Overnight Cybersecurity: House Intel Dems draft memo countering GOP claims | Hackers release purported Olympic documents | Lawmakers demand answers on computer chip flaws
Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
–DEMS: WE HAVE OUR OWN MEMO: House Intelligence Committee Democrats said Wednesday they have their own memo to counter the claims of Republicans on the panel that law enforcement officials have abused government surveillance powers. Top Republicans on the committee, led by Chairman Devin Nunes (Calif.), have sought the release of a classified memo compiled by Nunes’s staff saying the FBI and Justice Department abused the Foreign Intelligence Surveillance Act by ordering a wiretap on a Trump campaign adviser. Rep. Adam Schiff (D-Calif.), the panel’s ranking member, now says Democrats have a memo “setting out the relevant facts and exposing the misleading character of the Republicans’ document” to clear the air. Schiff called the Republican memo “another effort to distract from the Russia probe and undermine the special counsel.” The panel would need to vote to release the Democrats’ memo.
To read more, click here.
{mosads}
–THOUSANDS OF FBI PHONES REPORTEDLY HIT BY ‘GLITCH’: Thousands of mobile phones used by the FBI were impacted by a glitch that resulted in the loss of text exchanges between bureau employees Peter Strzok and Lisa Page, Fox News reported on Wednesday. Page and Strzok, who until recently were part of special counsel Robert Mueller’s investigation into Russian interference in the 2016 election, have been under intense scrutiny from GOP lawmakers after it was revealed that they exchanged messages critical of President Trump — as well as other candidates — ahead of the 2016 election. Strzok was removed from the Russia probe last year, after the text messages were uncovered by a Justice Department inspector general investigation. But Republicans point to the messages as evidence of political bias on Mueller’s team and at the FBI. The missing messages have sparked furor among Republicans on Capitol Hill who are demanding answers as to why the bureau did not preserve those from the time period between Dec. 14, 2016, and May 7, 2017. The revelation has also triggered a Justice Department investigation. The bureau recently told the inspector general that the messages were not preserved as a result of misconfiguration issues related to software upgrades of FBI-provided Samsung 5 mobile phones that conflicted with the bureau’s archiving efforts. Fox News, citing anonymous law enforcement officials, is now reporting that the glitch affected close to 10 percent of cellphones used by bureau employees. The FBI has a workforce of more than 35,000 agents, analysts and other employees.
To read more, click here.
–HACKER GROUP RELEASES PURPORTED OLYMPIC DOCS: A group believed to be linked to Russian hackers on Wednesday claims to have released documents stolen from the International Luge Federation, the latest sign of hacking efforts targeting the 2018 Winter Games. The group, which goes by the name of “Fancy Bears’ Hack Team,” released email and other documents on its website, claiming they demonstrate violations of anti-doping rules. The information has not been independently verified. The hacker persona is believed to be connected to “Fancy Bear,” a cyber espionage group that experts have linked to Russian intelligence. Fancy Bear, also known as “Pawn Storm” or APT 28, was implicated in the 2016 Democratic National Committee (DNC) hack. The Russia-linked hackers have previously targeted Olympic organizations, leaking sensitive athlete data pilfered from the World Anti-Doping Agency in 2016, after the organization recommended that Russian athletes be banned from the 2016 games in Rio over allegations of state-sponsored doping. Russia’s Olympic team has been barred from participating in the 2018 games as a result of the controversy. The latest release comes after experts identified the International Luge Federation as one of Fancy Bear’s targets last year.
To read more, click here.
A LEGISLATIVE UPDATE:
HOUSE COMMITTEE DEMANDS ANSWERS ON PROCESSOR CHIP FLAWS: House Energy and Commerce Committee leaders are demanding answers from major technology companies affected by the Spectre and Meltdown cybersecurity flaws that leave computer chips vulnerable to hackers.
In a letter, lawmakers pressed the CEOs of Intel, Apple, Microsoft, Amazon, Google, AMD and ARM to explain the need for an “information embargo” agreement between the companies to keep information on the cybersecurity vulnerabilities from the public.
“While we acknowledge that critical vulnerabilities such as these create challenging trade-offs between disclosure and secrecy, as premature disclosure may give malicious actors time to exploit the vulnerabilities before mitigations are developed and deployed, we believe that this situation has shown the need for additional scrutiny regarding multi-party coordinated vulnerability disclosures,” the letter reads.
The letter — signed by House Energy and Commerce Committee Chairman Greg Walden (R-Ore.), Subcommittee on Oversight and Investigations Chairman Gregg Harper (R-Miss.), Subcommittee on Digital Commerce and Consumer Protection Chairman Bob Latta (R-Ohio), and Subcommittee on Communications and Technology Chairman Marsha Blackburn (R-Tenn.) — is just the latest example of lawmakers’ concern over the Spectre and Meltdown vulnerabilities.
