• EU probe finds “continued, sustained” online disinformation by “Russian sources”

    The European Union says that it has gathered evidence of “continued and sustained” disinformation activity by Russia aimed at influencing the results of May’s elections for the European Parliament. The European Commission report said “Russian sources” tried to suppress voter turnout and influence voters’ preferences.

  • Quantum – a double-edged sword for cryptography

    Quantum computers pose a big threat to the security of modern communications, deciphering cryptographic codes that would take regular computers forever to crack. But drawing on the properties of quantum behavior could also provide a route to truly secure cryptography.

  • Entering the third decade of cyber threats: Toward greater clarity in cyberspace

    Over the course of just a few decades, the world has entered into a digital age in which powerful evolving cyber capabilities provide access to everyone connected online from any place on the planet. Those capabilities could be harnessed for the benefit of humanity; they might also be abused, leading to enormous harms and posing serious risks to the safety and stability of the entire world. Dan Efrony writes in Lawfare that a strategy of international cooperation is crucial to mitigate the threats of abuse of cyberspace, primarily by clarifying the “red lines” in the field of cybersecurity and determining how to verify and enforce states’ compliance with their legal obligations in the field.

  • Alphabet-owned jigsaw bought a Russian troll campaign as an experiment

    For more than two years, the notion of social media disinformation campaigns has conjured up images of Russia’s Internet Research Agency, an entire company housed on multiple floors of a corporate building in St. Petersburg, concocting propaganda at the Kremlin’s bidding. But a targeted troll campaign today can come much cheaper—as little as $250, says Andrew Gully, a research manager at Alphabet subsidiary Jigsaw. He knows because that’s the price Jigsaw paid for one last year. Andy Greenberg writes in Wired that as part of research into state-sponsored disinformation that it undertook in the spring of 2018, Jigsaw set out to test just how easily and cheaply social media disinformation campaigns, or “influence operations,” could be bought in the shadier corners of the Russian-speaking web. In March 2018, after negotiating with several underground disinformation vendors, Jigsaw analysts went so far as to hire one to carry out an actual disinformation operation, assigning the paid troll service to attack a political activism website Jigsaw had itself created as a target.

  • Lawmakers grapple with deepfake threat at hearing

    The House Intelligence Committee heard alarming testimony Thursday that deepfake videos could be weaponized by foreign adversaries to sow divisions in the United States. Olivia Beavers and Maggie Miller write in The Hill that Clint Watts, a former FBI special agent and senior fellow for Alliance for Securing Democracy at the German Marshall Fund, warned lawmakers that Russia and China will likely both work to develop “synthetic media capabilities” for use against the U.S. and other adversaries. “China’s artificial intelligence capabilities rival the U.S., are powered by enormous data troves to include vast amounts of information stolen from the U.S., and the country has already shown a propensity to employ synthetic media in television broadcast journalism,” he said.

  • A top voting-machine firm is finally taking security seriously

    Over the past 18 months, election-security advocates have been pushing for new legislation shoring up the nation’s election infrastructure. Election-security reform proposals enjoy significant support among Democrats—who control the House of Representatives—and have picked up some Republican cosponsors, too. Timothy B. Lee writes in Wired that such measures, however, have faced hostility from the White House and from the Republican leadership of the Senate. Legislation called the Secure Elections Act, cosponsored by senators James Lankford (R-Oklahoma) and Amy Klobuchar (D-Minnesota) last year, aimed to shore up the nation’s election security by providing states with new money to phase out paperless systems. But the Lankford-Klobuchar bill stalled in the face of opposition from the Trump administration and Senate Republicans. At this point, any election reform legislation looks unlikely to pass before the 2020 election.

  • Ahead of the 2020 election: National response to confront foreign interference

    Stanford University scholars outline a detailed strategy for how to protect the integrity of American elections – including recommendations such as requiring a paper trail of every vote cast and publishing information about a campaign’s connections with foreign nationals.

  • Eliminating infamous security threats

    Meltdown and Spectre are speculative side-channel attacks exploit a fundamental functionality in microprocessors to expose security vulnerabilities. No efficient protection against such attacks has been found. Until now.

  • Russian disinformation on YouTube draws ads, lacks warnings

    Fourteen Russia-backed YouTube channels spreading disinformation have been generating billions of views and millions of dollars in advertising revenue, according to researchers, and had not been labeled as state-sponsored, contrary to the world’s most popular streaming service’s policy. Reuters reports that the channels, including news outlets NTV and Russia-24, carried false reports ranging from a U.S. politician covering up a human organ harvesting ring to the economic collapse of Scandinavian countries. Despite such content, viewers have flocked to the channels and U.S. and European companies have bought ads that run alongside them.

  • Nuclear energy regulators need to bring on more cyber experts, watchdog says

    The Nuclear Regulatory Commission is facing a mass exodus of cybersecurity experts in the years ahead, which could limit its ability to ensure the nation’s nuclear power plants are safe from digital attacks, an internal watchdog found. Jack Corrigan writes in Defense One that Nearly one-third of NRC’s cybersecurity inspectors will be eligible for retirement by the end of fiscal 2020, and agency officials worry they aren’t training enough people to take their place, according to the NRC Inspector General. With nuclear power stations becoming increasingly popular targets for online adversaries, the shortage of cyber expertise could leave the agency struggling to do its job, auditors said.

  • Russia's 2016 Twitter campaign far broader, deeper, and incredibly successful: Symantec

    The archives of the Internet Research Agency, the St. Petersburg-based troll farm, show a broad, coordinated, and effective campaign which was, in the words of one report, “incredibly successful at pushing out and amplifying its messages.” The Internet Research Agency conducted a campaign on Twitter before the 2016 elections that was larger, more coordinated and more effective than previously known.

  • IS’s English-speaking fighters use Telegram to reinforce faith in the caliphate

    English-speaking Islamic State supporters are refusing to give up on the terror group’s ability to remain a force in Syria and Iraq. Even as the terror group was losing ground in Syria and Iraq to U.S.-backed forces, and even as IS leadership was encouraging followers to start looking to progress in IS provinces elsewhere, English-speaking supporters turned to Telegram to reinforce their faith in the caliphate.

  • Secure multiparty computation protecting privacy at the ballot box

    Shortly after the start of the new year, Americans around the nation will start returning to polling stations to vote in presidential primaries. How confident they feel in the voting process could depend on this thing called secure multiparty computation.

  • New computer attack mimics user's keystroke characteristics, evading detection

    Researchers have developed a new attack called “Malboard,” which evades several detection products that are intended to continuously verify the user’s identity based on personalized keystroke characteristics. 

  • The U.S. needs an industrial policy for cybersecurity

    Industrial policies are appropriate when market failures have led to the under-provision of a good or service. The cybersecurity industry’s growth has been held back for several reasons, including intractable labor shortages. Vinod K. Aggarwal and Andrew W. Reddie write in Defense One that both the United States and United Kingdom suffer from a documented shortage of skilled programmers and computer scientists working on cybersecurity issues, and the U.S. alone is projected to have a shortage of 1.2 million professionals by 2022, according to the Center for Strategic and International Studies. The market has also been hindered by so-called “information problems,” as firms are often not aware of their own vulnerabilities and avoid sharing information about data breaches given the reputation costs associated with disclosure. So what can the government do about it?