• All
  • CCS News
  • Press Highlights

Let’s Talk About the Latest Godawful Cybersecurity Plan

December 4, 2017

By 2020, some major companies will shovel billions of dollars into developing more comprehensive forms of security according to the International Data Corporation, and policy-makers are following closely, proposing new legislation and regulations to accompany them. One of the latest is the newly repurposed Active Cyber Defense Certainty (ACDC) Act, also called the hack-back bill. … [where] Victims are encouraged to literally “hack back” against their aggressors. … it makes many experts uneasy. … Justin Cappos, a computer science professor and director of the Secure Systems Lab at New York University [Tandon School of Engineering said,] “In some cases this may be an appropriate response to actions, but in this case I think it’s misguided.”… “I think that this might be taking that idea to a very dangerous place.”

Random Light Patterns – A Novel Cyber Security Solution?

November 30, 2017

Researchers at New York University Tandon School of Engineering have developed a new class of unclonable cybersecurity security primitives using the high level of structural randomness in 2D MoS2. … In a paper published in the journal ACS Nano (‘Physically Unclonable Cryptographic Primitives by Chemical Vapor Deposition of Layered MoS2), Davood Shahrjerdi and his NYU Tandon team offer the first proof of complete spatial randomness in atomically thin MoS2.

A Timely Talk About Cyber Threats to Our Democracy

November 30, 2017


On November 16, as many Americans prepared for Thanksgiving, Ed Amoroso — former chief security officer of AT&T Services, advisor to four presidential administrations, CEO of global security firm TAG Cyber LLC, and NYU Tandon Distinguished Research Professor — gave a rapt audience a good reason to be thankful: that there are brilliant, experienced, and visionary cybersecurity experts exploring recent cyber-threats to our electoral system and ways to mitigate those risks in the future.

HERE buys OTA specialist ATS

November 29, 2017

… ATS’s OTA Plus v3 product is secured by Uptane, a security system for OTA developed by New York University Tandon School of Engineering (NYU), the University of Michigan Transportation Research Institute (UMTRI), and the Southwest Research Institute (SWRI) under a programme supported by the US Department of Homeland Security. The ATS acquisition will be developed as a support for HERE’s mapping business, as an independent product offering and for new applications such as drones.

Researchers Discover Big Cryptographic Potential in Nanomaterial

November 29, 2017

The next generation of electronic hardware security may be at hand as researchers at New York University Tandon School of Engineering introduce a new class of unclonable cybersecurity security primitives made of a low-cost nanomaterial with the highest possible level of structural randomness. Randomness is highly desirable for constructing the security primitives that encrypt and thereby secure computer hardware and data physically, rather than by programming.

Nanotech Anti-Hacker Developed to Challenge Any Hacker Now

November 29, 2017

Researchers at the New York University Tandon School of Engineering have developed a new class of low-cost nanomaterial which could protect computer hardware and data physically from hackers. … Davood Shahrjerdi, Assistant Professor at Tandon who led the research said, “At monolayer thickness, this material has the optical properties of a semiconductor that emits light, but at multilayer, the properties change, and the material no longer emits light

Victims of ‘Home Takeover’ Scam Locked Out of House

November 26, 2017


A Delaware man says he’s the victim of a so-called “home takeover” scam. … Alexander Pratt lived in a Wilmington house for 10 months with his fiancee and son before being locked out. … Pratt said the man he thought was the landlord and to whom he paid rent disappeared. The real property owners said they had no idea anyone was living in the house. Pratt said he rented the house from a man who posted an ad on Craigslist. … Such scams are not new. And researchers at New York University’s Tandon School of Engineering found that Craigslist often fails to identify scam rental listings.

Experts Warn: Terrorists ‘Could Kill Millions’ by Remotely Hacking People’s Cars

November 25, 2017

Cyberterrorists have the potential to put millions of lives at risk by hacking the sophisticated cars on 21st Century roadways, one expert has warned. The caution comes amid a host of technological advances pervading the automotive industry. … “If there was a war or escalation with a country with strong cybercapability, I would be very afraid of hacking of vehicles,” said Justin Cappos, a computer scientist at New York University [Tandon School of Engineering]. “Many of our enemies are nuclear powers but any nation with the ability to launch a cyberstrike could kill millions of civilians by hacking cars. It’s daunting.”

Cyber criminals working for enemy states could ‘kill millions’ by remotely hacking cars, warns expert

November 20, 2017

Terrorist hackers working for enemy states could turn cars into killing machines, a security expert has warned. Any car built after 2005 is an ‘open door’ to hackers and could be remotely controlled to obliterate ‘millions of civilians’, a researcher has found. The warning was made by Justin Cappos. … Dr Cappos says this vulnerability should be treated as an ‘urgent’ national security issue, writes The Times. ‘If there was a war or escalation with a country with strong cybercapability, I would be very afraid of hacking of vehicles.’

Hackers could take control of cars and kill millions, ministers warned

November 20, 2017

Modern cars are an “open door” to hackers, inviting hostile states to use Britain’s roads as a weapon against citizens, ministers have been warned. Deaths are inevitable within five years if carmakers do not fix vulnerabilities in technology, one of the world’s experts in vehicle software has said. Justin Cappos said that any car built since 2005 could be controlled remotely by hackers with some cars built as long ago as the year 2000 also at risk. Hackers could already be causing accidents without the authorities realising it because no one was looking for the evidence.

