• The history of cellular network security doesn’t bode well for 5G

    There’s been quite a bit of media hype about the improvements 5G is set to supposedly bring to users, many of which are no more than telecom talking points. One aspect of the conversation that’s especially important to get right is whether or not 5G will bring much-needed security fixes to cell networks. Unfortunately, we will still need to be concerned about these issues—and more—in 5G.

  • Deepfakes: Forensic techniques to identify tampered videos

    Computer scientists have developed a method that performs with 96 percent accuracy in identifying deepfakes when evaluated on large scale deepfake dataset.

  • Russian trolls are coming for 2020, smarter than ever, Clemson researchers warn

    Many Americans think they know what a Russian troll looks like. After the 2016 election, voters are more aware of bad actors on social media who might be trying to influence their opinion and their vote on behalf of a foreign government. Bristow Marchant writes in The State that Clemson University professors Darren Linvill and Patrick Warren warn, however, that picture may not be accurate. “People I know — smart, educated people — send me something all the time and say ‘Is this a Russian? Is this foreign disinformation?’” said Linvill, a communications professor at the Upstate university. “And it’s just someone saying something they disagree with. It’s just someone being racist. That’s not what disinformation looks like.”

  • Top takes: Suspected Russian intelligence operation

    A Russian-based information operation used fake accounts, forged documents, and dozens of online platforms to spread stories that attacked Western interests and unity. Its size and complexity indicated that it was conducted by a persistent, sophisticated, and well-resourced actor, possibly an intelligence operation. Operators worked across platforms to spread lies and impersonate political figures, and the operation shows online platforms’ ongoing vulnerability to disinformation campaigns.

  • Truth prevails: Sandy Hook father’s victory over conspiracy theory crackpots

    Noah Pozner, then 6-year old, was the youngest of twenty children and staff killed at Sandy Hook Elementary School in Connecticut. Last week, his father, Lenny Pozner, won an important court victory against conspiracy theorists who claimed the massacre had been staged by the Obama administration to promote gun control measures. The crackpots who wrote a book advancing this preposterous theory also claimed that Pozner had faked his son’s death certificate as part of this plot.

  • Identifying a fake picture online is harder than you might think

    Research has shown that manipulated images can distort viewers’ memory and even influence their decision-making. So the harm that can be done by fake images is real and significant. Our findings suggest that to reduce the potential harm of fake images, the most effective strategy is to offer more people experiences with online media and digital image editing – including by investing in education. Then they’ll know more about how to evaluate online images and be less likely to fall for a fake.

  • National emergency alerts potentially vulnerable to spoofing

    On 3 October 2018, cell phones across the United States received a text message labeled “Presidential Alert.” It was the first trial run for a new national alert system, developed by several U.S. government agencies as a way to warn as many people across the United States as possible if a disaster was imminent. Now, a new study raises a red flag around these alerts—namely, that such emergency alerts authorized by the President of the United States can, theoretically, be spoofed.

  • The Budapest Convention offers an opportunity for modernizing crimes in cyberspace

    Governments worldwide are in the process of updating the Budapest Convention, also known as the Convention on Cybercrime, which serves as the only major international treaty focused on cybercrime. This negotiation of an additional protocol to the convention provides lawmakers an opportunity the information security community has long been waiting for: modernizing how crimes are defined in cyberspace. Specifically, the Computer Fraud and Abuse Act (CFAA), codified at 18 U.S.C.§ 1030, dictates what constitutes illegal acts in cyberspace in the United States. Andrew Burt and Dan Geer write in Lawfare that without changing the CFAA—and other cybercrime laws like it—we’re collectively headed for trouble.

  • What a U.S. operation in Russia shows about the limits of coercion in cyber space

    The New York Times recently reported that the United States planted computer code in the Russian energy grid last year. The operation was part of a broader campaign to signal to Moscow the risks of interfering in the 2018 midterm elections as it did in 2016.  According to unnamed officials, the effort to hold Russian power plants at risk accompanied disruption operations targeting the Internet Research Agency, the “troll farm” behind some of the 2016 election disinformation efforts. The operations made use of new authorities U.S. Cyber Command received to support its persistent engagement strategy, a concept for using preemptive actions to compel adversaries and, over time, establish new norms in cyberspace. Benjamin Jensen writes in War on the Rocks that the character of cyber competition appears to be shifting from political warfare waged in the shadows to active military disruption campaigns. Yet, the recently disclosed Russia case raises question about the logic of cyber strategy. Will escalatory actions such as targeting adversaries’ critical infrastructure actually achieve the desired strategic effect?

  • New U.S. visa rules may push foreigners to censor their social-media posts

    Foreigners who decry American imperialism while seeking to relax on Miami’s sandy beaches or play poker at Las Vegas’s casinos may seek to soften their tone on Twitter. The reason? The U.S. State Department is now demanding visa applicants provide their social-media profiles on nearly two dozen platforms, including Facebook and Twitter.

  • “Vaccinating” algorithms against attacks on machine learning

    Algorithms “learn” from the data they are trained on to create a machine learning model that can perform a given task effectively without needing specific instructions, such as making predictions or accurately classifying images and emails. Researchers have developed a world-first set of techniques to effectively “vaccinate” algorithms against adversarial attacks, a significant advancement in machine learning research.

  • A Florida city paid a $600,000 bitcoin ransom to hackers who took over its computers — and it's a massive alarm bell for the rest of the US

    A Florida city agreed to pay $600,000 worth of bitcoin to hackers who took its computer systems offline with a cyberattack. Riviera Beach’s city council voted to pay the money after an attack in May affected the city’s online services, including email and 911 dispatches. The attack is part of a pattern that has targeted cities around the US. The disruption has cost millions of dollars. Sinéad Baker write in Business Insider that the U.S. Department of Homeland Security warned in 2018 that local-level governments around the U.S. were being hit with malware that is “among the most costly and destructive.”

  • NIST updates to help defend sensitive information from cyberattack

    An update to one of the National Institute of Standards and Technology’s (NIST) information security documents offers strategies to help protect sensitive information that is stored in computers supporting critical government programs and high value assets. The new companion publication offers enhanced security for information stored in critical programs and assets.

  • How cryptocurrency discussions – and disinformation – spread

    Computer scientists have mapped the ebb and flow of Reddit’s discussions about cryptocurrency — not only to see how online chatter can predict market behavior, but also to gain insights into how disinformation goes viral.

  • Cyber protection technology moves from the lab to the marketplace

    MIT Lincoln Laboratory’s technique to protect commodity software from cyberattacks has transitioned to industry and will soon be available as part of a security suite.