Overnight Cybersecurity

Hillicon Valley: FBI chief says Russia is trying to interfere in election to undermine Biden | Treasury Dept. sanctions Iranian government-backed hackers

Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.

Welcome! Follow our cyber reporter, Maggie Miller (@magmill95), and tech reporter, Chris Mills Rodrigo (@chrisismills), for more coverage.

FBI CHIEF HAS ELECTION SECURITY CONCERNS: FBI Director Christopher Wray on Thursday said that Russian agents were trying to undermine Democratic presidential nominee Joe Biden in the lead-up to the November election.

“The intelligence community’s assessment is that Russia continues to try to influence our election, primarily through what we would call malign foreign influence,” Wray said during testimony before the House Homeland Security Committee.

“We certainly have seen very active efforts by the Russians to influence our elections in 2020 through what I would call more the malign influence side of things — social media, use of proxies, state media, online journals, etc. — in an effort to both sow divisiveness and discord … and primarily to denigrate Vice President Biden and what the Russians see as an anti-Russian establishment,” Wray added.

His comments came a month after William Evanina, director of the National Counterintelligence and Security Center, put out a public assessment warning that Russia was attempting to interfere in the 2020 elections in favor of President Trump by undermining Biden.

Evanina wrote that Russia’s efforts against Biden were “consistent with Moscow’s public criticism of him when he was vice president for his role in the Obama administration’s policies on Ukraine and its support for the anti-Putin opposition inside Russia,” and that “Kremlin-linked actors” were promoting Trump on Russian state media.

Evanina also detailed concerns about Chinese and Iranian efforts to interfere in the election, with both countries focused on undermining Trump.

Election interference concerns persist four years after Russian agents launched a sweeping and sophisticated campaign using social media platforms and hacking operations against election infrastructure, the Democratic National Committee and the Hillary Clinton campaign.

Wray told lawmakers Thursday that while the FBI had not seen widespread efforts to target election infrastructure this year, he was extremely concerned about misinformation efforts.

Read more here. 

BAD DAY FOR IRANIAN HACKERS: The Treasury Department on Thursday announced sanctions against a prolific Iranian hacking group, 45 individuals and a front group allegedly used by the Iranian government to target Iranian dissidents and other groups. 

The 45 Iranian individuals were sanctioned for assisting in Iranian government-linked efforts to target dissidents, journalists, international organizations and other foreign governments through conducting computer intrusion and malware campaigns. 

The APT39 cyber threat group and the Rana Intelligence Computing Company were sanctioned as well for their connections to Iran’s Ministry of Intelligence and Security, with Rana alleged to have served as a front company for the Iranian hackers. 

According to the Treasury Department, some of the individuals targeted by the Iranian hackers — who also included students, refugees and former government employees — were eventually arrested and subjected to physical and psychological abuse. 

“The Iranian regime uses its Intelligence Ministry as a tool to target innocent civilians and companies, and advance its destabilizing agenda around the world,” Treasury Secretary Steven Mnuchin said in a statement. “The United States is determined to counter offensive cyber campaigns designed to jeopardize security and inflict damage on the international travel sector.”

Secretary of State Mike Pompeo also expressed his support of the sanctions. 

“We will continue to expose Iran’s nefarious behavior and we will never relent in protecting our homeland and allies from Iranian hackers,” Pompeo tweeted Thursday.

In addition to the sanctions, the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency published an advisory warning of Iranian cyber targeting, detailing tools used by the hackers to enable security professionals to prepare for attempted attacks and hinder the ability of the Iranian hackers to use those tools.

Read more here. 

BAD DAY FOR IRANIAN HACKERS PT. TWO: The Justice Department on Thursday sanctioned three Iranian nationals for allegedly targeting and hacking into U.S. satellite and aerospace companies, the latest charges stemming from alleged state-sponsored hacking.

Iranian nationals Said Pourkarim Arabi, Mohammad Reza Espargham and Mohammad Bayati were indicted for allegedly working on behalf of Iran’s Islamic Revolutionary Guard Corps (IRGC), a designated terrorist organization, to target companies in the U.S. and around the world.

The defendants are accused of carrying out cyber intrusions and identity theft between 2015 and 2019. The Iranian nationals allegedly had a target list of more than 1,800 satellite technology and international government groups in the United States, Australia, Israel, Singapore and the United Kingdom.

They allegedly used social engineering techniques to steal the identities of U.S. employees at these companies in order to target other workers using malicious phishing emails that had malware viruses. U.S. authorities said the men successfully compromised networks and stole intellectual property, personal data and commercial information.

“Today’s charges allege that these individuals conspired in a coordinated campaign with known IRGC members and acted at their direction,” James Dawson, assistant director in charge of the FBI’s Washington Field Office, said in a statement Thursday. “The defendants targeted thousands of individuals in an attempt to steal critical information related to U.S. aerospace and satellite technology.”

Read more here. 

DEMS VS DHS CHIEF: House Democrats are slamming Chad Wolf for defying a subpoena for testimony, alleging a dereliction of duty by the Department of Homeland Security (DHS) chief to inform Congress and the public about threats to the U.S.

Rep. Bennie Thompson (D-Miss.), the chairman of the House Homeland Security Committee, described the absence of the acting DHS secretary from his panel’s worldwide threats hearing on Thursday as appalling.    