Boards Should Think of Cyber a Bit More Like Bank Robberies, Former AT&T Security Chief Says

November 17, 2017

Corporate boards should think about cybersecurity risk as banks think about bank robbery: a relatively common risk that must be managed. “Just like bank robbery, you can’t say get rid of (cyber risk) and make it never happen,” said Ed Amoroso, former chief security officer at AT&T Inc.

A Quantitative Analysis of Doxing: Who Gets Doxed, and How Can We Detect Doxing Automatically?

November 14, 2017

A group of NYU [Tandon School of Engineering] and University of Illinois at Chicago computer scientists have presented a paper at the 2017 ACM Internet Measurement Conference in London presenting their findings in a large-scale study of online doxings, with statistics on who gets doxed (the largest cohort being American, male, gamers, and in their early 20s), why they get doxed (‘revenge’ and ‘justice’) and whether software can detect doxing automatically, so that human moderators can take down doxing posts quickly.

Cyber Defense Tool Limitations and What Our Leaders Should Be Doing About Them

November 13, 2017


Judith Germano, Senior Fellow at the NYU Center for Cybersecurity and NYU Center on Law & Security and Founder, GermanoLaw LLC

Timothy Ryan, Principal, Assurance Services, Fraud Investigation & Dispute Services, Ernst & Young LLP

Matthew Waxman, Liviu Librescu Professor of Law and the faculty chair of the National Security Law Program at Columbia Law School

Why people ruin others’ lives by exposing all their data online

November 13, 2017

… All these people were doxed – that is, someone published their personal information against their will, in a public forum intended for dissemination and abuse, instigating a torrent of attacks from strangers. … But despite many individual cases catching the public eye, up until now there has been very little research examining the scale of the problem and who is involved. A new study from the University of Illinois at Chicago and New York University changes that.

Weaponizing 3-D printers: Cyberattacks could turn battlefield tech into threats

November 13, 2017

Flaws [in military equipment] could be introduced in the 3-D printing software by a cyberattack if the printers aren’t equipped with proper cybersecurity, said Nikhil Gupta, New York University associate professor of mechanical and aerospace engineering and an affiliate faculty at the NYU Center for Cyber Security. The possibility of a bug altering a 3-D file, whether intentionally or unintentionally, to the point of making the end product unusable is a real threat.

Inaugural Award for Cybersecurity Journalism Honors Wired’s Andy Greenberg for Reporting Russia’s Hack of the Ukraine Grid

November 10, 2017


WIRED magazine’s July 2017 cover story, Lights Out: How An Entire Nation Became Russia’s Test Lab for Cyberwar, won the inaugural NYU Cyber Security Awareness Week (CSAW) Cyber Journalism Award. Its author, Andy Greenberg, accepted the award. … Ramesh Karri, NYU Tandon professor of electrical and computer engineering, and Charles Seife, professor at the NYU Arthur L. Carter Journalism Institute, conceived the CSAW Cyber Journalism Award.

There’s Now an Academic Study on the Dark Art of Doxing

November 9, 2017


Plenty of people want to get famous online, but most people don’t. Researchers at the NYU Tandon School of Engineering and the University of Illinois at Chicago released a report Tuesday on the very modern-day phenomenon of doxing, or revealing someone’s personal information online. The report, “Fifteen Minutes of Unwanted Fame,” analyzed 1.7 million text files, mostly on the sites, and, where nearly all doxing is done.

Linux Foundation Taps Researcher’s Security Framework as Standard for the Cloud

November 8, 2017


The Linux Foundation recently recognized The Update Framework (TUF), which is overseen by a research team at NYU Tandon School of Engineering, as a key security system. … The Foundation tapped TUF as one of two new projects hosted by its Cloud Native Computing Foundation (CNCF). The other is Notary — the most prominent implementation of TUF. Developed by NYU Tandon researchers from CCS and the Secure Systems Lab.

Why They Dox: First Large-scale Study Reveals Top Motivations and Targets for This Form of Cyber Bullying

November 7, 2017


Researchers at the New York University Tandon School of Engineering and the University of Illinois at Chicago (UIC) have published the first large-scale study of a low-tech, high-harm form of online harassment known as doxing. … “This study adds significantly to our understanding of this deeply damaging form of online abuse,” said Damon McCoy, an assistant professor of computer science and engineering at NYU Tandon.

U.S.-Led Cybersecurity Contest Gets More Global

November 7, 2017

The next generation of cybersecurity experts is vying for top honors at an annual global contest created by New York University [Tandon School of Engineering]. Ben-Gurion University of the Negev in Israel and the Grenoble Institute of Technology in France are the latest to join in the world’s biggest student-run cybersecurity event, called Cyber Security Awareness Week, or CSAW. Finals of the competition will be held at sites around the world the second week of November.

All About Bugs (of the Animal and Computer Varieties) (Podcast)

November 2, 2017

Musical crickets, crop-saving wasps — and why you should pre-bug your software. Professor Brendan Dolan-Gavitt explains to Stephen Dubner, noted author and host of the NPR program Freakonomics why he puts bugs in programs to make them more secure. [interview at 12:10]

Tracking Hackers with NLP and Machine Learning

November 2, 2017

…Cybercrime researchers and law enforcement need to broadly understand the scale and scope of the activity on these underground markets, but it takes a long time for human analysts to peruse entire forums. To expedite this process, a multi-university team of researchers including Damon McCoy, Assistant Professor of Computer Science and Engineering at NYU [Tandon School of Engineering], has developed new natural language processing tools that can be trained on forum-specific data to categorize posts and determine what products are being bought and sold for what prices.

