• Could we reverse a hacked presidential election?

    What would happen if we discover that Russians hacked into the results of the 2016 presidential election and tipped the outcome in favor of Donald Trump — literally changed the vote totals? “It is cold comfort that we have no evidence so far that Moscow actually manipulated vote tallies to change the election’s outcome,” the authors write. But what if it emerges that Russian operatives were successful on that front as well? Setting Trump aside, what if a foreign government succeeds in the future in electing an American president through active vote manipulation? The Constitution offers no clear way to remedy such a disaster.

  • U.S. voting machines can be easily, quickly hacked: DEFCON report

    DEFCON yesterday released its much-anticipated report, detailing findings from its first-ever “Voting Machine Hacking Village.” The Voting Village was held three months ago at DEFCON25 in Las Vegas. The report highlighted how every piece of equipment in the Village – which included voting machines and poll books still largely in use in current U.S. elections – was effectively breached in a matter of minutes by hackers. “What the report shows is that if relative rookies can hack a voting system so quickly, it is difficult to deny that a nefarious actor – like Russia – with unlimited time and resources, could not do much greater damage,” said Voting Village organizer and University of Chicago cybersecurity instructor, Jake Braun. “That threat becomes ever more poignant when you consider they could hack an entire line of voting machines, remotely and all at once via the supply chain.”

  • Russia already moving to the next cyber incursion in U.S.

    “From a technological point of view, this [hacking U.S. voting machines] is something that is clearly doable,” said Sherri Ramsay, the former director of the federal Central Security Service Threat Operations Center, which handles cyber threats for the military and the National Security Agency. “For us to turn a blind eye to this, I think that would be very irresponsible on our part.” Cybersecurity experts are increasingly concerned that Russia and others are already moving to the next incursion. “What really concerns me is having suffered these probing attacks last year, we may be in for an even more sophisticated, more potentially effective assault next time around—and oh, by the way, others were watching,” said Ambassador Doug Lute, a retired Army lieutenant general who served as the permanent representative to NATO from 2013 to 2017.

  • Kaspersky antivirus hack a wake-up call for business

    Russian state-sponsored hackers were able to steal National Security Agency (NSA) material on methods the NSA uses to conduct cyber espionage as well as how the agency helps defend critical U.S. government networks. An NSA contractor placed the material on his or her private computer – a violation of the agency’s security policy – and the private computer reportedly had anti-virus software belonging Moscow-based Kaspersky Lab installed. The software detected the unsecured classified material and alerted Russian intelligence to its presence. Michael Sulmeyer, the director of the Belfer Center’s Cyber Security Project at Harvard University, says geopolitics should guide some in the private sector to follow the U.S. government’s lead in removing Kaspersky’s software from their networks.

  • Microsoft investigating Russian government operatives’ purchase of campaign ads

    Microsoft is reviewing its accounts to determine whether Russian government operatives and trolls aligned with the Russian government purchased ads on Bing or other company products in the run-up to the 2016 U.S. presidential race. The company’s decision to conduct an internal investigation comes as Microsoft’s tech industry peers — Facebook, Google, and Twitter — are dealing with probes by the U.S. Congress into the extent to which Kremlin-backed agents spread disinformation on their platforms around Election Day.

  • Russia-focused extremists, conspiracy peddlers spread junk news on U.S. military, national security

    Social media provides political news and information for both active duty military personnel and veterans. Oxford University’s Oxford Internet Institute (OII) analyzed the subgroups of Twitter and Facebook users who spend time consuming junk news from websites that target U.S. military personnel and veterans with conspiracy theories, misinformation, and other forms of junk news about military affairs and national security issues. Among the findings: Over Twitter, there are significant and persistent interactions between current and former military personnel and a broad network of extremist, Russia-focused, and international conspiracy subgroups

  • Russia recruited YouTubers to bash “Racist B*tch” Hillary Clinton over rap beats

    According to the YouTube page for “Williams and Kalvin,” the Clintons are “serial killers who are going to rape the whole nation.” Donald Trump can’t be racist because he’s a “businessman.” Hillary Clinton’s campaign was “fund[ed] by the Muslim.” Williams and Kalvin’s content was pulled from Facebook in August after it was identified as a Russian government-backed propaganda account. According to Clint Watts, a former FBI counterterrorism agent, using third party contractors from both inside Russia and countries with cheap labor is a method used by the Kremlin to “muddy the waters on attribution” of propaganda. “Often, (the Kremlin) will contract out entities to do this so they can say, ‘You can’t prove that it’s us,’” Watts told the Daily Beast. “It’s pretty routine for them to try to gain resources through third parties and contract cutouts.”

