May 26, 2023

Fact Sheet: 2023 DoD Cyber Strategy

_{US DoD cyber strategy fact sheet (more to come): about "a number of significant cyberspace operations", "defend forward" strategies through a doctrine of persistent engagement and "how cyber capabilities may be used in large-scale conventional conflict".}

_{https://media.defense.gov/2023/May/26/2003231006/-1/-1/1/2023-DOD-CYBER-STRATEGY-FACT-SHEET.PDF}

May 15, 2023

Empowering AI Policy: Introducing the UNIDIR Artificial Intelligence Policy Portal

_{The UNIDIR AI Policy Portal is an innovative platform, designed to foster transparency, information sharing, confidence, and capacity-building in the field of Artificial Intelligence (AI). By assembling crucial information from national, regional, and international sources on policies, processes, and structures related to the development and use of AI in military contexts, the Portal serves as an invaluable resource for all stakeholders.}

_{https://aipolicyportal.org/}

May 3, 2023

OpenAI’s Recent Expansion of ChatGPT Capabilities Unfortunately Includes a Cybersecurity Vulnerability “In the Wild”

_{WolframAlpha and OpenTable are amongst sites accessed by recently released plug-ins- supported by ChatGPT – enabling the chatbot to utilize new information sources.  Soon after the release of the plug-ins,  an exploit vulnerability – CVE-2023-28432 – which affects a tool used for machine learning, analytics, and other processes – was discovered, adding to the list of recent security incidents hitting the game-changing LLM-based chatbot}

_{https://www.oodaloop.com/archive/2023/05/03/openais-recent-expansion-of-chatgpt-capabilities-unfortunately-includes-a-cybersecurity-vulnerability-in-the-wild/}

April 18, 2023

APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers

_{CISA (US Cybersecurity and Infrastructure Security Agency) has  released an advisory on vulnerabilities associated with APT28's exploitation of Cisco routers in 2021.}

_{https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108}

April 10, 2023

Hacked: Russian GRU officer wanted by the FBI, leader of the hacker group APT 28

_{Ukrainian hacktivist team Cyber Resistance hacked the email of Lieutenant Colonel Sergey Alexandrovich Morgachev, an officer of the Russian Main Intelligence Directorate of the General Staff of the Russian Army (GRU), leader of the Russian hacker group APT 28, consisting of officers of the 85th Main Special Service Center of the GRU, military unit #26165. Dumps of his private correspondence were exclusively provided by the hacktivists to the volunteers of InformNapalm volunteer intelligence community for analysis.}

_{https://informnapalm.org/en/hacked-russian-gru-officer/}

January 26, 2023

New free eLearning course on open-source intelligence (OSINT)

_{A brand new eLearning course on our free Basel LEARN platform introduces the rich possibilities of open-source intelligence for investigations.}

_{How can open sources help you find out who is behind the secretive organisation “Mossaman Commodities”? Are there databases and trackers that can show you where the fishing boat has been sailing? What can you learn by analysing Instagram images – and how do you go back in time on the internet?}

April 3, 2023

Capita, company providing UK’s nuclear submarine training, confirms ‘cyber incident’

_{Capita, the United Kingdom’s largest outsourcing company, confirmed Monday that an IT outage which left staff locked out of their accounts on Friday was caused by “a cyber incident.”}

_{https://therecord.media/capita-cyber-incident-uk-defense-contractor}

March, 2023

Trustworthy & Responsible Artificial Intelligence Resource Center

_{The new Trustworthy & Responsible Artificial Intelligence Resource Center built by the National Institute of Standards and Technology will now serve as a repository for much of the current federal guidance on AI, featuring easy access to previously issued materials to help public and private entities alike create responsible AI systems. NIST Trustworthy & Responsible AI Resource Center}

March 6, 2023

Announcing the Release of the Administration’s National Cybersecurity Strategy

_{The White House released its National Cybersecurity Strategy today to establish an affirmative vision for a secure cyberspace that creates opportunities to achieve our collective aspirations.}

_{https://www.state.gov/announcing-the-release-of-the-administrations-national-cybersecurity-strategy/}

_{5 February, 2023}

_{A word on Italy's "massive hacker attack"} 

<sub>During the day yesterday, Sunday, February 5, 2023, many customers reported problems while using the Internet network of operator TIM. Both with regard to cellular and wired ones.