It’s Time to Address Cybersecurity Education, Say Policymakers

November 2, 2017

… Many institutions have already ramped up their cybersecurity education frameworks, such as NYU Tandon School of Engineering’s Center for Cybersecurity, which began offering classes in the subject in 1999. Founder and professor, Nasir Memon, told Education Dive that the program provides the necessary hands-on approach to get students the training and expertise needed to get into the field. … “People [need] to get this type of experience. This will give them that training that’s not easy to give in a classroom.”

iPhone X First Look: Let’s Talk About Face ID

October 31, 2017


The iPhone X’s Face ID camera module has received a bit more press than Apple might’ve intended. The facial recognition security tech was the whiz-bang feature that caught everybody’s eye during the Tim Cook and friends keynote—and later it was repeatedly fingered as the culprit behind the long-rumored iPhone X shortages and delays. So what’s the deal with it? … Nasir Memon, chair of the New York University Tandon School of Engineering explained to Gizmodo earlier this year  that Touch ID actually takes multiple tiny photos of a person’s fingerprints.

Top Experts: Can Facebook Legally Disclose Russian Ads–What does the Stored Communications Act say?

October 30, 2017

How could the Stored Communications Act (SCA) prohibit Facebook from providing Congress with the “Russian Ads” one day, but permit it the next?

CNCF Adds Security, Service Mesh and Tracing Projects: Docker Notary, Lyft Envoy and Uber Jaeger

October 30, 2017

The Cloud Native Computing Foundation (CNCF) has announced the addition of four new hosted projects over the past month ..[including] The Update Framework (TUF) an open source specification that was written in 2009 by Professor Justin Cappos and developed further by members of the Professor Cappos’s Secure Systems Lab at NYU’s Tandon School of Engineering. This project was submitted to join the CNCF in partnership with Notary, as Notary is one of the most mature implementations of TUF.

3D Printing Gives Hackers Entirely New Ways to Wreak Havoc

October 25, 2017

Effects created from a hacked file may not materialize until some point in the future, and when they do, it may be in an entirely unpredictable manner… For example, in a recent study, New York University researchers examined two aspects of 3D printing with cybersecurity implications: printing orientation and insertion of fine defects. These tiny errors inducted by hackers could not be detected by normal monitoring and verification systems like ultrasonic imaging.

CNCF Brings In Notary, The Update Framework to Boost Container Security

October 24, 2017

The Cloud Native Computing Foundation on Oct. 24 announced that it is expanding its project roster with the addition of the Notary container trust project and The Update Framework security effort. Notary relies on TUF, which is a software development and update model that was described in detail by co-creator Justin Cappos, an assistant professor at New York University, at the DockerCon 17 conference in April. “If you have the green HTTPS padlock in your browser, it tells you the browser has a secure connection to a server,’ Cappos said. ‘It doesn’t say anything about whether the server has a valid update or know what the correct update is and whether the server itself has been compromised.”

The Cloud Native Computing Foundation adds two security projects to its open source stable

October 24, 2017

Today, the CNCF is expanding its stable with the addition of the Docker-incubated Notary and The Update Framework (TUF), which was originally developed by professor Justin Cappos and his team at NYU’s Tandon School of engineering. These are actually related projects. Notary, which can provide a layer of trust to any content, is actually an implementation of the TUF.

Cybersecurity Awareness Month Lasts All Year Long at Tandon

October 19, 2017

By developing ways to make automotive software and hardware more resistant to hacking, keep banking PINs reliably private, and a host of other important research, Tandon is always working towards a safer, more secure world. Read on to learn about what our cybersecurity experts have accomplished recently.

Popular Science Names Two Brooklyn Technologies Among Top 100 Inventions of 2017

October 19, 2017


Two new technologies born in Downtown Brooklyn made Popular Science magazine’s list of top inventions for 2017. Uptane, a cybersecurity for cars project out of NYU Tandon, and goTenna, a decentralized cell network technology were listed in the magazine’s Best of What’s New feature. … Uptane is the work of NYU Tandon professor Justin Cappos and collaborators from the University of Michigan Transportation Research Institute (UMTRI) and the Southwest Research Institute (SWRI).

The 100 greatest innovations of 2017

October 17, 2017

Don’t let nefarious coders take you for a ride. Late-model cars are basically just engines wrapped in computers. Those computers need updates, but malicious code hidden in software can leave you driving a couple tons of compromised steel. Hackers could track you, or even steer you off the road. Uptane—an open-source software protocol—checks incoming instructions for correct cryptographic signatures before accepting any downloads.[Uptane is a collaboration of NYU Tandon, the University of Michigan Transportation Research Institute (UMTRI), and the Southwest Research Institute (SwRI)]

Understanding Cyber Collateral Damage

October 11, 2017

In this article, Sasha Romanosky and Zachary Goldman address the problem of how to define “collateral damage” in the cyber realm.


October 6, 2017


October 6, 2017

Understanding China’s Crackdown on Bitcoin and ICOs

October 5, 2017

China’s crackdown on ICO’s highlights an underappreciated perspective: consumer protection

Women in Tech Tell Us How to Fix the Industry’s Gender Problem (Video)

September 28, 2017

The headlines calling out tech’s gender gap just keep coming. For women in tech who are used to sexism and discrimination, this isn’t really news. So what could fix the problem? VICE News asked women who work in tech how they’d fix the industry’s gender gap, and they pointed to three main areas for improvement: hiring, education, and retention. We spoke to women at various stages of their careers to find out which of these areas needs the biggest push. [featuring Prof. Phyllis Frankl]

Equifax CEO Richard Smith Is Out Days Before Congressional Hearing

September 26, 2017

But does Equifax have a problem retaining top talent? The great demand for cybersecurity experts at companies across the world could be one of the reasons these people moved jobs, Dr. Edward Amoroso, a distinguished research professor at New York University’s Tandon School of Engineering, said in a recent interview. Dr. Amoroso said that chief information security officer (CISO) is often viewed as an appendage to the executive team, a ‘hired gun’ that may be more likely to leave. ‘The solution is that the CEO needs to build a better, more trusting relationship with the CISO,’ said Dr. Amoroso.

