Overnight Cybersecurity: Fight brews over NSA leadership | Guccifer 2.0 dumps more DNC docs

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORIES:

–TIME TO BREAK UP?: Sen. John McCain (R-Ariz.) on Tuesday vowed to oppose a reported proposal that would split up the leadership of the National Security Agency (NSA) and the U.S Cyber Command in a preview of what could be a brutal fight later this year. Currently, the NSA’s and Pentagon’s Cyber Command are led by the same individual, even though the two agencies operate under different missions. The White House has rejected efforts to break up the “dual-hatted” role in the past, but it is reportedly facing pressure from Defense Secretary Ash Carter and Director of National Intelligence James Clapper to change course before Obama leaves office early next year. If he tries, however, President Obama appears likely to run into heated opposition from Capitol Hill. “Let me be very clear: I do not believe rushing to separate the dual hat in the final months of an administration is appropriate, given the very serious challenges we face in cyberspace and the failure of this administration to develop an effective deterrence policy,” McCain, the chairman of the Senate Armed Services Committee, said during a hearing with the head of the NSA and Cyber Command, Adm. Michael Rogers. “Therefore, if a decision is prematurely made to separate NSA and Cyber Command, I will object to the confirmation of any individual nominated by the president to replace the director of the National Security Agency if that person is not also nominated to be the commander of Cyber Command.” McCain’s threat ups the ante in what appears to be a looming fight over the position. To read our full piece, click here.

{mosads}–NOT 100 PERCENT SURE: Former senior Clinton adviser Justin Cooper repeatedly professed that he could not provide specific details about the security protections in place on Hillary Clinton‘s private email server during a Tuesday congressional hearing. Pressed by lawmakers on whether the contents of the server were encrypted and required dual-factor authentication in order to gain access, Cooper deferred, saying that he was not an IT expert. “I unfortunately cannot provide you with the details of … the specific security functions on the server. I know there were security functions on the server and they evolved over time as technology evolved over time,” Cooper said during an at-times heated hearing on State Department records before the House Oversight Committee. The former senior adviser to President Bill Clinton set up Hillary Clinton’s email account on the server and registered the original clintonemail.com domain name. Cooper said that Clinton, now the Democratic nominee for president, did with “some frequency” experience failed brute-force attacks on the server, in which hackers would attempt to gain entry by repeatedly testing random combinations of usernames and passwords. “We developed systems to tamp those down,” Cooper said. He said he did not recall whether the server was encrypted and did not think that it had dual-factor authentication, sparking outrage amongst Republicans. To read our full piece, click here.

–HE’S BACK?: The hacker persona Guccifer 2.0 has released a new trove of documents reportedly stolen from the Democratic National Committee (DNC). The dump is more than 600 megabytes of information, but various reviews of the documents have yet to turn up any bombshells. The cache is primarily composed of information about Democratic donors, fundraising efforts and donor outreach. It also contains some years-old documents compiled for then-Virginia governor and DNC chair Tim Kaine, who is now Hillary Clinton’s vice presidential pick. Guccifer 2.0, who has claimed credit for the DNC hack, is widely thought to be a front for Russian intelligence agencies. Although he has claimed to be Romanian, tools used in the attack were matched to Russian intelligence agencies and, when tested, Guccifer 2.0 has struggled to speak in Romanian. Experts have questioned whether Guccifer 2.0 is even a single person. He has continued to release stolen DNC pages in fits and spurts — including some released to The Hill — since the original cache was published by WikiLeaks on the eve of the Democratic convention in July. To read our full piece, click here.

A POLICY UPDATE:

–MOVING ON UP. The House Homeland Security Committee on Tuesday advanced a bill from Reps. Jim Langevin (D-R.I.) and John Ratcliffe (R-Texas) to establish a grant program at the Department of Homeland Security (DHS) to promote cooperative research and development between the United States and Israel on cybersecurity.

The legislation grew out of a congressional delegation trip to Israel in May, which focused on key cybersecurity issues facing both countries.

A LIGHTER CLICK:

–IT’S NOT GOOGLE CHROME… it’s California Chrome. We’re a week late but a few dollars richer after this sterling performance late last month. (You can tell which one of us got to pick the Lighter Click today.)

A CONFERENCE TALK IN FOCUS:

–THE MAN BEHIND THE CURTAIN. The hacker behind recent attacks on the Democratic National Convention and Democratic Congressional Campaign Committee spoke by proxy at a London cybersecurity conference Tuesday.

Guccifer 2.0 had pre-written remarks read at the Future Of Cyber Security conference by Tim Holmes, head of the U.K. Cyber News Group.

“Hello everyone. This is Guccifer 2.0. I’m sure you know me because my name is in the conference program list,” he opened, according to an advance copy of the speech obtained by Forbes.

Guccifer 2.0 has claimed to be a lone Romanian hacker, although technical evidence points to the name being used as a cover for Russian intelligence.

At the conference, Guccifer 2.0 said hackers should not be considered the cybersecurity risk. Rather, companies that aggregate big data are the risk.

“On their way to a global progress and big money they are collecting users’ personal data, which is the same as spying on people, because many of us don’t even realize they track us online and collect our info,” Guccifer 2.0 said.

“Companies store these data making it vulnerable for leaks.”

Guccifer 2.0 went on to explain that the big data company in this case he claims was responsible was NGP VAN, the voter data aggregator used by Democratic committees and campaign. He posted a link in the PowerPoint presentation to documents he claimed were from the company.

“So, what’s the right question we should ask about cyber crime? Who hacked a system? Wrong. The right question is: Who made it possible that a system was hacked?” he said.

The security firm ThreatConnect has itemized problems with Guccifer 2.0’s NGP VAN narrative.

To read our full piece, click here.

WHO’S IN THE SPOTLIGHT:

–FANCY BEAR. The World Anti-Doping Agency (WADA) on Tuesday confirmed that it was breached by hackers believed to be the group suspected in the hack of the Democratic National Committee (DNC).

The hackers published information on star American athletes — tennis players Venus and Serena Williams, gymnast Simone Biles, and basketball player Elena Delle Donne — in an attempt to discredit their performance during the 2016 Olympic Games in Brazil.

Documents appear to include drug test results and “therapeutic use exemption” waivers that allow athletes to use otherwise banned substances for health reasons, such as to treat attention deficit hyperactivity disorder, going back several years. 

To read our full piece, click here.

A LOOK AHEAD:

WEDNESDAY

–The Senate Judiciary meets to discuss ICANN at 10 a.m.

–House Energy and Commerce offers a presentation on advanced robotics at 10:30 a.m.

THURSDAY

–The House Intelligence Committee discusses a report on Edward Snowden in a closed session at 9 a.m.

–Senate intelligence has a closed door briefing at 2 p.m.

–FedScoop’s Federal Cybersecurity Summit runs all day.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

The head of the of the Israeli National Cyber Directorate on Tuesday criticized the State Department’s strategy for developing international cybersecurity norms, calling the plans overly broad. (The Hill)

One of the companies hired to manage Hillary Clinton’s private server was warned last summer that potentially sensitive information on her machine was not protected with encryption protocols designed to thwart potential hackers, according to new emails released by Congress. (The Hill)

Three IT specialists involved with Hillary Clinton’s private email server on Tuesday refused to testify before the House Oversight Committee on deletions of some of Clinton’s emails. (The Hill)

The Senate’s top two Democrats are sending early warning signs that a push by Sen. Ted Cruz to link a fight over control of the internet to a short-term government funding bill is a non-starter. (The Hill)

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A