• Russia's interference in U.S., European elections could be “act of war”: NATO commander

    General Sir Adrian Bradshaw, the Deputy Supreme Allied Commander Europe, has said that Russian cyberattacks on NATO member states could be deemed an act of war and trigger the principle of the military alliance’s collective defense. Bradshaw said reports of Russian interference in American and European elections and Russian international disinformation campaign could lead alliance leaders to broaden the definition of an “attack.” European intelligence agencies have said that Russia’s successful interference in the U.S. 2016 presidential election has emboldened Moscow to replicated in Europe the methods it used in the U.S. There is already evidence that Russia has launched a hacking and disinformation campaign aiming to help far-right, ethno-nationalist, and populist politicians win the coming elections in France, the Netherlands, and Germany.

  • Building privacy right into software code

    It is the programmer’s job to enforce these privacy restrictions. Because privacy-related code is scattered throughout all the programs Facebook uses to run its systems, the programmer must be vigilant everywhere. To make sure nobody finds out where I am unless I want them to, the programmer must tell the system to check my privacy settings everywhere it uses my location value, directly or indirectly. The best way to avoid these problems is to take the task of privacy protection away from humans and entrust it to the computers themselves. We can – and should – develop programming models that allow us to more easily incorporate security and privacy into software. Prior research in what is called “language-based information flow” looks at how to automatically check programs to ensure that sloppy programming is not inadvertently violating privacy or other data-protection rules.

  • Simulated ransomware attack highlights vulnerability of industrial controls

    Ransomware generated an estimated $200 million for attackers during the first quarter of 2016, and the researchers believe it’s only a matter of time before critical industrial systems are compromised and held for ransom. Cybersecurity have developed a new form of ransomware that was able to take over control of a simulated water treatment plant. After gaining access, the researchers were able to command programmable logic controllers (PLCs) to shut valves, increase the amount of chlorine added to water, and display false readings. The simulated attack was designed to highlight vulnerabilities in the control systems used to operate industrial facilities such as manufacturing plants, water and wastewater treatment facilities, and more.

  • Cybersecurity of the power grid: A growing challenge

    Called the “largest interconnected machine,” the U.S. electricity grid is a complex digital and physical system crucial to life and commerce in this country. Today, it is made up of more than 7,000 power plants, 55,000 substations, 160,000 miles of high-voltage transmission lines, and millions of miles of low-voltage distribution lines. This web of generators, substations, and power lines is organized into three major interconnections, operated by 66 balancing authorities and 3,000 different utilities. That’s a lot of power, and many possible vulnerabilities. The grid has been vulnerable physically for decades. Today, we are just beginning to understand the seriousness of an emerging threat to the grid’s cybersecurity.

  • A computer’s blinking light could transmit data

    A desktop computer’s tiny blinking LED light would hardly arouse the suspicions of anyone working in an office after hours. However, that LED could be silently winking out an optical stream of the computer’s secrets to a data-stealing drone.

  • Russia, Trump and the 2016 election: What’s the best way for Congress to investigate?

    Exactly how will the U.S. conduct a fair and accurate investigation into Russian meddling in the 2016 election and links with President Donald Trump’s campaign? U.S. congressional leaders are discussing options. At a time when Congress is sharply polarized along partisan lines, congressional investigations tend to become microcosms of that polarization. This is all the more true when an investigation involves an issue about which the president is vulnerable to political embarrassment or attack. If the intelligence committee proves unable to conduct a thorough and bipartisan investigation of Russian meddling and Trump’s campaign, pressure will build on America’s leaders to establish a more independent probe. Hanging in the balance could be whether the United States can forge consensus about what happened and how to prevent it from happening again.

  • Protecting bulk power Systems from hackers

    Most of us take turning the lights on for granted. In reality, the energy we draw from the electrical grid to brighten homes, freeze food and watch TV is part of a complicated and widespread system. Understanding that system’s vulnerabilities and reliability is a crucial step towards improving its security. Reliability measures of electrical grid has risen to a new norm as it involves physical security and cybersecurity. Threats to either can trigger instability, leading to blackouts and economic losses.