  • Russian agents bought ads on Google platforms, targeting voters in crucial swing states

    Google says Russian agents have purchased ads on YouTube, Google Search, Gmail, and the company’s DoubleClick ad network. Some of the ads touted Donald Trump, while other ads aimed to help Trump indirectly: They promoted the candidacies of Bernie Sanders and the Green party candidate Jill Stein in order to weaken Hillary Clinton among left-leaning voters. The purpose of other ads was to sow discord, deepen social divisions, and intensify racial animosity: These ads talked about the threat to America posed by immigrants, African American activists, and members of the LGBT community, aiming to intensify backlash against these groups, and the politicians who spoke on their behalf, among White and more traditional voters. Many of the ads targeted voters in crucial swing states.

  • Social media is “first tool” of 21st-century warfare – and it’s cheaper than F-35: Sen. Warner

    Senator Mark Warner (D-Virginia), the ranking member of the Senate Intelligence Committee, said that there are three things the committee has already established beyond doubt: Russia hacked both political parties and used that information in President Donald Trump’s favor; Russia attacked but did not fully break into the voter registration systems of twenty-one states; Russia used paid advertising and fake accounts on social media to disseminate misinformation to voters. The sophistication of Russia’s cyber campaign was “unprecedented,” Warner said. It was also cheap. Warner noted the amount Moscow spent in total influencing the American, French, and Dutch elections was about a quarter the cost of building an F-35 fighter jet. “If Russia’s goal was primarily to sow chaos … and secondarily elect Mr. Trump, they had a pretty good rate of return,” he said.

  • Software “containers” increase computer security

    ONR has awarded the University of Wisconsin–Madison $6.1 million to research what are known as containers. While not a household word for average computer users, containers are increasingly popular in the tech world. Containers help software run reliably when moved from one computing environment to another, such as from an individual’s laptop to the cloud. These complex programs pull together everything an application needs to work so those elements stay together when the application migrates.

  • ONR awards GrammaTech $9 million for cyber-hardening security research

    Ithaca-based GrammaTech has been awarded a $9 million, three-year contract from the Office of Naval Research (ONR), a division of the United States Department of the Navy, to perform research and development into cutting-edge techniques for protecting software from cyber-attacks. The goal is for end users to be able to transform their critical applications to shrink the attack surface, improve performance, lower memory consumption, and reduce complexity—all without breaking the application or disrupting operations.

  • Russia breaks into U.S. soldiers' iPhones in apparent hybrid warfare attacks

    The U.S. Army’s Asymmetric Warfare Group, in charge of finding ways to counter emerging threats, recently issued warning about the dangers of Russia’s hybrid warfighting concepts, saying that the U.S. military as a whole may be ill-suited to respond to them in a crisis. Now, American troops and troops from NATO member states say they have been subjected to a campaign of surveillance and harassment via their cellphones, the internet, and social media, a campaign which is the hallmark of the “Russian New Generation Warfare.”

  • Lawmaker questions voting machine manufacturers on security measures

    Following interference by Russian government operatives in the 2016 election, Senator Ron Wyden (D-Oregon) has asked the top six U.A. manufactures of voting machines how they are protecting Americans’ votes from hacking. Wyden sent similar letters to two voting system test laboratories accredited by the U.S. Election Assistance Commission.

  • DOD wants to be able to detect the online presence of social bots

    Russian government operatives used social bots in the run up to the 2016 presidential campaign to sow discord and dissention, discredit political institutions, and send targeted messages to voters to help Donald Trump win the election. DARPA is funding research to detect the online presence of social bots.

  • Senate panel passes bipartisan “Hack DHS” bill

    On Wednesday, 4 October, the U.S. Senate Homeland Security and Governmental Affairs Committee passed the bipartisan Hack Department of Homeland Security (DHS) Act, whichwould establish a bug bounty pilot program – modeled off of similar programs at the Department of Defense and major tech companies – in order to strengthen cyber defenses at DHS by utilizing “white-hat” or ethical hackers to help identify unique and undiscovered vulnerabilities in the DHS networks and information technology.