Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
–SENATE INTEL LEADERS GET BROAD SUBPOENA POWER: The leaders of the Senate Intelligence Committee now have broad authority to issue subpoenas in the Russia investigation without a full committee vote, Chairman Richard Burr (R-N.C.) said Thursday. The panel voted unanimously to give Burr and Vice Chairman Mark Warner (D-Va.) the blanket authority for the duration of the investigation into Russia’s election meddling and possible collusion with President Trump’s campaign. The committee recently issued its second round of subpoenas in the investigation to businesses associated with former national security adviser Michael Flynn, whom Trump forced to resign in February.
To read the rest of our piece, click here.
–TRUMP ORDERS INVESTIGATION OF INTEL LEAKS: President Trump on Thursday called for a federal investigation into “deeply troubling” leaks of sensitive intelligence, including information related to this week’s suicide bombing in Manchester, England. “The alleged leaks coming out of government agencies are deeply troubling,” Trump said in a statement, vowing his administration “will get to the bottom of this” because they “pose a grave threat to our national security.” Trump asked the Justice Department to “launch a complete review of this matter, and if appropriate, the culprit should be prosecuted to the fullest extent of the law.” Trump’s comments came after a string of stunning intelligence disclosures that angered some key U.S. allies. Police in Manchester said they would stop sharing information with their American counterparts after photos appearing to show remnants from the bombing were published by The New York Times.
To read the rest of our piece, click here.
{mosads}–LIEBERMAN WITHDRAWS: A mere week after President Trump said that former Sen. Joe Lieberman (I-Conn.) was his top choice for FBI director, the one-time Democrat has withdrawn his name from consideration, citing the “appearance of a conflict of interest.” Lieberman currently works at the same law firm as Marc Kasowitz, the outside attorney President Trump is expected to retain to serve on a team of lawyers responding to the federal probe into possible ties between Trump’s campaign and Russia. The news was first reported by The Wall Street Journal. On Wednesday, Sen. John McCain (R-Ariz.), a longtime friend of Lieberman, said that Democrats killed his chances.
–RUSSIA-LINKED CAMPAIGN TARGETS JOURNOS, OFFICIALS: A newly discovered hacking campaign linked to one of the groups behind the Democratic National Committee breach targeted government officials, journalists and activists, according to a report released Thursday. The attacks used a phishing campaign to steal and subtly alter emails that the attackers, who claim to be a pro-Russian hacking collective calling itself CyberBerkut, later leaked. Researchers at the University of Toronto’s Citizen Lab noted that CyberBerkut used websites hosted at the same internet address as other attacks attributed to APT 28, which is believed to be a Russian hacking operation also known as Fancy Bear. Citizen Lab came across the campaign while investigating the leak of files from the journalist David Satter.
To read the rest of our piece, click here.
–GOP OPERATIVE RECEIVED DOCS FROM GUCCIFER 2.0: A Republican operative in Florida received a trove of Democratic documents from the Russia-linked hacking persona believed to be a key player in the Kremlin’s efforts to influence the 2016 presidential election. The Wall Street Journal identified the operative as Aaron Nevins, who last summer told hacker Guccifer 2.0 to “feel free to send any Florida based information” after learning that the hacker had tapped into Democratic Congressional Campaign Committee computers. Nevins set up a Dropbox to allow Guccifer 2.0 to share 2.5 gigabytes of stolen DCCC documents, according to the Journal. The GOP operative then published some of the material on the blog HelloFLA.com, using a pseudonym.
To read the rest of our piece, click here.
A POLICY UPDATE:
REPUBLICAN UNVEILS ‘HACKING BACK’ LEGISLATION: Rep. Tom Graves (R-Ga.) released updated legislation Thursday to allow victims of cyber crimes to hack their attackers back. The Active Cyber Defense Certainty Act (ACDC) would exempt victims from hacking laws when the aim is to identify the assailant, cut off attacks or retrieve stolen files.
The updated draft is intended to solicit comment and is not itself being introduced.
Hacking back is a controversial idea within the cybersecurity community. Many feel these kinds of measures — ranging from the actions permitted by the bill to taking destructive measures — risk escalating attacks.
National Security Agency and Cyber Command head Adm. Mike Rogers said on Tuesday he is skeptical of a prior draft of the legislation.
“My concern is, be leery of putting more gunfighters out in the street in the Wild West. As an individual tasked with protecting our networks, I’m thinking to myself — we’ve got enough cyber actors out there already,” Rogers said when asked about the proposal during testimony before a House Armed Services subcommittee.
To read the rest of our piece, click here.
A HISTORY IN FOCUS:
LAZARUS GROUP: After finding evidence linking the Lazarus group to the massive “Wanna Cry” ransomware campaign, Symantec is out with a history on the North Korean state hacking group.
Lazarus attracted international attention in 2014 when it was linked to the hack on Sony Pictures in connection with the release of “The Interview,” a comedy that portrayed a fictional plot to kill North Korean leader Kim Jong Un.
But as Symantec notes, the group has been around since 2009, having been implicated in a series of attacks on organizations in the United States and South Korea.
“In fact, it is possible that Lazarus was active as far back as 2007, but it first came to widespread attention in 2009, when a series of attacks starting on July 4 that year impacted several government, financial, and media websites in both the U.S. and South Korea,” Symantec notes in a post on Medium.
“The attacks began in the U.S. on its independence day, and targeted institutions including the White House and the Pentagon. Later that week the websites of major government, financial, and media organizations in South Korea were hit. These attacks were distributed denial of service (DDoS) attacks that aimed to take websites offline.”
Earlier this week, researchers at Symantec said they are increasingly confident that Lazarus was behind the “Wanna Cry” attacks that broke out on May 12.
To read more about the history of Lazarus, click here.
A LIGHTER CLICK:
Behold, the palm-sized selfie drone that will cost you $499. (Recode)
WHAT’S IN THE SPOTLIGHT:
ANDROID VULNERABILITIES: Researchers have discovered a series of vulnerabilities that can be used against the newest versions of Google’s Android operating system to control devices without their users knowing.
The class of attacks, dubbed “Cloak and Dagger,” was first uncovered by a team of researchers at the Georgia Institute of Technology in Atlanta last August. Those researchers, who informed Google’s Android security team about the discovered vulnerabilities, released a full report on the attack vector online this week.
According to their research, the flaws allow malicious apps downloaded from the Google Play Store to take control of the operating system’s user interface feedback loop and take control of the device “without giving the user a chance to notice the malicious activity.”
When contacted, a spokesperson for Google said that the company has been in communication with the researchers and had built in new security protections before the release of the research.
“We’ve been in close touch with the researchers and, as always, we appreciate their efforts to help keep our users safer. We have updated Google Play Protect — our security services on all Android devices with Google Play — to detect and prevent the installation of these apps,” the spokesperson said.
To read the rest of our piece, click here.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
DHS Secretary John Kelly touts his department’s response to the global ransomware attack. (The Hill)
Dated Linux bug might be key to lesser Wanna Cry. (The Hill)
Inside Twitter, angst over the Trump effect. (The Hill)
FCC asked to remove fake comments on net neutrality. (The Hill)
Five Queensland hospitals experienced IT problems as a result of security patches to protect against ‘Wanna Cry’ ransomware. (ZDNet)
Security experts say that hackers are hiding computer viruses in online video subtitles. (The Telegraph)
White House cyber czar Rob Joyce has concerns about a bill that would reform the government’s vulnerabilities equities process (VEP). CyberScoop
Disney CEO Bob Iger says reports that the company was hacked are inaccurate. (Yahoo! Finance)
If you’d like to receive our newsletter in your inbox, please sign up here.