Security Smarts for Smartwatches

September 22, 2017

Smartwatches have quickly gone from sci-fi to commonplace, and it’s easy to see why. … Experts are looking for ways to make smartwatch security stronger and more convenient—including locking in particular—so keep an eye out for new and easier ways to protect yourself from others getting access to the data on your smartwatch. [Articles cites publication authored by CCS researchers]

Apple’s Touch ID Is Probably Doomed, And That’s OK

September 15, 2017


When the iPhone X eventually arrives in November it will come loaded with a futuristic camera module that, if all goes right, should let you securely open your phone with little more than a glance. … “Fingerprint scanners have been around a long time,” Nasir Memon, a computer scientist with a focus on cyber security and chair of the New York University Tandon School of Engineering told Gizmodo. … According to Memon, who recently published a paper in IEEE Transactions on Information Forensics & Security based on his findings, each fingerprint creates eight to ten of these partial fingerprints, and due to the size of the sensor those partials are tiny.

NYU Tandon’s IllusionPIN Combats Shoulder-Surfing

September 8, 2017

Researchers at the NYU Tandon School of Engineering recently developed a new technology that combats shoulder-surfing, a spying technique in which personal information such as PINs, passwords and other personal data are obtained by looking over someone’s shoulder or standing next to them. … The project was headed by Tandon professor Nasir Memon, with help from doctoral candidates Toan Nguyen, Emre Durmas and Athanasios Papadopoulos, all members of the NYU Center for Cybersecurity.

New Locky Variant ‘IKARUSdilapidated’ Strikes Again

August 30, 2017

A second wave of the Locky ransomware variant called IKARUSdilapidated has been identified by security experts. … Locky is notorious for its effectiveness and profitability. Over the past two years, Locky has extorted more than $7.8 million in payments from victims, according a recent study by Google, Chainalysis, UC San Diego, and the NYU Tandon School of Engineering.

Millions That Ransomware Victims Paid Revealed

August 29, 2017

Sufferers of ransomware attacks have gave more than $25 Million in ransom money for the period of past 2 Years. This was revealed in a survey carried out by scientists from Chainalysis, Google, NYU Tandon School of Engineering, and UC San Diego. The scientists made a complete picture of the ransomware bionetwork by keeping an eye on these transactions. They then compared them with other recognized samples.

A Look into the Cybersecurity Issues of 3D Printing

August 28, 2017

3D printing is pervasive across many industries from medical to automotive to aviation to tech and more. But are there security risks associated with 3D printing? Can 3D printers be hacked? Hari Sreenivasan discusses the cybersecurity issues of 3D printing with Nikhil Gupta, Associate Professor of Mechanical Engineering at New York University.

AI Training Algorithms Susceptible to Backdoors, Manipulation

August 25, 2017

Three researchers from New York University (NYU) have published a paper this week describing a method that an attacker could use to poison deep learning-based artificial intelligence (AI) algorithms.

Researchers based their attack on a common practice in the AI community where research teams and companies alike outsource AI training operations using on-demand Machine-Learning-as-a-Service (MLaaS) platforms.

The 5 Coolest Things on Earth This Week

August 25, 2017

“IllusionPIN,” a new technology developed by researchers at New York University’s Tandon School of Engineering, can automatically shield the screen of an ATM, smartphone or other electronic device. While the user is able to clearly see the information displayed on the device, anyone more than a few feet away sees something completely different. … “Our goal was to increase the resilience of PIN authentication without straining the device or compromising user experience,” says Nasir Memon, a member of the research team.

Even Artificial Neural Networks Can Have Exploitable ‘Backdoors’

August 25, 2017


Malicious actors can design that behavior to emerge only in response to a very specific, secret signal, as in the case of Garg’s Post-it. Such “backdoors” could be a problem for companies that want to outsource work on neural networks to third parties, or build products on top of freely available neural networks available online. Both approaches have become more common as interest in machine learning grows inside and outside the tech industry. “In general it seems that no one is thinking about this issue,” says Brendan Dolan-Gavitt, an NYU professor who worked with Garg.

The Latest Use for Bitcoin? Fighting Sex Trafficking

August 25, 2017

Computer science researchers at the University of California, Berkeley have developed new tools to identify sex trafficking rings, making them easier for law enforcement to target and prosecute. Those efforts have been stymied, according to the researchers’ report, by the vast quantity of ads for sex posted to websites like, only a portion of which may point to human trafficking or sex slavery. Screening thousands of new ads every day can also take a mental toll on human workers.

Researchers Built an Invisible Backdoor to Hack AI’s Decisions

August 24, 2017

A team of NYU researchers has discovered a way to manipulate the artificial intelligence that powers self-driving cars and image recognition by installing a secret backdoor into the software…“We saw that people were increasingly outsourcing the training of these networks, and it kind of set off alarm bells for us,” Brendan Dolan-Gavitt, a professor at NYU, wrote to Quartz. “Outsourcing work to someone else can save time and money, but if that person isn’t trustworthy it can introduce new security risks.”