     

  • Center for Long-Term Cybersecurity unveils 2017 research grantees

    The Center for Long-Term Cybersecurity (CLTC) has announce the recipients of its 2017 research grants. In total, twenty-seven different groups of researchers will share a total of nearly $1 million in funding. CLTC says that the projects span a wide range of topics related to cybersecurity, including new methods for making crypto-currencies more secure; protecting health information stored on mobile devices; teaching high-school computer science students how to “program for privacy”; and exploring potential limits on the use of digital controls in nuclear reactors.

  • Information on hacking tool could be of use to “hostile entities”: FBI

    The FBI on Monday said it was right for the agency to withhold documents which detail how it unlocked an iPhone used by one of the San Bernardino, California, shooters. The FBI said that the information, if released, could be exploited by “hostile entities.” The Justice Department, in response to a FOIA law suit by the AP, Vice Media, and Gannett, the parent company of USA Today, earlier this month released heavily redacted records relating to the incident – but withheld information about how much the FBI paid a third party to unlock the work phone of Syed Rizwan Farook.

  • Child from Pittsburgh admits to hack attempt of Brussels Airport after ISIS attacks

    A Pittsburgh child has admitted to launching a cyberattack against Brussels Airport in the aftermath of the 22 Mach 2016 suicide bombing by Belgian ISIS followers, which killed more than thirty people. The Belgian federal public prosecutor’s office said the suspect aimed to take down the website of the airport operator – the Brussels Airport Company — and “infiltrate the computer system,” but was unsuccessful.

  • Cyberattacks increase stress hormone levels, perceptions of vulnerability

    A new study shows that individuals exposed to a simulated cyberterror attack had significantly increased levels of the stress hormone cortisol in their saliva compared to a control group. Following the cyberattack, study participants were more likely to fear an imminent cyberthreat and to express feelings of personal insecurity.

  • New technique identifies smartphone thieves in seconds

    Three million phones were stolen in the United States. Ben-Gurion University of the Negev (BGU) researchers have developed a technique that identifies a smartphone thief or intruder in under fourteen seconds.

  • ISIS followers hack U.K. National Health Service

    ISIS-linked hackers have attacked and defaced several NHS (U.K. National Health Service) websites in a series of cyberattacks. The hackers, going by the name of Tunisian Fallaga Team, targeted six websites three weeks ago, replacing legitimate web pages with graphic photos of the war in Syria. The attacks said they were retaliating for the West’s interference in the Middle East.

  • How computer hacking is becoming Russia’s weapon of choice

    The Russian government has long been known to source its technology, world-class hacking talent, and even some intelligence information from local cybercrime rings. What’s more, this criminal fraternity probably receives state immunity for cybercrimes committed outside Russia in return for offering services to the Russian state. Russia’s clear long-term strategy is to use the internet to further its aims in information warfare. It has proved that this form of warfare is more potent than kinetic warfare and that it can reap the benefits quickly and without fear of a coordinated response from the United States or NATO. Its use of criminal cyber rings ensures that it benefits from no (provable) direct links to the Russian government. A further downside is that China, North Korea, and Iran seem to be copying this model and have already been active in attacks against other nation states. The internet has changed mass communication in countless positive ways. But it is becoming an increasingly dangerous tool for subversive activity. A re-think and a re-boot are looking increasingly necessary.

  • Protecting quantum computing networks against hackers

    As we saw during the 2016 U.S. election, protecting traditional computer systems, which use zeros and ones, from hackers is not a perfect science. Now consider the complex world of quantum computing, where bits of information can simultaneously hold multiple states beyond zero and one, and the potential threats become even trickier to tackle. Even so, researchers have uncovered clues that could help administrators protect quantum computing networks from external attacks.