Overnight Cybersecurity

Hillicon Valley: NYT says Rosenstein wanted to wear wire on Trump | Twitter bug shared some private messages | Vendor put remote-access software on voting machines | Paypal cuts ties with Infowars | Google warned senators about foreign hacks

Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley.

Welcome! Follow the cyber team, Olivia Beavers (@olivia_beavers) and Jacqueline Thomsen (@jacq_thomsen), and the tech team, Harper Neidig (@hneidig) and Ali Breland (@alibreland). And CLICK HERE to subscribe to our newsletter.

 

NOT A ROSY DAY FOR ROSENSTEIN: Deputy Attorney General Rod Rosenstein proposed secretly recording conversations in the Oval Office with President Trump last year and discussed the possibility of Cabinet officials invoking the 25th Amendment to remove the president, according to The New York Times.

The newspaper, citing people familiar with the matter, reported on Friday that Rosenstein made comments to other Justice Department officials in meetings in spring 2017 about secretly recording Trump after the president fired FBI Director James Comey in May.

{mosads}Rosenstein reportedly made the remarks to then-acting FBI Director Andrew McCabe, who detailed Rosenstein’s comments in memos, according to the unnamed sources cited by the Times.

In the discussions, Rosenstein reportedly floated the possibility of recruiting Cabinet secretaries, such as Attorney General Jeff Sessions, and White House chief of staff John Kelly behind an effort to invoke the 25th Amendment, which allows Cabinet members to remove the president by majority vote if they deem the president is unfit for office.

A Justice Department spokeswoman provided a comment to the Times from a person who was said to be present when Rosenstein reportedly suggested wearing a wire. That person, who was not named, said Rosenstein’s remark was made sarcastically.

Read more here.

 

BUT BUT BUT: Rosenstein is challenging the New York Times story.

“The New York Times’s story is inaccurate and factually incorrect,” Rosenstein said. “I will not further comment on a story based on anonymous sources who are obviously biased against the department and are advancing their own personal agenda. But let me be clear about this: Based on my personal dealings with the president, there is no basis to invoke the 25th Amendment.”

 

SLIPPING OUT OF YOUR DM’S LIKE…: Twitter told several clients including Luta Security CEO Katie Moussouris that it has “identified a bug” that sent their private direct messages (DMs) or protected tweets to Twitter developers who were “not authorized to receive them” — a disclosure that started in May 2017.

“If you interacted with an account or business on Twitter that relied on a developer using the AAAPI to provide their services… some of these interactions [were] unintentionally sent to another registered developer. In some cases this may have included certain Direct Messages,” according to a response received by Moussouris when she asked the company who had access to her DMs and which DMs they were.

“I misinterpreted it: this was worse than Twitter employees accessing then. Devs writing software using Twitter’s APIs had access (not Twitter devs, which would also be wrong). This is far worse,” Moussouris wrote on Twitter.

 

OK, IT’S BIGGER THAN WE THOUGHT: The New York Times reported earlier this year that Election Systems and Software (ES&S), the third largest election system vendor in the U.S., had installed remote access software on its election machines sold in the mid-2000s.

While the company later acknowledged that it sold “a small number” with such software installed on its systems, ES&S Vice President Kathy Rogers in a new interview with NPR revealed that 300 voting jurisdictions were sold machines with remote access software.

Security experts say such software poses a security risk and warn that hackers can exploit the machines. 

Rogers emphasized the software wasn’t installed by the company after 2007 and was never installed on machines that tabulated votes.

Read more of the NPR interview here.

 

PAYPAL CUTS OFF INFOWARS: PayPal says it will no longer do business with Infowars, the website founded by conspiracy theorist Alex Jones.  

PayPal informed Infowars of its decision in an email on Thursday, reportedly stating the company had completed a review of Infowars content and concluded that it “promoted hate and discriminatory intolerance against certain communities and religions,” which violates PayPal’s “acceptable use” policy.

Infowars had used PayPal to process transactions for its online store; the site will now have 10 days to find a new payment processor, according to its own reporting.

Facebook, YouTube, Twitter, the iOS App Store and others have banned Alex Jones and Infowars from their platforms in recent weeks.

Read more here.

 

GOOGLE EMPLOYEES DISCUSSED HOW TO COMBAT MUSLIM BAN: Following President Trump’s initial travel ban, Google employees discussed ways to alter the site’s search results to counter “biased” results and offer users ways to oppose the ban, according to internal company emails.

The Wall Street Journal reports that staffers at the company discussed ways to battle what they saw as Islamophobic and anti-immigrant bias in their platform’s search results after Trump announced the first incarnation of his controversial travel ban last year.

In the emails, employees discussed ways to alter search results to “actively counter” Google searches that produced results the staffers believed were anti-immigrant or Islamophobic. Another employee suggested a function that would connect users with organizations currently fighting the Trump administration on immigration issues.

“Overall idea: Leverage search to highlight important organizations to donate to, current news, etc. to keep people abreast of how they can help as well as the resources available for immigrations [sic] or people traveling,” that email says, according to the Journal.

Read more here.

 

GOOGLE WARNED SENATORS ABOUT FOREIGN HACKERS: Foreign government hackers targeted the personal Gmail accounts of multiple senators and Senate staffers, a Google spokesperson told CNN Thursday.

The news comes a day after Sen. Ron Wyden (D-Ore.) said in a letter to Senate leaders that a technology company informed senators and staffers that their personal accounts were hacked and that the Senate’s security office “apparently lacks the authority” to guard against the threats.

Google confirmed to The Hill that it was the technology company to which Wyden referred, but declined to say who specifically was targeted, when the attempted hacking took place or if it was successful.

Google sends “these out of an abundance of caution — the notice does not necessarily mean that the account has been compromised or that there is a widespread attack,” a Google spokesperson told The Hill. 

Read more here.

 

A LIGHTER TWITTER CLICK: In case you didn’t know what day it is.

 

AN OP-ED TO CHEW ON: Hard choices in training Americans for AI workplace of future.

 

NOTABLE LINKS FROM AROUND THE WEB:

Google forces staff to delete memo that’d reveal company was tracking search users in China. (Intercept)

Magic Leap is bidding on an Army combat contract (Bloomberg)

Alexa expands into a car accessory. (TechCrunch)

France bans smartphones in schools through 9th grade. Will it help students? (The New York Times)

Apple launches new iPhones (again). Here’s a guide. (The Wall Street Journal)

Equifax Breach: Freezing your credit is now free in all states under a new law (USA Today)