Overnight Cybersecurity: Bipartisan bill aims to deter election interference | Russian hackers target Senate | House Intel panel subpoenas Bannon | DHS giving ‘active defense’ cyber tools to private sector

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

 

THE BIG STORIES:

–SENATORS UNVEIL BIPARTISAN PUSH TO DETER ELECTION INTERFERENCE: A pair of senators from each party is introducing legislation meant to deter foreign governments from interfering in future American elections. The bill represents the latest push on Capitol Hill to address Russia’s meddling in the 2016 presidential election and counter potential threats ahead of the 2018 midterms. Sens. Marco Rubio (R-Fla.) and Chris Van Hollen (D-Md.) on Tuesday introduced the “Defending Elections from Threats by Establishing Redlines (DETER) Act,” which lays out specific foreign actions against U.S. elections that would warrant penalties from the federal government. Van Hollen said in a statement that the bill would send “an unequivocal message to Russia and any other foreign actor who may follow its example: if you attack us, the consequences will be severe.” Congress imposed additional sanctions on Moscow for its election interference last summer. However, fears have mounted over the potential for future foreign influence efforts, which some lawmakers are seeking to address through legislation.

{mosads}

–UNDER THE BILL introduced Tuesday, it would be up to the Trump administration to decide the retaliatory measures for potential election interference by China, Iran and North Korea, and any other nation the administration singles out as a threat. The administration would be required to report to Congress within 90 days of the bill’s enactment on plans to counter potential election interference from each specific country. In the event of future interference specifically by Russia, the bill expands on penalties already imposed by the Countering America’s Adversaries Act of 2017. For instance, it mandates that the U.S. government immediately impose sanctions on Russia’s finance, energy and defense sectors. It would also blacklist senior Russian political figures or oligarchs identified under the law, preventing them from entering the United States and blocking their assets.

To read our full coverage of the bill, click here.

 

–RUSSIA-LINKED HACKERS TARGETING THE SENATE: Russian hackers from the group known as “Fancy Bear” are targeting the U.S. Senate with a new espionage campaign, according to cybersecurity firm Trend Micro. The Tokyo-based cybersecurity group said that it has discovered a chain of suspicious-looking websites set up to look like the U.S. Senate’s internal email system, and learned that the sites were being operated as part of an email-harvesting operation. The websites were reportedly set up by Fancy Bear, a group linked to Russia’s military intelligence agency, the GRU. The group has been implicated in the hack of the Democratic National Committee ahead of the 2016 presidential election. The Associated Press first reported Trend Micro’s findings on Friday. The tactic used by Fancy Bear’s hackers to obtain Senate emails is “identical” to an operation carried out against French President Emmanuel Macron during the French elections last year, which led to the publication of Macron’s campaign emails two months later. The revelation by Trend Micro prompted Sen. Ben Sasse (R-Neb.) to demand a briefing from Attorney General Jeff Sessions on the steps that the Trump administration has taken to counter Russian hackers.

To read the rest of our coverage, click here and here.

 

–HOUSE INTEL SUBPOENAS BANNON: The House Intelligence Committee on Tuesday subpoenaed former White House strategist Stephen Bannon after he declined to answer investigators’ questions in their probe into Russian interference in the election, according to multiple sources. According to one source, Bannon did not immediately comply with the subpoenas, which were for both testimony and documents. Bannon appeared to pique lawmakers when he tried to cite executive privilege to avoid answering some questions related to his work for President Trump.

“I certainly think that when the committee expects an executive privilege, when does that attach is the question that is sort of dominating the day. You know, at what time does it attach? During the transition or during the actual swearing in?” Rep. Tom Rooney (R-Fla.) told reporters. He declined to comment on the issuance of the subpoenas, first reported by Fox News’ Chad Pergram. Bannon joined the campaign in August of 2016, stayed on through the transition and left the White House in August of 2017. The move to issue a subpoena during the middle of an interview is an unusual one–and is a break from how committee lawmakers have handled other witnesses who have declined to answer certain questions.

To read the rest of our coverage, click here.