Worried about your PIN Password Getting Stolen? Optical Illusion Can Help

August 24, 2017

A group of researchers led by Professor Nasir Memon has come up with a unique solution that can make PIN unlocking more secure. It’s all about spatial frequency — the smartphone’s display beams two distinct layers of lock screen — one with the normal PIN-pattern code and the other one with a false PIN layout. “The underlying technology blends one image of a keyboard configuration with high spatial frequency and a second, completely different, keyboard configuration with low spatial frequency,” said the NYU University Tandon School of Engineering professor.

App keeps ‘shoulder surfers’ from spying your password

August 23, 2017

Researchers have created a smartphone application to combat “shoulder-surfing”—when someone else looks over your shoulder as you enter your phone’s password or other private digits, potentially even gleaning vital financial or personal information. … Nasir Memon, a professor of computer science and engineering at New York University’s Tandon School of Engineering, explains that the technology, called “IllusionPIN,” deploys a hybrid-image keyboard that appears one way to the close-up user and differently to an observer at a distance of three feet or greater.

The Optical Illusion That Could Protect Your Passcodes: Researchers Reveal Keypad That Looks Different If Someone Looks Over Your Shoulder

August 22, 2017

Have you ever been worried about a stranger looking at what you’re typing on your phone, or looking over your shoulder while you punch in your pin code at the ATM? … “The traditional configuration of numbers on a keypad is so familiar that it’s possible for an observer to discern a PIN or access code after several viewings of surveillance video,” said Dr Nasir Memon, a Professor of Computer Science and Engineering at NYU’s Tandon School of Engineering.

Tricking The Eye To Defeat Shoulder Surfing Attacks

August 22, 2017


Every ATM or smartphone user can attest to the discomfort of having a stranger standing close enough to observe a financial transaction — and potentially note a PIN or account number. Now researchers at the NYU Tandon School of Engineering have announced a first-of-its-kind application to combat such “shoulder-surfing,” whether in person or via a building’s video camera.

New York University Abu Dhabi Researchers Develop ‘Unhackable’ Computer Chip

August 20, 2017

Researchers at New York University Abu Dhabi said they have created an ‘unhackable’ chip to shore up the defences of computer hardware, in an age of increasing threats to individuals and companies across the globe. … Ozgur Sinanoglu, NYUAD’s associate dean of engineering for academic affairs and head of the university’s Design for Excellence lab, has previously said malicious computer components – so-called Trojans – could be physically installed in factories or manufacturing labs.

NYU Abu Dhabi develops ‘unhackable’ computer chip

August 20, 2017

Researchers at New York University Abu Dhabi’s (NYUAD) Design for Excellence (Dfx) lab have developed a new ‘logic-locked’ security chip to protect devices from the surge in cyberattacks. … Ozgur Sinanoglu, NYUAD associate dean of Engineering for Academic Affairs, associate professor of Electrical and Computer Engineering, and head of the Dfx, said in a statement on Sunday that security features, traditionally, are implemented at a software or system level.

NYUAD in Potential Computer Chip Security Breakthrough

August 20, 2017

Researchers at New York University Abu Dhabi’s (NYUAD) Design for Excellence (Dfx) lab say they have developed ‘logic-locked’ computer chips that are secured by a secret key so that only authorised users may utilise them, making them immune to reverse-engineering. … The team at NYUAD has achieved a major breakthrough by implementing security at the lowest possible level, the hardware level, said NYUAD associate dean of engineering for academic affairs, associate professor of electrical and computer engineering, and head of Dfx Ozgur Sinanoglu.

Israel is 5th Nation to Host Student Cyber Security Contest

August 17, 2017

Israel will be the fifth country to host the final rounds of the world’s biggest student-run cybersecurity competition, Cyber Security Awareness Week (CSAW), on November 16 and 17 at Ben-Gurion University of the Negev in Beersheva. CSAW was founded 14 years ago by the New York University Tandon School of Engineering and last year its final round was expanded beyond its original Brooklyn (N.Y.) location to the Middle East, North Africa and India.

New Research Could Help Reveal Who is Buying Online Trafficking Ads

August 17, 2017

A U.S. researcher says she has developed automated ways to identify links between online sex trafficking ads and the digital currency Bitcoin, techniques that may help locate children being sold for sex. … Having automated style and time stamp analyses to identify sex ads by authors and Bitcoin owners is significant, said Damon McCoy, a New York University Tandon School of Engineering assistant professor of computer science and engineering and a co-author of the research.

Locky Ransomware Returns with New IKARUSdilapidated Phishing Campaign

August 17, 2017

Comodo researchers recently uncovered a new ransomware campaign that launched on August 9, targeting tens of thousands of victims with a simple email delivering just an attachment and no text. … At Black Hat USA 2017 last month, researchers presented the results of a study by Google, Chainalysis, UC San Diego and the NYU Tandon School of Engineering, which found that 35 ransomware strains earned cybercriminals $25 million over the past two years.

Blockchain AI Researchers Link Specific Bitcoin Wallets to Sex Workers

August 16, 2017

Damon McCoy, an NYU Tandon assistant professor of computer science and engineering and one of the paper’s co-authors, explained that combining these techniques to identify sex ads by both author and Bitcoin owner represents a considerable advancement in assisting law enforcement and nonprofit organizations. “There are hundreds of thousands of these ads placed every year, and any technique that can surface commonalities between ads and potentially shed light on the owners is a big boost for those working to curb exploitation,” he said.

