serisec

Category: reports

  • FBI’s 2025 Internet Crime Report

    FBI’s 2025 Internet Crime Report The 2025 Internet Crime Report was published a few weeks ago, but I only just saw it. Lots of interesting statistics. Press release. News articles. Bruce Schneier Go to bruce schneier

  • On AI Security

    On AI Security Good report: Executive Summary: Let’s say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark and call it a day? Nope, because benchmarks don’t actually work for measuring AI capabilities (even when they are NOT emergent systemic properties like security). So let’s…

  • LLMs Generate Predictable Passwords

    LLMs Generate Predictable Passwords LLMs are bad at generating passwords: There are strong noticeable patterns among these 50 passwords that can be seen easily: All of the passwords start with a letter, usually uppercase G, almost always followed by the digit 7. Character choices are highly uneven ­ for example, L , 9, m, 2,…

  • Chinese Surveillance and AI

    Chinese Surveillance and AI New report: “The Party’s AI: How China’s New AI Systems are Reshaping Human Rights.” From a summary article: China is already the world’s largest exporter of AI powered surveillance technology; new surveillance technologies and platforms developed in China are also not likely to simply stay there. By exposing the full scope…

  • The Trump Administration’s Increased Use of Social Media Surveillance

    The Trump Administration’s Increased Use of Social Media Surveillance This chilling paragraph is in a comprehensive Brookings report about the use of tech to deport people from the US: The administration has also adapted its methods of social media surveillance. Though agencies like the State Department have gathered millions of handles and monitored political discussions…

  • Friday Squid Blogging: Squid Overfishing in the Southwest Atlantic

    Friday Squid Blogging: Squid Overfishing in the Southwest Atlantic Article. Report. Bruce Schneier Go to bruce schneier

  • Use of Generative AI in Scams

    Use of Generative AI in Scams New report: “Scam GPT: GenAI and the Automation of Fraud.” This primer maps what we currently know about generative AI’s role in scams, the communities most at risk, and the broader economic and cultural shifts that are making people more willing to take risks, more vulnerable to deception, and…

  • Surveying the Global Spyware Market

    Surveying the Global Spyware Market The Atlantic Council has published its second annual report: “Mythical Beasts: Diving into the depths of the global spyware market.” Too much good detail to summarize, but here are two items: First, the authors found that the number of US-based investors in spyware has notably increased in the past year,…

  • SIGINT During World War II

    SIGINT During World War II The NSA and GCHQ have jointly published a history of World War II SIGINT: “Secret Messengers: Disseminating SIGINT in the Second World War.” This is the story of the British SLUs (Special Liaison Units) and the American SSOs (Special Security Officers). Bruce Schneier Go to bruce schneier

  • Measuring the Attack/Defense Balance

    Measuring the Attack/Defense Balance “Who’s winning on the internet, the attackers or the defenders?” I’m asked this all the time, and I can only ever give a qualitative hand-wavy answer. But Jason Healey and Tarang Jain’s latest Lawfare piece has amassed data. The essay provides the first framework for metrics about how we are all…

  • Report from the Cambridge Cybercrime Conference

    Report from the Cambridge Cybercrime Conference The Cambridge Cybercrime Conference was held on 23 June. Summaries of the presentations are here. Bruce Schneier Go to bruce schneier

  • Surveillance Used by a Drug Cartel

    Surveillance Used by a Drug Cartel Once you build a surveillance system, you can’t control who will use it: A hacker working for the Sinaloa drug cartel was able to obtain an FBI official’s phone records and use Mexico City’s surveillance cameras to help track and kill the agency’s informants in 2018, according to a…

  • Chinese-Owned VPNs

    Chinese-Owned VPNs One one my biggest worries about VPNs is the amount of trust users need to place in them, and how opaque most of them are about who owns them and what sorts of data they retain. A new study found that many commercials VPNS are (often surreptitiously) owned by Chinese companies. It would…

  • The NSA’s “Fifty Years of Mathematical Cryptanalysis (1937–1987)”

    The NSA’s “Fifty Years of Mathematical Cryptanalysis (1937–1987)” In response to a FOIA request, the NSA released “Fifty Years of Mathematical Cryptanalysis (1937-1987),” by Glenn F. Stahly, with a lot of redactions. Weirdly, this is the second time the NSA has declassified the document. John Young got a copy in 2019. This one has a…

  • NCSC Guidance on “Advanced Cryptography”

    NCSC Guidance on “Advanced Cryptography” The UK’s National Cyber Security Centre just released its white paper on “Advanced Cryptography,” which it defines as “cryptographic techniques for processing encrypted data, providing enhanced functionality over and above that provided by traditional cryptography.” It includes things like homomorphic encryption, attribute-based encryption, zero-knowledge proofs, and secure multiparty computation. It’s…

  • Report on Paragon Spyware

    Report on Paragon Spyware Citizen Lab has a new report on Paragon’s spyware: Key Findings: Introducing Paragon Solutions. Paragon Solutions was founded in Israel in 2019 and sells spyware called Graphite. The company differentiates itself by claiming it has safeguards to prevent the kinds of spyware abuses that NSO Group and other vendors are notorious…