• Scientists: No Credible Evidence of Computer Fraud in the 2020 Election Outcome

    “Anyone asserting that a U.S. election was ‘rigged’ is making an extraordinary claim, one that must be supported by persuasive and verifiable evidence. Merely citing the existence of technical flaws does not establish that an attack occurred, much less that it altered an election outcome. It is simply speculation,” 59 top U.S. computer scientists and election security experts write in an open letter. “We are aware of alarming assertions being made that the 2020 election was ‘rigged’ by exploiting technical vulnerabilities. However, in every case of which we are aware, these claims either have been unsubstantiated or are technically incoherent. To our collective knowledge, no credible evidence has been put forth that supports a conclusion that the 2020 election outcome in any state has been altered through technical compromise.”

  • Trump Fires Security Chief Who Said 2020 Vote Was “Most Secure” in U.S. History

    Barely two weeks after the polls closed in an election he is now projected to lose, President Donald Trump took to Twitter to fire CISA’s director Christopher Krebs, the official responsible for spearheading efforts to secure the vote. Since the 3 November election, Trump, his campaign, and some of his supporters have issued a continuous stream of allegations about the integrity of the election, but evidence of massive voter fraud or other irregularities on a scale necessary to swing the election in Trump’s favor has not materialized. Late last Thursday, a coalition of federal and state officials, including CISA, further rejected the allegations as baseless. Krebs himself had also taken an active role in debunking rumors and unfounded allegations in the days and weeks following the election, taking to Twitter to dismiss some conspiracy theories as “nonsense.”

  • The China Initiative: Year-in-Review

    On the two-year anniversary of the Department of Justice’s China Initiative, the Department said it continues its focus on the Initiative’s goals, and announced progress during the past year in disrupting and deterring the wide range of national security threats posed by the policies and practices of the People’s Republic of China (PRC) government.

  • Your Smart Watch May Be Sharing Your Data

    You may not realize it, but your internet-connected household devices such as the Ring doorbell, Peloton exercise bike and Nest thermostat are all exchanging data with other devices and systems over the network. These physical objects, all part of the Internet of Things (IoT), come with sensors and software, and they often use cloud computing. Most people would consider the information contained in these household items as highly private.

  • When to Worry, When to Not, and the Takeaway from Antrim County, Michigan

    Everyone wants an election that is secure and reliable. With technology in the mix, making sure that the technology supports this is critical. The Electronic Frontier Foundation (EFF) has long-warned against blindly adopting technologies that can be easily manipulated or fail without having systems in place to test, secure, and catch problems, including through risk limiting audits. At the same time, not every problem is worth pulling the fire alarm about—we have to look at the bigger story and context.  And we have to stand down when our worst fears turn out to be unfounded.

  • New Tool Detects Unsafe Security Practices in Android Apps

    Computer scientists have shown for the first time that it is possible to analyze how thousands of Android apps use cryptography without needing to have the apps’ actual codes. Open-source CRYLOGGER is the first tool that detects cryptographic misuses by running the Android app instead of analyzing its code.

  • World's Fastest Open-Source Intrusion Detection Is Here

    Intrusion detection systems are the invisible intelligence agencies in computer networks. They scan every packet of data that is passed through the network, looking for signs of any one of the tens of thousands of different types of cyberattacks they’re aware of. A newly developed intrusion detection system achieves speeds of 100 gigabits per second using a single server.

  • Plenty More Phish: Why Employees Fall for Scams and What Companies Can Do about It

    Preventive countermeasures to phishing emails may actually increase the likelihood of employees falling for such scams, a new academic study reveals. Protective controls, such as email proxy, anti-malware and anti-phishing technologies, can give employees a false sense of security, causing them to drop their vigilance because they incorrectly assume such measures intercept all phishing emails before they reach their inbox.

  • New Cyber Technologies Protect Utility Energy Delivery Systems

    Researchers are taking new approaches to solve cybersecurity vulnerabilities for utilities and other industries that use process control technologies. These connected devices are used in operational technology settings and tend to be more vulnerable to cyberattacks than information technology equipment. The software identifies and mitigates vulnerabilities in operational technologies.

  • Recent Congressional Testimony: Worldwide Threats to the Homeland

    Two weeks ago, FBI Director Christopher Wray testified about “Worldwide Threats to the Homeland” to the House Committee on Homeland Security. Wray acknowledges the “unique and unprecedented challenges” brought about by COVID-19, as well as important “aggressive and sophisticated threats on many fronts,” but in his opening statement he focuses on five main topics: cyber, China, lawful access, election security, and counterterrorism.

  • Four Years Since the Mirai-Dyn Attack: Is the Internet Safer?

    On 21 October 2016, millions of household IoT devices were infected with the malware Mirai and instructed to send data requests to Dyn, a widely used Domain Name Server (DNS) that acts like a switchboard for the Internet. This tidal wave of requests crashed over 175,000 domains—including Twitter, PayPal, and other web giants—for several hours, affecting tens of millions of users. Four years later, is the Internet more resilient?

  • Safeguarding the Nation’s Supercomputers

    Researchers have developed a system to ferret out questionable use of high-performance computing (HPC) systems within the U.S. Department of Energy (DOE). As HPC systems become more powerful—arguably the most sophisticated and largest systems in the world—they are under potential threat by attackers seeking to run malicious software.

  • U.S. Bracing for Attacks Before and After Election Day

    U.S. intelligence officials have already confirmed attacks on the election have been underway for some time, with Russia, China and Iran all waging operations designed to influence the way voters cast their ballots. And more recently, intelligence officials warned that Russia and Iran managed to acquire voter registration data while hacking into U.S. databases. In another significant difference from the 2016 and 2018 elections, intelligence and election security officials warn that, this time, the assault on the election will not end when the polls close. Instead, they say the attacks will persist, likely until at least the presidential inauguration on January 20, 2021.

  • Ransomware Can Interfere with Elections and Fuel Disinformation – Basic Cybersecurity Precautions Are Key to Minimizing the Damage

    Government computer systems in Hall County, Georgia, including a voter signature database, were hit by a ransomware attack earlier this fall in the first known ransomware attack on election infrastructure during the 2020 presidential election. Thankfully, county officials reported that the voting process for its citizens was not disrupted. Attacks like these underscore the challenges that cybersecurity experts face daily – and which loom over the upcoming election. As a cybersecurity professional and researcher, I can attest that there is no silver bullet for defeating cyber threats like ransomware. Rather, defending against them comes down to the actions of thousands of IT staff and millions of computer users in organizations large and small across the country by embracing and applying the basic good computing practices and IT procedures that have been promoted for years.

  • Will Russia influence the American vote?

    U.S. voters should prepare for strange and unexpected forms of information warfare that manipulate, distort or destroy election-related information between now and Election Day – and perhaps beyond that, depending on whether there are questions about who may have won the presidency. Since 2016, Americans have learned that foreign interests attempt to affect the outcomes of presidential elections, including with social media postings and television ads. As a scholar of Russian cyber operations, I know other nations, and Russia in particular, will go to extreme measures to influence people and destabilize democracy in the U.S. and elsewhere.