Overnight Cybersecurity: Lawmakers grill Trump officials over Kaspersky threat | Trump camp distances itself from data firm | What we know about Bad Rabbit | Conservative groups back data privacy bill

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

 

THE BIG STORY:

–HOUSE HOLDS KASPERSKY HEARING: Lawmakers are pressing the Trump administration for more information on its effort to crack down on the use of software produced by Moscow-based Kaspersky Lab in the wake of reports that Russian hackers exploited the cybersecurity firm’s anti-virus product to steal U.S. spy secrets. The issue took center stage Wednesday at the first in a series of House hearings focused on the company, with lawmakers grilling current and former U.S. officials on the potential risks that Kaspersky anti-virus software poses to federal information systems. Members of the House Science, Space and Technology Committee seized on recent media reports that Russian spies exploited Kaspersky software in order to gain access to top-secret files held on the personal computer of a National Security Agency (NSA) contractor in 2015. “New revelations regarding cyber espionage continue to surface,” remarked Chairman Lamar Smith (R-Texas), promising that future hearings would allow lawmakers an opportunity “to uncover all aspects of Kaspersky Lab.” Kaspersky sells anti-virus software to roughly 400 million customers around the world and also produces acclaimed cybersecurity threat research, most recently identifying details about a new variant of ransomware called Bad Rabbit that has been spreading in Ukraine and Russia. However, the company has attracted scrutiny on Capitol Hill in recent months amid heightened fears over Russia’s interference in the 2016 presidential election.

To read the rest of our piece, click here.

–…MEANWHILE, KASPERSKY RELEASES IT’S OWN REPORT ON ROLE IN ESPIONAGE: Kaspersky Lab released a preliminary report on its investigation into charges of espionage Wednesday. Kaspersky’s investigation claims there is a fairly mundane reason its antivirus software discovered NSA malware on a contractor’s compute. Simply put, because its designed to hunt for viruses. Kaspersky and all modern antivirus programs protect against known government threats in addition to criminal ones. The NSA contractor, said the report, possessed malware the lab was already familiar with, leading the program to upload related suspicious files to its system for investigation. The same process would have been followed by any antivirus program. “The investigation confirmed that Kaspersky Lab has never created any detection of non-weaponized (non-malicious) documents in its products based on keywords like ‘top secret’ and ‘classified,’ ” the report said. According to the report, the user ran a deep scan of his computer after Kaspersky Lab downloaded malware-laced software designed to pirate Microsoft Office.

To read the rest of our piece, click here.

–TRUMP CAMPAIGN DISTANCES ITSELF FROM DATA FIRM: The Trump campaign operation appeared to distance itself from data mining firm Cambridge Analytica on Wednesday, following a report that its leader said he sought contact with Julian Assange over Hillary Clinton’s emails.

Trump campaign aide Michael Glassner said in a statement that the 2016 campaign relied on the Republican National Committee and its data experts “as our main source for data analytics.” Glassner added, “any claims that voter data from any other source played a key role in the victory are false.” The Daily Beast reported earlier Wednesday that Alexander Nix, the CEO of Cambridge Analytica, wrote in an email to a third party that he tried to contact WikiLeaks founder Julian Assange about the private emails that Clinton had deleted from her home-brewed server that she used during her work at the State Department.

To read the rest of our piece, click here.

 

A LEGISLATIVE UPDATE:

CONSERVATIVE GROUPS BACK DATA BILL: A coalition of right-leaning groups is pressing Congress to act on legislation that would create a new legal framework that allows law enforcement to access U.S. electronic communications held on servers abroad.

The bipartisan bill, called the International Communications Privacy Act (ICPA), has been introduced by Reps. Doug Collins (R-Ga.) and Hakeem Jeffries (D-N.Y.) in the House and Sens. Orrin Hatch (R-Utah), Chris Coons (D-Del.), and Dean Heller (R-Nev.) in the Senate.

On Wednesday, right-leaning organizations including Americans for Tax Reform and the R Street Institute wrote to leaders of the House and Senate Judiciary Committees pressing them to swiftly consider the bill.

“ICPA is an important step in modernizing the legal regime surrounding electronic communication in a way that will help protect the rights of American citizens, provide clear guidelines for law enforcement, and improve engagement between domestic and foreign law enforcement,” they wrote in a letter.