Rep. Jerry McNerney (D-Calif.) wrote his own letter to Intel, AMD and ARM earlier in January, probing the matter as well.
Researchers have called the flaws, which were revealed early this year, some of the worst computer processor vulnerabilities to date. The Department of Homeland Security and Intel have both said they’re not aware of anyone having successfully exploited the vulnerability yet.
The companies kept Spectre and Meltdown under wraps after first discovering them over the summer in an attempt to create and issue software updates before hackers discovered and could exploit the vulnerabilities.
The companies planned to make knowledge of the cybersecurity flaw public on Jan 9, but news of the vulnerabilities was leaked to the media.
Chipmakers like AMD, Intel and ARM have since issued patches to mitigate the issue, however, some of the updates have led to hindered device performance.
To read the rest of our piece, click here.
A LIGHTER CLICK: BECAUSE … MONKEYS! (AP)
A REPORT IN FOCUS:
The Turkish hacker group that has recently appeared to infiltrate a handful of high-profile Twitter accounts also coordinated an attack against an Indian diplomat earlier this month, a cybersecurity firm found.
McAfee Advanced Threat Research and its partner SocialSafeGuard says the group known as “Ayyildiz Tim” (AYT) targeted the verified Twitter account of the Indian Ambassador to the United Nations Syed Akabaruddin on January 13, sharing pro-Pakistan and pro-Turkey messages after seizing control of the social media account.
Akabaruddin is the firm’s first identified attack. The group then appeared to begin targeting other prominent conservative personalities, including former Fox News hosts Eric Bolling and Greta Van Susteren as well as ex-Milwaukee County Sheriff David Clarke Jr.
McAfee detected a pattern to the attacks from the evidential crumbs left in their wake.
“Once the accounts were compromised, the attackers direct-messaged the account contacts with propaganda for their cause or with a link to convince them to click on a phishing site that would harvest the Twitter credentials of the victim,” the firm wrote in their report, noting that the coding included “several Turkish-language segments.”
The report warned that the hacker group could be gaining access to the Twitter accounts by sharing malicious links through other prominent Twitter accounts, warning against opening links before screening them even from known associates.
To read more from McAfee, click here.
WHAT’S IN THE SPOTLIGHT:
DAVOS: President Trump will depart Wednesday evening for Switzerland to attend the World Economic Forum (WEV) in Davos, where cybersecurity is already a hot topic of discussion.
On Wednesday, the WEF launched a new “Global Centre for Cybersecurity” which will be headquartered in Geneva.
Alois Zwinggi, the organization’s managing director, called cyber “the most pressing issue of our times” during a discussion at the forum, according to the Economic Times.
“We badly needs a platform to ward off cyber criminals. The centre will help bring all the stakeholders together in achieving that,” Zwinggi said.
“We need to collaborate with the governments as well as international organisations. To begin with, we will reach out to key industry players and G-20 countries to make this platform a success for dialogue and real-time action on cyber threats,” Zwinggi added.
Relatedly, cybersecurity company FireEye in partnership with Marsh & McLennan has released a report on cybersecurity for the C-suite focused on emerging trends in cyber and action items that executives can implement in the coming year.
FireEye’s global government chief technology officer Tony Cole is on the ground in Davos and is offering his recommendations to attendees.
Among them, Cole says that private companies and government organizations alike need to “accept the reality of a cyber breach.”
“If you have valuable assets, in all likelihood, you’re going to be breached or have already been breached and are simply unaware of it,” he told The Hill in a statement from Davos. “This goes for companies and government organizations, it’s happening to everyone around the globe.”
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
GOP feud with FBI ratchets up. (The Hill)
White House: I doubt ‘any person in America’ cares about Trump asking McCabe who he voted for. (The Hill)
AT&T urges Congress to pass ‘internet bill of rights.’ (The Hill)
Department of Defense report: Felons, people under foreign influence received security clearances. (The Hill)
OP-ED: The US is falling behind in artificial intelligence research. (The Hill)
The RNC is planning to lean on Facebook for its digital engagement. (Morning Consult)
Cyber attack on Norway’s healthcare system ‘could be biggest of its kind.’ (Digital Health)
Experts profile a new ‘hide ‘n seek’ botnet. (Bitdefender)
Google’s parent company is launching a cybersecurity company. (Financial Times)
Trade group warns that budget disagreements could hamper federal IT modernization. (FedScoop)
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.