Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
–HOUSE INTEL PANEL ENDING RUSSIA PROBE: The House Intelligence Committee is shutting down its contentious investigation into Russian interference in the 2016 election, the top Republican leading the probe announced on Monday. The committee will interview no more witnesses and Republicans are in the process of preparing their final report, Rep. Mike Conaway (R-Texas) told reporters. A draft of that roughly 150-page report will be delivered to committee Democrats for review on Tuesday. The draft document asserts that there is no evidence of collusion between the Trump campaign and the Russians, the most politically charged question examined by the committee. It will also contradict an official U.S. intelligence community assessment that Russian President Vladimir Putin showed a “preference” for candidate Donald Trump during the election — another assertion that has been disputed by the president. “We found no evidence of collusion,” Conaway said Monday. “We found perhaps some bad judgment, inappropriate meetings, inappropriate judgment in taking meetings — but only Tom Clancy could take this series of inadvertent contacts, meetings, whatever, and weave that into some sort of a spy thriller that could go out there.” Further, he said, “We couldn’t establish the same conclusion that the CIA did that they specifically wanted to help Trump.” The GOP report will confirm a broad-based Russian active measures campaign designed to sow discord during the 2016 election, as well as a “lackluster” pre-election response to that campaign. It will also include “how anti-Trump research made its way from Russian sources to the Clinton campaign,” an apparent reference to the controversial Trump dossier compiled in part by former British spy Christopher Steele, who was hired by the research firm Fusion GPS.
{mosads}
–WHAT’S NEXT? The announcement is unlikely to herald any bipartisan conclusion to the central questions in an investigation that for over a year has been mired in investigatory offshoots, leaks and bitter fighting between committee members. Republicans have said for months that they were ready to wind down the investigation, having found no evidence of collusion. Democrats paint a different picture, warning that Republicans are protecting the president by failing to conduct a serious investigation. Conaway said Monday that he expects Democrats to make “extensive changes” to the draft report Republicans will deliver on Tuesday. Lawmakers from both parties have long said that Democrats would likely issue their own report.
To read more from our piece, click here.
–SECURITY PANEL SIGNALS IT WILL MOVE TO BLOCK BROADCOM DEAL: The Treasury Department has told Singapore-based Broadcom that national security concerns about its proposed takeover of Qualcomm have been “confirmed,” increasing the likelihood that officials will recommend that President Trump block the deal. Broadcom’s efforts at a hostile takeover of Qualcomm are currently being investigated by the Committee on Foreign Investment in the U.S. (CFIUS), an interagency panel chaired by the Treasury Department tasked with investigating foreign deals for U.S. companies. The committee put a halt to Broadcom’s campaign last week in order to investigate the potential deal over national security concerns. In a letter to lawyers representing both companies dated Sunday, Aimen Mir, a top Treasury and CFIUS official, hinted that the interagency panel is leaning toward recommending against the deal. “That investigation has so far confirmed the national security concerns that CFIUS identified to you in its letter on March 5, 2018. That investigation is expected to close soon,” Mir wrote, asking Broadcom for additional information. Qualcomm made the letter public Monday. CFIUS is concerned that the deal would threaten the investments Qualcomm has made in areas like 5G technology, thus opening the door for other countries to surpass the U.S. in the race to establish new wireless networks. “Given well-known U.S. national security concerns about Huawei and other Chinese telecommunications companies, a shift to Chinese dominance in 5G would have substantial negative national security consequences for the United States,” CFIUS wrote in a letter to the companies’ attorneys last week. Broadcom has since been trying to reassure lawmakers and regulators that it intends to prioritize investments in 5G development and preserve U.S. leadership in the field.
To read more from our piece, click here.
–DEMS PRESS TRUMP TO EXTRADITE RUSSIANS: Top congressional Democrats are urging President Trump to “devote all available resources” to bringing 13 Russian nationals accused of meddling in the presidential election to the United States so they can stand trial. Senate Democratic Leader Charles Schumer (N.Y.), House Democratic Leader Nancy Pelosi (Calif.) and Sens. Dianne Feinstein (Calif.) and Jerrold Nadler (N.Y.) — the top Democrats on the Senate and House judiciary committees, respectively — sent a letter to Trump, saying the government “has a number of tools at its disposal” to bring the individuals to the United States. “We write to urge your administration to devote all resources available to ensure that the Russian nationals indicted for allegedly interfering with the 2016 elections are brought to justice and stand trial in the United States,” they wrote. Special counsel Robert Mueller brought charges against 13 Russian nationals and three Russian entities last month for allegedly interfering in the election. The Russians are accused of working to “sow discord” in the U.S. political system, in part through fake social media accounts. But Russian President Vladimir Putin said last month that he would “never” extradite the individuals. The Democrats in their letter said that Putin’s stance is “simply unacceptable” and knocked Trump, who has repeatedly cast doubt on the intelligence community’s assessment that Russia interfered in the election.
