Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
–HOUSE VOTES TO RENEW NSA SPYING: In a victory for the Trump administration, the House on Thursday approved legislation to renew government surveillance powers while voting down new limits on how authorities can use the information that is collected. Just a few hours before the vote, President Trump roiled the waters by sending out a tweet that appeared to contradict his own administration’s opposition to the changes, which were offered by Rep. Justin Amash (R-Mich.). That amendment failed by a vote of 233-183. ” ‘House votes on controversial FISA ACT today.’ This is the act that may have been used, with the help of the discredited and phony Dossier, to so badly surveil and abuse the Trump Campaign by the previous administration and others?” Trump tweeted. The White House had said it supported the underlying surveillance bill but strongly opposed Amash’s amendment. Trump later clarified that he “has personally directed the fix to the unmasking process since taking office and today’s vote is about foreign surveillance of foreign bad guys on foreign land.” After rejecting Amash’s amendment, the House passed an underlying bill backed by members of the House Intelligence and Judiciary committees that renewed the NSA’s warrantless surveillance program with just a few small changes. The bill, passed by a vote of 256-164, now heads to the Senate, which is expected to swiftly take up and pass the measure before the surveillance program expires on Jan. 19. Later Thursday, the Senate approved a motion to proceed on the legislation, teeing up a vote in the upper chamber next week.
–AT ISSUE IS A CONTROVERSIAL SPY PROVISION called Section 702 of the Foreign Intelligence Surveillance Act (FISA), which allows the intelligence community to spy on non-American targets outside the United States without a warrant. Privacy and civil liberties advocates have long pushed for reform of the program, raising alarm over the so-called “backdoor search loophole” that allows for data incidentally collected on Americans to be used in law enforcement investigations. It was catapulted onto the front page amidst the controversy over “unmasking.” Republicans have long speculated that former national security adviser Michael Flynn was caught up in 702 surveillance and inappropriately unmasked by Obama administration officials. That process, surveillance experts say, is not directly related to congressionally dictated 702 authorities — it’s governed by administration regulations. “There are FISA issues swirling around that have absolutely nothing to do with 702,” Rep. Mike Conaway (R-Texas) said before the vote. “Those are being used by opponents, those who want it to go dark, in a perfectly legitimate debate technique to try to muddy the waters.”
–AFTER THE HOUSE PASSED THE BILL, the White House denied any apparent contradiction in the two tweets posted by Trump ahead of the vote, insisting the president had “full understanding” of the law. The tweet seemed to contradict his own White House, which one day earlier endorsed the law in a statement. White House press secretary Sarah Huckabee Sanders repeatedly defended the president as reporters asked about whether the tweets conflicted with each other. “We don’t think there was a conflict at all. The president fully supports 702 and was happy to see that it passed the house today, but he does have some overall concern with the FISA program more generally,” she said, referring to the name of the surveillance law. “The president doesn’t feel that we have to choose between protecting American citizens and protecting their civil liberties.”
Click here for more on Trump’s tweet, here for the House vote, and here for the White House response.
A RUSSIA UPDATE:
BANNON REPORTEDLY WILL APPEAR BEFORE HOUSE INTEL NEXT WEEK: Former White House chief strategist Stephen Bannon is expected to appear before the House Intelligence Committee on Tuesday as part of its investigation into Russian interference in the 2016 election.
Reuters reported Bannon’s expected appearance before the committee Thursday hours after reports surfaced that Bannon had hired Washington lawyer Bill Burck to help him prepare for his testimony.
Bannon’s hiring of Burck is reportedly solely for the hearing and is not related to special counsel Robert Mueller’s investigation into potential ties between the Trump campaign and Russia.
Burck, a partner at the law firm Quinn Emmanuel, also represents White House counsel Don McGahn and former White House chief of staff Reince Priebus, according to Law360.
The House Intelligence Committee requested testimony from Bannon and former Trump campaign manager Corey Lewandowski last month.