 

–BANNON REPORTEDLY SUBPOENAED IN RUSSIA PROBE: Former White House chief strategist Stephen Bannon was subpoenaed last week by special counsel Robert Mueller as part of the federal probe into Russian interference in the presidential election, The New York Times reported Tuesday. Bannon, who joined the Trump campaign in August of 2016 and left the White House almost exactly a year later, is one of the few known instances that Mueller has used a subpoena to compel information from a member of President Trump’s inner circle. Mueller previously obtained subpoenas targeting former campaign chairman Paul Manafort, who has since been charged with a slate of federal crimes, including money laundering. Mueller interviewed dozens of Trump associates in the closing months of the year, but those individuals were not served with a subpoena, according to the Times. It was not immediately clear why Bannon was treated differently. The revelation came as Bannon was appearing behind closed doors with the House Intelligence Committee to testify in that committee’s probe into possible collusion between the Trump campaign and Russia. He reportedly recently retained Bill Burck, of the law firm Quinn Emanuel. The Mueller subpoena was handed down as Bannon has been in the spotlight over comments he made to Michael Wolff, the author of a controversial new book about the Trump White House.

To read the rest of our coverage, click here and here.

 

A FEW MORE LEGISLATIVE UPDATES:

–BILL CRACKS DOWN ON CHINESE TELECOMS FIRMS: A Republican lawmaker has introduced legislation that would bar the federal government from contracting with firms that use equipment produced by Chinese telecommunications firms Huawei and ZTE, citing spying concerns.

Rep. Mike Conaway (R-Texas) announced the bill on Friday, drawing renewed attention to concerns in Congress about the firms and their relationship with the Chinese government.

“Chinese commercial technology is a vehicle for the Chinese government to spy on United States federal agencies, posing a severe national security threat,” Conaway said in a statement. “Allowing Huawei, ZTE, and other related entities access to U.S. government communications would be inviting Chinese surveillance into all aspects of our lives.”

Huawei is the largest telecommunications manufacturer in the world, its competitor ZTE following close behind. Both firms are headquartered in China.

The bill introduced last week would prohibit the federal government “from using or contracting with an entity that uses” telecommunications equipment or services from Huawei or ZTE or any of their subsidiaries. There have been previous efforts in Congress to restrict the firms’ access to the federal market.

The firms have long fought concerns in Washington that their equipment could be compromised by the Chinese government. The House Intelligence Committee issued a report in 2012 labeling Huawei and ZTE a national security threat.

To read the rest of our piece, click here.

 

–HOUSE SET TO VOTE ON ‘CYBER DIPLOMACY’ BILL: House lawmakers are scheduled to vote on a bill later this week that would restore an office within the State Department focused on cyber diplomatic efforts. The bill was introduced by House Foreign Affairs Committee Chair Ed Royce (R-Calif.) and ranking member Eliot Engel (D-N.Y.) last year after Secretary of State Rex Tillerson moved to close the department’s Office of Cybersecurity Coordinator as part of a broader reorganization of the department.

The State Department has folded its responsibilities into a bureau responsible for economic and business affairs.

Some cybersecurity experts and lawmakers have sounded alarm over the decision to close the cyber office, saying that it signals a downgrade to the department’s efforts to engage the international community on cyber policy. State Department officials have emphasized that cyber remains a top priority at the department.

 

A DMARC CLICK: 

Cybersecurity firm Agari has updated figures on the count of federal agencies that have deployed email security tool DMARC. As of Tuesday 63 percent of federal agencies had deployed the tool, which helps crack down on fraudulent emails. The new figures come a day after a deadline set by the Department of Homeland Security (DHS) for agencies and departments operating .gov domains to implement DMARC.

 

A REPORT IN FOCUS: 

RESEARCHERS IDENTIFY ANDROID SPYWARE: Kaspersky Lab on Tuesday sounded the alarm about the discovery of highly advanced surveillance software that it said can infiltrate Android mobile devices and gather “targeted” information without users’ consent.

Researchers at the Moscow-based cybersecurity firm described the spyware, named Skygofree, as a sophisticated mobile implant “designed for targeted cyber-surveillance” that can be potentially used as an “offensive security” product.

“Skygofree is a sophisticated, multi-stage spyware that gives attackers full remote control of an infected device,” the company said in a Tuesday press release.

