Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORY:
—DEF CON DROPS ELECTION HACKING REPORT: A closely watched report on election hacking on Tuesday warned that the U.S. does not have much time to fix security vulnerabilities in voting machines discovered at the DEF CON hacker conference. “We’ve got a lot to do in a short period of time,” said Douglas Lute, former ambassador to NATO, at an Atlantic Council event releasing the report.
–…BACKGROUND: The DEF CON conference, held in late July, purchased 30 election machines for hackers to investigate. They found security problems in the machines including hardware that had been out of date for decades with known security flaws, a machine with hackable wi-fi and other vulnerable technology. The report notes potential supply chain issues with voting machines, such as components manufactured in foreign countries including China. One electronic poll book obtained by DEF CON contained personal information on 654,517 voters from Shelby County, Tennessee, from roughly 2008. The Hill was at DEF CON and filed this report at the time.
{mosads}
–…THE SECURITY PROBLEMS ARE BAD, BUT DO HAVE LIMITATIONS: There are limitations to the types of hacks described by the report. Voting machines are, at least in theory, stored offline. Many of the attacks need to be conducted in person or in close range, limiting the ease of conducting a wide-scale attack. Hackable wi-fi can be used to issue remote commands from an attacker within range. That vulnerability was only available on one machine listed in the report. At the Atlantic Council panel, Harri Hursti, who co-ran the DEF CON event, noted that there are new models of paper scanning machines with wireless modems connected to cellphone networks. While certain attacks can be conducted within the supply chain, those attacks cannot target specific elections without additional contact with the machines. But if the goal of an attacker is to reduce confidence in the election system — either creating chaos or delegitimizing the American Democracy in the eyes of the world — targeting a specific election is not as important.
To read the rest of our piece on today’s report, click here.
ALL THE KASPERSKY THAT’S FIT TO KASPERSKY:
–THE U.S SPAT WITH KASPERSKY LAB HAS SOME ROOTS IN 2015 FEDERAL SALES PITCHES: Sources tell Cyberscoop that Kaspersky Lab representatives pitched U.S. federal agencies, including the NSA and FBI, on the potential to use Kaspersky products in counter-terrorism investigations. Some officials took that pitch to mean that Kaspersky could use its products for espionage. That spurred FBI scrutiny, including interviews of employees. Russia took offense to the close look at the company – sending for a diplomatic intervention known as a démarche to ask for the U.S. to stop interfering with the company. Usually this type of communication is sent between diplomatic officials. In this case, Russia had an intelligence service, the FSB, issue it to CIA officials. “This was a clear signal from the FSB to the U.S. to get off their intelligence asset,” a senior U.S. official told CyberScoop. “If this was from the foreign ministry, that would have been different. It is extremely rare and a different message when an intelligence agency démarches you.”
–…FEUD RISKS ‘BALKANIZATION’ OF CYBERSECURITY, UPTICK IN CRIME: Reuters reports that Noboru Nakatani, executive director of Interpol’s Global Complex for Innovation, took a stand in defense of Kaspersky Lab both on and off stage during a cybersecurity conference in Moscow. “Balkanisation, especially in the cyber security community – that is happening and that needs to be corrected,” he said, later adding that while criminals worked together to share tactics in crime, the international community wads not creating an environment where the security community could do the same. “Kaspersky is fighting against cyber criminals, it is very clear. Kaspersky is working with governments and companies across the world,” he said. “We should work together.” Nakatani said the United States had provided Interpol with no information that would suggest the company was dangerous.
–…MEANWHILE, KASPERSKY KEEPS ON KEEPING ON: The company released a report today about a new family of ATM malware – ATMii.
A LIGHTER CLICK:
A MYSTERY HOLE OPENED IN ANTARCTICA. For most readers, the one in West Virginia is probably closer.
A REPORT IN FOCUS:
WHERE WE FIND OUT THE NEXT OCEAN’S ELEVEN MOVIE MIGHT NOT BE VERY EXCITING: An international organized crime syndicate has stolen at least $40 million from banks since March using a hacking scheme, according to a report released Tuesday, and has likely stolen substantially more.
“We only see the ones that come to us,” said Brian Hussey, vice president of cyber threat detection and response at the security firm Trustwave’s Spiderlabs division, which produced the report.
“Other banks may have come to other vendors or may not have noticed the theft yet.”