At the same time, various news sources picked up on a note from the CSIRT (Computer Security Incident Response Team, Italy), established at the National Cybersecurity Agency, detecting an increased exploitation of a long-known vulnerability in a virtualization software widely used on the network and evidently not adequately corrected by users.

The link between the two events holds, to our knowledge, no correlation. In fact, the connectivity problems to the Tim network were reportedely caused by a problem in the interconnection with the international network. Instead, the vulnerability cited above was used to spread malware (particularly ransomware). Even if the problem of interconnection to the operator's international network was due to an attack (which has not been confirmed or even speculated), it would be a completely different type of attack than ransomware.

- The CssC Team</sub>

_{Read the news article here} 

_{December, 2022}

_{Cyber Posture Trends in China, Russia, the United States and the European Union}

_{Current understanding of the cyber postures of China, Russia, the United States and the European Union (EU) merits re-evaluation.}

_{https://www.sipri.org/publications/2022/other-publications/cyber-posture-trends-china-russia-united-states-and-european-union}

_{December 10, 2022}

_{How the Global Spyware Industry Spiraled out of Control}

_{The market for commercial spyware — which allows governments to invade mobile phones and vacuum up data — is booming. Even the U.S. government is using it.}

_{https://www.nytimes.com/2022/12/08/us/politics/spyware-nso-pegasus-paragon.html}

November 20, 2022

‘Part of the kill chain’: how can we control weaponised robots?

_{From armed robot dogs to target-seeking drones, the use of artificial intelligence in warfare presents ethical dilemmas that urgently need addressing.}

_{https://www.theguardian.com/technology/2022/nov/20/part-of-the-kill-chain-how-can-we-control-weaponised-robots}

October 28, 2022

Hacked Documents: How Iran Can Track and Control Protestors' Phones

_{The documents provide an inside look at an Iranian government program that lets authorities monitor and manipulate people’s phones.}

_{https://theintercept.com/2022/10/28/iran-protests-phone-surveillance/}

October 24, 2022

When would a cyberattack trigger a NATO response? It’s a mystery

_{Cyberattacks are increasingly a key part of modern warfare, but NATO’s treaty that says an attack on one nation represents an attack on all has not covered these aggressive actions. Experts have been wondering why government officials have yet to clearly define what constitutes a major cyberattack and what the thresholds are for responding against one.}

_{https://thehill.com/policy/cybersecurity/3699052-when-would-a-cyberattack-trigger-a-nato-response-its-a-mystery/}

May 19, 2022

_{The Department of Justice today announced the revision of its policy regarding charging violations of the Computer Fraud and Abuse Act (CFAA).} 

_{The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services. https://www.justice.gov/opa/pr/department-justice-announces-new-policy-charging-cases-under-computer-fraud-and-abuse-act}

_{April 18, 2022}

_{How Democracies Spy on Their Citizens. The inside story of the world’s most notorious commercial spyware and the big tech companies waging war against it. NSO Group’s software has been linked to repressive regimes, but now “all types of governments” use it, observers claim.}

^{April 5, 2021}

^{"In October 2016, the United States Strategic Capabilities Office launched 103 Perdix drones out of an F/A-18 Super Hornet. The drones communicated with one another using a distributed brain, assembling into a complex formation, travelling across a battlefield, and reforming into a new formation. The swarm over China Lake, California was the sort of “cutting-edge innovation” that would keep America ahead of its adversaries, a Defense Department press release quoted then Secretary of Defense Ash Carter as saying. But the Pentagon buried the lede: The Strategic Capabilities Office did not actually create the swarm; engineering students at the Massachusetts Institute of Technology (MIT) did, using an “all-commercial-components design.” writes Zachary Kallenborn.} 

_{https://thebulletin.org/2021/04/meet-the-future-weapon-of-mass-destruction-the-drone-swarm/}

_{February 26, 2022} 

_{What is Russia's cyber capability compared to Ukraine?}

_{Excellent video analysis of the current conflict in cyberspace from DefenseNews}

Jan 23, 2022

_{Amazon's series about privacy (or the lack of) to remember when chatting with Alexa...(and probably not only with Alexa). Check out the excellent Twitter thread and the article from Reuters.}

