Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORY:
–MUELLER REQUESTS DOCUMENTS ON CONTROVERSIAL TRUMP ACTIONS: Special counsel Robert Mueller has asked the White House to turn over documents related to some of President Trump’s most controversial actions in office, including his dismissal of former FBI Director James Comey, The New York Times reports. Citing White House officials, the Times reported that Mueller is also interested in the circumstances surrounding the dismissal of Trump’s first national security adviser, Michael Flynn, as well as an Oval Office meeting with Russian officials during which Trump reportedly said the Comey firing relieved “great pressure” on him. Mueller has also requested documents related to the White House response to media questions about a June 2016 meeting at Trump Tower between the president’s eldest son, Donald Trump Jr., and a Russian government lawyer promising dirt on Hillary Clinton. Mueller’s office reportedly sent a document detailing 13 different areas that his investigators want to know more about.
To read the rest of our piece, click here.
{mosads}
–…MANAFORT REPORTEDLY OFFERED ‘PRIVATE BRIEFINGS’ TO RUSSIAN MILLIONAIRE: President Trump’s former campaign manager Paul Manafort offered to provide “private briefings” on the 2016 race to a Russian billionaire with close ties to the Kremlin, The Washington Post reported Wednesday. Less than two weeks before Trump cinched the Republican presidential nomination, Manafort offered the briefings to an intermediary, asking that the message be relayed to Oleg Deripaska, an aluminum magnate allied with Russian President Vladimir Putin and with whom Manafort had worked in the past. “If he needs private briefings we can accommodate,” Manafort reportedly wrote in an email sent July 7, 2016. There is no evidence in the emails, which have been turned over to special counsel Robert Mueller and congressional investigators, that Deripaska received the offer or that any briefings took place. A spokeswoman for Deripaska told The Post that the email exchanges were scheming by “consultants in the notorious ‘beltway bandit’ industry.” A spokesman for Manafort, Jason Maloni, denied that any briefings ever took place and said that the offer was for what would have been a “routine” meetings on the state of the campaign.
To read the rest of our piece, click here.
–…MEANWHILE, SENATE INTEL CHIEF SAYS COMMITTEE WILL NOT BE ‘MANIPULATED’ BY TRUMP LAWYER: Senate Intelligence Committee Chairman Richard Burr (R-N.C.) on Wednesday said his panel would not allow itself to be manipulated by a personal attorney for President Trump. Longtime Trump attorney Michael Cohen angered the committee on Tuesday by releasing an opening statement to the press as he was prepared to meet with committee staff behind closed doors. The meeting was quickly canceled, and Cohen is now scheduled to offer testimony in public at a full hearing this October. “The committee is not going to be manipulated by individuals that want to put out a statement, not tell us about putting out a statement and know that whatever they say we can’t come out and refute because our investigation is behind closed doors,” Burr told reporters on Wednesday.
To read the rest of our piece, click here.
–…ALSO, RUSSIA ORGANIZED PRO-TRUMP FLASH MOBS:
Russia-linked groups attempted to organize over a dozen pro-Trump rallies around Florida during the 2016 elections, The Daily Beast reported on Wednesday. The rallies, which dozens attended, are the first known instance of Russian actors successfully organizing Americans to show up in person at events supporting President Trump. On Aug. 20, 2016, as a part of an event called “Florida Goes Trump!,” a “patriotic state-wide flash mob” happened simultaneously in 17 cities across the swing state. It’s unclear if the events happened in all of the 17 cities — Facebook has deleted the account, Being Patriotic, which organized the events. The Trump campaign’s chairwoman for Broward County tweeted about one of the rallies.
To read the rest of our piece, click here.
AN ADMINISTRATION UPDATE:
PETER THIEL OFFERED INTEL POST: Peter Thiel, a Silicon Valley venture capitalist and close ally of President Trump, has had talks to be a top intelligence adviser to the White House, according to a Vanity Fair report on Wednesday.
The magazine cited three unnamed White House officials who said that Thiel was offered the chairman post for the President’s Intelligence Advisory Board, which counsels the administration on intelligence matters.
