Overnight Cybersecurity: FBI pick says Russia probe not a ‘witch hunt’ | Massive Verizon data leak | Agencies restricted from using Russian security software

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORY:

–JUDICIARY COMMITTEE QUESTIONS TRUMP FBI NOMINEE: President Trump’s pick to lead the FBI on Wednesday repeatedly sought to reassure lawmakers that he would lead the bureau with a strict commitment to maintaining independence from the White House. Chris Wray, 50, told lawmakers that he does not believe the federal investigation into Russian election meddling is a “witch hunt,” contradicting the president’s own characterization of the probe. In calm and understated testimony before the Senate Judiciary Committee, Wray said that he would avoid one-on-one encounters with the president and that he would resign if asked to do anything unlawful. “First, I would try to talk him out of it, and if that failed, then I would resign,” he said. “Anybody who thinks I would be pulling punches as the FBI director sure doesn’t know me very well,” he said earlier.

Read more on that here.

–…WRAY NONCOMMITTAL ON ENCRYPTION: One of James Comey’s signature issues was criminals and terrorists “going dark” BY using encryption to circumvent law enforcement. Comey argued that tech firms would ultimately have to design systems law enforcement would be able to decrypt without a user’s permission so that surveillance could continue. Sen. Orrin Hatch (R-Utah) asked Wray about the issue, which Hatch noted “in candor, this is an issue that I don’t think [Comey] got quite right.” Wray responded: “[T]his is one of the most difficult issues facing the country. There is a balance obviously that has to be struck between the importance of encryption that I think we all can respect when there are so many threats to our system and the importance of giving law enforcement the tools they lawfully need to keep us all safe. I don’t know sitting here today as an outsider and nominee before this committee what the solution is, but I do know that we have to find a solution.” Experts largely agree that creating access points for law enforcement in encryption would be a tremendous security risk, creating a new doorway hackers would also be able to use.

–…WRAY HASN’T READ DONALD TRUMP JR.’S EMAILS: Though it didn’t stop senators from asking questions about an email chain released by the president’s son, Wray consistently said he had not read the emails. Wray noted he was about a day behind on the news due to meeting with senators one on one throughout the day Tuesday in advance of the hearing. The emails stirred strong emotions with senators on both sides of the aisle as they appear to show the Trump campaign met with a Russian national tied to the Kremlin to receive dirt on Hillary Clinton dug up by Russian officials.

Read more about the questions on Trump Jr.’s emails here.

–…WRAY BELIEVES RUSSIA BEHIND ELECTION MEDDLING: Though he was uncomfortable giving an opinion until he could read the classified intelligence on the matter, he said he had no reason to doubt the declassified report that Russia was behind the 2016 election hacks.

–…WRAY DOES NOT BELIEVE MUELLER INVESTIGATION IS A WITCH HUNT: And explicitly said just that. President Trump has called the special counsel probe the “single greatest witch hunt of a politician in American history.”

Read more on those remarks here.

And to recap the hearing, check out The Hill’s live blog.

A POLICY UPDATE:

DEMS TRY TO BOTTLE UP US-RUSSIA CYBER TEAM: Three House Democrats introduced a bill Wednesday prohibiting the U.S. from forming a collaborative cybersecurity initiative with Russia.

The No Cyber Cooperation with Russia Act, brought by Reps. Brandon Boyle (D-Pa.), Ted Lieu (D-Calif.) and Ruben Gallego (D-Ariz.), echoes a number of amendments to the National Defense Authorization Act that also sought to prohibit such cooperation with Russia.

“President Trump has proposed plenty of dumb ideas in his first six months in office, but a cybersecurity partnership with Russia might be the very worst,” Gallego said in a statement announcing the bill.

“Simply put, we would be inviting the fox into the hen house.”

To read the rest of our piece, click here.

A LIGHTER CLICK: 

THE CORRECT PUNCTUATION OF “DONALD TRUMP, JR.,’S” is pretty clearly not that, no matter what The New Yorker is trying to sell you.

A REPORT IN FOCUS:  

VER-AYE-YAI-YAI-ZEN: Personal data on as many as 14 million Verizon customers were publicly accessible and unsecured in June because of a third-party cloud server problem, according to a new report.

