SOURCE: THECIPHERBRIEF.COM

Americans are suffering from an undiagnosed condition. Overwhelmed and outmatched by the allure, complexity, and insecurity of networked technologies, we’ve been left confused and compromised across multiple fault lines. The public’s poor aptitude for digital life has now moved beyond the realm of just personal risk and actually poses a legitimate threat to our national security. It is time we acknowledge America is in a state of “cyber debility” and then take clear-eyed steps to address it.

Surely, though, America’s political, social, and technological problems are separate and unrelated, no?

A few years ago I would have agreed. But no more. Not when our online vulnerabilities aren’t just technical or structural, but perceptual and behavioral as well. Not when cyber attacks regularly lead on the local news, or when our unconscious biases keep us from discerning fact from foreign influence. The need for informed judgment is common to all of these situations, yet we’re failing over and over.

Consider that 80 percent of then  presidential candidate Donald Trump’s Twitter traffic last fall was, by one expert estimate, actually artificial. The Russian-generated portion of those fake accounts, likes, and retweets were, in essence, a massive illegal foreign campaign contribution. That Trump may have won in part because of that help – and not despite it – is a clear indication of cyber debility. By contrast, when Russia tried much the same thing before elections in France this May, the French showed admirable cyber ability in blocking out propaganda.

Once you know what to look for, evidence of our cyber debility is strewn around us. It’s not just in our Russia-warped politics, but in a modern public hostile to science and fact, and in our astonishing susceptibility to online theft, blackmail, and disinformation. Cyber debility works against the established values of humility, skepticism, and rational self-interest. It promotes befuddlement, credulity, and historical amnesia.

Of course the internet and social media didn’t create political polarization, criminality, or Russia’s recent treachery. But that’s not the point, is it? Rather, our stampede toward ubiquitous connectivity and the Internet of Things has been so rash, so unthinking that we have few reliable signposts or guardrails to help us. During past national security threats the sides were clear and trust in our institutions higher. In our present state, however, we cast aside old pieties in a flash and no longer fear, or even recognize, irony or hypocrisy.

 

 SOURCE: SECURITYWEEK.COM

I’ve been attending the DEF CON hacker conference for 18 years. This year, I was starting to think “I’m too old for this stuff!” Don’t get me wrong, I still love the community-oriented DIY hacker spirit of the conference, but after all this time, I was starting to think I’d seen it all. Yeah. 

For example, this year hackers cracked an Internet-enabled car wash. Sure, it made for some news, but when you think about it, it was just hacking a rather mundane, stupid robot that we’ve been living with for decades.

But one talk blew my mind, and its surprising that no one’s been writing about it. The room was packed for “CableTap: Wireless Tapping Your Home Network.” I was expecting it to be a DIY class that could help hobby hackers see what’s happening on their home networks (because Comcast doesn’t provide a way). Instead, the scope of the talk was much, much broader and more entertaining.

Three researchers, Marc Newlin and Logan Lamb, with Bastille Networks and Christopher Grayson with Web Sight, found 26 vulnerabilities within ISP network devices that would have given them remote admin access to the majority of home networks in the United States. 

The abstract of CableTap reads: “Our research revealed a wide array of critical vulnerabilities in ISP-provided, RDK-based wireless gateways and set-top boxes from vendors including Cisco, Arris, Technicolor, and Motorola. We demonstrated that it was possible to remotely and wirelessly tap all Internet and voice traffic passing through an affected gateway. We estimate tens of millions of ISP customers are affected by these findings.”  

The breadth of their hacks ranged from reverse-engineering the MAC address generation for Comcast’s Xfinity routers to exploiting vulnerabilities in the 20-year-old FastCGI subsystem used by webservers you never heard of, like Apache, NGiNX and lighthpttd.

 source: bbc.com

China has successfully sent "hack-proof" messages from a satellite to Earth for the first time.

The Micius satellite beamed messages to two mountain-top receiving stations 645 km (400 miles) and 1,200 km away.

The message was protected by exploiting quantum physics, which says any attempt to eavesdrop on it would make detectable changes.

Using satellites avoids some limitations that ground-based systems introduce into quantum communication.

Weak signals

Complicated optics on the Chinese satellite protect messages with entangled photons - sub-atomic particles of light manipulated so that some of their key properties are dependent on each other.

The curious laws of the quantum realm dictate that any attempt to measure these key properties irrevocably changes them. By encoding a key to encrypt data using entangled photons, it becomes possible to send messages confident that they have reached a recipient free of interference.

Ground-based encryption systems that use entangled photons have been available for years. However, the maximum distance over which messages can be sent securely is about 200km. This is because the fibre-optic cables through which they travel gradually weaken the signals.

Repeater stations can boost distances but that introduces weak points that attackers may target to scoop up messages.

By contrast, laser signals sent through the atmosphere or via satellites in space can travel much further before being weakened.Data transmission rates possible with satellites are about 20 orders of magnitude more efficient that fibre-optic cables, Jianwei Pan, lead scientist on the Chinese project, told Reuters.

"That, for instance, can meet the demand of making an absolute safe phone call or transmitting a large amount of bank data," he said.

The Micius test was one of several experiments "bringing the concept of a global quantum internet closer to fruition", wrote Robert Bedington, Juan Miguel Arrazola and Alexander Ling in a review article in the journal Nature.

The reviewers said many "challenges" remained to be ironed out before the technology could be widely adopted.

The Micius satellite was launched in August 2015 and the first tests of its laser-based communications system were carried out in June this year.

The satellite is named after the ancient Chinese scientist and philosopher.

China is also working to establish a large ground-based network that also uses quantum communication to protect messages.

 

 source: usnews.com 

Whiteboards line the walls of this lab deep inside the Defense Intelligence Agency's Washington headquarters, covered from floor to ceiling with hand-scrawled computer code and technical notes. One item stands out at the center of the room's rear wall:

"Attention should also be given to opinion, comments, and jokes of common people."

This axiom, from the original al-Qaida training manual, was a reminder from the terror network's leadership to its foot soldiers that even the most benign communications can provide invaluable lessons about an enemy. It is posted next to another quotation, this one from DIA Director Vincent Stewart, that says 90 percent of intelligence is publicly available. The expressions echo a key theme guiding the DIA's work in helping America fight its modern wars, but they also serve as a harsh reminder of one of the greatest limitations facing the shadowy agency.

Information is everywhere. Whether it's collected deliberately or incidentally, personally or digitally, agents have access to an ever-growing cache of data from sources, surveillance and social media that easily overwhelms their limited ability to sift, sort and organize information into intelligence. And without intelligence, the next plan to attack a U.S. city might be successful, the next ambush of American troops could be fatal.

"There's so much data out there now," says Robert Dixon Jr., a special adviser for programs and transition within the DIA's innovation office. "Everything is about information. You need to be able to predict what your adversaries are doing next."

As a result, one of the central focuses of the DIA's intelligence efforts is swiftly advancing technology that allows computers to think for themselves – known as "machine learning," artificial intelligence or simply AI – to recognize trends, patterns or associations in so-called "big data" and help ease the burden on analysts who have infinite tweets to scrub for potential extremist plots and countless hours of drone footage to pore over.