“This will help create an environment in which American technology companies can continue to innovate, provide valuable services to their customers, and help keep the American technology sector on the cutting edge of innovation while producing jobs,” they wrote.

To read the rest of our piece, click here.

 

A LIGHTER CLICK: 

BEAT A CARNEY AT HIS OWN GAMES.

 

A MALWARE THREAT IN FOCUS :

FOLLOWING THE BAD RABBIT:

Researchers are getting a better handle on Bad Rabbit, the ransomware that hopped through Eastern Europe yesterday,

The victim pool was almost entirely in Russia. Symantec reported that 86% of attacks it tracked hit that nation, with populations in Japan, Bulgaria, Ukraine and the U.S.

Andrea Little Limbago, the Chief Social Scientist at Endgame, warned not to take the prevalence of attacks in Russia to mean Russia wasn’t behind the attacks. Some researchers, including Group-IB, have suggested the attacks may share code with Russian state-led efforts, and Limbago notes that target choices in Russia and the Ukraine are suspicious. In Russia, the ransomware hit media outlets – a group often at Putin’s ire. In Ukraine, the targets included critical infrastructure.

Cisco, Avast and Symantec have all concluded that Bad Rabbit did not use the EternalBlue vulnerability allegedly stolen from the NSA to spread from system to system within a network. EternalBlue was a critical part of WannaCry (the ransomware that shuttered hospitals in the United Kingdom) and NotPetya (the ransomware that chewed through the Ukraine, with collateral damage elsewhere).

Many early reports had claimed EternalBlue was a component of the attack, which now appear to be incorrect.

While there is some overlap between the code for NotPetya and Bad Rabbit, many of the core processes in Bad Rabbit are entirely different. An important one of those is the encryption process. NotPetya did not encrypt systems in a way that would let an attacker could unencrypt those systems if it wanted to. Bad Rabbit, however, does, making it at least hypothetically possible that paying the ransom would restore a system.

FireEye reports that JavaScript code forwarding users to the malicious Flash update that installed Bad Rabbit appeared on multiple sites. The servers hosting the malicious Flash updates have been taken offline.

 

WHAT’S IN THE SPOTLIGHT:

FACES: Apple denied reports it let its suppliers weaken the accuracy of the iPhone X’s facial recognition system in order to speed up the phone’s production.

On Wednesday, Bloomberg quoted sources allegedly familiar with the matter who said Apple decided to make the move out of concern they wouldn’t have enough iPhones available for the holiday season.

In an emailed statement, Apple denied the Bloomberg report.

“The quality and accuracy of Face ID haven’t changed. It continues to be 1 in a million probability of a random person unlocking your iPhone with Face ID,” an Apple spokesperson said. “Bloomberg’s claim that Apple has reduced the accuracy spec for Face ID is completely false and we expect Face ID to be the new gold standard for facial authentication.”

To read the rest of our piece, click here.

 

IN CASE YOU MISSED IT:

‘Links from our blog, The Hill, and around the Web.

Quartz designed a bot to discover other bots. When SkyNet takes over, this will be its Benedict Arnold. (The Hill)

Rep. Tom Graves (R-Ga.): “Our [‘hack back’] bill will untie the hands of cyber defenders and spur a new generation of tools and methods to level the lopsided cyber battlefield.”  (The Hill Opinion)

Rep. John Ratcliffe (R-Texas): “[W]hile federal agencies – like the Department of Homeland Security, the FBI and the Secret Service – have extensive cybersecurity resources, … it’s often our state and local law enforcement officials who are responsible for investigating and prosecuting crimes, virtually all of which have a cyber element, with far fewer resources at their disposal.” (The Hill Opinion)

Sen. Lindsey Graham (R-S.C.) wants Google, Twitter and Facebook to testify in front of his Judiciary subcommittee next week. (The Hill)

While Sen. Richard Burr (R-N.C.) actually has Google, Twitter and Facebook testifying in front of his Intelligence Committee. (Twitter)

The CEO of a mobile security firm thinks Russia’s hacking of NATO cell phones should be a wake up call for mobile defenses. (The Hill)

Google, too, is upset its artificial intelligence was biased against Jews and gays. (Motherboard)

Amazon wants keys to your house. (Reuters)

If you’d like to receive our newsletter in your inbox, please sign up here.