Overnight Cybersecurity: Flynn refuses to comply with Senate subpoena | Chaffetz postpones hearing with Comey | Small biz cyber bill would cost $6M | New worm spotted after ‘Wanna Cry’

by Morgan Chalfant - 05/22/17 5:58 PM ET

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORY:

–FLYNN TO PLEAD THE FIFTH: President Trump’s former national security adviser Michael Flynn is reportedly invoking his Fifth Amendment rights and will not comply with a subpoena from the Senate Intelligence Committee issued in connection with the committee’s investigation into Russian election interference. The Associated Press first reported Flynn’s move on Monday. Flynn had previously offered to testify before the House and Senate Intelligence Committees in exchange for immunity, but neither took him up on the offer. Flynn was forced to resign as national security adviser in February, after reports surfaced that he had misled Vice President Mike Pence and other administration officials about his conversations with Russian Ambassador to the U.S. Sergey Kislyak before the inauguration. A letter sent by Flynn’s legal team to the Senate committee cited a “escalating public frenzy against him” in addition to the Justice Department’s decision to appoint a special counsel as creating legal dangers for his cooperation with the Senate’s investigation. Former FBI director Robert Mueller, the special counsel, is overseeing the FBI’s own probe into Russia’s meddling, which includes looking at any coordination between Trump’s campaign and Moscow. The development sets up a potential showdown between Congress and the administration over a key witness in the investigation into Russian interference in the election.

To read the rest of our coverage, click here.

{mosads}–SENATE INTEL LEADERS TO ‘VIGOROUSLY PURSUE’ FLYNN TESTIMONY: The leaders of the Senate committee reacted to the news Monday afternoon, expressing disappointment over Flynn’s decision. “While we recognize General Flynn’s constitutional right to invoke the Fifth Amendment, we are disappointed he has chosen to disregard the Committee’s subpoena request for documents relevant and necessary to our investigation,” Chairman Richard Burr (R-N.C.) and ranking member Mark Warner (D-Va.) said in a statement. “We will vigorously pursue General Flynn’s testimony and his production of any and all pertinent materials pursuant to the Committee’s authorities.”

–CORNYN SAYS FLYNN HAS RIGHT NOT TO TESTIFY: In response to the news, Sen. John Cornyn (R-Texas) downplayed the chance that the Senate will try to hold Flynn in contempt of Congress for refusing to comply with a subpoena. “It’s his constitutional right. I don’t criticize anybody for embracing their constitutional rights,” Cornyn, the Senate’s No. 2 Republican, told reporters on Monday. Pressed if senators would try to hold Flynn in contempt of Congress, Cornyn added “no, the Fifth Amendment provides you an absolute right against self-incrimination. That’s something he’s entitled to do.”

To read the rest of our piece, click here.

–STONE, MANAFORT COMPLIED WITH DOC REQUESTS: Both former Trump campaign manager Paul Manafort and Trump ally Roger Stone have complied with document requests made by the Senate Intelligence Committee in its investigation into Moscow’s election meddling, NBC News is reporting. The two are said to have submitted the documents by last Friday’s deadline.

To read the rest of our piece, click here.

DEM SAYS FLYNN MISLED INVESTIGATORS ABOUT RUSSIA TRIP: Former national security adviser Michael Flynn misled security clearance investigators about who funded a trip he took to Russia in 2015, Rep. Elijah Cummings (D-Md.) said in a letter released Monday.

“The Oversight Committee has in our possession documents that appear to indicate that General Flynn lied to the investigators who interviewed him in 2016 as part of his security clearance renewal,” Cummings, the top Democrat on the House Oversight Committee, wrote in a letter to committee Chairman Jason Chaffetz (R-Utah).

To read more, click here.

A COMEY UPDATE:

CHAFFETZ POSTPONES OVERSIGHT HEARING: Former FBI Director James Comey won’t be appearing before any congressional committee this week.

