Category Archives: Cybersecurity

Cabinet of Curiosities, Cybersecurity

Cabinet of Curiosities: Ars Technica on the Russian Infowar Against the U.S. Elections

I really read every article I look at from Ars Technica.

If you don’t read them, you should.

That said, I don’t read them as much as I should. Compared to the daily drivel I sometimes take in — CNN’s daily blast, for goodness’ sake! TechCrunch! — Ars Technica is technically meaty and deep. It’s substantive.

So when Ars Technica published a long account of how the Russians hacked the American elections in 2016, I read it with interest.

You should, too.

My favorite bit was the patient way the GRU teams worked on spear-phishing attacks until they nailed Podesta’s account. They were then able to operate without interference behind the DNC’s various firewalls for some time, although the DNC’s IT staff — who had originally poo-pooed two-factor authentication (which could possibly have averted some of the phishing attacks) — eventually caught on to them and shut the compromised servers down.

In any case, not the proudest hour for our country.

Cybersecurity, Developer stuff, IT Futures

Hack of the Week: Adversarial Machine Learning

I heard about this one at a talk on Monday at our Washington DC CTO Roundtable on machine learning.

I had read about a kind of smackdown sport where machine learning gurus set to work trying to break the algorithms of their adversaries.

When I asked the speaker about it, he said, “Oh yeah, adversarial machine learning”.

Well, that was it, and here’s the Wikipedia article on it (flawed though Wikipedia seems to find the article).

Per this article, “AML” as we might call it has been with us for some time, mainly in the form of the fight between spammers and spam-filter developers.

You know:

  1. Spam filters add the phrase “penis enlargement” to their algorithm. Any email with “penis enlargement” in it gets flagged.
  2. Spammers start spelling it “penis enl@rgement”
  3. Rinse and repeat

Since the spammers just have change some generated text and the spam filters have to change and train a changed algorithm, guess who’s more supple?

The Roundtable speaker alleged that there was a sticker you could put on a stop sign that could fool a self-driving car algorithm into thinking it was a “Yield” sign. Think of the fun you could have with that if you were intent on getting self-driving cars to hurt people…