Collaborate Disseminate
Stuxnet famously used legitimate digital certificates to sign its malware. A research paper from last year found that the practice is much more common than previously thought. Now, researchers have presented proof that digitally signed malware is much … Continue reading Signed Malware
Stuxnet famously used legitimate digital certificates to sign its malware. A research paper from last year found that the practice is much more common than previously thought. Now, researchers have presented proof that digitally signed malware is much more common than previously believed. What’s more, it predated Stuxnet, with the first known instance occurring in 2003. The researchers said they… Continue reading Signed Malware
We’ve all experienced it: that sinking feeling you get when you’ve powered up your latest circuit and nothing happens. Maybe you made a mistake in your design or you shorted something while soldering. It’s even possible that ESD damaged one of your chips. All of these issues and more are possible, maybe even inevitable, when designing your own hardware.
But what if your design is perfect and your soldering skills beyond reproach? What if your shiny new device is DOA but you’ve done everything right? A fascinating report by [Yahya Tawil] makes the case that it’s increasingly possible that you’ve …read more
Continue reading A Guidebook to the World of Counterfeit Parts
Research paper: "Automated Crowdturfing Attacks and Defenses in Online Review Systems." Abstract: Malicious crowdsourcing forums are gaining traction as sources of spreading misinformation online, but are limited by the costs of hiring and managing human workers. In this paper, we identify a new class of attacks that leverage deep learning language models (Recurrent Neural Networks or RNNs) to automate the… Continue reading New Techniques in Fake Reviews
A set of documents in Pakistan were detected as forgeries because their fonts were not in circulation at the time the documents were dated…. Continue reading Forged Documents and Microsoft Fonts
This article argues that AI technologies will make image, audio, and video forgeries much easier in the future. Combined, the trajectory of cheap, high-quality media forgeries is worrying. At the current pace of progress, it may be as little as two or three years before realistic audio forgeries are good enough to fool the untrained ear, and only five or… Continue reading The Future of Forgeries
LyreBird is a system that can accurately reproduce the voice of someone, given a large amount of sample inputs. It’s pretty good — listen to the demo here — and will only get better over time. The applications for recorded-voice forgeries are obvious, but I think the larger security risk will be real-time forgery. Imagine the social engineering implications of… Continue reading Forging Voice
It’s things like this that make phishing attacks easier. News article…. Continue reading Faking Domain Names with Unicode Characters
This Verge article isn’t great, but we are certainly moving into a future where audio and video will be easy to fake, and easier to fake undetectably. This is going to make propaganda easier, with all of the ill effects we’ve already seen turned up to eleven. I don’t have a good solution for this…. Continue reading The Future of Faking Audio and Video
In the past few years, the devastating effects of hackers breaking into an organization’s network, stealing confidential data, and publishing everything have been made clear. It happened to the Democratic National Committee, to Sony, to the National Security Agency, to the cyber-arms weapons manufacturer Hacking Team, to the online adultery site Ashley Madison, and to the Panamanian tax-evasion law firm… Continue reading Organizational Doxing and Disinformation