House Oversight Committee Chairman Jason Chaffetz (R-Utah) had invited Comey to testify at a hearing on Wednesday about a memo reported by The New York Times last week alleging President Trump had pressured him to stop investigating ousted national security adviser Michael Flynn.

But Chaffetz announced Monday that Comey wants to speak with Robert Mueller, the former FBI director now serving as a special counsel overseeing the agency’s investigation into the Trump campaign’s ties to Russia during the 2016 campaign, before testifying publicly.

To read the full story, click here.

A POLICY UPDATE:

SMALL BIZ CYBER BILL WOULD COST FEDS $6 MILLION: It would cost the federal government $6 million to implement legislation aimed at helping small businesses improve their cybersecurity, the Congressional Budget Office (CBO) estimates.

The legislation, introduced by Rep. Daniel Webster (R-Fla.) earlier this year, would direct the National Institute of Standards and Technology (NIST) to develop and disseminate guidelines, tools and other resources that small businesses could choose to use as they work to secure their systems from cyber threats.

According to the CBO, it would cost $2 million for NIST to consult with federal agencies in 2018 to develop the resources required by the bill and an additional $4 million to update the resources in subsequent years through 2022.

The legislation does not appropriate any additional funds for NIST to develop the resources for small businesses.

Lawmakers have introduced versions of the legislation in both chambers, and the measures have received bipartisan support as well as backing from industry groups.

To read the rest of our piece, click here.

A LIGHTER CLICK: A company recently surveyed people around the globe on what type of personality they prefer in a robot (Recode).

A SCHEME IN FOCUS:

UKRAINIAN SENTENCED IN NEWS RELEASE HACK: A Ukrainian hacker has been sentenced to more than two years in prison for his role in an international scheme that involved hacking unpublished news releases to net roughly $30 million in illegal profits.

Vadym Iermolovych of Kiev was sentenced to 30 months in prison in New Jersey federal court and ordered to pay more than $3 million in restitution, the Justice Department announced Monday.

The scheme involved hacking into three business newswires, stealing not-yet-published press releases by public companies that contained financial information and using that information to make trades generating roughly $30 million in illegal profits.

Iermolovych, 29, had previously pled guilty to charges of conspiracy to commit wire fraud, conspiracy to commit computer hacking and aggravated identity theft.

Several other individuals — including computer hackers in Ukraine and securities traders based in the United States — have been charged in connection with the scheme.

To read the rest of our piece, click here.

WHAT’S IN THE SPOTLIGHT: ‘WANNA CRY’ 2.0? In the wake of the massive “Wanna Cry” ransomware campaign that broke out a week ago Friday and spurred crippling effects across the globe, there’s a new worm that leverages seven of the Windows SMB (Server Message Block) exploits leaked by hacker group Shadow Brokers.

The worm was identified by Miroslav Stampar, a researcher with the Croatian government’s computer emergency response team, and has been dubbed “EternalRocks.” The worm is said to spread over a 24-hour window in two different stages, but doesn’t have a payload–meaning it doesn’t appear to be doing any damage.

The “Wanna Cry” ransomware and the new worm are widely believed to be based on exploits leaked by the Shadow Brokers, a group that has been releasing what’s believed to be stolen NSA source code since last summer. EternalRocks leveraged seven of these exploits, including “EternalBlue,” on which the ransomware is said to be based.

Kaspersky Lab’s Threatpost has more details on the new worm.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Five things to watch for in the Trump budget. (The Hill)

Putin aide says he’s thankful Republican Sen. John McCain doesn’t ‘shape or implement’ American foreign policy (The Hill).

Ford replaces CEO with company’s driverless car chief. (The Hill)

Leaked documents show how Facebook handles sensitive content. (The Hill)

North Korea denies role in ‘Wanna Cry’ malware. (The Hill)

China may change cybersecurity rules amid pushback. (The Hill)

Russian cyber criminals used malware to target domestic bank customers. (Reuters)

Twitter says bug may have exposed information of Vine account holders. (USA Today)

Rep. Tom Graves (R-Ga.) is working on legislation that would allow companies to ‘hack back.’ (Financial Times)