To read more from our piece, click here.
–JUDGE RULES VICTIMS CAN SUE YAHOO OVER BREACHES: A federal judge ruled that individuals affected by the Yahoo data breaches can sue the company. Judge Lucy Koh of the U.S. District Court for the Northern District of California on Friday ruled against a motion from Verizon, which bought some of Yahoo’s businesses, seeking to dismiss breach claims from users. Reuters first reported the ruling. Among the suits were claims alleging negligence and breach of contract. The Yahoo breaches occurred in 2013 and 2014 but were not revealed until 2016. Users argued the breach cost them money by requiring the purchase of identity-theft prevention services and that Yahoo should have disclosed the breach sooner. “Plaintiffs’ allegations are sufficient to show that they would have behaved differently had defendants disclosed the security weaknesses of the Yahoo Mail System,” Koh, who was nominated by President Obama to the bench, wrote in her decision. Yahoo believes that all 3 billion of its user accounts were affected by the 2013 breach.
To read more from our piece, click here.
A WEST WING UPDATE:
The White House official playing a major role in the Trump administration’s push to modernize the federal government’s information technology has emerged as a possible candidate to serve as President Trump’s new economic adviser.
Trump is said to be considering Chris Liddell, a former top executive at Microsoft and General Motors, to replace outgoing economic adviser Gary Cohn, The New York Times reported on Saturday.
Liddell currently serves as the White House’s director of strategic initiatives and heads up the American Technology Council within the Office of American Innovation, working closely with Trump’s son-in-law and senior adviser Jared Kushner. Liddell has been a key player in the White House’s effort to replace outdated federal IT with new, more secure technology.
Liddell was viewed as a front-runner for Trump’s new economic adviser as of the weekend, though CNBC reported Monday that Larry Kudlow was the leading candidate for the position. Trump has not yet made a final decision on the job.
A REPORT IN FOCUS:
RUSSIAN HACKERS FIND NEW TARGETS: Kaspersky Lab researchers say that a hacking group widely believed to be linked to the Russian government has been executing cyberattacks against a new set of targets in the Far East, including military, defense and diplomatic organizations, according to a new report.
The Moscow-based security firm said Friday that Sofacy, commonly known as “Fancy Bear” and “APT28,” is behind new attacks that reach outside of its usual European and NATO-tied targets.
Kaspersky Lab, which itself has come under scrutiny in Washington for alleged ties to the Russian government, says the group is now branching out to attack groups in the Middle East and Central Asia — largely government, technology, science and military-related organizations in or from Central Asia.
“Their activity in the East has been largely under-reported, but they are clearly not the only threat actor interested in this region, or even in the same targets,” Kurt Baumgartner, the principal security researcher at Kaspersky Lab, said in a statement.
Kaspersky Lab said it found certain scenarios where the cyber espionage group’s efforts clashed with other cyber predators, which at times led to “a target overlap between very different threat actors.”
For example, the researchers found that Sofacy’s malware vied for access to certain victims with other cyber espionage groups like the Russian-speaking Turla and the Chinese-speaking Danti.
“As the threat landscape grows ever more crowded and complex, we may encounter more examples of target overlap — and it could explain why many threat actors check victim systems for the presence of other intruders before fully launching their attacks, ” Baumgartner said.
Baumgartner also pointed out that their research suggests Sofacy is overall a calculating and “agile” group, which pushes back on descriptions that portrayed it as carrying out attacks in a “wild and reckless” manner.
To read more from our piece, click here.
A LIGHTER CLICK:
The premiere of Steven Spielberg’s new sci-fi flick gets off to a rocky start at SXSW in Austin. (Hollywood Reporter)
WHAT’S IN THE SPOTLIGHT:
CYBER THREATS FROM IRAN: Experts are sounding the alarm about new cyber activity from Iran, as hackers become more emboldened and skilled at carrying out surveillance operations and other attacks outside the country’s borders.
