• Potential threat to speech privacy via smartphone motion sensors

    Could smartphone motion sensors be used by cybercriminals to record speech? It is a question that many academic and industry researchers are working to answer in order to ward off this kind of malicious use before it happens. Recent studies suggest security flaws and sensitivities to low-frequency audio signals, such as human speech, in accelerometers and gyroscopes could allow cybercriminals to collect confidential information such as credit card numbers and Social Security numbers as users speak into or near a mobile device.

  • Connected cars vulnerable to cyberthreats

    Connected cars could be as vulnerable to cyberattack as the smartphone in your hand or the personal computer on your desktop, according to a new study from the U.K.“Connected cars are no different from other nodes on the internet of things and face many of the same generic cybersecurity threats,” the team reports.

  • Why some claim credit for cyberattacks – and some don’t

    The decision to claim credit for a cyberattack on a government or institution depends on both the goals of the attack and the characteristics of the attacker, according to a new study, which is one of the first to look into the voluntary claiming of cybersecurity operations. The researchers note that whether or not the originator of the cyberattack wished to claim credit for it, advances in cybersecurity improve the ability of government and law enforcement agencies to track hackers.

  • Kaspersky to halt cooperation with Europe to fight cybercrime

    Russia’s Kaspersky Lab says it will no longer cooperate on several European cybercrime-fighting initiatives after the European Parliament moved to ban its antivirus software. The United States and a number of European countries have accused Kaspersky of having ties to the Kremlin and Russian intelligence services. The U.S. Department of Homeland Security last year ordered the country’s agencies using Kaspersky products to remove and replace them with other approved software within 90 days.

  • Why 50,000 ships are so vulnerable to cyberattacks

    The 50,000 ships sailing the sea at any one time have joined an ever-expanding list of objects that can be hacked. Cybersecurity experts recently displayed how easy it was to break into a ship’s navigational equipment. This comes only a few years after researchers showed that they could fool the GPS of a superyacht into altering course. Once upon a time objects such as cars, toasters and tugboats only did what they were originally designed to do. Today the problem is that they all also talk to the internet. The maritime industry is undoubtedly behind other transportation sectors, such as aerospace, in cybersecurity terms. There also seems to be a lack of urgency to get the house in order. So the maritime industry seems particularly ill-equipped to deal with future challenges, such as the cybersecurity of fully autonomous vessels.

  • Novel transmitter protects wireless data from hackers

    Today, more than eight billion devices are connected around the world, forming an “internet of things” that includes medical devices, wearables, vehicles, and smart household and city technologies. By 2020, experts estimate that number will rise to more than twenty billion devices, all uploading and sharing data online. But those devices are vulnerable to hacker attacks that locate, intercept, and overwrite the data, jamming signals and generally wreaking havoc. A novel device uses ultrafast “frequency hopping” and data encryption to protect signals from being intercepted and jammed.

  • Atlantic Council launches a website to track Russian disinformation

    The Atlantic Council yesterday launched a new webpage – DisinfoPortal.org – an interactive online guide to track the Kremlin’s disinformation campaigns abroad. The portal brings together 23 top organizations and more than 80 experts fighting Russian disinformation in the United States and Europe. “It’s time to stop ‘admiring the problem’ of Russian disinformation and start fighting back, using the tools of democratic societies to counter the autocrat’s playbook,” said Ambassador Daniel Fried of the Atlantic Council.

  • Synack launches a pro bono Secure the Election initiative

    Redwood City, California-based cybersecurity firm Synack has launched the Secure the Election initiative, a pro bono campaign to help states secure voting systems before 2018 Midterm elections. Other cybersecurity companies have been in touch with states about offering free, or reduced price, services to help secure elections.

  • Increased IT security at hospitals does not equal fewer cyberattacks, breaches

    The Verizon Data Breach report indicates the health care sector is the top target for cyberattacks. And, as hospitals do more to guard against attacks, it’s not necessarily translating into fewer data breaches, according to new research. Researchers found that the increased use of information technology security systems by hospitals did not equal fewer breaches, contrary to predictions.

  • Corporate data collection and U.S. national security: Expanding the conversation in an era of nation state cyber aggression

    What has the Russia investigation revealed about risks inherent in mass private data collection? Carrie Cordero writes that one thing we learned from the Russia investigation is that we may be framing the conversation about corporate data collection too narrowly. “Based on what we have learned publicly so far about the Russian election interference, it is worth pausing to reflect on the national security implications of corporate data collection and aggregation as it relates to the collection of individual, private citizens’ data,” she says. “Although the Senate Select Committee on Intelligence (SSCI) and special counsel investigations are not yet complete, we know enough already about Russia’s interference in the 2016 election to understand that data collected from private companies and organizations can be accessed, exposed and potentially misused in a way that is harmful to the country’s institutional stability. At the very least, its misuse sows distrust and confusion. At worst, it shreds the institutional and societal fabric that holds the country together.”

  • World Cup 2018: British intelligence briefs players, staff on Russian cyberthreats

    The U.K. Football Association (FA) said it was taking cybersecurity seriously this summer – the Soccer World Cup tournament will be held in Russia from 15 June to 15 July — and will be taking advice from the National Cyber Security Center (NCSC) at the GCHQ (the British equivalent of the U.S. NSA). The England team will be briefed by GCHQ staff before flying out to the World Cup to help them stay safe from Russian hackers.

  • Hacker accused of aiding Russian spies in massive breach gets prison

    A Kazakh-born computer hacker who U.S. prosecutors say unwittingly worked with a Russian spy agency in a massive Yahoo data breach has been sentenced to five years in prison. Karim Baratov was named in an indictment last year that charged two Russian spies with orchestrating the 2014 Yahoo breach involving 500 million users — one of the largest breaches at any Internet company.

  • Internet of Things: when objects threaten national security

    We all know personal devices can be hacked, but a whole country’s security could be at risk too. With the rise of the so-called Internet of Things (IoT), and against the backdrop of cyberwarfare, digital surveillance and digital subversion, the risk to national security is increasing. Earlier this year the head of the UK National Cyber Security Centre publicly stated that a major cyber-attack on the country’s essential services was a question of “when, not if.”

  • Failing to keep pace: The cyber threat and its implications for our privacy laws

    “The time has come — indeed, if it has not already passed — to think seriously about some fundamental questions with respect to our reliance on cyber technologies: How much connected technology do we really want in our daily lives? Do we want the adoption of new connected technologies to be driven purely by innovation and market forces, or should we impose some regulatory constraints?” asked NSA General Counsel Glenn Gerstell in a Wednesday presentation at Georgetown University. “Although we continue to forge ahead in the development of new connected technologies, it is clear that the legal framework underpinning those technologies has not kept pace. Despite our reliance on the internet and connected technologies, we simply haven’t confronted, as a U.S. society, what it means to have privacy in a digital age.”

  • Russia’s active measures architecture: Task and purpose

    Russia’s latest iteration of the Soviet-era tactic of “active measures” has mesmerized Western audiences and become the topic de jour for national security analysts. In my last post, I focused on the Kremlin’s campaign to influence the U.S. elections from 2014 to 2016 through the integration of offensive cyber hacking, overt propaganda, and covert social media personas In this post, I focus on the elements of Russia’s national power that execute active measures abroad.