WALK DOWN THE street in New York City and your likeness will be captured on camera dozens of times. You’ll pass cameras affixed to buildings and traffic lights; on the subway platform, more than 4,000 closed circuit cameras will track your every move. There are security gadgets planted in elevators and lobbies, coffee shops and convenience stores, all of which keep a watchful eye.

An estimated 62 million security cameras monitor the United States alone, which means that at any given moment, you’re probably being watched without even knowing it. It's almost like a dystopian version of Hansel and Gretel, where everywhere you go, you leave a path of digital breadcrumbs in your wake.

We often don’t see or think about these cameras, but a new exhibition at New York City’s Park Avenue Armory puts the surveillance state overtly on display. For Hansel and Gretel, artist Ai WeiWei and Swiss architects Jacques Herzog and Pierre de Meuron, transformed the Armory’s cavernous drill hall into a surveillance park. A series of 56 tiny computers attached to infrared cameras and projectors hang from the rafters. Meanwhile, a handful of tethered drones buzz overhead, taking footage of the visitors and feeding it back into a live stream.


The Facebook algorithm that auto-tags people in photographs might be slightly creepy, but also of interest to the intelligence community. 

The IC’s research and development unit is hosting a new contest in search of the best facial recognition algorithms that can identify individuals in images taken from the “wild,” for example, sources such as security footage. 

The Intelligence Advanced Research Projects Activity’s “Face Recognition Prize Challenge” seeks algorithms that can accurately and quickly match a photo found in passive footage to another of the same individual from a gallery, as well as systems that can verify, or match, two images of the same person while rejecting photos of other individuals. The most accurate search algorithm wins $25,000. The fastest wins $5,000, and the most accurate verification algorithm wins $20,000. 


The technology could be helpful in “preventing the next random act of violence or catching a child predator,” and may become essential for public safety professionals, IARPA Program Manager Chris Boehnen said in a statement. An abundance of training data from real-world scenarios has made more sophisticated facial recognition technology possible, he said. 

The challenge is just one of several biometric-themed projects IARPA has launched recently. Such projects may attract mainstream attention as President Donald Trump directs the Homeland Security Department to invest in biometric tracking that could follow travelers entering and exiting the United States. IARPA’s Odin project, for instance, awards funds to companies developing technology that can detect when people are trying to disguise their fingerprints or iris scans. Another, called Janus, is aimed at improving face recognition in videos.  

The contest runs until June 15 and winners will be announced in October.




A technician hurriedly slings his backpack over his shoulders, straps on his M9 pistol, and bolts out of the transport with his squad of commandos in a hail of gunfire. As soon as his team reaches the compound, he whips out a laptop and starts deploying a rootkit to the target server, bullets whizzing overhead all the while.

This might sound like the action movie of a hacker's dreams, but The Army Cyber Institute at West Point is training its recruits to do just that. At Chicago'sThotcon hacker conference last week, attendees got a glimpse of what its elite units might look like.

During their talk, the institute's Major Natalie Vanatta and Captain Erick Waage mused on dramatic changes ahead. Conventional warfare soon may be shaped by computer networks, and the race to perfect techniques to infiltrate them has touched off an ambitious effort to bring experts in the public and private sectors together.


All Hands on Deck

Highly specialized missions stand little chance of success unless they are systematized with rigorous training, and The Army Cyber Institute is conducting some of the most cutting-edge network infiltration training operations in the U.S. military.

In their 25-minute Thotcon presentation, Vanatta and Waage described some of the exercises that take place on a 1,000-square-mile patch of the Mojave desert. Units composed of traditional and digital warriors practice raiding enemy outposts -- manned by other recruits -- and precisely deploying the kind of penetration exploits that may become commonplace in an ever-more-networked world.

Vanatta, Waage and other Army Cyber Institute researchers are in charge of designing the simulations they detailed to attendees. However, most of the institution's effort is dedicated to monitoring and predicting technological trends, to ensure that the Army's training and the country's defenses keep pace.

Their talk, "Unleashing the Dogs of [Cyber] War" was, in part, an invitation for members of the information security community in the audience to step up and contribute their expertise. They were asked to offer their conjectures to help shape the way the U.S. military maintains its edge against opponents dependent on networked infrastructure.

With major information security players like Trustwave, Cylance and others based in Chicago, where Thotcon took place, the event offered an ideal opportunity for Vanatta and Waage to put out the call.

Over the course of their presentation, they gave conference-goers a look at how their elite frontline hacking units operate -- but they stressed the need to heighten familiarity with network penetration techniques across all units and branches of the armed forces.



IN OCTOBER 2016, a new client approached the threat intelligence firm Cybereason, worried that it had been compromised in some sort of breach. In fact, it had—by, Cybereason now says, one of the world’s most notorious hacking groups: APT32.

At the time the client, a large international company based in Asia, didn’t know which of its devices and servers the hack had impacted, or even whether a hack had definitively occurred. “They had seen a lot of weird stuff on their network,” says Assaf Dahan, the director of advanced security at Cybereason.

The company was already using security products like firewalls, network filters, and scanners, but none had detected an intrusion. When Cybereason investigated, though, it started uncovering more and more suspicious and malicious activity. Ultimately, the security firm uncovered a large-scale assault that had lasted over a year, with what it sees as clear links back to APT32.

The Notorious APT32

Also called OceanLotus Group, APT32 is known for sophisticated attacks on private companies, foreign governments, journalists, and activists alike. The group’s known activity goes back to 2012, when the organization started attacking Chinese entities before expanding into hacks across Asia, including in Vietnam and the Philippines. And unlike other notorious groups, which tend to align at least indirectly with major state-sponsored hacking interests, APT32 often doesn’t adhere to the interests of prominent players like Russia or China.

Newly released details of the attack Cybereason discovered contribute to a growing understanding of how APT32 operates and its possible motives. Such “advanced persistent threats” take financial resources and man-hours to set up and then see all the way through, but the groups funding them can gain invaluable data in return