Chris Vickery, of Upguard, reported the breach after he discovered a database of Verizon customers on a cloud server account of a Verizon subcontractor in a way that could be accessed by anyone who knew where to look for it.

The cloud account, administered by the Israeli firm NICE Systems, hosted what appeared to be a daily log of Verizon accounts, Upguard reported.

The files “exposed the names, addresses, account details, and account personal identification numbers (PINs) of as many as 14 million US customers of telecommunications carrier Verizon, per analysis of the average number of accounts exposed per day in the sample that was downloaded,” according to the report.

Verizon stressed in a statement that Vickery was the only person to access the user data without authorization, and that the data has since been secured.

“We have been able to confirm that the only access to the cloud storage area by a person other than Verizon or its vendor was a researcher who brought this issue to our attention. In other words, there has been no loss or theft of Verizon or Verizon customer information,” the company said.

WHAT’S IN THE SPOTLIGHT:

–NET NEUTRALITY: Major internet companies took part Wednesday in a “Day of Action” to show their support for the Federal Communications Commission’s net neutrality rules.

On websites and social media, companies tried to rally the public and urged Republican FCC Commissioner Ajit Pai not to kill the Obama-era rules, which require internet providers to treat all web content the same.

Twitter promoted a tweet and hashtag backing net neutrality, the first time it has done so on a policy issue.

Facebook executives Mark Zuckerberg and Sheryl Sandberg penned two blog posts in support of the rules.

“Right now, the FCC has rules in place to make sure the internet continues to be an open platform for everyone,” Zuckerberg wrote. “At Facebook, we strongly support those rules. We’re also open to working with members of Congress and anyone else on laws to protect net neutrality.”

And Google’s public policy team shared a message to mobilize users as part of its “Take Action” campaign on policy issues.

The protest was organized by advocacy group Fight for the Future.

Earlier this year, Pai unveiled his plan, titled “Restoring Internet Freedom,” which took aim at the FCC’s ability to regulate broadband providers — a power that allowed the FCC to mandate net neutrality. Broadband companies like AT&T, Verizon and Comcast immediately supported the plan. But consumer advocacy groups and internet companies vowed to fight the proposal.

Net neutrality proponents argue that if internet service providers (ISPs) don’t have the FCC’s regulatory oversight keeping them from prioritizing or slowing down certain types of content, the public’s overall experience on the web could suffer.

To read the rest of our piece, click here.

–KASPERSKY LAB: The Trump administration is moving to restrict government agencies from using products produced by the Russian cybersecurity firm Kaspersky Lab.

A spokesman for the General Services Administration (GSA) told The Hill that it had “made the decision to remove Kaspersky Lab-manufactured products” from a list of outside products approved for use by government agencies that is maintained by the GSA.

As such, agencies will not be able to procure the technologies using GSA contracts.

Kaspersky Lab, which produces lauded antivirus software and has operations around the globe, has faced increased scrutiny recently over allegations of ties to Russian intelligence.

The company and its chief executive, Eugene Kaspersky, have repeatedly described the allegations as unfounded, pointing to a lack of evidence. News reports have highlighted Eugene Kaspersky’s education at a KGB-funded institute and work at a Soviet military science institute.

To read the rest of our piece, click here.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Rep. Trey Gowdy (R-S.C.) is fed up with the Trump administration’s “amnesia” about Russia. (The Hill)

Details are scarce, but there are reports intelligence agents recorded Russians talking about Trump associates as far back as 2015. (The Hill)

Senators are still looking for a fix on the Russian sanctions bill. (The Hill)

Rep. Adam Schiff (D-Calif.) wants Jared Kushner and Paul Manafort to testify. (The Hill)

A poll suggests one in four people are worried enough about election cybersecurity not to vote. (The Hill)

Russia is forcing users to sign into PornHub to discourage them from watching a non-pornographic documentary on the site about an embezzlement scandal. (Sophos)

Scientists are storing computer files in living bacteria DNA. (The Verge)

A well-known malware researcher’s advice to kids making malware: Why not be a good guy instead? (CNN)

If you’d like to receive our newsletter in your inbox, please sign up here.