective military response

    In Response to Russian interference in the electoral campaigns in Germany, France, and the Netherlands, and the North Korean WannaCry attack on the U.K. health services, EU governments are planning to sign a declaration – officially titled “The framework on a joint EU diplomatic response to malicious cyber activities” — which defines cyberattacks on any EU country as an act of war, potentially triggering a military retaliation – even including conventional arms – in response. The proposed EU declaration would be similar to a change NATO made to the treaty governing NATO operations: In 2014, NATO updated its cyber defense policy, to make an explicit link between cyberattacks at a certain threshold and the invocation of a NATO’s article 5 collective defense as part of the treaty.

  • The active measures orchestra: An examination of Russian influence operations abroad

    Russia has embraced new technologies and forms of communication that have allowed it to take advantage of years of Western inattention to a growing problem. However, the tools Russia uses in its current influence operations are nothing new. Neither are its strategic objectives of subverting NATO and the EU and undermining Western governments and democratic institutions. While for many Americans Russia’s actions seem to have come out of nowhere, it is essential that we understand these actions occurred in the context of a wide and ongoing effort by the Kremlin.

  • Too much browser functionality creates unnecessary security, privacy risks

    Modern website browsers provide an incredibly broad range of features, with more and more capabilities being added every day. New research has identified numerous browser functionalities rarely used or needed by websites, but which pose substantial security and privacy risks to web surfers. Blocking website access to unnecessary browser functionality would help reduce these risks.

  • DOD to remove Kaspersky software from Pentagon systems

    The Department of Defense is reviewing its computer systems to make sure that software from under-suspicion Russian cybersecurity firm Kaspersky does not touch any military systems. In September DHS issued a directive to all civilian government agencies to remove Kaspersky software from their systems. The directive, which gave agencies three months to complete the removal, referred to deepening concerns in the U.S. intelligence community about the close relationship between Kaspersky and the Russian intelligence agencies.

  • DOD to remove Kaspersky software from Pentagon systems

    The Department of Defense is reviewing its computer systems to make sure that software from under-suspicion Russian cybersecurity firm Kaspersky does not touch any military systems. In September DHS issued a directive to all civilian government agencies to remove Kaspersky software from their systems. The directive, which gave agencies three months to complete the removal, referred to deepening concerns in the U.S. intelligence community about the close relationship between Kaspersky and the Russian intelligence agencies.

  • Facebook’s evidence of Russian electoral meddling is only ‘the tip of the iceberg’

    “First of all, let’s step back and put the Russian involvement in 2016 in the overall context,” says Senator Mark Warner (D-Virginia), the ranking Democrat on the Senate Intelligence Committee. “It was approved at the highest level. It was coordinated in ways that were unprecedented. It included the things that have been much reported on, like hacking into both political parties and releasing information harmful to one candidate, Clinton, and helpful to Trump.” Warner adds: “I think our government and the platform companies were more than a little bit caught off guard. I don’t think anyone had seen anything of this scale before.”

  • DHS, FBI warn critical infrastructure firms of attacks by “Russia-linked” hackers

    DHS and the FBI on Friday have issued an alert that warning critical infrastructure companies of “advanced persistent threat (APT) actions targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors.” DHS said the hacking campaign, labeled Dragonfly, is a Kremlin-sponsored operation.

  • Jeff Sessions just confessed his negligence on Russia

    The headlines from Attorney General Jeff Session’s testimony before the Senate Judiciary Committee on Wednesday focused on his refusal to answer questions about his conversations with President Donald Trump and his declaration that he had not yet been interviewed by special counsel Robert Mueller. Lost in the back-and-forth, however, was a truly damning moment about Sessions’s tenure at the Justice Department thus far. The attorney general of the United States, though acknowledging and expressing confidence in the intelligence community’s assessment of foreign interference in the 2016 election and admitting that the government is not doing enough to guard against such activity in the future, could not identify a single step his department is taking or should take in that direction. This was a frank display of ignorant complacency in the face of a clear and demonstrated threat.

  • Foreign cyberattacks, disinformation “should never be downplayed or tolerated”: George W. Bush

    Former President George W. Bush said earlier today (Thursday) that the United States should not downplay Russia’s attempts to meddle in the U.S. election. Bush said that “the Russian government has made a project of turning Americans against each other. This effort is broad, systemic, and stealthy. It’s conducted a range of stealthy media platforms.” Bush’s remarks were a shot against President Donald Trump, who has dismissed the incontrovertible evidence of Russian interference in the 2016 presidential election as “a hoax” and “fake news.”

  • North Korea sent spear phishing emails to U.S. electric companies

    Cybersecurity firm FireEye says it can confirm that the company’s devices detected and stopped spear phishing emails sent on 22 September 2017 to U.S. electric companies by “known cyber threat actors likely affiliated with the North Korean government.” The activity was early-stage reconnaissance, and not necessarily indicative of an imminent, disruptive cyberattack that might take months to prepare if it went undetected (judging from past experiences with other cyber threat groups).

  • “Our task was to set Americans against their own government”: Russian troll-farm operative

    New information about the operation of a Russian “troll farm” and its role in Russia’s disinformation dissemination system, sheds new light on Russia’s broad effort to help Donald Trump win the 2016 presidential race. The fake stories and false news created and disseminated to millions of American voters by the operatives at the Internet Research Agency (IRA), in the words of an IRA operative, aimed to “rock the boat” on divisive issues like race relations, gun control, immigration, and LGBT rights. The IRA also used the internet to hire 100 American activists to hold 40 rallies in different U.S. cities. These activists did not know they were working for a Russian government agency, and the people who came to the rallies were unaware that they were taking part in Russian-organized and financed events.

  • Why are Russian media outlets hyping the Mueller investigation?

    Four major Russia investigations are underway in Washington, along with at least six related federal inquiries. Russia’s most popular media outlets compare the investigations to those of the McCarthy era, calling them “witch hunts” focused on a “phantom menace.” Amid all the emphasis of “Russophobia run wild,” however, Russian media coverage seems to have become more positive in regard to one issue: The Justice Department’s investigation led by Special Prosecutor Robert Mueller. While state-sponsored outlets continue to deny any possible collusion between the Trump campaign and the Kremlin, they’ve begun to applaud Mueller’s efforts to look into the past business deals of the U.S. president and his team. In affirming the U.S. investigation into Trump’s business practices, Kremlin strategists can co-opt the charges of Putin’s critics and direct them at Trump. They can argue that the U.S. is neither more virtuous than Russia nor more efficacious. And they can do so without having to acknowledge that a Mueller-style investigation into top-level government malfeasance would never be allowed in their own country today.

  • Russia used Pokemon Go "to sow division” in run-up to 2016 presidential election

    CNN broke the news yesterday that Russian government hackers did not only use Facebook, Twitter, and Google platforms for a broad, systematic, and sophisticated disinformation campaign in the run-up to the 2016 election – they also used the popular video game Pokemon Go. The game was used to promote a Black Lives Matter-like message about police brutality, aiming to discourage African American voters from going to the polls, while creating a White backlash against those criticizing the police.