Overnight Cybersecurity: Hackers targeting US energy plants | Trump Jr. to meet with Senate Judiciary Thursday | Rice testifies before House panel
Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORY:
–SOPHISTICATED HACKING CREW ATTACKING POWER COMPANIES SINCE 2015: Hackers have been implanting malware in the international energy sector — including in the United States — in a newly discovered, sophisticated campaign dating back to late 2015, according to a report released Wednesday. Symantec identified the new campaign, which displayed a rapid uptick in activity in 2017. They have dubbed this series of attacks “Dragonfly 2.0” due to an apparent connection to a group that Symantec dubs Dragonfly that is also commonly called Energetic Bear. Energetic Bear/Dragonfly is a well-known energy sector hacking group that other security companies believe is connected to the Russian government. The attacks were primarily directed at companies involved in power generation, transmission and distribution, said Eric Chien, technical director of Symantec’s security technology and response division.
{mosads}
–…IT’S A BLOCKBUSTER SEQUEL: “Policymakers should know the risks were at a whole new level for the group in this round of attacks,” Bill Wright, director of public affairs and senior counsel at Symantec, told The Hill. “The difference between this wave of Dragonfly attacks and the earlier one was the level of access. Prior to this we saw access to the business networks. What really concerned us about these attacks was access to the control systems, the ones that actually control industrial processes,” he added. Symantec believes that the new attacks could signify the group “may be entering into a new phase” to expand access to operational systems and are taking screenshots of all systems in use to outline their function.
To read the rest of our piece, click here.
–…DHS LOOKING INTO THE REPORT: The Department of Homeland Security (DHS) is reviewing a report by a leading cybersecurity company that identifies a sophisticated hacking campaign targeting the U.S. energy sector. Symantec on Wednesday attributed the campaign to a hacker group codenamed “Dragonfly,” which has been linked by others to the Russian government. A DHS spokesman confirmed to The Hill that the department is examining the report, though he noted that there is no sign of a public safety threat at this time. “DHS is aware of the report and is reviewing it. At this time there is no indication of a threat to public safety,” DHS spokesman Scott McConnell said.
To read the rest of our piece, click here.
A LEGISLATIVE UPDATE:
–HOUSE PASSES AUTONOMOUS CAR BILL: The House passed a bipartisan driverless car bill on Wednesday, advancing what could become the first set of federal laws for the emerging industry.
The “Self Drive Act” was unanimously approved by the House Energy and Commerce Committee in July, before Congress left for August recess, and passed the full House on a voice vote.
“Self-driving cars hold the promise of making America’s roads safer, creating new economic opportunities, and helping seniors and those with disabilities live more independently,” Commerce Chairman Greg Walden (R-Ore.) and Rep. Bob Latta (R-Ohio) said in a joint statement. “This bipartisan bill paves the way for advanced collision avoidance systems and self-driving cars nationwide, and ensures that America stays a global leader in innovation.”
The bill would pre-empt states from implementing certain laws governing the new technology. It would also allow car manufacturers to deploy up to 100,000 self-driving cars a year that don’t meet normal safety standards. In the first year, however, that number will be capped at 25,000.
States will still be responsible for vehicle registration, insurance, driver education, law enforcement and other local issues. Manufacturers will be required to include cybersecurity and privacy protections in their vehicles.
And the National Highway Traffic Safety Administration will be in charge of regulating the industry’s traffic safety standards.
To read the rest of our piece, click here.
A LIGHTER CLICK:
–STOP CLOWNING: “The balloons come after Pennsylvania State Police issued a ‘community awareness bulletin’ saying that there may be more clown sightings because of the movie… The movie ‘It’ hits theaters on Friday.“
A MOSCOW MINUTE:
–I DON’T KNOW IF YOU’VE HEARD ABOUT IT, BUT CONGRESS IS INVESTIGATING RUSSIA: President Trump’s eldest son will reportedly meet with Senate investigators behind closed doors on Thursday as lawmakers intensify their review of the Trump campaign’s possible ties to Russia. Donald Trump Jr. has become a central figure in the various Russia investigations — including the federal probe led by special counsel Robert Mueller — due to his participation in a 2016 meeting with a woman described as a Russian government lawyer who was offering dirt on then-Democratic presidential nominee Hillary Clinton. The meeting, held at Trump Tower in June of 2016, touches on one of the questions at the heart of the federal investigation into Moscow’s election meddling: whether any Trump associates colluded with Russian officials or representatives.