Alexey Firsh, a malware analyst at Kaspersky Lab, said in a statement that the malware is not only hard to identify, but it also “can spy extensively on targets without arousing suspicion.”

Skygofree, which has been active since 2014, can go as far as listening in on conversations when a mobile device enters a particular location.

“It has undergone continuous development since the first version was created at the end of 2014 and it now includes the ability to eavesdrop on surrounding conversations and noise when an infected device enters a specified location — a feature that has not previously been seen in the wild,” it continued.

The spyware has a large range of sophisticated capabilities that allow it to assume control of a mobile device. Kaspersky identified “48 different commands that can be implemented by attackers, allowing for maximum flexibility of use.”

To read the rest of our piece, click here.

 

WHO’S IN THE SPOTLIGHT: 

HOMELAND SECURITY SECRETARY KIRSTJEN NIELSEN: Homeland Security Secretary Kirstjen Nielsen faced a number of cyber-related questions during an oversight hearing before the Senate Judiciary Committee on Tuesday, in addition to being grilled on President Trump’s alleged vulgar comments at a closed-door immigration meeting last week.

In particular, she told lawmakers that the Department of Homeland Security is providing tools and resources to private companies to engage in “active defense” against cyber threats, a practice that has drawn scrutiny from some legal and cybersecurity experts.

“There is wide disagreement with respect to what it means,” Nielsen said during a Senate Judiciary Committee hearing. “What it means is, we want to provide the tools and resources to the private sector to protect their systems.”

“So, if we can anticipate or we are aware of a given threat — and as you know, we’ve gone to great lengths this year to work with the [intelligence] community to also include otherwise classified information with respect to malware, botnets, other types of infections — we want to give that to the private sector so that they can proactively defend themselves before they are in fact attacked,” Nielsen explained.

Active defense measures, which fall on the spectrum between passive defense and offensive actions, can involve companies going outside their networks to disrupt attacks, identify attackers or retrieve stolen data. Companies might also use beacon technology to determine the physical location of an attacker if files are stolen.

Nielsen did not go into detail about the active defense measures that the Homeland Security Department is supporting in the private sector.

A House bill introduced by Reps. Tom Graves (R-Ga.) and Kyrsten Sinema (D-Ariz.) that would allow companies to engage in a range of active defense measures has attracted bipartisan support and triggered debate about the advantages and pitfalls of letting companies retaliate against hackers.

Nielsen also addressed questions about what the department is doing to deepen engagement with the private sector on cyber threats. She said Homeland Security is focused on tailoring threat information to specific sectors and moving towards a model that addresses critical functions of operations across critical infrastructure.

Nielsen also emphasized the need for Congress to pass legislation that would reorganize and elevate the department’s cybersecurity mission, replacing the headquarters office charged with cybersecurity and critical infrastructure protection–the National Protection and Programs Directorate (NPPD)–with an operational agency.

And in response to questions from Sen. Amy Klobuchar (D-Minn.), Nielsen said she was aware of a bill introduced in the Senate that would authorize grants for states to bolster the cybersecurity of their voting technology, in the wake of Russian interference in the 2016 presidential election.

While Nielsen did not offer an outright endorsement of the Secure Elections Act–introduced by a bipartisan group of senators including Klobuchar last month–she did say that providing states more cyber resources “makes sense” and said she looked forward to working with senators on the legislation.

To read the rest of our coverage from the hearing, click here.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

North Korean hacker group linked to cryptocurrency attacks in South Korea. (The Hill)

US to ‘carefully’ consider GM petition to test self-driving car. (The Hill)

States sue FCC over net neutrality repeal. (The Hill)

OP-ED: Equifax breach shows why companies need to act against known vulnerabilities. (The Hill)

An Indiana hospital was hit by ransomware. (FOX 59)

Canadian officials charge alleged operator of LeakedSource.com. (ZDNet)

Bitcoin price drops to lowest level since December. (CNN)

Cyber experts stumped by new ‘Triton’ malware. (CyberScoop)

Lawmakers pressed AT&T to sever ties with Huawei. (Reuters)

BSA The Software Alliance has released its 2018 policy agenda. (BSA)