Essays

“How to Cut Down on Ransomware Attacks Without Banning Bitcoin,” Slate, June 17, 2021.

“Hacked Drones and Busted Logistics Are the Cyber Future of Warfare,” Brookings TechStream, June 05, 2021.

“Russia’s Hacking Success Shows How Vulnerable the Cloud Is,” Foreign Policy, May 24, 2021.

“‘Grassroots’ Bot Campaigns Are Coming. Governments Don’t Have a Plan to Stop Them.,” The Washington Post, May 20, 2021.

“Hackers Used to Be Humans. Soon, AIs Will Hack Humanity,” Wired, April 19, 2021.

“Bitcoin’s Greatest Feature Is Also Its Existential Threat,” Wired, March 09, 2021.

“Illuminating SolarStorm: Implications for National Strategy and Policy,” Aspen Institute, March 04, 2021.

“Why Was SolarWinds So Vulnerable to a Hack?,” The New York Times, February 23, 2021.

“The Government Will Guard Biden’s Peloton from Hackers. What About the Rest of Us?,” The Washington Post, February 02, 2021.

“The Solarwinds Hack Is Stunning. Here’s What Should Be Done,” CNN, January 05, 2021.

“The US Has Suffered a Massive Cyberbreach. It’s Hard to Overstate How Bad It Is,” The Guardian, December 24, 2020.

“The Peril of Persuasion in the Big Tech Age,” Foreign Policy, December 11, 2020.

“What Makes Trump’s Subversion Efforts So Alarming? His Collaborators,” New York Times, November 23, 2020.

News

“The Coming AI Hackers. How Will They Put Society At Risk?,” Cybercrime Magazine, June 15, 2021.

“The Coming AI Hackers,” Exponential View, June 09, 2021.

“The Next Phase in Cyber Warfare,” The Red Line, May 16, 2021.

“When AI Becomes the Hacker,” Dark Reading, May 13, 2021.

“Hacking Is a Task AI Will Excel at (And We Are Not Far from That Point),” ZDNet, May 06, 2021.

“Bruce Schneier Wants You to Make Software Better,” IEEE Spectrum, April 28, 2021.

“Data, Surveillance & Internet Security with Bruce Schneier,” CSINT Conversations, March 03, 2021.

“Artificial Intelligence in Politics,” Unpublished Cafe, February 19, 2021.

“Cybersecurity: Same Threats, New Challenges,” Forbes, January 19, 2021.

“Bruce Schneier on Technology Security, Social Media, and Regulation,” GrowthPolicy, January 13, 2021.

“Firewalls Don’t Stop Dragons Podcast,” Firewalls Don't Stop Dragons, December 28, 2020.

“The Hack by Russia Is Huge. Here’s Why It Matters.,” MPR News, December 28, 2020.

“Review of Data and Goliath (German),” Nerdhalla, December 27, 2020.

“The Most Consequential Cyber-Attack in History Just Happened. What Now?,” LA Times, December 24, 2020.

“AshbrookLIVE #14 - Bruce Schneier,” AshbrookLIVE, December 24, 2020.

“Full Disclosure with Bruce Schneier,” BarCode, December 20, 2020.

“How Your Digital Footprint Makes You the Product,” TechSequences, December 16, 2020.

“Hack in the Box Security Conference Keynote Interview,” Hack In The Box Security Conference, December 03, 2020.

“Election Security: Securing the Vote While Securing the System,” The Legal Edition, November 19, 2020.

“#ISC2Congress: Modern Security Pros Are Much More than Technologists, Says Bruce Schneier,” Infosecurity, November 18, 2020.