Trustwave has seen heists of between $3 million and $10 million from five different banks in that time frame, predominantly in post-Soviet states. The attacks have spread as far as Africa, Hussey said, and appear to be accelerating.
The heist begins with the syndicate providing dozens of impoverished collaborators fake identifications to open empty bank accounts, the report said. The group then hacks the bank and credit card processors to drastically increase overdraft protection on each account, a service allowing typically low-risk accounts to withdraw more money than is in the account without sounding alarms. Finally, the group coordinates withdrawals of between $25K and $35K from ATMs in surrounding countries.
To read the rest of our piece, click here.
WHAT’S IN THE SPOTLIGHT:
THE IDENTITIES OF PEOPLE WHO ACCESSED TRUMP PROTEST WEBSITES: A District of Columbia court has issued its final order in a case involving a federal warrant for data on an anti-Trump website, incorporating safeguards to address free speech and privacy concerns.
Chief Judge Robert E. Morin on Tuesday ordered DreamHost, a web hosting company, to turn over data to the federal government on a website used to organize Inauguration Day protests against President Trump. The final order, however, states that information on third-party users of the website must be redacted, in order to protect their identities.
Morin, of the Superior Court of D.C., initially ruled that the government could proceed with the warrant under the court’s supervision back in August, but DreamHost’s lawyers continued to object, citing First and Fourth Amendment concerns and signaled they would appeal the ruling.
The Justice Department is seeking information and data on disruptj20.org, a website used to organize the protests in January, in connection with an ongoing investigation into criminal rioting on Inauguration Day.
The original warrant generated massive attention over the summer when DreamHost said that it would amount to turning over roughly 1.3 million visitor IP addresses to the federal government.
To read the rest of our piece, click here.
A RUSSA INVESTIGATION UPDATE:
–CARTER PAGE REPORTEDLY REFUSING TO TESTIFY BEFORE SENATE: Former Trump campaign adviser Carter Page is refusing to testify before the Senate Intelligence Committee in its investigation into Russian interference in the election, Politico reported Tuesday.
Page reportedly told the committee Tuesday that he won’t cooperate with the lawmakers in their probe and plans on pleading the Fifth Amendment if he does make an appearance.
Page did not immediately return a request for comment from Politico. The committee declined to comment.
It’s unknown if the committee has formally requested that Page testify in the investigation.
Page came under scrutiny over reports he improperly communicated with Russian officials during the presidential campaign. He has repeatedly denied the allegations.
–DEVIN NUNES SIGNS OFF ON NEW BATCH OF SUBPOENAS: Rep. Devin Nunes (R-Calif.), chairman of the House Intelligence Committee, has reportedly signed off on subpoenas for the research firm that produced the controversial dossier containing unverified allegations about President Trump and Russia. Nunes issued the subpoenas on Oct. 4, asking for materials and testimony on the opposition research from Fusion GPS sometime later this month or early in November, CNN reported Tuesday.
To read the rest of our piece, click here.
–FACEBOOK EXEC TO MEET LAWMAKERS AHEAD OF TESTIMONY: Facebook’s COO Sheryl Sandberg will meet with lawmakers at the Capitol on Thursday as the company manages the fallout from revelations that Russian actors used Facebook to influence voters during the 2016 elections. Sandberg’s meetings come in advance of two Congressional hearings on Russian election interference that Facebook will testify at Nov. 1. Sandberg is slated to sit down with Congressional Black Caucus (CBC) members, a congressional source with knowledge of the meeting confirmed to The Hill. The CBC has recently put pressure on the company to provide more answers regarding Russian use of its platform.
To read the rest of our piece, click here.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
South Korea thinks North Korea hacked its military plans. (The Hill)
More U.K. citizens had data swiped from Equifax than previously thought. (The Hill)
Accenture suffered a leak in their cloud security. (The Hill)
A similar leak at a medical tech firm jeopardized 150,000 customer records. (Malwaretech)
Russia is cracking down on bitcoin, ransomware’s currency of choice. (The Hill)
Today was Ada Lovelace day, a holiday dedicated to women in STEM. Lovelace is often referred to as the first computer programmer – despite dying around a century before the first computer was actually built. (ALD)
PornHub dished out malware by accident, via malicious advertising. (Graham Cluley)
We can’t hack our way out of the North Korea mess. (Wired)
Hackers could access T-Mobile customer information with just a phone number. (Motherboard)
VTech hopes a judge will toss a breach case involving parents and children.
If you’d like to receive our newsletter in your inbox, please sign up here.