A source told Vanity Fair the offer is now “in limbo,” while another said Trump still wants Thiel in the role.
Thiel, who co-created PayPal, also co-founded the big data company Palantir which has deep connections to intelligence and military operations.
To read the rest of our piece, click here.
A LIGHTER CLICK:
TODAY’S BEST HEADLINE: “Russia: America has ‘weaponized’ actor Morgan Freeman.“
A REPORT IN FOCUS:
IT’S ABOUT ETHICS IN RANSOMWARE: Forums for Russian cybercriminals are in an ethical quandary over whether or not ransomware is okay, according to a new report.
The firms Anomoli and Flashpoint tracked the opinions of the moderators of Russian dark net discussion boards about people using information from those forums in ransomware attacks. Ransomware disables systems or files until a victim pays a ransom.
Until recently, using the forums to make ransomware was an offense that could get someone banned. Ransomware draws substantially more attention to the tools used to infiltrate systems than other forms of hacking, and that attention often renders the techniques worthless.
But those opinions have softened. The report quotes a post from a moderator on one forum offering a more laissez faire take on what is permissible.
“There is only one rule – don’t target Russia. All other cases depend on one’s degree of perversion. Some people take grandma’s last 10k, some encrypt a corporate company and ransom [their files] for 2k, some brute-force WordPress control panels, upload shells and then send spam or host their own malware, some install skimmers,” it said.
“Everyone has their own thing.”
It is standard for Russian hacking forums to ban targeting of Russia or its surrounding allies, both out of loyalty and because crimes against far off nations are less likely to be investigated by local authorities.
In extreme cases, like when there is the potential for ransomware to cause loss of life, the hackers faced a different dilemma.
After an American hospital was struck by ransomware, a well esteemed forum member wrote, “From the bottom of my heart, I sincerely wish that the mothers of all ransomware distributors end up in the hospital, and that the computer responsible for the resuscitation machine gets infected with [the ransomware].”
But another forum member pushed back, arguing that targeting facilities which had no choice but to pay would always be the best choice. Crime, the poster reasoned, is about making money and everything else is secondary.
“[The attackers] scored. It means everything was done properly.”
WHO’S IN THE SPOTLIGHT:
EQUIFAX (STILL): Beleaguered credit agency Equifax tweeted a link to a would-be phishing site to a victim of its massive breach rather than the breach information site it intended.
The exchange happened Monday evening when a current customer of Equifax’s credit monitoring service TrustedID asked if he could cancel that subscription in exchange for the free year of TrustedID offered to victims.
“Hi! For more information about the product and enrollment, please visit: [the url of the fake site] -Tim,” tweeted Equifax from its official account.
Equifax apparently intended to send a link to equifaxsecurity2017.com, the site with information on how to sign up for TrustedID. Instead, the tweet rewrote equifaxsecurity2017 as securityequifax2017.
The securityequifax2017 web address had already been registered by security researcher Nick Sweeting, who scooped up the site to prevent a scam artist from using it to trick potential victims into entering their information, thinking they were communicating with Equifax.
To read the rest of our piece click here.
Twitter sleuths later noted that the same mistake had been made repeatedly since the breach was announced. The tweets have since been taken down.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
A group linked to Iran hacked companies in the U.S. and South Korea doing business with Saudi Arabia. (The Hill)
Amazon is ‘reviewing’ its suggestion system, after users who bought one ingredient that could be used to make a bomb were given suggestions to buy other ingredients. (The Hill)
Civil liberties advocates worry that plans to change how law enforcement acquires data on foreign servers might not do enough to protect Americans. (The Hill)
Researchers see a rise in alt-right messaging in the German elections. (The Hill)
Kaspersky, the Russia-based cybersecurity firm ousted from the United States over security fears, just signed a big deal to equip the Brazilian armed forces.
The European Union would rather not be hit with ransomware. (ZD Net).
If you’d like to receive our newsletter in your inbox, please sign up here.