• Control system simulator helps operators to fight hackers

    A simulator that comes complete with a virtual explosion could help the operators of chemical processing plants – and other industrial facilities – learn to detect attacks by hackers bent on causing mayhem. The simulator will also help students and researchers understand better the security issues of industrial control systems.

  • Fortnite is setting a dangerous security trend

    Cybercriminals have just been given yet another route to get malicious software (malware) onto your personal mobile devices. The hugely popular video game Fortnite has become one of the first major apps to bypass official app stores and encourage users to download its software directly.

  • Germany creates cybersecurity R&D agency

    The German government today (Wednesday) announced the creation of a new federal agency to develop cutting-edge cyber defense technology. The agency would resemble the U.S. Defense Advanced Research Projects Agency (DARPA), which is credited with developing the early internet and GPS. The German agency, unlike DARPA, will focus on cyber defense ad cyber protection. DARPA’s range of defense-related research and development is much broader.

  • Less information leaves U.S. vulnerable as midterms approach

    In May 2018, explaining why the intelligence community objected to revealing the name of an FBI informant who talked with several Trump campaign officials in order to explore the extent of their ties with Russian intelligence operatives, FBI director Christopher Wray said: “The day that we can’t protect human sources is the day the American people start becoming less safe.” High-level U.S. officials say that the United States knows less in 2018 than it did in 2016 about Russia’s planned and executed attacks on U.S. democracy and infrastructure – and one reason is that Russian informants have gone silent. Current and former officials said the expulsion of American intelligence officers from Moscow has hurt collection efforts — but they also raised the possibility that the outing of an FBI informant under scrutiny by the House intelligence committee — an examination encouraged by President Trump — has had a chilling effect on intelligence collection.

  • Detecting “deepfake” videos in the blink of an eye

    A new form of misinformation is poised to spread through online communities as the 2018 midterm election campaigns heat up. Called “deepfakes” after the pseudonymous online account that popularized the technique – which may have chosen its name because the process uses a technical method called “deep learning” – these fake videos look very realistic. Because these techniques are so new, people are having trouble telling the difference between real videos and the deepfake videos. My work with colleagues has found a way to reliably tell real videos from deepfake videos. It’s not a permanent solution, because technology will improve. But it’s a start, and offers hope that computers will be able to help people tell truth from fiction.

  • Qrypt licenses ORNL’s quantum random number generator to bolster encryption methods

    Qrypt, Inc. has licensed a novel cyber security technology from ORNL, promising a stronger defense against cyberattacks including those posed by quantum computing. Qrypt will incorporate ORNL’s quantum random number generator, or QRNG, into the company’s existing encryption platform, using inherent quantum randomness to create unique and unpredictable encryption keys enabling virtually impenetrable communications.

  • Fund meant to protect elections may be too little, too late

    The Election Assistance Commission, the government agency charged with distributing federal funds to support elections, released a report Tuesday detailing how each state plans to spend a total of $380 million in grants allocated to improve and secure their election systems. But even as intelligence officials warn of foreign interference in the midterm election, much of the money is not expected to be spent before Election Day. The EAC expects states to spend their allotted money within two to three years and gives them until 2023 to finish spending it.

  • How the U.S. has failed to protect the 2018 election--and four ways to protect 2020

    If the weak response of the Obama White House indicated to America’s adversaries that the U.S. government would not respond forcefully, then the subsequent actions of House Republicans and President Trump have signaled that our adversaries can expect powerful elected officials to help a hostile foreign power cover up attacks against their domestic opposition. The bizarre behavior of the chairman of the House Permanent Select Committee on Intelligence, Rep. Devin Nunes, has destroyed that body’s ability to come to any credible consensus, and the relative comity of the Senate Select Committee on Intelligence has not yet produced the detailed analysis and recommendations our country needs. Republican efforts to downplay Russia’s role constitute a dangerous gamble: It is highly unlikely that future election meddling will continue to have such an unbalanced and positive impact for the GOP.

  • Bots, Russian trolls influenced vaccine discussion on Twitter

    Social media bots and Russian trolls promoted discord and spread false information about vaccines on Twitter, according to new research. Using tactics similar to those at work during the 2016 United States presidential election, these Twitter accounts entered into vaccine debates months before election season was underway.

  • Fake social media followers may derail the booming influencer marketing business

    Celebrities, social media stars, and other online personalities have taken a hit to their credibility in recent months, as millions of their followers have been exposed as fake or bought. This has created a bigger problem for advertisers and consumers, who no longer can trust in high follower numbers as a measure of influence and credibility.

  • Microsoft reveals Russian hacking attempts ahead of U.S. elections

    Microsoft says it has uncovered new Russian hacking attempts to target U.S. political groups ahead of the U.S. midterm elections in November. The company said a hacking group linked to Russia’s government had created fake Internet domains in order to mimic the websites of two conservative Washington-based think tanks that have been critical of the Kremlin — the Hudson Institute and the International Republican Institute. It said the Russian hackers also created three fake domains designed to look as if they belonged to the U.S. Senate.

  • Election security bill without paper records and risk limiting audits? No way.

    The Senate is working on a bill to secure election infrastructure against cybersecurity threats, but, unless amended, it will widely miss the mark. The current text of the Secure Elections Act omits the two most effective measures that could secure our elections: paper records and automatic risk limiting audits.

  • Lawmaker demands answers about Russian cyberattacks on electric utilities

    In July, the Wall Street Journal reported that in 2016 and 2017, hackers backed by the Russian government successfully penetrated the U.S. electric grid through hundreds of power companies and third-party vendors. Russian hackers gained access to control rooms, putting them in a position to disrupt U.S. power flow.

  • Dark shadow on computer security

    Researchers have uncovered Foreshadow, a new variant of the hardware vulnerability Meltdown announced earlier in the year, that can be exploited to bypass Intel Processors’ secure regions to access memory and data. The vulnerability affects Intel’s Software Guard Extension (SGX) technology, a new feature in modern Intel CPUs which allows computers to protect users’ data in a secure ‘fortress’ even if the entire system falls under an attacker’s control.

  • More efficient security for cloud-based machine learning

    A novel encryption method devised by MIT researchers secures data used in online neural networks, without dramatically slowing their runtimes. This approach, a combination based on two encryption techniques,  holds promise for using cloud-based neural networks for medical-image analysis and other applications that use sensitive data.