Crypto-Gram

June 15, 2021:

Is 85% of US Critical Infrastructure in Private Hands?, Adding a Russian Keyboard to Protect against Ransomware, Apple Censorship and Surveillance in China, Bizarro Banking Trojan, Double-Encrypting Ransomware, AIs and Fake Comments, New Disk Wiping Malware Targets Israel, The Story of the 2011 RSA Hack, The Misaligned Incentives for Cloud Security, Security Vulnerability in Apple’s Silicon "M1" Chip, The DarkSide Ransomware Gang, Security and Human Behavior (SHB) 2021, The Supreme Court Narrowed the CFAA, Vulnerabilities in Weapons Systems, Information Flows and Democracy, Detecting Deepfake Picture Editing, FBI/AFP-Run Encrypted Phone, TikTok Can Now Collect Biometric Data, Upcoming Speaking Engagements

May 15, 2021:

DNI’s Annual Threat Assessment, NSA Discloses Vulnerabilities in Microsoft Exchange, Cybersecurity Experts to Follow on Twitter, Details on the Unlocking of the San Bernardino Terrorist’s iPhone, Biden Administration Imposes Sanctions on Russia for SolarWinds, Backdoor Found in Codecov Bash Uploader, On North Korea’s Cyberattack Capabilities, When AIs Start Hacking, Security Vulnerabilities in Cellebrite, Identifying People Through Lack of Cell Phone Use, Serious MacOS Vulnerability Patched, Identifying the Person Behind Bitcoin Fog, Tesla Remotely Hacked from a Drone, New Spectre-Like Attacks, The Story of Colossus, Teaching Cybersecurity to Children, Newly Declassified NSA Document on Cryptography in the 1970s, Ransomware Shuts Down US Pipeline, AI Security Risk Assessment Tool, New US Executive Order on Cybersecurity, Ransomware Is Getting Ugly, Upcoming Speaking Engagements

April 15, 2021:

Security Analysis of Apple’s "Find My..." Protocol, On the Insecurity of ES&S Voting Machines’ Hash Code, Illegal Content and the Blockchain, Exploiting Spectre Over the Internet, Easy SMS Hijacking, Details of a Computer Banking Scam, Accellion Supply Chain Hack, Determining Key Shape from Sound, Hacking Weapons Systems, System Update: New Android Malware, Fugitive Identified on YouTube By His Distinctive Tattoos, Malware Hidden in Call of Duty Cheating Software, Wi-Fi Devices as Physical Object Sensors, Phone Cloning Scam, Signal Adds Cryptocurrency Support, Google’s Project Zero Finds a Nation-State Zero-Day Operation, Backdoor Added -- But Found -- in PHP, More Biden Cybersecurity Nominations, The FBI Is Now Securing Networks Without Their Owners’ Permission, Upcoming Speaking Engagements

March 15, 2021:

On Vulnerability-Adjacent Vulnerabilities, Deliberately Playing Copyrighted Music to Avoid Being Live-Streamed, US Cyber Command Valentine’s Day Cryptography Puzzles, Malicious Barcode Scanner App, Browser Tracking Using Favicons, Virginia Data Privacy Law, WEIS 2021 Call for Papers, Router Security, GPS Vulnerabilities, Dependency Confusion: Another Supply-Chain Vulnerability, Twelve-Year-Old Vulnerability Found in Windows Defender, On Chinese-Owned Technology Platforms, The Problem with Treating Data as a Commodity, National Security Risks of Late-Stage Capitalism, Mysterious Macintosh Malware, Encoded Message in the Perseverance Mars Lander’s Parachute, Chinese Hackers Stole an NSA Windows Exploit in 2014, Four Microsoft Exchange Zero-Days Exploited by China, Threat Model Humor, No, RSA Is Not Broken, Hacking Digitally Signed PDF Files, On Not Fixing Old Vulnerabilities, More on the Chinese Zero-Day Microsoft Exchange Hack, Fast Random Bit Generation, Metadata Left in Security Agency PDFs, Upcoming Speaking Engagements

February 15, 2021:

Cell Phone Location Privacy, Injecting a Backdoor into SolarWinds Orion, Sophisticated Watering Hole Attack, SVR Attacks on Microsoft 365, Insider Attack on Home Surveillance Systems, Massive Brazilian Data Breach, Dutch Insider Attack on COVID-19 Data, Police Have Disrupted the Emotet Botnet, New iMessage Security Features, Including Hackers in NATO Wargames, Georgia’s Ballot-Marking Devices, More SolarWinds News, Another SolarWinds Orion Hack, Presidential Cybersecurity and Pelotons, NoxPlayer Android Emulator Supply-Chain Attack, SonicWall Zero-Day, Web Credit Card Skimmer Steals Data from Another Credit Card Skimmer, Ransomware Profitability, Attack against Florida Water Treatment Facility, Medieval Security Techniques, Chinese Supply-Chain Attack on Computer Systems

January 15, 2021:

Another Massive Russian Hack of US Government Networks, How the SolarWinds Hackers Bypassed Duo’s Multi-Factor Authentication, Zodiac Killer Cipher Solved, Mexican Drug Cartels with High-Tech Spyware, More on the SolarWinds Breach, US Schools Are Buying Cell Phone Unlocking Systems, NSA on Authentication Hacks (Related to SolarWinds Breach), Eavesdropping on Phone Taps from Voice Assistants, Investigating the Navalny Poisoning, How China Uses Stolen US Personnel Data, Russia’s SolarWinds Attack, On the Evolution of Ransomware, Brexit Deal Mandates Old Insecure Crypto Algorithms, Amazon Has Trucks Filled with Hard Drives and an Armed Guard, Military Cryptanalytics, Part III, Latest on the SVR’s SolarWinds Hack, Backdoor in Zyxel Firewalls and Gateways, Extracting Personal Information from Large Language Models Like GPT-2, Russia’s SolarWinds Attack and Software Security, APT Horoscope, Changes in WhatsApp’s Privacy Policy, Cloning Google Titan 2FA keys, On US Capitol Security -- By Someone Who Manages Arena-Rock-Concert Security, Finding the Location of Telegram Users, Upcoming Speaking Engagements, Click Here to Kill Everybody Sale

December 15, 2020:

On Blockchain Voting, Michael Ellis as NSA General Counsel, The US Military Buys Commercial Location Data, Symantec Reports on Cicada APT Attacks against Japan, Indistinguishability Obfuscation, More on the Security of the 2020 US Election, On That Dusseldorf Hospital Ransomware Attack and the Resultant Death, Cyber Public Health, Undermining Democracy, Check Washing, Manipulating Systems Using Remote Lasers, Impressive iPhone Exploit, Open Source Does Not Equal Secure, Enigma Machine Recovered from the Baltic Sea, The 2020 Workshop on Economics and Information Security (WEIS), Hiding Malware in Social Media Buttons, Oblivious DNS-over-HTTPS, FireEye Hacked, Finnish Data Theft and Extortion, A Cybersecurity Policy Agenda, Authentication Failure, Upcoming Speaking Engagements, Should There Be Limits on Persuasive Technologies?

November 15, 2020:

2020 Workshop on Economics of Information Security, US Cyber Command and Microsoft Are Both Disrupting TrickBot, Split-Second Phantom Images Fool Autopilots, Cybersecurity Visuals, NSA Advisory on Chinese Government Hacking, New Report on Police Decryption Capabilities, IMSI-Catchers from Canada, Reverse-Engineering the Redactions in the Ghislaine Maxwell Deposition, The NSA is Refusing to Disclose its Policy on Backdooring Commercial Products, Tracking Users on Waze, The Legal Risks of Security Research, New Windows Zero-Day, Determining What Video Conference Participants Are Typing from Watching Shoulder Movements, California Proposition 24 Passes, Detecting Phishing Emails, 2020 Was a Secure Election, The Security Failures of Online Exam Proctoring, "Privacy Nutrition Labels" in Apple’s App Store, New Zealand Election Fraud, Inrupt’s Solid Announcement, Upcoming Speaking Engagements