• Russia used Facebook events to organize anti-immigrant rallies on U.S. soil

    Shaping the minds of Americans by leaking hacked emails and pushing fake news was just one component of the Russian campaign to subvert American democracy and institutions. Russian government agents went a step further by trying to create behavior change. Hiding behind false identities, these Russian government operatives used Facebook’s event-management tool remotely to organize and promote political protests in the United States.

  • Western energy sector target of sophisticated attack by Russian-linked group Dragonfly

    The energy sector in Europe and North America is being targeted by a new wave of cyberattacks that could provide attackers with the means to severely disrupt affected operations. The group behind these attacks is known as Dragonfly. The group has been in operation since at least 2011 but has re-emerged over the past two years from a quiet period following exposure by Symantec and a number of other researchers in 2014. This “Dragonfly 2.0” campaign, which appears to have begun in late 2015, shares tactics and tools used in earlier campaigns by the group.

  • Equifax breach will haunt Americans for decades

    Cyberexperts say that the Equifax giant cybersecurity breach which compromised the personal information of as many as 143 million Americans — almost half the country – will have long-term consequences for many Americans. Looking ahead, for decades almost 50 percent of the U.S. population will have trouble applying for home loans, credit cards, cell phones, or simply passing background checks.

  • S&T awards $8.6 million for enhancing security of mobile apps for the government

    DHS S&T has awarded funding to five R&D projects that will enhance the secure use of mobile applications for the federal government. These Mobile Application Security (MAS) R&D projects focus on continuous validation and threat protection for mobile apps and integrating security throughout the mobile app lifecycle.

  • Russia’s fake Americans

    It is commonly believed that Russia’s interference in the 2016 presidential campaign consisted mainly of the hacking and leaking of Democratic emails and unfavorable stories circulated abroad about Hillary Clinton. A startling new report by the New York Times, and new research by the cybersecurity firm FireEye, now reveal that the Kremlin’s stealth intrusion into the election was far broader and more complex, involving a cyber-army of bloggers posing as Americans and spreading propaganda and disinformation to an American electorate on Facebook, Twitter, and other platforms. The Russian social media scheming is further evidence of what amounted to unprecedented foreign invasion of American democracy. If President Trump and Congress are not outraged by this, American voters should ask why.

  • Russia’s broad cyber campaign to undermine Western democracies

    Russia was successful in its disinformation and hacking campaign to help Donald Trump win the November 2016 U.S. presidential election, but the Alliance for Securing Democracy notes that the Russian subversion of the U.S. electoral process was only one of many such attempts, and that it offers an example for the challenges global democracy faces. Russia has interfered in the affairs of at least twenty-seven European and North American countries since 2004, using cyberattacks and disinformation campaigns to subvert and undermine the political systems of these countries.

  • Gregory Falco: Protecting urban infrastructure against cyberterrorism

    While working for the global management consulting company Accenture, Gregory Falco discovered just how vulnerable the technologies underlying smart cities and the “internet of things” — everyday devices that are connected to the internet or a network — are to cyberterrorism attacks. His focus is on cybersecurity for urban critical infrastructure, and the internet of things, or IoT, is at the center of his work. A washing machine, for example, that is connected to an app on its owner’s smartphone is considered part of the IoT. There are billions of IoT devices that don’t have traditional security software because they’re built with small amounts of memory and low-power processors. This makes these devices susceptible to cyberattacks and may provide a gate for hackers to breach other devices on the same network.

  • U.S. needs stronger response to Russian interference in presidential election: Expert

    One of the greatest threats to the United States, Alexander Hamilton said in Federalist Paper #68, was “the desire in foreign powers to gain an improper ascendant in our councils” — “by raising a creature of their own to the chief magistracy of the Union.” John Cohen, former principal deputy undersecretary for intelligence and analysis at DHS, says that Russia’s meddling in the 2016 presidential election shows how prescient Hamilton was. “During my entire career in homeland security, counter-intelligence and law enforcement, I have not seen a greater existential threat to America’s sovereignty and national security,” he says. “That so many political partisans appear so willing to overlook this threat is alarming – and reflects the national division that may have been one of the goals of the Russian campaign.”

  • New methods defeat cyberattacks on 3D printers

    With cyberattacks on 3D printers likely to threaten health and safety, researchers have developed novel methods to combat them, according to a groundbreaking study. Among several unique techniques, the researchers are using cancer imaging techniques to detect intrusions and hacking of 3D printer controllers.

  • USB connections less secure than has been thought

    USB connections, the most common interface used globally to connect external devices to computers, are vulnerable to information “leakage,” making them even less secure than has been thought. Researchers tested more than 50 different computers and external USB hubs and found that over 90 percent of them leaked information to an external USB device.

  • Cybercriminals are not as “anonymous” as we think

    Understanding a cybercriminal’s backstory - where they live, what they do and who they know, is key to cracking cybercrime. Online crime is of course online, but there is also a surprisingly strong offline and local dimension. Cybercriminals are often seen as faceless, international, computer masterminds, who are almost impossible to identify or understand as a result. But contextualizing their threat and motivations is key to stopping them.

  • DNA sequencing tools vulnerable to cybersecurity risks

    Rapid improvement in DNA sequencing has sparked a proliferation of medical and genetic tests that promise to reveal everything from one’s ancestry to fitness levels to microorganisms that live in your gut. A new study finds evidence of poor computer security practices used throughout the field. Researchers have also demonstrated for the first time that it is possible — though still challenging — to compromise a computer system with a malicious computer code stored in synthetic DNA. When that DNA is analyzed, the code can become executable malware that attacks the computer system running the software.

  • Hacking cybersecurity in order to anticipate attacks

    Imagine two groups at war. One defends every attack as it comes. The other anticipates threats before they happen. Which is more likely to win? In cybersecurity, understanding the potential for attacks is critical. This is especially true for mobile and wireless devices, since they are constantly connected and continuously streaming and collecting data.

  • Police turn to hackathons as crime fighting goes digital

    Police and law enforcement staff are turning to hackathons – collaborative events for developing technology – to come up with new ways of searching for clues within the terabytes of data that many people produce every year.

  • MalwareTech’s arrest sheds light on the complex culture of the hacking world

    The arrest of a British cybersecurity researcher on charges of disseminating malware and conspiring to commit computer fraud and abuse provides a window into the complexities of hacking culture. In May, Marcus Hutchins gained international fame – and near-universal praise – for figuring out how to slow, and ultimately effectively stop, the worldwide spread of the WannaCry malware attack. In August, Hutchins was arrested on federal charges of writing and distributing a different malware attack first spotted back in 2014. The judicial system will sort out whether Hutchins, who has denied wrongdoing and pleaded not guilty, will face as much as 40 years in prison. But to me as a sociologist studying the culture and social patterns of cybercrime, Hutchins’ experience is emblematic of the values, beliefs and practices of many hackers.