• Dissect Cyber notifies small businesses targeted by cybercriminals

    Cybercriminals are an insidious lot, constantly launching new schemes to steal money from individuals and companies. In the United States, millions of people and small businesses fall victim to internet crimes each year. Most small businesses do not have ready access to timely cybersecurity notifications of possible threats.

  • Russia’s hacking, disinformation efforts aim to influence German, French elections

    Russian government hackers and disinformation specialists were successful in their hacking and disinformation campaign in the run-up to the November 2016 election in the United States. “I think one of the lessons that the Russians may have drawn from this is that this works,” FBI director James Comey told lawmakers on Tuesday. German and French intelligence services agree with Comey. They say they have detected an intensification of Russian hacking and disinformation efforts in the run-up of the second round of France’s presidential election – to be held this coming Sunday – and Germany’s federal election, to be held in September. In both Francde and Germany, Russia’s campaign aims to strengthen populist, far-right, ultra-nationalist, and anti-American politicians and parties.

  • The lessons on Russian intelligence

    Despite President Trump’s saying that it’s all just “fake news,” James R. Clapper, who was U.S. director of national intelligence from 2010 until January, said he has no doubt that Russia successfully interfered in the 2016 election and “clearly favored” Trump over Hillary Clinton. “Clearly, the Russians — and the shots were called at the highest level — were interested first in sowing dissension and doubt and discord in this country,” Clapper said. As the campaign went on, however, he said their aims switched to helping Trump. “They, too, didn’t initially take Mr. Trump seriously, but later on they did,” Clapper said at a Harvard Kennedy School talk. Clapper said we should expect more Russian meddling in U.S. elections.

  • The Darknet offers more robust protection against attacks

    Researchers have discovered why cyberattacks usually fail against the Darknet, a part of the internet that guarantees users’ privacy and anonymity. This hidden network is used for sensitive and often illegal purposes such as drug trafficking or exchanging child pornography and can counter large attacks on its own by spontaneously adding more network capacity.

  • Online security won’t improve until companies stop passing the buck to the customer

    It’s normally in the final seconds of a TV or radio interview that security experts get asked for advice for the general public – something simple, unambiguous, and universally applicable. It’s a fair question, and what the public want. But simple answers are usually wrong, and can do more harm than good. Customers do want to protect themselves, and there is a clear demand for good security advice. But this advice needs to be realistic, needs to consider that different individuals have different circumstances that require different approaches, and put the interests of the customer first. Companies that develop security systems are in the best position to improve security, and they must take responsibility for doing so by learning from the research that reveals how individuals really use, understand, and misunderstand security technology.

  • Machine-learning-based solution to help combat phishing

    When it comes to hacking, phishing is one of the oldest tricks in the book. According to IBM security research, some 30 percent of phishing e-mails are opened by targeted recipients. Additionally, the attacks are becoming more advanced and harder to detect at first glance. A new machine-learning-based security solution could help businesses detect phishing sites up to 250 percent faster than other methods.

  • Cyber attacks ten years on: from disruption to disinformation

    Today – 27 April — marks the tenth anniversary of the world’s first major coordinated “cyberattack” on a nation’s internet infrastructure: Russian government hackers attacked the computer systems of the government of Estonia in retaliation for what Russia considered to be an insult to the sacrifices of the Red Army during the Second World War. This little-known event set the scene for the onrush of cyber espionage, fake news, and information wars we know today. A cybersecurity expert recently told the Senate Select Committee on Intelligence that to understand current Russian active measures and influence campaigns — that is, to understand cyber operations in the twenty-first century – we must first understand intelligence operations in the twentieth century. Understanding the history of cyber operations will be critical for developing strategies to combat them. Narrowly applying models from military history and tactics will offer only specific gains in an emerging ecosystem of “information age strategies.” If nations wish to defend themselves, they will need to understand culture as much as coding.

  • Cybersecurity firm trains students for high-tech heroics

    With newscasts regularly portraying a menacing picture of cybercrime, Indiana State University Professor Bill Mackey — and the students he teaches — is almost guaranteed job security. Perhaps the biggest news story this spring involves the Russians, the Democratic National Committee and, possibly, the Trump White House. It also involves exactly the focus of Mackey and his cyber security company, Alloy. Preventing the human missteps is exactly what Mackey’s enterprise does that’s different from almost everyone else: They marry the technological part (the computer-code breaking) with the human element for a mixture of tech and cybercriminology.

  • Malware behavior detection technology commercialized

    Virginia-based Lenvio Inc. has exclusively licensed a cybersecurity technology from the Department of Energy’s Oak Ridge National Laboratory – a technology that can quickly detect malicious behavior in software not previously identified as a threat. The platform, known as Hyperion, uses sophisticated algorithms to seek out both legitimate and malicious software behavior, identify malware such as viruses or executable files undetected by standard methods, and ultimately help reduce the risk of cyberattacks.

  • 2017 Cyber Defense Competition tests infrastructure vulnerability

    More than 100 college and high school students from nine states honed their cyber defense skills against experts at the U.S. Department of Energy’s (DOE) Argonne National Laboratory during Argonne’s second annual Collegiate Cyber Defense Competition. In the competition, fifteen college teams defended mock electrical and water utilities from the repeated cyberattacks of a team of experts from Argonne, the Illinois and Wisconsin National Guard, and the technology industry.

  • Facebook targets 30,000 fake-news accounts ahead of French election

    Facebook was the subject of harsh criticism for allowing itself to be used by two Russian intelligence services – the GRU and the FSB – in their broad campaign of fake news in the summer and fall 2016, undertaken to help Donald Trump win the November election. The company has taken action to prevent Russia and other actors from engaging in a similar campaign in France, where the first round of the presidential election is to be held on Sunday, 23 April. Facebook said it has targeted 30,000 fake accounts linked to France as part of a global effort against misinformation.

  • Phone's power use offers hackers an opening

    Experts have long known the risks associated with charging a smartphone using a USB cord that can also transfer data, but new research shows that even without data wires, hackers using a “side channel” can quickly find out what websites a user has visited while charging a device. Researchers warn that “a malicious charging station” can use seemingly unrelated data—in this case, a device’s power consumption—to extract sensitive information.

  • Stopping TDoS attacks

    Imagine if your call to 911, your financial institution, a hospital, or even your child’s school doesn’t get through. In the past few years, 911 emergency call centers, financial services companies and a host of other critical service providers and essential organizations have been victims of telephony denial of service (TDoS) attacks. These attacks are a type of denial of service (DoS) attack in which a voice service is flooded with so many malicious calls valid callers can’t get through. DHS S&T is working to make sure TDoS attacks cannot disrupt critical phone systems.

  • Partial fingerprints sufficient to trick biometric security systems on smartphones

    No two people are believed to have identical fingerprints, but researchers have found that partial similarities between prints are common enough that the fingerprint-based security systems used in mobile phones and other electronic devices can be more vulnerable than previously thought.

  • Stealing your PIN by tracking the motion of your phone

    Cyber experts have revealed the ease with which malicious websites, as well as installed apps, can spy on us using just the information from the motion sensors in our mobile phones. Analyzing the movement of the device as we type in information, they have shown it is possible to crack four-digit PINs with a 70 percent accuracy on the first guess — 100 percent by the fifth guess — using just the data collected via the phone’s numerous internal sensors.