Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
–HOUSE INTEL VOTES TO RELEASE DEM MEMO: The House Intelligence Committee on Monday voted unanimously to release a memo drafted by Democrats to rebut a GOP-crafted document alleging surveillance abuses at the Department of Justice (DOJ). The 10-page classified document now goes to President Trump, who has five days to block its release if he so chooses. It remains an open question whether he will do so. Trump on Friday declassified the Republican document, which was drafted by staff for House Intel Chairman Devin Nunes (R-Calif.). Trump claimed the memo “totally vindicates” him in the ongoing investigation into his campaign’s alleged links to Russia. The central thrust of the Nunes memo is that senior DOJ officials inappropriately relied on a piece of opposition research paid for in part by Hillary Clinton to obtain a surveillance warrant on Trump campaign aide Carter Page. It claims that without the so-called Steele dossier, no surveillance warrants would have been sought. The Democratic memo is expected to lay out a point-by-point rebuttal of the assertions in the Nunes memo and make the case that the FBI had good reason to spy on Page as part of the counterintelligence probe into the Trump campaign. To read more, click here.
{mosads}
–HACKING THREATS LOOM LARGE OVER OLYMPICS: Nation-state and criminal hackers are targeting the Winter Olympics at a rapidly increasing rate, raising fears of phishing scams, hacks and other disruptive attacks. Organizations are cracking down on security and experts are warning those attending the games set to begin in Pyeongchang, South Korea, on Feb. 9 to be on high alert. Experts are observing an uptick in phishing attacks orchestrated by run-of-the-mill cyber criminals that use the games as a hook to draw attendees and other would-be victims into scams. “It’s growing at an exponential rate,” said Paul Martini, CEO of network security company iboss. “The accessibility to technology to enable criminal activity is just easier and easier.” The Department of Homeland Security issued an alert Thursday warning travelers to the Olympics that cyber criminals could attempt to steal personally identifiable information or users’ credentials to profit financially. “There is also the possibility that mobile or other communications will be monitored,” the alert said. Additionally, there has been an increase in attempted attacks around the 2018 games themselves, some targeting participating organizations and sponsors and others within the infrastructure of the games. “Behind the scenes, there’s a significant increase in attacks around Olympic supporting systems and the games themselves,” Mark Nunnikhoven, vice president of cloud research at Trend Micro, told The Hill. Researchers at McAfee say they have identified a cyber operation that appears to be targeting South Korean organizations associated with the Olympics with spyware.
To read the rest of our piece, click here.
–CONSUMER BUREAU REPORTEDLY PUMPS BREAKS ON EQUIFAX PROBE: White House budget director and Consumer Financial Protection Bureau (CFPB) chief Mick Mulvaney has dialed back the agency’s investigation into a massive data breach at Equifax, Reuters reported Sunday. Mulvaney has not sought subpoenas or sworn testimony as part of the investigation, Reuters reported, citing three unnamed sources. The bureau has also put on hold plans to test how Equifax protects data. A CFPB spokesman told Reuters the agency is not allowed to acknowledge an open investigation. The credit reporting company was the subject of more complaints to the CFPB in 2017 than any other financial services company in all but one state and says it faces more than 240 class action lawsuits. The Federal Trade Commission is investigating the breach and could fine the company.
To read more, click here.
Senate Minority Leader Charles Schumer (D-N.Y.) blasted the agency after the report, accusing the administration of “rigging the system to benefit the most egregious corporate actors.”
“First the Trump administration gave lavish tax breaks to corporate CEOs and wealthy investors, now the Trump administration’s hand-picked saboteur is essentially handing out get out of jail free cards to Equifax executives,” Schumer said in a statement, referring to Mulvaney.
To read more, click here.
–BOOZ SCORES MASSIVE CYBER CONTRACT: The federal government has awarded Booz Allen Hamilton a massive $621 million, six-year contract to implement a Department of Homeland Security program aimed at securing federal networks from cyber threats. Booz Allen has been selected as the first prime contractor under the current phases of Homeland Security’s federal government-wide Continuous Diagnostics and Mitigation (CDM) program, which was launched in 2012 to better monitor and guard .gov networks from cyberattacks. Homeland Security has already contracted with Booz Allen and a few other firms in the early stages of CDM to begin implementing the program across 13 federal agencies and departments. The new contract extends across the next three phases of CDM and is part of a larger program called the Dynamic and Evolving Federal Enterprise Network Defense, valued at as much as $3.4 billion.
To read the rest of our piece, click here.
