Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORY:
–SESSIONS TIMEOUT: Attorney General Jeff Sessions recused himself on Thursday from any federal investigations into Russian interference into the 2016 campaign. The decision came after it was revealed Sessions wrongly said at his confirmation hearing and in answers to written questions from Democrats that he had no contact with Russia during the campaign. Sessions in fact had met with the Russian ambassador to the U.S. twice last year. Throughout the day, Sessions found himself under fire, with Republicans urging him to recuse himself form any probes and Democrats going further by calling for him to step down entirely from the Justice Department.
–GOP SCOREBOARD: Rep. Brian Mast (R-Fla.) was the first GOP member of Congress to call for recusal, but was quickly joined by Reps. Barbara Comstock (R-Va.), Darrell Issa (R-Calif.), Carlos Curbelo (R-Fla.), Charlie Dent (R-Pa.) — a former chairman of the ethics committee, Ryan Costello (R-Pa.), Patrick Meehan (R-Pa.), Mike Coffman (R-Colo.), Martha McSally (R-Ariz.) Frank LoBiondo (R-N.J.) — a member of the House Intelligence Committee, and Raul Labrador (R-Idaho) — co-founder of the House Freedom Caucus. Sens. Susan Collins (R-Maine), Dean Heller (R-Nev.) and Rob Portman (R-Ohio) called for recusal as well. And even an ex-staffer of Sessions piled on, calling recusal a “No brainer.”
{mosads}–OTHER NOTABLES: Democrats though wanted more. House Minority Leader Nancy Pelosi last night called for Sessions to resign. Senate Minority Leader Chuck Schumer (D-N.Y.) followed suit on Thursday, joined by Sens. Cory Booker (D-N.J.), Bernie Sanders (I-Vt.), and Elizabeth Warren (D-Mass.). The ACLU requested that the FBI investigate Sessions for perjury.
–ON THE OTHER HAND, PRESIDENT TRUMP: Trump, earlier in the day, argued the Sessions should not recuse himself, claiming he had “total” confidence in his AG.
–THE LATEST: Follow The Hill’s live blog for the latest on the controversy.
AN INVESTIGATION UPDATE:
HOUSE INTEL INVESTIGATION GOALS SET: The top lawmakers on the House Intelligence Committee have set the parameters for their investigation into Russia’s interference in the U.S. election, which will include potential contacts between President Trump’s campaign and Moscow, as well as U.S. intelligence leaks.
Chairman Devin Nunes (R-Calif.) and ranking member Adam Schiff (D-Calif.) released a summary of the investigation’s goals Wednesday evening.
The main questions they’ll focus on are:
“What Russian cyber activity and other active measures were directed against the United States and its allies?
“Did the Russian active measures include links between Russia and individuals associated with political campaigns or any other U.S. Persons?
“What was the U.S. Government’s response to these Russian active measures and what do we need to do to protect ourselves and our allies in the future?
“What possible leaks of classified information took place related to the Intelligence Community Assessment of these matters?”
On Monday, Nunes made clear that the investigation would probe leaks from the intelligence community that led to former national security adviser Michael Flynn’s resignation. Anonymous officials told news outlets that Flynn had addressed the issue of sanctions with the Russian ambassador on a call in December and had misled top White House officials, including Vice President Pence, about the conversation.
But Trump and Nunes have both said that the threat of leaks is a bigger risk than Flynn’s alleged overreach.
“We can’t run a government like this,” Nunes said.
Nunes went on to say he had seen no evidence validating allegations that the Trump campaign had regular contact with Russian officials, a conclusion Schiff called “premature” later that day.
“We haven’t obtained any of the evidence yet, so it’s premature for us to be saying we’ve reached any conclusion about the issue of collusion,” he said, noting that the investigation had neither gathered evidence nor formally called witnesses.
To read the rest of our piece, click here.
A LIGHTER CLICK:
METAL BAND OR CYBER THREAT? Overnight Cyber scored 11/12 on a quiz from Kaspersky. Not listed (but still pretty metal): Sandworm, Venom, Necurs, MyDoom, ILUVYOU. Test yourself.
A REPORT IN FOCUS:
S3 HAD SOME ‘SPLAINING TO DO: Hundreds of thousands of web services were knocked offline or slowed yesterday due to what Amazon describes as an employee error.
Amazon’s S3 cloud hosting service — and the large swath of websites and apps run off the S3 platform — were hobbled Wednesday, leading to consternation across the internet. The site explained the outage in a Thursday statement as the result of an employee trying to fix a billing server that had slowed.
“Unfortunately, one of the inputs to the command was entered incorrectly and a larger set of servers was removed than intended,” said Amazon.
The Amazon service is popular, by some estimates serving at least 40 percent of the public cloud services market. When it faltered, services like Slack and Venmo were knocked offline and websites that relied on S3 for hosting struggled to update.
To read the rest of our piece, click here.
FIVE PIECES OF LEGISLATION!
Lots of cyber legislation added to the pipeline.
THE STATE CYBER RESILIENCY ACT:
On Thursday, Reps. Barbara Comstock (R-Va.) and Derek Kilmer (D-Wash.), along with Sens. Cory Gardner (R-Colo.) and Mark Warner (D-Va.), introduced the State Cyber Resiliency Act, which would fund Federal Emergency Management Agency–administered grants for cybersecurity planning and implementation.
“Despite the velocity of the threat, 80% of states lack funding to develop sufficient cybersecurity,” said Warner in a press release announcing the bill.
THE STATE AND LOCAL CYBER PROTECTION ACT:
Sens. Gary Peters (D-Mich.) and David Perdue (R-Ga.) on Thursday announced that they have reintroduced the State and Local Cyber Protection Act, which would bolster cybersecurity cooperation between the Department of Homeland Security and state and local governments.
Dozens of states asked federal officials for help securing their voting systems from cyberattacks ahead of the November elections, following reports that election databases in Arizona and Illinois had suffered breaches.
The legislation would require the Department of Homeland Security’s National Cybersecurity and Communications Integration Center to provide help and training, upon request, to state, local and tribal governments on thwarting and responding to cyber threats.
House Democrats on Thursday introduced a slew of bills aimed at making the Federal Communications Commission (FCC) strengthen cybersecurity policies.
The three bills being pushed by the minority members of the House Energy and Commerce Committee would require the FCC to adopt rules to protect communications networks, set up an interagency panel to handle cybersecurity investigations and require Internet of Things devices to have certified cybersecurity standards.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
A Democratic senator thinks that Russia’s election hacking may have been an ‘act of war.’ (The Hill)
The former NSA director says agencies are too ‘stove piped’ to be effective in cybersecurity (The Hill)
Graham calls on the FBI to say if it’s probing the Trump campaign’s connection to Russia. (The Hill).
Senate Intel chairman: “I trust Jeff Sessions.” (The Hill)
Not a repeat: 32 million Yahoo accounts were hacked over the past two years thanks to forged cookies. (The Hill).
Kaspersky Lab released free decryption software for Dharma ransomware. (Threatpost)
The next big thing might be self-destructing mobile devices, in case of theft or employment with the Impossible Missions Force. (ZDNet).
A Norwegian news site is blocking comments unless users first take a quiz on the article to show they read it. (Nieman Lab)
Trump administration backs renewal of the Foreign Intelligence Surveillance Act without reforms, official says. (Reuters)
A Slack bug let hackers into accounts. (ZDNet).
If you’d like to receive our newsletter in your inbox, please sign up here.