To read the rest of our piece, click here.
–…SUSAN RICE TESTIFIES BEFORE HOUSE: Former national security adviser Susan Rice was interviewed by the House Intelligence Committee behind closed doors for just over four hours on Wednesday morning as part of that panel’s investigation into Russian interference in the 2016 presidential election. Lawmakers emerged tight-lipped from Wednesday’s interview. Rep. Mike Conaway (R-Texas), who is now leading the investigation, said that Rice answered lawmakers’ questions but would provide no other details. The panel’s top Democrat, Rep. Adam Schiff (Calif.), similarly declined to comment on the meeting. Rice has been at the center of the controversy over “unmasking,” a process by which officials can request to know the cloaked identity of an American caught up in U.S. surveillance. The House panel’s probe has grown to encompass concerns with the practice, which some committee Republicans consider too permissive for senior officials.
To read the rest of our piece, click here.
–…PUTIN HASN’T HAD THE LAST LAUGH, SAYS CLINTON: Former Democratic presidential nominee Hillary Clinton slams Russian President Vladimir Putin in her new book, warning that he “hasn’t had the last laugh yet.” “There’s nothing I was looking forward to more than showing Putin that his efforts to influence our election and install a friendly puppet had failed,” Clinton said in her new book, “What Happened,” which was obtained by CNN. “I know he must be enjoying everything that’s happened instead. But he hasn’t had the last laugh yet,” she continued. The U.S. intelligence community believes Putin ordered a misinformation and hacking campaign to influence the 2016 presidential race.
To read the rest of our piece, click here.
–FACEBOOK SOLD POLITICAL ADS TO FAKE RUSSIAN ACCOUNTS: Facebook has told investigators that it discovered thousands of political ads published on its platform over the past two years were linked to fake accounts based in Russia.
Alex Stamos, Facebook’s chief security officer, made the revelation in a blog post Wednesday. Stamos said that 470 inauthentic accounts spent about $100,000 to buy roughly 3,000 ads. He added that the accounts have since been suspended.
According to Facebook, the majority of the ads did not reference either of the two presidential candidates last year but were largely promoting divisive social issues, like immigration and gun control.
The Washington Post reported that Facebook had disclosed the findings to congressional investigators on Wednesday.
To read the rest of our piece, click here.
WHAT’S IN THE SPOTLIGHT?
–THE ENTIRE INTERNET: At an AFCEA conference today in Washington D.C., a Homeland security adviser Tom Bossert said the government could pursue providing cybersecurity for certain aspects of critical infrastructure, a model he said had success in Israel.
“They’re providing what I’ll call a virtual iron dome where they’ll defend everything from a government perspective. In their model, any bad incoming signature is something that’s subject to their immediate blocking or rejection,” he said, as reported by the AFCEA’s magazine, Signal.
“We could pursue something that narrowly allows us to do that only with the most critical users … within a carefully constructed set of bounds that allows for abuse and privacy concerns.”
This approach would be a sharp turn away from the current system, allowing critical infrastructure firms to determine their own cybersecurity, often under the guidelines of federal agencies.
Critical infrastructure ranges from power grids to financial markets.
Bossert also suggested law enforcement may be under-resourced to deal with the potential growth of cybercrime.
“I would argue that if we’re going to keep it, we’re going to have to increase our capacity tenfold. We don’t have what it takes right now to see incoming malicious code and then get an FBI agent out fast enough to every potential target,” he said.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
Film Festivals, too, now worry about cyber woes. (The Hollywood Reporter).
The antivirus firm Bitdefender announced a bug bounty on the Bugcrowd platform. (Bugcrowd)
Facebook may be promising advertisers more U.S. users than possibly exist. (The Register)
European Union companies must tell employees if their email is monitored. (Reuters)
There is a security vulnerability in the chip in Estonian ID cards. (HelpNet Security)
Australian researchers may have significantly simplified the design quantum computing processors. (Reuters)
Gab, the messaging app preferred by the far right and white nationalists trying to escape perceived censorship on Twitter, is now embroiled in its own censorship scandal. (The Verge)
There are now 8,000 scientific journals that don’t use peer review, generally considered a critical part of the scientific process. Many of these are scams. (Motherboard)
If you’d like to receive our newsletter in your inbox, please sign up here.
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..