_{"I downloaded all the data Amazon has on me, and honestly the creepiest thing about it is that they sent me the actual audio files of every time I spoke to Amazon Alexa...The question I would like to know is if they've saved the audio from all the times I didn't say the wake word" writes Alina Utrata from Cambridge University. https://twitter.com/AlinaUtrata/status/1485194962027388929}

_{Amazon wages secret war on Americans' privacy, documents show (Reuters): https://www.reuters.com/investigates/special-report/amazon-privacy-lobbying}

_{You can request your own personal information: https://www.amazon.com/gp/help/customer/display.html?nodeId=GXPU3YPMBZQRWZK2}

_{January/February 2022}

_{"Across the world, unrelenting cyberattacks are adding layers of risk and complexity to already fraught problems of security, politics, and governance." Here are four essays in the lead pack of the Foreign Affairs January/February issue that consider how policymakers can respond.}

_{https://www.foreignaffairs.com/issue-packages/2021-12-14/digital-disorder}

December 23, 2021

_{A UNIDIR publication on the topic of information-warfare, although this term is mentioned only once in passing.}

_{Also known as information-weaponization (for those who are fond of apparently "new" terms), it is in fact a matter of techniques of propaganda, disinformation, and manipulation of media content, which can have important consequences for the stability of groups, institutions, and larger or smaller social segments, all techniques that come from the past but are highly effective using modern information technologies; it is in fact a complimentary space to that known as cyber-warfare.}

_{https://unidir.org/publication/2021-innovations-dialogue-conference-report}

_{December 22, 2021}

_{Deepfakes, Trust & International security (UNIDIR, UN Institute for Disarmament Research). Conference report and video of sessions.}

 _{The fabrication and manipulation of digital content is not a new phenomenon. “Deepfakes”, including all forms of digital content as video, text, images and audio with malicious content, manipulated or created from scratch are a relatively new emerging phenomenon based on Machine Learning technologies. Deepfakes are being used to deliberately spread false information and reduce trust in institutions and international actors. Internet is a global communication “medium” allowing weaponization of information; Information Operations (IO) include activities of (counter)propaganda, disinformation, consensus building, discrimination, defamation, delegitimation, censorship, all traditional techniques (centuries-old) projected into a new medium, the cyber-dimension. IO and PSYOPS (Psychological Operations) can influence attitudes, manipulate the target's values, perceptions, beliefs, emotions, reasoning and behaviour. Which countermeasures and governance approaches effectively address the risks presented to international security and stability? https://unidir.org/publication/2021-innovations-dialogue-conference-report}

_{December 17, 2021}

_{"MORE THAN MATH: TOWARD A BETTER STRATEGY FOR ADVANCED ANALYTICS" by JAMES “MIKE” BLUE, ANTHONY SMITH, AND COLLEEN MCCUE}

_{https://warontherocks.com/2021/12/more-than-math-toward-a-better-strategy-for-advanced-analytics/}

_{November 27, 2021}

_{Israel and Iran Broaden Cyberwar to Attack Civilian Targets}

_{"Iranians couldn’t buy gas. Israelis found their intimate dating details posted online. The Iran-Israel shadow war is now hitting ordinary citizens. Millions of ordinary people in Iran and Israel recently found themselves caught in the crossfire of a cyberwar between their countries. In Tehran, a dentist drove around for hours in search of gasoline, waiting in long lines at four gas stations only to come away empty. In Tel Aviv, a well-known broadcaster panicked as the intimate details of his sex life, and those of hundreds of thousands of others stolen from an L.G.B.T.Q. dating site, were uploaded on social media" write Farnaz Fassihi and Ronen Bergman.} 

_{https://www.nytimes.com/2021/11/27/world/middleeast/iran-israel-cyber-hack.html?smid=url-share}

_{November 3, 2021}

_{“The US Commerce Department has added four foreign companies from Israel, Russia, and Singapore to its Entity List for "engaging in activities that are contrary to the national security or foreign policy interests of the United States". Israeli firms NSO Group and Candiru listed for having developed and supplied spyware to foreign governments”}

_{https://www.darkreading.com/threat-intelligence/us-blacklists-israeli-firms-nso-group-candiru}