Follow the Bitcoin to Find Victims of Human Trafficking

August 16, 2017


A team of university researchers has devised the first automated techniques to identify ads potentially tied to human trafficking rings and link them to public information from Bitcoin — the primary payment method for online sex ads. This is the first step toward developing a suite of freely available tools to help police and nonprofit institutions identify victims of sexual exploitation, explained the computer scientists from the New York University Tandon School of Engineering; University of California, Berkeley; and University of California, San Diego.

Researchers from NYU Abu Dhabi’s Center for Cyber Security Have Developed an Unhackable Computer Chip

August 15, 2017

Landmark achievements in IT security are happening at NYU Abu Dhabi [Center for Cyber Security]. For the first time, researchers developed a computer chip with security implemented at the lowest possible level, the hardware level. “Logic-locked” chips can’t be hacked or copied, providing future users with new guarantees of security for their devices. (Video)

Google Rolls Out Important Update for Gmail on iOS – Here’s Why You Should Download It

August 14, 2017

The update fixes a major security loophole which was discovered earlier this year that allowed hackers to send users an email with a Google Doc attachment, which contained a phishing malware. … “This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party,” said Justin Cappos, a cyber security professor at NYU Tandon School of Engineering.

Fake news on agenda at IIT Kanpur’s global cyber security competition

August 7, 2017

The Indian Institute of Technology, Kanpur (IIT-K) is gearing up to host an international-level cyber security competition in collaboration with institutions based in the US, Israel and other countries…This would be the second edition of the world’s biggest student-run cyber security event, Cyber Security Awareness Week (CSAW), which was founded 14 years ago by the New York University (NYU) Tandon School of Engineering.

Trump Hotels Hacked – Again

August 7, 2017

For the third time in three years, 14 Trump properties have had security breaches exposing customer credit card information. … “It seems very negligent that this could happen a number of times,” Justin Cappos, associate professor of systems and security at New York University, told the Washington Post. “These patterns of oversight are a huge problem.”

A Participant in the Cybersecurity Summer Faculty Program Goes on to Win NSF Career Award

August 7, 2017


Qiaoyan Yu, an associate professor of electrical and computer engineering at the University of New Hampshire, recently received a prestigious National Science Foundation (NSF) CAREER Award for her development of proactive methods of defending the integrity and security of chips…“While this well-deserved accomplishment is all her own,” Ramesh Karri, a Professor of Electrical and Computer Engineering at Tandon and co-founder of NYU’s Center for Cybersecurity (CCS), explained, “we also feel a sense of pride, because the time she spent here as a participant in our Summer Faculty Research and Training Program [funded by the National Science Foundation] had a deep influence on her and helped shape the course of her future work.”

World’s Biggest Student-Led Cyber Security Games Expand to Israel

August 7, 2017


The world’s biggest student-run cyber security event will get even bigger this year: Cyber Security Awareness Week (CSAW), founded 14 years ago by the New York University Tandon School of Engineering, announced it will expand to Israel, which will become the fifth country to host the final rounds of competitions that test the skills of thousands of future cyber sleuths and protectors.

Fingerprint to Fly?

August 5, 2017

…Computers that store personal information about Delta’s customers, including fingerprints, could be hacked. And unlike a stolen password that can be changed, a fingerprint is indelible. … “With a password, you can just change it and move on with your life. You can’t do that with fingerprints,” said Nasir Memon, a professor of computer science at New York University’s Tandon School of Engineering.

A First Legislative Step in the IoT Security Battle

August 4, 2017

Despite appearances, there is some important bipartisan work afoot on Capitol Hill. On Aug. 1, Sens. Mark Warner, Cory Gardner, Ron Wyden and Steve Daines dropped the Internet of Things (IoT) Cybersecurity Improvements Act of 2017.

The State of Cyber Sanctions

August 1, 2017

In this episode, FIN Chairman Juan Zarate hosts a discussion with FIN Senior Adviser Zachary Goldman on the current state of cyber sanctions, cybercrime, and the convergence of cyber security and the anti-money laundering system.

Protecting additive manufacturing’s digital thread

August 1, 2017

According to National Transportation Safety Board (NTSB) data, counterfeit aircraft components have contributed to almost two dozen crashes since 2010…While continuously available verification enables operators and installers to weed-out illegitimate lookalike components, researchers at NYU’s Tandon School of Engineering are working on a technique to foil a 3D manufacturer or counterfeiter using stolen designs.

Turning High School Students into Cyber Sleuths

July 31, 2017

The women-only CS4CS class is part of a larger program at the Tandon school called STEMNow, which this summer is bringing more than 700 middle- and high-school students and 130 teachers to the Downtown Brooklyn campus for deep dives into the STEM subjects (science, technology, engineering and math). STEMNow puts a particular emphasis on diversity and providing hands-on research and experimentation for students whose regular schools may lack those opportunities.

How to protect the power grid from low-budget cyberattacks

July 28, 2017

Cyberattacks against power grids and other critical infrastructure systems have long been considered a threat limited to nation-states due to the sophistication and resources necessary to mount them. … Michail Maniatakos, a research professor at the NYU Tandon School of Engineering and an assistant professor of electrical and computer engineering at NYU Abu Dhabi, detailed the discovery of a security flaw in the authentication mechanism of a legacy protective relay — a component that responds to changes in flow across the grid to isolate electrical faults.

