• Fake ATM spotted by DefCon attendees

    One of the curious features at the DefCon 24 even in Las Vegas is a fake ATM in the show’s venue. The fake ATM kiosk was placed in the lobby of the Riviera Hotel Casino sometime before the conference opened. As is appropriate at an event of sharp-eyed cybersecurity specialists and white hackers, the scam was uncovered when people noticed something wrong with the machine.

  • Hacking hotel magnetic-stripe based key cards is easy

    If you travel a lot for business or pleasure, and stay at hotels at the places you visit, you may not like the information presented at the DefCon 24 event in Las Vegas. A security expert will tell the attendees that the magnetic-stripe based key cards guests are given to enter their rooms have major weaknesses which could allow an attacker to modify these cards to enter guests rooms.

  • Exploring automotive cybersecurity vulnerabilities at Def Con 24

    In 2015, more than 16.5 million vehicles were sold in the United States. The Car Hacking Village helps researchers interested in the safety and security of the more than one billion vehicles on the road around the world. The Car Hacking Village made its debut at the Def Con 23 Conference last year in Las Vegas. This year, the Village returns to Def Con 24 in Vegas on 4 August.

  • U.S. Cyber Challenge hacking competition announces winners

    Last Friday morning, seven teams competed in the U.S. Cyber Challenge (USCC) Capture-the-Flag (CTF) competition at Southern Utah University (SUU) in Cedar City, Utah. After four hours of hacking into systems and answering trivia questions, Team Dragon came out on top.

  • “Our president should be chosen by American citizens, not by foreign adversaries or interests”

    Thirty-one members of the Aspen Institute Homeland Security Group, a bipartisan group of homeland security and counterterrorism experts, last week have issued a statement on the recent Democratic National Committee (DNC) hack. “[T]his is an attack not on one party but on the integrity of American democracy. And it may not be the end of such attacks. It is not unthinkable that those responsible will steal and release more files, and even salt the files they release with plausible forgeries,” members of the group write. “This is unacceptable. Our president should be chosen by American citizens, not by foreign adversaries or interests.”

  • How vulnerable to hacking is the US election cyber infrastructure?

    Following the hack of Democratic National Committee e-mails and reports of a new cyberattack against the Democratic Congressional Campaign Committee, worries abound that foreign nations may be clandestinely involved in the 2016 American presidential campaign. Allegations swirl that Russia, under the direction of President Vladimir Putin, is secretly working to undermine the U.S. Democratic Party. Intelligence services around the world monitor other countries’ domestic political situations — what has changed, however, is the ability of individuals, governments, militaries, and criminal or terrorist organizations to use Internet-based tools — commonly called cyberweapons — not only to gather information but also to generate influence within a target group. Democracies endure based not on the whims of a single ruler but the shared electoral responsibility of informed citizens who trust their government and its systems. That trust must not be broken by complacency, lack of resources, or the intentional actions of a foreign power.

  • Will Putin pick the next U.S. president? He just might

    Russian government hackers stealing and publicizing politically embarrassing e-mails from the DNC’s computer systems — or stealing analytical voter information and opposition research on Trump from the Clinton campaign’s own computers – is serious enough. As serious as the theft by these Russian hackers of Democratic campaign donors’ personal data from the computer systems of the Democratic Congressional Campaign Committee (DCCC). But as a recent article in Politico Magazine notes, there is even a more serious, and more disturbing, possibility: “The most extreme danger, of course, is that cyber intruders could hack the voting machinery to pick winners and losers.”

  • Trump urges Russia to hack, release Clinton’s e-mails

    Donald Trump on Wednesday said he hoped Russia would hack Hillary Clinton’s e-mails, and release them to the press. In a press conference at his Doral golf course, Trump said: “Russia, if you’re listening, I hope you’re able to find the 30,000 e-mails that are missing,” he said. “I think you will probably be rewarded mightily by our press.” Analysts note that Trump’s breathtaking call for a foreign power to hack the e-mails of a major U.S. political party or the server of a former secretary of state was as extraordinary as it was unprecedented.

  • DNC hack: “All roads lead to Russia” says new cybersecurity report

    New report by a cybersecurity firm ThreatConnect focuses on Guccifer 2.0, a hacker claiming to be behind the hack of the DNC computer system. The claim was made in order to deflect attention from Russian government hackers whose digital fingerprints were all over the DNC hack. A ThreatConnet report shows that Guccifer 2.0 is part of the Russian plot to steal and release politically embarrassing DNC e-mails.

  • Democrats brace for more e-mail leaks

    The FBI on Monday said the agency is investigating the hacks of the DNC computer networks. Democrats are worried that the Russian government hackers behind the DNC hacks may have gotten their hands on other politically embarrassing e-mails and documents, and the hackers would release these e-mails and documents between now and November in an effort to increase Trump’s chances of winning in November. Julian Assange, the founder of WikiLeaks and its current top editor, who said that the release [of the DNC e-mails] on Friday was the first in a series.

  • U.S. to issue new policy directive for coordinated government response to cyberattacks

    The administration is set to release a new directive on how the government should respond to significant cyberattacks. The release of the directives aims to clarify the responsibilities of agencies involved in security breaches. The presidential directive comes against the backdrop of an increasing number of cyberattacks by criminals and foreign governments.

  • Russian government hackers leaked DNC e-mails: Cybersecurity experts

    Robby Mook, Hillary Clinton’s campaign manager, said on Sunday that Friday’s release by WikiLeaks of Democratic National Committee (DNC) internal e-mails was the work of Russian government hackers. The leak, Mook said, was part of an effort by President Vladimir Putin and people in his circle to weaken Clinton and increase the chances of a Donald Trump victory in November. Cybersecurity experts support Mook’s claims.

  • DHS S&T awards $3.66 million for privacy-enhancing technology R&D

    DHS S&T has announced the award of three contracts totaling $3.66 million to fund the research and development of privacy-enhancing technologies that better defend personally identifying information and protect privacy in cyber space.

  • Protecting against “browser fingerprint”

    Imagine that every time a person goes out in public, they leave behind a track for all to see, so that their behavior can be easily analyzed, revealing their identity. This is the case with people’s online browser “fingerprints,” which are left behind at each location they visit on their internet browser. Almost like a regular fingerprint, a person’s browser fingerprint — or “browserprint” — is often unique to the individual. Such a fingerprint can be monitored, tracked, and identified by companies and hackers.

  • Automated cybersecurity systems get set for final face-off at DARPA’s Cyber Grand Challenge

    The Heartbleed security bug existed in many of the world’s computer systems for nearly two-and-a-half years before it was discovered and a fix circulated in the spring of 2014. The reason for this time lag? In contrast to the sophistication and automation that characterize so much of today’s computer systems, the process of finding and countering bugs, hacks, and other cyber infection vectors is still effectively artisanal. But what if that system of finding and fixing flaws were just as fast and automated as the computer systems they are trying to protect? What if cyber defense were as seamless, sophisticated, and scalable as the Internet itself? These are questions at the heart of DARPA’s Cyber Grand Challenge.