• On Facebook and Twitter, even if you don’t have an account, your privacy is at risk

    Individual choice has long been considered a bedrock principle of online privacy. If you don’t want to be on Facebook, you can leave or not sign up in the first place. Then your behavior will be your own private business, right? A new study shows that privacy on social media is like second-hand smoke. It’s controlled by the people around you.

  • Questioning the effectiveness of offensive cyber operations

    Great-power competition in the twenty-first century increasingly involves the use of cyber operations between rival states. But do cyber operations achieve their stated objectives? What are the escalation risks? Under what conditions could increasingly frequent and sophisticated cyber operations result in inadvertent escalation and the use of military force? The answers to these questions should inform U.S. cybersecurity policy and strategy.

  • Data breaches are inevitable – here’s how to protect yourself anyway

    By W. David Salisbury and Rusty Baldwin

    It’s tempting to give up on data security altogether, with all the billions of pieces of personal data – Social Security numbers, credit cards, home addresses, phone numbers, passwords and much more – breached and stolen in recent years. But that’s not realistic – nor is the idea of going offline entirely. In any case, huge data-collection corporations vacuum up data about almost every American without their knowledge. As cybersecurity researchers, we offer good news to brighten this bleak picture. There are some simple ways to protect your personal data that can still be effective, though they involve changing how you think about your own information security.

  • Facebook deletes hundreds of Russian troll pages

    Facebook announced it had shut down more than 360 pages and accounts, with some tied to the Internet Research Agency (IRA). from the United States to Germany, Facebook has come under immense pressure to combat fake news, disinformation campaigns, and hate speech on its platforms.

  • Huawei industrial espionage in Poland leads to calls for boycott

    The Chinese telecom giant’s industrial espionage activities in Poland have prompted calls for the company to be banned. The United States is leading the push for a boycott, but many EU governments remain undecided. Huawei offers a capable 5G technology, which represents a quantum leap in wireless communication speed, and which will be key to developing the Internet of Things (IoT), including self-driving cars. Critics charge that much of that technology was stolen from Western companies by Chinese intelligence agencies, for which Huwawei serves as a front.

  • The quiet threat inside ‘internet of things’ devices

    By Charles T. Harry

    As Americans increasingly buy and install smart devices in their homes, all those cheap interconnected devices create new security problems for individuals and society as a whole. The problem is compounded by businesses radically expanding the number of sensors and remote monitors it uses to manage overhead lights in corporate offices and detailed manufacturing processes in factories. Governments, too, are getting into the act – cities, especially, want to use new technologies to improve energy efficiency, reduce traffic congestion and improve water quality. The number of these “internet of things” devices is climbing into the tens of billions. They’re creating an interconnected world with the potential to make people’s lives more enjoyable, productive, secure and efficient. But those very same devices, many of which have no real security protections, are also becoming part of what are called “botnets,” vast networks of tiny computers vulnerable to hijacking by hackers.

  • Achieving better security with randomly generating biological encryption keys

    Data breaches, hacked systems and hostage malware are frequently topics of evening news casts — including stories of department store, hospital, government and bank data leaking into unsavory hands — but now a team of engineers has an encryption key approach that is unclonable and not reverse-engineerable, protecting information even as computers become faster and nimbler.

  • Manafort wanted polling data sent to Ukrainians

    When, during the 2016 campaign, Paul Manafort sent Trump campaign’s internal polling data to Konstantin Kilimnik – a cut-out for the GRU, Russia’s military intelligence branch — he intended that data to be handed off to two Kremlin-allied Ukrainian oligarchs, Serhiy Lyovochkin and Rinat Akhmetov. Manafort told his accountant in August 2016 he was expecting $2.4 million from Ukraine in November 2016. His spokesman insists that money was payment for an old debt and not the data.

  • How Russia hacked U.S. power grid

    In an aptly titled investigative report — “America’s Electric Grid Has a Vulnerable Back Door—and Russia Walked Through It” — the Wall Street Journal has used “documents, computer records and interviews” to reconstruct exactly how Russian hackers accessed the U.S. electric grid in the spring of 2016, an attack that continued through 2017 and possibly 2018.

  • Manafort shared Trump campaign polling with Konstantin Kilimnik, a cut-out to Russian intelligence

    While he was the chairman of the Donald Trump presidential campaign, Paul Manafort shared internal campaign polling data with Konstantin Kilimnik, a cut-out for the GRU, Russia’s military intelligence service. Analysts believe he is, in fact, a Russian intelligence operative. It appears that the Trump campaign’s internal data Manafort shared with Russian intelligence was aimed to help the GRU to make the Kremlin’s social-media disinformation effort on behalf of Trump more targetd and effective, especially in suppressing the African American vote for Hillary Clinton. Kilimnik was indicted by Special Counsel Robert Mueller’s grand jury on 8 June 2018 on charges of obstruction of justice and conspiracy to obstruct justice by attempting to tamper with a witness on behalf of Manafort.

  • Problems using mobile technologies in public health care

    Many health care providers in remote locations around the world are actively using newer mobile technologies like text messaging and fingerprint identification to deliver important services and timely information to their patients. While the efforts are well-intended, two new studies find that such approaches need to be closely monitored to make sure they are meeting targeted goals. The two recently published studies identified multiple problems integrating mobile technologies into public health care.

  • Hundreds of German politicians hacked – except those on the pro-Russia far right

    The personal and job-related information of German Chancellor Angela Merkel, senior politicians, and members of the Bundestag from all political parties was released by hackers and posted to Twitter. The leaked information included office letters, internal memos, departmental communicatin, contact details, office access passcodes, and more. The only politicians who were not hacked and the information of which was not released: Members of the populist, far-right, pro-Russia Aleternative for Germany (AfD). In the run-up to the fall 2017 federal election in Germany, the GRU, Russia’s military intelligence, helped the AfD by employing the same combination of hacking and social media disinformation the GRU had succefully used to help Donald Trump win the 2016 U.S. election. The Russian campaign was successful, and the AfD is now the thiord-largest party in the Bundestag.

  • European far-right groups eschew violence to broaden appeal

    More than seventy years after the defeat of Nazi Germany, ethno-nationalist and white supremacist movements in Europe continue to thrive. They include far-right political parties, neo-Nazi movements, and apolitical protest groups. These groups’ outward rejection of violence expands the reach of their message, and  can increase the potential for radicalization.

  • How we built a tool that detects the strength of Islamophobic hate speech on Twitter

    By Bertie Vidgen and Taha Yasseri

    In a landmark move, a group of MPs recently published a working definition of the term Islamophobia. They defined it as “rooted in racism,” and as “a type of racism that targets expressions of Muslimness or perceived Muslimness.” In our latest working paper, we wanted to better understand the prevalence and severity of such Islamophobic hate speech on social media. Such speech harms targeted victims, creates a sense of fear among Muslim communities, and contravenes fundamental principles of fairness. But we faced a key challenge: while extremely harmful, Islamophobic hate speech is actually quite rare.

  • From encrypting the web to encrypting the net: 2018 year in review

    By Sydney Li and Alexis Hancock

    We saw 2017 tip the scales for HTTPS. In 2018, web encryption continues to improve. The focus has begun to shift toward email security, and the security community is shifting its focus toward further hardening TLS, the protocol that drives encryption on the Internet.