• How Secure Are 4- and 6-Digit Mobile Phone PINs

    Apple and Android implement a number of measures to protect their users’ devices. An international team of IT security experts has investigated how useful they are. They found that six-digit PINs actually provide little more security than four-digit ones. They also showed that the blacklist used by Apple to prevent particularly frequent PINs could be optimized and that it would make even greater sense to implement one on Android devices.

  • Time for Regulators to Take Cyber Insurance Seriously

    In April 1997, Steven Haase and some of his colleagues in the insurance industry hosted a “Breach on the Beach” party at the International Risk Insurance Management Society’s annual convention in Honolulu to launch the first ever cyber-insurance policy. Josephine Wolff writes that it would be years, still, before cyber insurance would generate sufficiently significant sales numbers to attract the interest of most major insurers and their customers. More than two decades later, cyber insurance has expanded into a multibillion-dollar global business, with 528 U.S. insurance firms reporting that they offered cyber-specific policies in 2018.

  • Cyberexperts Step in As Criminals Seek to Exploit Coronavirus Fears

    Experts from the National Cyber Security Center have revealed a range of attacks being perpetrated online as cyber criminals seek to exploit COVID-19. Techniques seen since the start of the year include bogus emails with links claiming to have important updates, which once clicked on lead to devices being infected.

  • Vulnerabilities of Password Managers

    Security experts recommend using a complex, random and unique password for every online account, but remembering them all would be a challenging task. That’s where password managers come in handy. Some commercial password managers, however, may be vulnerable to cyber-attack by fake apps, new research suggests.

  • “Speed and Agility,” “Layered Cyber Deterrence” to Bolster American Cyber Defenses

    The Cyberspace Solarium Commission (CSC) the other day released its report on how to best protect the nation’s critical infrastructure from a cyberattack of significant consequence. In the report, the CSC lays out a comprehensive strategy to restore deterrence in cyberspace and provides extensive policy and legislative actions to enable this strategy. The report lays out more than 75 recommendations to improve the cybersecurity of U.S. critical infrastructure and recommends a strategy of “layered cyber deterrence” that seeks to shape behavior in cyberspace, deny benefits to adversaries who would seek to exploit cyberspace to their advantage, and impose costs against those who would nonetheless choose to target America in and through cyberspace.

  • Next Generation 911 Services Vulnerable to Cyberattacks

    Despite a previous warning by Ben-Gurion University of the Negev (BGU) researchers, who exposed vulnerabilities in 911 systems due to distributed denial of service attacks (DDoS), the next generation of 911 systems that now accommodate text, images and video still have the same or more severe issues.

  • Why the 2020 Election Will Be A Mess, Part II: Beyond Russian Disinformation

    In 2016, an effective Russian disinformation campaign helped Donald Trump win the presidential election. What would the next iteration of Russia’s effort look like? Alex Finley, Asha Rangappa, and John Sipher write that an influence campaign “is only one piece of Russia’s larger use of political warfare. Russia’s full active-measures toolkit—one that goes back to the Soviet Union’s KGB—includes subversion, espionage, sabotage, propaganda, deception, provocation, spreading of rumors and conspiracy, weaponization of social media, and even assassination and promotion of violence.” The three authors write that a look at Russia’s actions in Europe and past practice “suggests the United States should prepare for the worst.”

  • “Internet of Things” Could Be an Unseen Threat to Elections

    The app failure that led to a chaotic 2020 Iowa caucus was a reminder of how vulnerable the democratic process is to technological problems – even without any malicious outside intervention. Far more sophisticated foreign hacking continues to try to disrupt democracy, as a rare joint federal agency warning advised prior to Super Tuesday. Russia’s attempt to interfere in the 2016 election has already revealed how this could happen: social media disinformation, email hacking and probing of voter registration systems. The threats to the 2020 election may be even more insidious.

  • Judge Rebukes Barr’s Handling of Mueller Report

    U.S. District Judge Reggie Walton Thursday sharply criticized the way Attorney General William Barr handled the Special Counsel Robert Mueller’s Russia report, saying Barr had made “misleading public statements” to spin the investigation’s findings in favor of President Donald Trump. AP reports that the scolding from the judge was unusually blunt, with the judge saying that “he struggled to reconcile Barr’s public characterizations of the report — which included his statement that Mueller found ‘no collusion’ between the Trump campaign and Russia — with what the document actually said.”

  • No Foreign Meddling in Super Tuesday Primaries: U.S. Officials

    U.S. voters who headed to the polls to cast ballots in Super Tuesday primaries encountered scattered problems, some causing long lines or delays, but nothing that could be attributed to foreign interference, U.S. officials said. As a precaution, U.S. security and intelligence officials warned voters Monday to expect foreign actors to try to sway their views as they prepared to vote in key presidential primaries. The U.S. intelligence community, and the exhaustive Mueller investigation, found incontrovertible evidence that Russia engaged in a broad and successful campaign to help Donald Trump win the 2016 election. Earlier Tuesday, acting DHS Secretary Chad Wolf told lawmakers that the threat, whether it manifested during Tuesday’s primary elections or during the general election in November, is growing. “We see an ongoing influence campaign by Russia,” he said, adding “We would not be surprised if other adversaries are not also looking at what they’re doing.”

  • Understanding Russian Subversion

    Since 2014, Russia has undertaken a wide range of subversive activities intended to influence the domestic politics of the United States, its partners, and its allies. A new RAND study synthesizes previous work, discussing what Russian subversion is and the capabilities Russia uses to undertake it today.

  • Bipartisan Bill Would Reimburse Telcoms for Replacing Huawei’s, ZTE’s Equipment

    New bipartisan legislation aims to protect American communications networks from threats presented by foreign suppliers like Huawei and ZTE. The “rip and replace” part of the legislation would offer relief to reimburse smaller telecommunications providers – largely in rural areas – by reimbursing them for the costs of removing and replacing untrusted foreign equipment.

  • “Surfing Attack” Hacks Siri, Google with Ultrasonic Waves

    Ultrasonic waves don’t make a sound, but they can still activate Siri on your cellphone and have it make calls, take images or read the contents of a text to a stranger. All without the phone owner’s knowledge.

  • For Better Cybersecurity, New Tool Fools Hackers into Sharing Keys

    Instead of blocking hackers, a new cybersecurity defense approach actually welcomes them. The method, called DEEP-Dig (DEcEPtion DIGging), ushers intruders into a decoy site so the computer can learn from hackers’ tactics. The information is then used to train the computer to recognize and stop future attacks.

  • Protecting Sensitive Metadata So It Cannot Be Used for Surveillance

    MIT researchers have designed a scalable system that secures the metadata of millions of users in communications networks, to help protect the information against possible state-level surveillance. The system ensures hackers eavesdropping on large networks cannot find out who is communicating and when they’re doing so.