NYU Security Researchers at Black Hat Reveal How to Protect the Power Grid from Low-budget Attacks

July 27, 2017


…The researchers are part of the small and increasingly influential group of cybersecurity researchers at NYU exploring hardware trustworthiness and educating experts worldwide about their findings. Under the aegis of the NYU Center for Cybersecurity, faculty and student researchers at NYU Abu Dhabi and NYU Tandon are recognized as leaders in research on secure chip design and production, microchip camouflaging, encryption, crowd sourcing and sharing of attack and defense strategies, and improving the trustworthiness of the supply chain.

Ransomware Cost Surpasses $25 Million Mark

July 27, 2017

Companies and individuals have paid more than $25 million over the past two years to try to get their computer data back from hackers who hijacked it. This is according to new research by Google about the phenomenon….The research, conducted by Google, Chainalysis, University of California at San Diego, and New York University’s Tandon School of Engineering, was presented Wednesday at the Black Hat security conference in Las Vegas.

Russian Arrested for Allegedly Operating $4 Billion Bitcoin Crime Website

July 26, 2017

BTC-e, one of the most cryptic crypto exchanges, has been ‘under maintenance’ for a day now, which has led many of its users to express fears that the platform has been hacked. … The American newspaper quoted Damon McCoy, a New York University [Tandon School of Engineering] computer science and engineering professor, who said: “It’s hard for law enforcement to put pressure on BTC-E because it’s a Russian-operated bitcoin exchange.”

Former Homeland Security Adviser Lisa Monaco on fighting ISIS on social media

July 25, 2017

Former Homeland Security Adviser Lisa Monaco on fighting ISIS on social media.

Ransomware victims have paid out more than $25 million, Google study finds

July 25, 2017

Ransomware victims have paid more than $25 million in ransoms over the last two years, according to a study presented today by researchers at Google, Chainalysis, UC San Diego, and the NYU Tandon School of Engineering. By following those payments through the blockchain and comparing them against known samples, researchers were able to build a comprehensive picture of the ransomware ecosystem.

Google ransomware tracking finds vicious infection cycle

July 25, 2017

Ransomware surged last year, becoming a multi-million dollar business that’s so profitable it’s creating a “vicious cycle” of ever-increasing attacks, say researchers at New York University [Tandon School of Engineering] and Google who tracked the criminals’ payment networks. … The findings suggest that even though the last two large ransomware attacks, Wannacry, and Petya, did not seem to raise that much money, the criminal cyber industry in general has much to gain by exploiting users with these attacks.

Google Warns Ransomware Boom Scored Crooks $2 Million A Month

July 25, 2017


As the ransomware scourge calms down for the summer holidays, Google has taken a retrospective at that particular pesky form of cybercrime, finding it only become massively profitable in the last year and a half. … Their success, and the sudden jump in revenue, is down to their distribution via botnets, in particular one known as Necurs, said Damon McCoy, an assistant professor of computer science at New York University [Tandon School of Engineering].

Ransomware Attacks: Victims Have Paid More Than $25 Million Since 2014

July 25, 2017

Ransomware attacks have grown increasingly more common in recent years and their impact shows in the wallets of victims. Those who have fallen prey to ransomware have paid more than $25 million in ransoms since 2014, a study found. The data comes from researchers at Google; blockchain analysis firm Chainalysis; University of California, San Diego; and the NYU Tandon School of Engineering, who worked to follow cryptocurrency payments to find out just how much attackers have generated by holding files hostage.

Affiliate Roundtable: Privacy and Data Security

July 24, 2017

The collection, storage, use, and disclosure of consumer data are hot topics in the legal, regulatory, and legislative communities.

Delta Air Lines tries letting passengers use fingerprints as boarding passes

July 21, 2017


Where’s your boarding pass? Forget it. Delta Air Lines is letting some passengers board planes with just their fingerprints…“With a password, you can just change it and move on with your life. You can’t do that with fingerprints,” said Nasir Memon, a professor of computer science at New York University’s Tandon School of Engineering.

At Cybersecurity Camps, Teen Girls Learn About Protecting Nation, Breaking Barriers

July 19, 2017

Talk to the teenage girls studying cybersecurity at New York University [Tandon School of Engineering] this summer, and you’ll get an earful about their determination to protect their country, safeguard privacy, and conquer their fair share of a male-dominated field.The young women are attending one of a rising number of camps devoted to the niche field of cybersecurity.

WhatsApp Now Allows You to Share Any File Type

July 15, 2017

WhatsApp is adding a brand new feature in its latest update: the ability to share any file type. …Damon McCoy, a Computer Science and Engineering professor at the NYU Tandon School of Engineering, said that “most cellphones unless you root them will only allow you to run apps if they’re from official stores.” In regions where rooting is more common, this could potentially open up users to malware.

America’s Online Enemies

July 13, 2017

From election meddling and economic espionage to financial fraud and personal identity theft, it’s becoming clear that cybersecurity is increasingly central to every aspect of the way we live. Both state-sponsored cyber-spies and transnational organized crime groups pose urgent threats online to our nation’s critical infrastructure, our security, and our fundamental values in a democratic society. How should government, private companies, and even individuals be confronting these new threats in cyberspace?

Hackers Have Been Stealing Credit Card Numbers from Trump’s Hotels for Months

July 11, 2017


Guests at 14 Trump properties, including hotels in Washington, New York and Vancouver, have had their credit card information exposed, marking the third time in as many years that a months-long security breach has affected customers of the chain of luxury hotels. … “It seems very negligent that this could happen a number of times,” said Justin Cappos, an associate professor of systems and security at New York University [Tandon School of Engineering].

