• Addressing election privacy and security

    Data-driven campaigns and computerized election infrastructure have raised serious concerns regarding election privacy and security. As more political activity touches the digital realm, there exists a real potential for these issues to influence voting, compromise election activities, and alter core democratic norms. Through a new grant from Democracy Fund, the Center for Democracy & Technology (CDT) will conduct a two-year research project aimed at addressing key election cybersecurity issues, such as voter registration and campaign data management.

  • Clear tactics, if only few easy solutions, for hospitals tackling ransomware

    Hospitals facing the prospect of ransomware attacks like the one that afflicted British hospitals in May can take many concrete steps to better protect themselves, but some of the most important measures — such as a national policy not to pay ransoms — may be tougher to formulate.

  • Using infrared light to hack security cameras

    Researchers have demonstrated that security cameras infected with malware can receive covert signals and leak sensitive information from the very same surveillance devices used to protect facilities. The method, according to researchers, will work on both professional and home security cameras, and even LED doorbells, which can detect infrared light (IR) that is not visible to the human eye.

  • Strengthening the cybersecurity of the grid

    As the U.S. electricity grid continues to modernize, it will mean things like better reliability and resilience, lower environmental impacts, greater integration of renewable energy, as well as new computing and communications technologies to monitor and manage the increasing number of devices that connect to the grid. However, that enhanced connectivity for grid operators and consumers also opens the door to potential cyber intrusions. New project aims to mitigate vulnerabilities introduced by rooftop solar panels integrated with the grid.

  • Reddit examined for “coordinated” Russian effort to distribute false news

    A spokesperson for Senator Mark Warner (D-Virginia), the ranking Democrat on the Senate intelligence committee, said that Reddit could join Facebook and Twitter as a target for federal investigators exploring the Russian government’s campaign to help Donald Trump win the 2016 presidential election. Oxford University experts examining patterns of news dissemination on Reddit said that they found “coordinated information campaigns” and found “patterns on the site which suggested a deliberate effort to distribute false news.”

  • Anwar al-Awlaki’s sermons, lectures still accessible on YouTube

    Anwar al-Awlaki, the U.S.-born leader of external operations for al-Qaeda in the Arabian Peninsula (AQAP), was targeted and killed by a U.S. drone strike on 30 September 2011. Yet, six years later, Awlaki continues to radicalize and inspire Westerners to terror, due to the ongoing presence and availability of his lectures online, including on YouTube. As of 30 August 2017, a search for Anwar al-Awlaki on YouTube yielded more than 70,000 results, including his most incendiary lectures.

  • Voting-roll vulnerability

    For as little as a few thousand dollars, online attackers can purchase enough personal information to perhaps alter voter registration information in as many as thirty-five states and the District of Columbia, according to a new study. The vulnerability could be exploited by internet attackers attempting to disenfranchise many voters where registration information can be changed online. Armed with personal information obtained through legitimate or illegitimate sources, hackers could learn enough to impersonate voters and change key information using the online registration systems.

  • Using game theory to predict cyberattacks on elections and voting machines

    A Vanderbilt University game theory expert has been researching how and why someone would want to tamper with an election and then developing an algorithm to protect against those efforts. “With increased use of electronic voting machines, it’s more important to consider why someone would attack them, what it would accomplish and how to address that,” the expert says.

  • Forget login, fingerprint, or retinal scan: Your heart is the new identifier.

    Forget fingerprint computer identification or retinal scanning. Researchers have developed a computer security system using the dimensions of your heart as your identifier. The system uses low-level Doppler radar to measure your heart, and then continually monitors your heart to make sure no one else has stepped in to run your computer. This new non-contact, remote biometric tool could be the next advance in computer security.

  • How does your cellphone know whether your finger is real or a fake?

    Do you know how safe it is to use your finger as a security login? And have you wondered how your cell phone knows if your finger is real or a fake? Researchers are working to answer these questions and solve the biggest problems facing fingerprint recognition systems today: how secure they are and how to determine whether the finger being used is actually a human finger.

  • Breaking nuclear deal could bring hacking onslaught from Iran

    If the Trump administration discarded the nuclear deal with Iran, Tehran could retaliate quickly – and inflict considerable damage – by unleashing its increasingly aggressive Iranian hacker army. Cyber-experts who track Tehran’s hackers warn that the attacks might target U.S. power plants, hospitals, airports, and other components of the country’s critical infrastructure. Iran’s current hacking against Western targets is limited almost entirely to commercial espionage and dissident surveillance, but Teheran could quickly redirect its efforts in the event of a rupture of the nuclear pact.

  • Election systems of 21 states targeted by Russian government hackers ahead of 2016 election: DHS

    More revelations about the scope of the Russian government’s cyber-campaign on behalf of Donald Trump in the November 2016 presidential election came to light Friday afternoon, when DHS officials called election officials in twenty-one states to inform them that their states’ election systems had been targeted by Russian government hackers trying to influence the U.S. presidential election. Among the states whose election systems were targeted by Russian government operatives: Alabama, Arizona, Colorado, Connecticut, Illinois, Iowa, Maryland, Minnesota, Ohio, Oklahoma, Pennsylvania, Virginia, Washington, and Wisconsin.

  • Equifax breach is a reminder of society’s larger cybersecurity problems

    The Equifax data breach was yet another cybersecurity incident involving the theft of significant personal data from a large company. Moreover, it is another reminder that the modern world depends on critical systems, networks and data repositories that are not as secure as they should be. And it signals that these data breaches will continue until society as a whole (industry, government and individual users) is able to objectively assess and improve cybersecurity procedures. We all must take a realistic look at the state of cybersecurity, admit the mistakes that have happened and change our thinking for the better. Only then can anyone – much less everyone – take on the task of devoting time, money and personnel to making the necessary changes for meaningful security improvements. It will take a long time, and will require inconvenience and hard work. But it’s the only way forward.

  • The security of fitness trackers could – and should – be improved

    The security of wearable fitness trackers could be improved to better protect users’ personal data, a new study suggests. Vulnerabilities in the devices – which track heart rate, steps taken and calories burned – could threaten the privacy and security of the data they record, scientists say.

  • Can taking down websites really stop terrorists and hate groups?

    Racists and terrorists, and many other extremists, have used the internet for decades and adapted as technology evolved, shifting from text-only discussion forums to elaborate and interactive websites, custom-built secure messaging systems and even entire social media platforms. Recent efforts to deny these groups online platforms will not kick hate groups, nor hate speech, off the web. In fact, some scholars theorize that attempts to shut down hate speech online may cause a backlash, worsening the problem and making hate groups more attractive to marginalized and stigmatized people, groups, and movements. The tech industry, law enforcement, and policymakers must develop a more measured and coordinated approach to the removal of extremist and terrorist content online. The only way to really eliminate this kind of online content is to decrease the number of people who support it.