Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
–TOP REPUBLICAN: ZERO EVIDENCE TRUMP CAMPAIGN CONTACTED RUSSIA: The chairman of the House Intelligence Committee on Monday rejected reports that members of President Trump’s campaign team had regular contact with Russian officials. “There is no evidence that I’ve been presented [by the intelligence community] of regular contact with anybody in the Trump campaign,” Rep. Devin Nunes (R-Calif.) told reporters. “The way it sounds like to me is, it’s been looked into and there’s no evidence of anything there.” Nunes’s committee is investigating Russian efforts to influence the U.S. presidential election, including any links between campaign officials and Moscow. The scope of the review has been under fierce scrutiny following Trump’s dismissal of former national security adviser Michael Flynn, who misled Vice President Pence about the subject of a pre-inauguration call with the Russian ambassador, which included talk of sanctions against the country. The committee has settled on the scope of its investigation, Nunes said Monday, but has not received all of the evidence it expects from U.S. intelligence agencies. He described his inquiries to those agencies regarding Trump’s campaign associates as “initial.” “As of right now, I don’t have any evidence of any phone calls. It doesn’t mean they don’t exist, but I don’t have that,” he reiterated. “What I’ve been told, by many folks, is that there’s nothing there — but we’re absolutely looking into it.” Nunes was reportedly enlisted to counter claims of campaign malfeasance by the Trump campaign.
To read the rest of our piece, click here.
–TOP DEM: THERE’S ZERO EVIDENCE BECAUSE WE HAVEN’T STARTED THE INVESTIGATION YET: Minutes after Nunes’s meeting with reporters, House Intelligence Committee Ranking Member Adam Schiff (D-Calif.) said that the investigation had yet to begin, making it too early to say there was no evidence. “We haven’t obtained any evidence yet, so it’s premature for us to be saying that we’ve reached any conclusions about the issue of collusion,” Schiff said, noting that the committee has called no witnesses and examined no documents in its probe.
–A BRIEF PEEK AT TRUMPS’ PHONE HISTORY.: At the end of a press briefing Monday, President Trump was asked about appointing a special prosecutor to conduct a review of his campaign’s ties to Russia. He mouthed “no,” and claimed “I haven’t called Russia in 10 years.”
–SPICER TAKES AIM AT STAFF ON LEAKS, ENCRYPTION: The top line story about a meeting between Sean Spicer and White House staff last week first reported by Politico was that the press secretary not only slammed workers for the recent spate of leaks, but also ran checks on employee cell phones for evidence of misconduct. Spicer warned staffers there would be repercussions if details about that meeting about leaks leaked (obviously, it did). But one thing that should not get lost in the shuffle about the meeting was Spicer’s reported warning to his staffers to stop using encrypted messaging apps like Confide and Signal. White House staffers had widely used Confide to prevent a Democratic National Committee-like data breach. Spicer rightly noted that those apps could violate the Presidential Records Act. Based on experts The Hill has talked to, apps that obfuscate and (in the case of Confide) delete work-related messages likely do violate the Act. The House Science Committee last week requested that the Environmental Protection Agency (but not the White House) crack down on encrypted communications for public records reasons, despite White House’s staffers use of Confide being widely reported at the time
To read the rest of our piece, click here.
A POLICY UPDATE:
NSA / CYBER COMMAND HEAD PROPOSES LOOSENING REINS ON CYBERWEAPONS: Adm. Michael Rogers — head of the National Security Agency (NSA) and Cyber Command — is pushing for widespread changes to the U.S.’s treatment of cyber weaponry, including contracting private sector firms to develop arms.
“In the application of kinetic functionality — weapons — we go to the private sector and say, ‘Build this thing we call a [joint directed-attack munition], a [Tomahawk land-attack munition].’ Fill in the blank,” he said at a conference in San Diego, as quoted by the Department of Defense.
“On the offensive side, to date, we have done almost all of our weapons development internally,” Rogers said. “And part of me goes — five to 10 years from now is that a long-term sustainable model? Does that enable you to access fully the capabilities resident in the private sector? I’m still trying to work my way through that, intellectually.”
Though the U.S. has quietly been a leading purchaser of product-specific digital lock-picking tools so newly discovered that vendors are not aware of them, it combines them and weaponizes them on its own.
The decision to do so is a reflection of the secrecy the U.S. holds the weapons to — the U.S. does not discuss information about their use or even existence — and the uncertain international outcome of acknowledging their use. Click here to read more.
A LIGHTER CLICK:
–TRIBUTE TO BILL PAXTON. Real life storm chasers spelled out the initials of Twister star Paxton with their vans in Oklahoma’s tornado alley in memory of actor Paxton. Paxton, who the Internet mournfully noted was one of only two actors to be killed by a Terminator, a Predator and an Alien (Lance Henriksen being the second), passed away over the weekend.
A REPORT IN FOCUS:
–GOOGLE RELEASES UNPATCHED MICROSOFT BUG: Google’s security research group, Project Zero, posted a new security vulnerability found in Microsoft web browsers that would allow an attacker to remotely execute computer code.
Google’s policy is to notify other manufacturers of security flaws they find and wait 90 days before releasing it to the public. The theory is that this will encourage manufacturers to quickly address glitches brought to their attention.
“I really didn’t expect this one to miss the deadline,” wrote Google researcher Ivan Fratric in a forum post about the vulnerability.
Microsoft has complained in the past that Google is too quick to reveal these kinds of bugs to the public.
Microsoft traditionally patches its software once a month, but delayed this month’s “Patch Tuesday” for undisclosed reasons.
WHO’S IN THE SPOTLIGHT:
–GOVERNORS: Governors from states across the country put the spotlight on cybersecurity at an annual gathering in Washington on Saturday.
Virginia Gov. Terry McAuliffe (D) hosted a session at the National Governors Association winter meeting to discuss the “serious cybersecurity issues” facing the nation and how states need to improve their defenses against cyber threats.
“Cybersecurity is critical to each and every governor,” said McAuliffe, who noted that Virginia was targeted by 86 million cyberattacks last year. “We have a wealth of information that every single day people are trying to get in and get our information through cyber threats and cyber criminals.”
Saturday’s session was one of two events at the winter conference focusing on cybersecurity. There was also a cybersecurity briefing at the U.S. Capitol building on Monday afternoon, before the conclusion of the four-day meeting, though that briefing was closed to the press.
To read the rest of our piece, click here.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
George W. Bush wants answers on the Trump campaign’s ties to Russia. (The Hill)
Civil liberties groups push data brokers not to sell the U.S. government information on Muslims and immigrants. (The Hill)
DC cyber firm scores major investment to develop its “human memory-augmentation platform.” (The Hill)
More context on the recent resurgence of Shamoon, a vintage APT threat. (Symantec)
An internet-of-things teddy bear was leaking recordings of children. (Motherboard)
Girls get better get better grades than boys when computer science is part of the curriculum. (SiliconRepublic)
Editing-bots on Wikipedia can fight each other for years. (Oxford University)
Treason charges brought against Russian security officers and a cybersecurity expert in December are reportedly tied to allegations logged seven years ago. (Reuters)
If you’d like to receive our newsletter in your inbox, please sign up here.