_{October 11, 2021}

_{On cyber-crime (UNIDIR, UN Institute for Disarmament Research)}

_{Information and Communication Technologies (ICTs) can be exploited for criminal purposes (through cybercrime) or used to undermine international security (so-called cyber-attacks or cyber-operations). However, the international security and crime dimensions of ICTs are distinct issues, with different processes, tools and frameworks, even if they sometimes overlap in some ways.}

_{https://www.unidir.org/publication/icts-international-security-and-cybercrime}

^{October 5, 2021}

^{Facebook offline for many hours (Wired)}  

_{A FACEBOOK, INSTAGRAM, WhatsApp, and Oculus outage knocked every corner of Mark Zuckerberg’s empire offline on Monday. It’s a social media blackout that can most charitably be described as “thorough” and seems likely to prove particularly tough to fix.}

_{https://www.wired.com/story/why-facebook-instagram-whatsapp-went-down-outage/}

_{August 2, 2021}

_{Securing Wireless Devices in Public Settings (US National Security Agency)} 

_{Telework has become an essential component of business, and many people are teleworking from home or during travel. While the owners of home networks can take steps to secure those networks, it can be difficult to ensure public networks (e.g., conference or hotel Wi-Fi®) are secure. Protecting personal and corporate data is essential at all times, but especially when teleworking in public settings.}

_{CSI_SECURING_WIRELESS_DEVICES_IN_PUBLIC.PDF (defense.gov)}

_{October 5, 2021}

_{Details on Facebook outage (FB Engineering)}  

_{Now that our platforms are up and running as usual after yesterday’s outage, I thought it would be worth sharing a little more detail on what happened and why — and most importantly, how we’re learning from it.} 

_{https://engineering.fb.com/2021/10/05/networking-traffic/outage-details/}

_{August 1, 2021}

_{Report on the weaponization of increasingly autonomous technologies: Artificial Intelligence (UNIDIR)}

_{The rapidly advancing field of AI and machine learning has significant implications for the role of autonomy in weapon systems. States face the daunting task of trying to understand the legal, policy, ethical, strategic, and other considerations of a technology that is rapidly evolving. This paper is an introductory primer for non-technical audiences on the current state of AI and machine learning, designed to support the international discussions on the weaponization of increasingly autonomous technologies.}

_{https://unidir.org/publication/weaponization-increasingly-autonomous-technologies-artificial-intelligence}

_{June 21 to July 2, 2021}

_{THE SUMMER INSTITUTES IN COMPUTATIONAL SOCIAL SCIENCES}

_{The Department of Political and Social Sciences of Bologna University is the local host institution of the "Summer Institutes in Computational Social Sciences". The members of the CSSC are co-organizing the event.}

_{SICSS-Bologna  | University of Bologna}

https://sicss.io/2021/bologna/

_{July 19, 2021}

_{On spyware/cyber-surveillance and Project Pegasus by NSO Group (The Guardian)} 

_{Revealed: leak uncovers global abuse of cyber-surveillance weapon. This article is more than 2 months old. Spyware sold to authoritarian regimes used to target activists, politicians and journalists, data suggests}

_{https://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus}

_{October 2, 2020}

_{The report outlines the findings on ransomware, provides a description and analysis of the domain and lists relevant recent incidents.}

_{A series of proposed actions for mitigation is provided.}

https://www.enisa.europa.eu/publications/ransomware

_{September 26, 2019}

_{"How The U.S. Hacked ISIS". DINA TEMPLE-RASTON explores the cyber operational tactics that the US Cybercom and NSA employed in order to hack ISIS. The following links lead both to the article and the interviews during and in the aftermath of the Operation Glowing Symphony}

_{https://www.npr.org/2019/09/26/763545811/how-the-u-s-hacked-isis}

_{https://www.npr.org/transcripts/763545811}

_{July 9, 2019}

_{The Most Clever 'Zip Bomb' Ever Made Explodes a 46MB File to 4.5 Petabytes. Files so deeply compressed that they’re effectively malware have been around for decades—and a researcher just unveiled a brand-new Zip bomb that explodes a 46-megabyte file to 4.5 petabytes of data.}

_{https://www.vice.com/en/article/597vzx/the-most-clever-zip-bomb-ever-made-explodes-a-46mb-file-to-45-petabytes?fbclid=IwAR2CDSbskQ1-td5YQA18IzXxkPcuSpkf2ls-I5mm5FUs44LK-M7pLaUUfA0}