Malcolm Turnbull faces Silicon Valley fight on encryption

July 6, 2017

If Malcolm Turnbull presses forward on threats to force technology companies to better cooperate on countering terrorism — by unlocking secret encrypted messages and data belonging to suspected violent plotters — the Prime Minister can expect a heated tussle with America’s powerful Silicon Valley.

Guide to the top college and university cyber security degree programs

July 6, 2017

The shortage of cybersecurity professionals is well documented, and this lack of expertise can keep organizations from bolstering their security programs…NYU Tandon School of Engineering offers a master’s degree in cyber security, and the program is rooted in the belief that theory and research must translate into real-world solutions, says Nasir Memon, professor of computer science and engineering at Tandon.

The NotPetya Attack Was About Disruption, Not Ransom (Video)

July 5, 2017


Justin Cappos, assistant professor of computer science and engineering at the NYU Tandon School of Engineering, comments on the NotPetya “wiper” attack that hit countless computer systems across 64 countries last week. “There seems to be increasing evidence that the people who carried out this attack did not do so for monetary gain, which is usually what you try to do with something like ransomware,” he said.

Justin Cappos on Why Cars Are Not Like Computers When It Comes to Cybersecurity

July 5, 2017


Justin Cappos is a professor in the Computer Science and Engineering department at New York University [Tandon School of Engineering], where his research addresses problems in security, systems, software update systems, and virtualization…In this interview, he explores how updates and other security processes are unique to the automotive world.

Beware of Fraudsters When You Go Online

July 1, 2017

Never use the same password for all your accounts. If you can’t remember them all, try a password manager, says Justin Cappos, a professor at New York University’s engineering school…“You’re much less likely to have problems using one of these than if you write all your passwords down on sticky notes you may or may not lose,” Cappos says.

Further Update on the Threat Situation Surrounding the Petya Cyber Attack

June 28, 2017

… The original Petya ransomware that popped up last year encrypted hundreds of file types, and the new code makes some interesting choices in what it encrypts. Justin Cappos, assistant professor of security, operating systems and networks at the New York University Tandon School of Engineering, was interviewed by The Register…

Everything you need to know about the Petya, er, NotPetya nasty trashing PCs worldwide

June 28, 2017

… The original Petya ransomware that popped up last year encrypted hundreds of file types, and the new code makes some interesting choices in what it encrypts.… ‘It’s very odd,’ Justin Cappos, assistant professor of security, operating systems and networks at the New York University Tandon School of Engineering told The Register.

Pay Up or Lose Everything: What Madison Avenue Should Know About The WPP Ransom Hack

June 27, 2017

… The ransomware ground businesses to a halt for at least a day. … ‘A lot of ransomware does not do this, does not let the hackers in in the meantime, but there’s no absolute,’ said Justin Cappos, professor in the computer science and engineering department at the NYU Tandon School of Engineering

The Global Ransomware Attack Weaponized Software Updates

June 27, 2017

Ransomware attacks were nothing new, but this one had a secret weapon, a sophisticated software exploit known as EternalBlue, published by the Shadow Brokers in April and believed to have been developed by the NSA. … NYU [Tandon School of Engineering] security researcher Justin Cappos, who works on securing patching procedures as part of The Update Framework, says those underlying flaws are remarkably common.

Booted: An Analysis of a Payment Intervention on a DDoS-for-Hire Service

June 26, 2017

Ryan Brunt, Prakhar Pandey and Damon McCoy.

Distributed Denial of Service (DDoS) attacks have become a growing threat that, to a large extent, have become commoditized by DDoS-for-hire, or “booter”, services. In this case study, we analyze leaked fine-grain “ground truth” data from a larger booter service, VDoS, which earned over $597,000 over two years and launched 915,000 DDoS attacks and 48 attack years (i.e., the amount of DDoS time faced by victims of VDoS). The time period of the data includes data before and after a payment intervention, providing a rare opportunity to understand how it impacted VDoS’s operation

Software Protecting Future Cars Starts To Make Inroads

June 21, 2017

Uptane, the cyber security software developed by New York University, Southwest Research Institute, and the University of Michigan, is making inroads into the global automotive supply chain. Last week, the German company Advanced Telematic Systems (ATS) said it integrated Uptane into its connected-car products. … NYU [Tandon School of Engineering]’s Justin Cappos runs the project, and he says that the response to Uptane’s release has been surprisingly warm, but ATS’ adoption will help move the needle further.

ATS Is Integrating The Uptane Security Framework For Over-the-air Software Updates To Connected Vehicles

June 13, 2017

Features Prof. Justin Cappos

ATS Advanced Telematic Systems is the first European company integrating the Uptane security framework into its OTA solutions: OTA Plus and ATS Garage. Uptane is a joint research initiative between NYU’s Tandon School of Engineering, the Southwest Research Institute, and the University of Michigan Transport Research Center, working to develop a common standard for automotive software update security. It was designed in consultation with government regulators, OEMs, and suppliers responsible for 78% of vehicles on U.S. roads.

Following the Money Hobbled vDOS Attack-for-Hire Service

June 6, 2017

A new report proves the value of following the money in the fight against dodgy cybercrime services known as “booters” or “stressers” — virtual hired muscle that can be rented to knock nearly any website offline. … The researchers posed as buyers of nearly two dozen booter services — including vDOS — in a bid to discover the PayPal accounts that booter services were using to accept payments. In response to their investigations, PayPal began seizing booter service PayPal accounts and balances, effectively launching their own preemptive denial-of-service attacks against the payment infrastructure for these services.

[Research is by the Center for Cybersecurity’s, Professor Damon McCoy, and his graduate students Ryan Brunt and Prakhar Pandey]