“As the person running the Department of Homeland Security, Mr. Wolf should be here to testify, as secretaries of Homeland Security have done before. Instead, we have an empty chair, an appropriate metaphor for the Trump administration’s dereliction on so many of these critical homeland security issues,” Thompson said at the start of the hearing.

“Regrettably, he has chosen to defy the subpoena. That he would refuse to come before the Committee after committing to do so should appall every member of this Committee,” Thompson added.

Republicans, defending Wolf, argued that the DHS chief was following the longstanding practice across multiple administrations that nominees don’t testify before Congress until after their confirmation hearing. They also noted that DHS offered the No. 2 official to testify in lieu of Wolf, but that Democrats did not agree to receive his testimony. 

Read more here. 

TWITTER SAYS UPDATE PASSWORD: Twitter announced Thursday it will order some political candidates, lawmakers and journalists to strengthen their passwords as the platform looks to allay security concerns heading into Election Day.

The platform said in a blog post that the accounts of members of the executive branch and Congress, governors and secretaries of state, various political candidates and “Major US news outlets and political journalists” will be required to have what Twitter deems to be a strong password.

Users under those categories will begin receiving in-app notifications Thursday that Twitter is turning on “password reset protection” for their account and that they will be required to strengthen their password the next time they log into the platform if their current password is considered too weak.

“Voters, political candidates, elected officials and journalists rely on Twitter every day to share and find reliable news and information about the election, and we take our responsibility to them seriously,” the social media company said in a statement. “As we learn from the experience of past security incidents and implement changes, we’re also focused on keeping high-profile accounts on Twitter safe and secure during the 2020 US election.”

Twitter also rolled out other protections it plans to implement “in the coming weeks,” including more sophisticated methods to detect suspicious activity and “increased login defenses.” 

Read more.

TWITTER APPLIES POLICY (AGAIN): Twitter added a label directing users to information about “safe and secure” mail-in voting methods to a tweet posted by President Trump Thursday morning attacking vote-by-mail. 

The social media platform said it added the label to the tweet for “making a potentially misleading statement regarding the process of mail-in voting.” 

“We’ve added a label to this Tweet for making a potentially misleading statement regarding the process of mail-in voting, and to offer more context for anyone who may see the Tweet. This action is in line with our recently-updated Civic Integrity Policy,” the company tweeted. 

Twitter’s label was added to Trump’s tweet from earlier Thursday morning. 

“The big Unsolicited Ballot States should give it up NOW, before it is too late, and ask people to go to the Polling Booths and, like always before, VOTE. Otherwise, MAYHEM!!! Solicited Ballots (absentee) are OK,” Trump tweeted. 

His tweet was seemingly in response to a segment on “Fox & Friends,” as the president tagged the program in his post. 

Twitter’s clickable-label directs users to “learn how voting by mail is safe and secure.” The link leads to a round-up of tweets about safe mail-in voting methods. 

Shortly after Trump’s tweet on mail-in voting, he attacked the social media platform over its “trending” topics. 

“Twitter makes sure that Trending on Twitter is anything bad, Fake or not, about President Donald Trump. So obvious what they are doing. Being studied now!” Trump tweeted. 

Read more.

LAWMAKERS CALL FOR AI INTEGRATION: Lawmakers on Wednesday called for expanding the use of artificial intelligence (AI) to help small businesses and the education system remain competitive in the global economy.

“The future of our competitiveness, on a global level, is dependent upon us embracing this technology,” said Rep. Brenda Lawrence (D-Mich.) at The Hill’s “Powering America’s Economy with AI” event.

Lawrence, a member of the Congressional Artificial Intelligence Caucus, told The Hill’s Steve Clemons that while AI should be promoted in schools to help build a competitive workforce, there are built-in biases in algorithms that must be addressed and removed.

Rep. Jerry McNerney (D-Calif.), co-chair of the AI Caucus, added that there must be transparency regarding data in order to prevent bias from impacting negatively any one group over another.

“It is up to [the government] to make sure that this opportunity is shared equally and grows the economy in a fair way,” he added.

In a voice vote Monday, the House passed the AI in Government Act of 2019, which would establish an AI Center of Excellence with the General Services Administration in order to promote the efforts of the federal government in developing innovative uses of AI. The center would also increase the awareness of the meaning of AI to Congress.

“We want to make sure that members of Congress and their staff are educated about what AI can do,” he said at the event sponsored by Intuit, adding that the legislation would “not only create the ability of the federal government to use AI in a responsible way, but it will also empower small businesses.”

Read more.

 

Lighter click: they got school tomorrow

An op-ed to chew on: Congress needs to prioritize government digital service delivery

NOTABLE LINKS FROM AROUND THE WEB:

Facebook Needs Trump Even More Than Trump Needs Facebook (Bloomberg / Sarah Frier and Kurt Wagner)

16 Straight Hours Inside The Alternate Reality Of Pro-Trump TV Channel OAN (HuffPost / Nick Robins-Early)

Uber and Lyft’s California Proposal Is a Mishmash of Old Ideas for Fixing the Gig Economy (OneZero / Sarah Kessler)
DoJ Still Not Sure Why It’s Mad at WeChat (Gizmodo / Shoshana Wodinsky)