Shuyuan Mary Ho conducts research on topics such as trusted human-computer interactions, cyber insider threats, online deception, and more. Dr. Ho also research on the use of computational intelligence for the safety and security of the Internet.
Archive for Cybersecurity Memo – Insiders Edition
The electronic key system at the picturesque Romantik Seehotel Jaegerwirt had been infiltrated, and the hotel was locked out of its own computer system, leaving guests stranded in the lobby, causing confusion and panic.
“Good morning?” the email began, according to the hotel’s managing director, Christoph Brandstaetter. It went on to demand a ransom of two Bitcoins, or about $1,800, and warned that the cost would double if the hotel did not comply with the demand by the end of the day.
There are plenty of lunatics on Facebook, Twitter and other social media. Not to mention trolls, haters and other assorted unpleasantness. Most are harmless. A few are terrorists and insurgents who would love nothing better than to kill U.S. troops.
So, how do you tell the loonies and the loudmouths from the real killers?
The Pentagon’s cutting-edge research agency wants software that can sift through social media, and determine whether the person writing “Death to America” on Facebook is just venting steam — or is about to strap on an explosive vest and launch a suicide attack on American soldiers.
DARPA wants software that can potential attackers while “ensuring privacy and appropriately addressing personally identifiable information that may be found in PAI.
The rest of the article is available from the NationalInterest.org by clicking here.
Whether it was stealing tens of millions of dollars from financial institutions, locking hospitals and mass-transit systems out of critical data, or assembling deadly attack networks from innocuous consumer devices, cyber-adversaries as always found a way to stay one step ahead of the good guys. They continue to surprise and outmaneuver defenders by constantly innovating, improving, and evolving their tactics, techniques and procedures.
Here are the five most significant ways the cyber-threat landscape has changed:
- The weaponization of routers, fridges, and the whole Internet of Things
- Nation-state-sponsored cyber-warfare tantamount to the 911 terrorist attack
- Ransomware emerged as one of the biggest threats to people and businesses
- Hackers went directly after the global financial system itself
- Turnkey phishing services became widely available to cyber-criminals
In the wake of the election (and our Thanksgiving dinner), it’s clear that American society has been fractured. Negative emotions are running amok, and countless words of anger and frustration have been spilled. If you were to analyze any news outlet for the ratio of positive emotional words to negative ones, would you find a dip linked to the events of the past few weeks?
It’s possible! This comes from a research study published last week in Proceedings of the National Academy of Sciences. Analyzing Google Books and The New York Times’s archives from the last 200 years, the researchers examined a curious phenomenon known as “positive linguistic bias,” which refers to people’s tendency to use more positive words than negative words. Though the bias is robust — and found consistently across cultures and languages — social scientists are at odds about what causes it.
In this study, the authors shed light on some possible new patterns of communication that are behind the effect. Across two centuries’ of texts, they found that people’s preference for positive words varied with national mood, and declined during times of war and economic hardship.
Facebook’s Mark Zuckerberg on Friday night posted a message on his Facebook page about so-called fake news and the controversy over his company’s role in carrying it to hundreds of millions of users. “The bottom line is: We take misinformation seriously,” he wrote.
Zuckerberg is in an impossible spot. Since the election he has been under attack based on conjecture that made-up information presented as news, mostly pro-Trump, and circulated on Facebook may have tipped the election’s outcome. This is like blaming AT&T and Verizon for the lies people tell on the phone, but of course it’s also different. Everything on Facebook runs through Facebook servers and can be analyzed by the company, which is critical to its pitch to advertisers that they can target their ads, within limits, based on users’ interests and histories.
After more than a week of accusations that the spread of fake news on Facebook may have affected the outcome of the presidential election, Mark Zuckerberg published a detailed post Friday night describing ways the company is considering dealing with the problem.
Mr. Zuckerberg, Facebook’s chairman and chief executive, broadly outlined some of the options he said the company’s News Feed team was looking into, including third-party verification services, better automated detection tools and simpler ways for users to flag suspicious content.
“The problems here are complex, both technically and philosophically,” Mr. Zuckerberg wrote. “We believe in giving people a voice, which means erring on the side of letting people share what they want whenever possible.”
Year after year, both in his messy personal life and his brazen theft of classified documents from the National Security Agency, Harold T. Martin III put to the test the government’s costly system for protecting secrets. And year after year, the system failed.
Martin got and kept a top-secret security clearance despite a record that included drinking problems, a drunken-driving arrest, two divorces, unpaid tax bills, a charge of computer harassment, and a bizarre episode in which he posed as a police officer in a traffic dispute. Under clearance rules, such events should have triggered closer scrutiny by the security agencies where he worked as a contractor – but it didn’t.
Get the rest of this New York Times article by clicking here.
The role that insiders play in the vulnerability of all sizes of corporations is massive and growing. In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders. Of these attacks, three-quarters involved malicious intent, and one-quarter involved inadvertent actors. While industries and sectors differ substantially in the value and volume of their (data) assets, and in the technology infrastructures they have to manage and defend, what all businesses have in common is people — all of whom have the potential to be an insider threat.
The FBI has warned state officials to boost their security, since state election websites in Arizona and Illinois experienced hack-related shutdowns earlier this summer. More than 30 states have provisions for online voting.
The FBI alerted Arizona officials in June that Russians were behind the assault on the election system in that state. The bureau described the threat as “credible” and significant, “an eight on a scale of one to 10.” Click here for more on this.
Illinois elections officials are confident no voter data were compromised this summer when a hacker was able to see information on about 200,000 registered voters. Click here for more on this.
For nearly a year, malicious hackers enjoyed full access to all Democratic National Committee servers, including emails, communications and documents, operating undetected for the majority of that time. Indeed, the sophistication of the attack suggests the direct involvement of foreign nation-states. Click here for more on this.
Is Donald Trump’s presidential bid just a unique Russian hack of the US voting system? Probably not.