Bannon, who left the White House in August, was working as Trump’s chief strategist when Trump fired former FBI Director James Comey last year.
Bannon has attracted massive scrutiny in recent days as a result of his testimony in Michael Wolff’s explosive book, “Fire and Fury,” which has spurned a series of damaging headlines for the Trump administration.
To read more, click here.
A LIGHTER CLICK:
Meet Harley, the FBI’s canine cyber genius. (The Wall Street Journal)
A REPORT IN FOCUS:
NUKES FACE CYBER THREAT: A British think tank is raising the alarm in a new report that warns nuclear weapons may face a “relatively high” risk of cyberattacks as technology becomes more advanced and hackers grow more sophisticated.
Leaving nuclear weapons systems vulnerable to cyber criminals could have dangerous consequences, including them possibly setting off the weapon during a time of crisis through data manipulation.
“There are a number of vulnerabilities and pathways through which a malicious actor may infiltrate a nuclear weapons system without a state’s knowledge,” the research released Thursday by British think tank Chatham House states.
“At times of heightened tension, cyberattacks on nuclear weapons systems could cause an escalation, which results in their use,” it continued. “Inadvertent nuclear launches could stem from an unwitting reliance on false information and data. Moreover, a system, that is compromised cannot be trusted in decision-making.”
The report notes that a system infiltrated by a malicious actor could affect a nuclear weapons system’s ability to “launch a weapon, prevent an inadvertent launch, maintain command and control of all military systems, transmit information and other communications, [and] the maintenance and reliability of such systems.”
A range of issues could compromise systems that “were first developed at a time when computer capabilities were in their infancy and little consideration was given to potential malicious cyber vulnerabilities,” according to the report.
To read the rest of our piece, click here.
WHAT’S IN THE SPOTLIGHT: RUSSIAN OLYMPIC HACKING? New evidence has emerged that hackers linked to the Russian government are targeting Olympic organizations just weeks before the start of the 2018 Winter Games in South Korea.
On Wednesday, a group calling themselves “Fancy Bears” released purported hacked emails and documents from the International Olympic Committee (IOC). The group is believed to be associated with the similarly named group Fancy Bear, the cyber-espionage group that has been linked to Russia’s military intelligence agency, the GRU.
Fancy Bear, also known as APT 28, has been implicated in the hack of the Democratic National Committee ahead of the 2016 presidential election.
The group claims that hacked information from the IOC, which has not been verified, is proof “that the Europeans and the Anglo-Saxons are fighting for power and cash in the sports world.”
Relatedly, cybersecurity firm ThreatConnect said Thursday that it had identified spoofed domains imitating the World Anti-Doping Agency, the U.S. Anti-Doping Agency, and the Olympic Council of Asia consistent with prior hacking campaigns linked to Fancy Bear.
The discovery of the domains, the firm said in a blog post, raises “the question of a broader campaign against the upcoming 2018 winter games.”
ThreatConnect said that it could not verify the legitimacy of the emails leaked by Fancy Bears, but noted that the group was likely formed to leak information generated from Fancy Bear/APT 28 operations.
The developments follow the International Olympic Committee’s decision to bar Russia’s Olympic team from the 2018 Winter Games over state-sponsored doping allegations.
Fancy Bears similarly released hacked emails in 2016 from officials at the World Anti-Doping Agency and the U.S. Anti Doping Agency.
To read the rest of our piece, click here.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
Cryptocurrencies on the rise in Iran. (The Hill)
Equifax subject of most consumer bureau complaints in all but one state, analysis shows. (The Hill)
Senate committee to hold bitcoin hearing. (The Hill)
Exclusive: Issa mulls running in neighboring district. (The Hill)
McAfee has the details on cyberattacks against North Korean defectors and journalists. (McAfee)
An Ohio state lawmaker is prepared to introduce legislation to secure elections from cyberattacks. (Cleveland.com)