In recent years, Iran-linked hacker groups have showed signs of growing sophistication, expanding their cyber tool kits and stepping up operations against new international targets, including in the Middle East and the United States.
Iran’s growing ambitions, coupled with the geopolitical climate, have given some warning of the future threat.
“They’re good enough that they’re able to break into a lot of organizations,” said Charles Carmakal, vice president at Mandiant, a FireEye subsidiary that provides cyber incident response to government and private organizations across the globe.
“There’s definitely a lot of fear by the intelligence agencies and lots of security companies about what Iran is going to do.”
Cybersecurity professionals have detected Iranian hackers breaking into networks of defense contractors, aviation firms, oil and gas companies, technology companies and telecommunications providers.
In February, cybersecurity firm Symantec revealed that the Iran-based hacking group dubbed “Chafer” had expanded spy operations to new targets across numerous sectors in Israel, Jordan, the United Arab Emirates, Saudi Arabia and Turkey, and successfully compromised a major telecommunications provider in the Middle East.
The group also began using several new hacking tools over the past year, including leveraging the “EternalBlue” exploit reportedly stolen from the National Security Agency by another hacker group.
While Symantec has no definitive evidence linking Chafer to the Iranian government, Vikram Thakur, the firm’s security response technical director, said the group’s targets — which include companies in the aviation sector — suggest a government motivation because the information would be more valuable in the public versus private sector.
“What we’ve noticed of the overall picture that the quantity of attacks that are originating from that geography are much, much higher than seven or eight years ago,” Thakur said. “In the coming years, we’d expect Chafer as well as other cyber actors originating from Iran to continue increasing their volumes of attack as well as their list of victims.”
In many cases, Iran-linked cyber activity is limited to intelligence operations. But some groups have also shown signs of destructive capabilities.
Last September, FireEye identified a new Iranian hacking group that’s been dubbed “Advanced Persistent Threat 33,” or APT 33, that had been quietly conducting spying operations since at least 2013 against organizations in the U.S., Saudi Arabia and South Korea. The group has a particular eye toward the military, commercial aviation and energy sectors.
FireEye found evidence that APT 33 is capable of carrying out destructive attacks, linking it to a destructive “wiper” malware that can delete files.
Iran has a long history of malicious activity in cyberspace. U.S. officials suspected Iran in the 2012 cyber assault against Saudi Arabian oil giant Saudi Aramco, in which hackers used destructive malware called “Shamoon” to wipe computer networks of data and replace the files with an image of a burning U.S. flag.
A new variant of the malware resurfaced in late 2016, infiltrating other Saudi Arabian computer systems. FireEye traced the 2016 activity back to Iran, but did not attribute it to a specific threat group.
The Justice Department earlier that year indicted seven Iranians believed to have been working at the behest of Tehran’s government for conducting distributed denial of service attacks on U.S. financial institutions between 2011 and 2013, as tensions ran high over sanctions on Iran’s nuclear program.
Much of the attention in Washington has lately focused on the cyber threat from Russia, following Moscow’s interference in the 2016 presidential election.
Iran is still widely viewed by officials and cybersecurity professionals as inferior to China and Russia in terms of its capabilities. Still, experts say Iran’s hackers have notably grown more professional in a matter of years.
To read more from our piece, click here.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
Putin: Jews, Ukrainians ‘with Russian citizenship’ could be behind US election meddling. (The Hill)
OP-ED: Former CIA chief Michael Hayden: To defend against hostile nations, America needs fierce cyberpower. (The Hill)
UK prime minister: Russia was likely behind poisoning of ex-spy. (The Hill)
OP-ED: Weakening encryption is no solution to election hacking. (The Hill)
Peter Thiel’s Palantir wins a major U.S. Army software contract. (Bloomberg)
Feds arrest company CEO for selling custom encrypted phones to drug cartel. (Motherboard)
NRA sites targeted in distributed denial-of-service attacks. (Inverse)
Department of Homeland Security releases new cybersecurity research guides. (DHS)
White House official says administration is looking to take action on new cyber recommendations. (FCW)
At SXSW, Sen. Mark Warner (D-Va.) says U.S. ‘woefully unprepared’ for cyber threats. (CNN)