A TECH UPDATE:
DEM SAYS YOUTUBE AT RISK OF FOREIGN MANIPULATION: Sen. Mark Warner (Va.), the top Democrat on the Senate Intelligence Committee, is concerned that YouTube’s algorithm for recommendations could be manipulated by foreign governments. “Companies like YouTube have immense power and influence in shaping the media and content that users see,” Warner told The Guardian on Monday. “I’ve been increasingly concerned that the recommendation engine algorithms behind platforms like YouTube are, at best, intrinsically flawed in optimizing for outrageous, salacious, and often fraudulent content.”
“At worst, they can be highly susceptible to gaming and manipulation by bad actors, including foreign intelligence entities,” he noted.
Warner’s criticism follows a Guardian investigation that found YouTube’s ad algorithm had consistently pushed anti-Hillary Clinton conspiracy videos around the 2016 presidential election in its automated video recommendations.
The newspaper’s analysis found that the video streaming platform was six times as likely to push anti-Clinton content as it was anti-Donald Trump content.
YouTube challenged the Guardian’s research, saying it “strongly disagreed” with the outlet’s findings.
“It appears as if the Guardian is attempting to shoehorn research, data and their conclusions into a common narrative about the role of technology in last year’s election,” a YouTube spokesperson told the outlet. “The reality of how our systems work, however, simply doesn’t support this premise.”
Google, which owns the online video platform, has consistently downplayed the presence of Russian-led influence efforts on its platform, compared to such campaigns on Twitter and Facebook.
To read the rest of our piece, click here.
A LIGHTER CLICK:
Did your screen go dark during the Super Bowl Sunday night? No, that wasn’t your TV’s fault. (MarketWatch)
AN ALERT IN FOCUS:
FBI SAYS HACKERS IMPERSONATING INTERNET CRIME COMPLAINT CENTER: The FBI says that hackers are sending fake emails impersonating a federal hub for filing internet crime complaints to lure victims into handing over sensitive personal information or open malicious documents.
The bureau issued an alert warning of the email scam impersonating the Internet Crime Complaint Center (IC3), saying the center had received “numerous” complaints about the effort as of last July.
The IC3 is a virtual complaint desk that allows individuals to report online fraud.
“In a recent scam, the unknown actors emailed victims requesting the recipients provide additional information in order to be paid restitution,” the alert said. “In an attempt to make the emails appear legitimate, the scammers included hyperlinks of news articles which detailed the arrest or apprehension of an internet fraudster.”
“The unknown actors also attached a text document to download, complete, and return to the perpetrators,” the alert continued. “The text file contained malware which was designed to further victimize the recipient.”
The FBI also published a copy of the template used by the scammers to bait would-be victims into handing over their personal data or opening the malware-laden attachment.
The bureau said it has identified at least three other versions of the scam, one of which involved a fake social media page for IC3.
To read the rest of our piece, click here.
WHAT’S IN THE SPOTLIGHT:
Rep. Michael McCaul (R-Texas), chairman of the Homeland Security Committee, on Monday emphasized the need for the United States to address cybersecurity on a global scale, both in collaboration with allies and in an effort to protect U.S. infrastructure against malicious entities.
“We must establish closer relationships with our allies and our partners and enforce cyber commitments with other countries,” McCaul said in an address at George Washington University focusing on national security.
The Texas lawmaker endorsed a bill introduced by Rep. Ed Royce (R-Calif.), which would restore a State Department office specifically focusing on cyber diplomacy efforts. The proposal calls for the official leading the office to have the rank of ambassador.
McCaul warned that as cyberspace expands and hackers become more skilled, there are no global pacts or agreements to establish international norms and rules on the issue.
“We don’t have any norms. There are no rules of the game and that is a problem, not to mention what would happen if a NATO ally was attacked in cyberspace, would Article V be invoked in that case?” he said, referring to the centerpiece of the treaty which considers an attack on one ally an attack on all.
NATO Secretary-General Jens Stoltenberg has said that a severe cyberattack could potentially trigger the Article V commitment.
“Our adversaries both nation-state and non-state actors threaten us around the clock in cyberspace. Whether it is North Korea launching a global cyber attack crippling infrastructure, to China stealing our Nation’s valuable intellectual property, to Russia conducting misinformation warfare campaigns to sow discord among the people, to Iran attacking our financial institutions, to terrorists spreading evil propaganda over the internet, or criminals taking our financial and personal information, we are all exposed to harm,” he continued.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
Five takeaways from the Nunes surveillance memo. (The Hill)
OP-ED: Security breaches undermine cryptos, and that’s a good thing. (The Hill)
A new vulnerability is discovered in Adobe Flash Player. (SC Magazine)
Russian hacker accused of running a massive botnet is extradited to the U.S. from Spain. (Reuters)
Apple, Cisco aim to make cyber insurance more affordable for businesses. (CNBC)
Tomorrow is ‘Safer Internet Day.’ (Department of Homeland Security)
Britain’s National Cyber Security Centre releases a report on ‘active cyber defense.’ (NCSC)