• Cyberattacks and the Constitution

    The United States has one of the world’s strongest and most sophisticated capabilities to launch cyberattacks against adversaries. How does the U.S. Constitution allocate power to use that capability? And, Matthew Waxman asks, what does that allocation tell us about appropriate executive-legislative branch arrangements for setting and implementing cyber strategy?

  • New Tool Detects Unsafe Security Practices in Android Apps

    Computer scientists have shown for the first time that it is possible to analyze how thousands of Android apps use cryptography without needing to have the apps’ actual codes. Open-source CRYLOGGER is the first tool that detects cryptographic misuses by running the Android app instead of analyzing its code.

  • Election Security 2020: Why Did Things Go Right This Time?

    In the weeks leading up to the 2020 presidential election, the U.S. government and technology companies took several steps to safeguard election security in cyberspace, focusing their efforts on disinformation and cyberattacks. Although there were a handful of incidents, none compromised the integrity of the election, and Election Day passed without any major disruption. Why did things go right this time? A combination of government and private sector action motivated by the lessons of the 2016 and 2018 elections. Still, as the vote count continues, disinformation remains a real threat.

  • Extremism Gab Remains Extremists' Online Destination of Choice

    Two years ago, white supremacist Robert Bowers killed eleven people at the Tree of Life synagogue in Pittsburgh after posting antisemitic, anti-immigrant rants on Gab. Today, supported by a founder who encourages hate speech, the social media site appears to be gaining traction among far-right extremists, including white supremacists: Sixty percent of the 47 far-right extremist groups currently on Gab were created this year.

  • World's Fastest Open-Source Intrusion Detection Is Here

    Intrusion detection systems are the invisible intelligence agencies in computer networks. They scan every packet of data that is passed through the network, looking for signs of any one of the tens of thousands of different types of cyberattacks they’re aware of. A newly developed intrusion detection system achieves speeds of 100 gigabits per second using a single server.

  • Tricking Fake News Detectors with Malicious User Comments

    Fake news detectors, which have been deployed by social media platforms like Twitter and Facebook to add warnings to misleading posts, have traditionally flagged online articles as false based on the story’s headline or content. However, recent approaches have considered other signals, such as network features and user engagements, in addition to the story’s content to boost their accuracies.

  • Plenty More Phish: Why Employees Fall for Scams and What Companies Can Do about It

    Preventive countermeasures to phishing emails may actually increase the likelihood of employees falling for such scams, a new academic study reveals. Protective controls, such as email proxy, anti-malware and anti-phishing technologies, can give employees a false sense of security, causing them to drop their vigilance because they incorrectly assume such measures intercept all phishing emails before they reach their inbox.

  • Six Disinformation Threats in the Post-Election Period

    The problem of disinformation in the run-up to the 2020 election is well covered in the news media. Justin Hendrix writes that what hasn’t been as widely covered is the disinformation campaigns that will likely come right after Americans vote on 3 November.

  • New Cyber Technologies Protect Utility Energy Delivery Systems

    Researchers are taking new approaches to solve cybersecurity vulnerabilities for utilities and other industries that use process control technologies. These connected devices are used in operational technology settings and tend to be more vulnerable to cyberattacks than information technology equipment. The software identifies and mitigates vulnerabilities in operational technologies.

  • Understanding, and Countering, Information Operations

    In recent years, a growing number of governments, non-state actors, and citizens have rapidly expanded their use of pernicious information operations against other countries and even their fellow citizens. Social media and the internet have become the main tool. The current technological revolution has lowered the cost of entry for those wishing to spread misinformation and disinformation.

  • Election 2020 Chatter on Twitter Busy with Bots and Conspiracy Theorists

    Bots and conspiracy theorists have infested the Twitter chatter around the upcoming U.S. presidential election, researchers have found. Looking at more than 240 million election-related tweets, the study found that thousands of automated accounts, known as bots, had posted tweets about President Donald Trump, his Democratic opponent former Vice President Joe Biden and both of their campaigns.

  • Recent Congressional Testimony: Worldwide Threats to the Homeland

    Two weeks ago, FBI Director Christopher Wray testified about “Worldwide Threats to the Homeland” to the House Committee on Homeland Security. Wray acknowledges the “unique and unprecedented challenges” brought about by COVID-19, as well as important “aggressive and sophisticated threats on many fronts,” but in his opening statement he focuses on five main topics: cyber, China, lawful access, election security, and counterterrorism.

  • Four Years Since the Mirai-Dyn Attack: Is the Internet Safer?

    On 21 October 2016, millions of household IoT devices were infected with the malware Mirai and instructed to send data requests to Dyn, a widely used Domain Name Server (DNS) that acts like a switchboard for the Internet. This tidal wave of requests crashed over 175,000 domains—including Twitter, PayPal, and other web giants—for several hours, affecting tens of millions of users. Four years later, is the Internet more resilient?

  • Safeguarding the Nation’s Supercomputers

    Researchers have developed a system to ferret out questionable use of high-performance computing (HPC) systems within the U.S. Department of Energy (DOE). As HPC systems become more powerful—arguably the most sophisticated and largest systems in the world—they are under potential threat by attackers seeking to run malicious software.

  • U.S. Bracing for Attacks Before and After Election Day

    U.S. intelligence officials have already confirmed attacks on the election have been underway for some time, with Russia, China and Iran all waging operations designed to influence the way voters cast their ballots. And more recently, intelligence officials warned that Russia and Iran managed to acquire voter registration data while hacking into U.S. databases. In another significant difference from the 2016 and 2018 elections, intelligence and election security officials warn that, this time, the assault on the election will not end when the polls close. Instead, they say the attacks will persist, likely until at least the presidential inauguration on January 20, 2021.