Software and computer systems are a standard target of intelligence collection in an age where everything from your phone to your sneakers has been turned into a connected computing device. A modern government intelligence organization must maintain access to some software vulnerabilities into order to target these devices. However, the WannaCry ransomware and NotPetya attacks have called attention to the perennial flipside of this issue—the same vulnerabilities that the U.S. government uses to conduct this targeting can also be exploited by malicious actors if they go unpatched.
Latest in Cybersecurity
What are the subjects, if any, on which cyber cooperation is not a bad idea?
Is It A Crime?: Russian Election Meddling and Accomplice Liability Under the Computer Fraud and Abuse Act
Amid a bad news week for the Trump team, a new lawsuit highlight an under-explored theory of possible criminal liability: violation of the Computer Fraud and Abuse Act.
Trump's proposal to work with the Russians on cybersecurity was a bad idea. In the spirit of "calling balls and strikes" this isn't the first time American leaders have had that type of idea and it was bad the last time it was proposed too.
In the wake of a recent failure to reach international consensus on the application of international law to cyber activities, the United States should seek to shape norms unilaterally by continuing to assertively investigate and indict individuals—including state actors—who engage in cyber activities that the U.S. Government ultimately would like to see the international community characterize as wrongful.
The UN Group of Governmental Experts—tasked with developing a “common understanding” of how states should behave in cyberspace—failed last week. But is international law in cyberspace really dead at the hands of the GGE?
The most recent ransomware attack, which spread across Europe, the United States, and Asia yesterday, represents a chilling evolution in the worm-as-weapon.
Ending The Endless Crypto Debate: Three Things We Should Be Arguing About Instead of Encryption Backdoors
Recently I participated in a fascinating conference at Georgia Tech entitled “Surveillance, Privacy, and Data Across Borders: Trans-Atlantic Perspectives.” A range of experts grappled with the international aspects of an increasingly pressing question: how can we ensure that law enforcement is able to obtain enough information to do its job in the twenty-first century, while also ensuring that digital security and human rights are protected?
The CrashOverride program represents the first-in-the-wild case of a generic automated attack: one that is designed to affect all systems of a given family, not just a particular installation. If someone were to couple this warhead to a self-propagating worm for delivery, it could constitute a global threat.
The courts take up questions over authorization to access the third-party accounts of former employees, the CFAA's definition of "loss," and bitcoin.