Overnight Cybersecurity: Senators want more action from tech firms on Russian meddling | House Intel releases Russian Facebook ads | Ex-Yahoo chief, Equifax execs to testify on breaches

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

 

THE BIG STORY:

–FRUSTRATIONS BOIL AT SOCIAL MEDIA HEARING: Members from both sides of the aisle in the Senate Intelligence Committee took turns Wednesday ripping top lawyers from Facebook, Twitter and Google over how their firms have responded to Russian actors using their platform to attempt to influence the 2016 presidential race. “I went home last night with profound disappointment. I asked specific questions and I got vague answers,” said Sen. Dianne Feinstein (D-Calif.), who sits on both the Senate Judiciary and Intelligence committees. The Silicon Valley firms frustrated lawmakers further by making few concrete promises beyond what they’ve already publicly committed to doing, with additional unspecified commitments to do better. The top Democrat on the Intelligence committee shared her concerns. “I hear all your words, but I have more than a little bit of frustration that many of us on this committee have been raising this issue since the beginning of this year and our claims were frankly blown off by the leaderships of your company. [They said] ‘there’s nothing to see here.’,” Sen. Mark Warner (D-Va.) said, basing his impressions on initial briefings the firms gave the Senate Intelligence Committee at the beginning of the summer. He added later, “The idea that you had no idea of any of this happening strains my credibility.”

To read the rest of our piece, click here.

{mosads}

–…BURR OPENS HEARING BY PUSHING BACK ON PRESS COVERAGE: Senate Intelligence Committee Chairman Richard Burr (R-N.C.) used his opening statement at Wednesday’s hearing to push back on the press’s coverage of the 2016 probes. “A lot of folks, including many in the media, have tried to reduce this entire conversation to one premise: foreign actors conducted a surgically executed covert operation to help elect a United States president,” Burr said. “I’m here to tell you this story does not simplify that easily.” Burr argued the media focused on the number of targeted social media ads that ran in certain states, such as Wisconsin, which narrowly went to President Trump. However, more targeted ads appeared in Maryland, a state easily won by Democratic nominee Hillary Clinton, he pointed out. “Given the complexity of what we’ve seen, if anyone tells you they’ve got this all figured out, they’re kidding themselves,” Burr said. “And we can’t afford to kid ourselves about what happened last year, and continues to happen today.”

To read the rest of our piece, click here.

–…HOUSE INTEL RELEASES SOME OF THE ADS:

The committee released 14 ads showing the breadth of the targeting undertaken by the Russian operatives on Facebook, including a Bernie-Sanders-as-Greek-god coloring book promoted to LGBT Supporters, allegations of Bill Clinton fathering a secret biracial son to a pro-Trump audience and a comparison of the election to an arm-wrestling match between a Hillary Clinton-supporting devil and a Donald Trump-supporting Jesus.

For a look at some of the ads, click here.

–…MEANWHILE, TIM COOK THINKS FAKE NEWS IS THE REAL SOCIAL MEDIA PROBLEM: On tonight’s NBC News, Apple CEO Tim Cook will say social media’s biggest problem isn’t the Russian ads. “I don’t believe that the big issue are ads from foreign governments. I believe that’s like .1 percent of the issue. The bigger issue is that some of these tools are used to divide people, to manipulate people, to get fake news to people in broad numbers, and so to influence their thinking. And this, to me, is the number one through ten issue,” he will say, according to a pre-released transcript.

 

A LEGISLATIVE UPDATE:

DHS DIRECTOR HEARING ON DOCKET: President Trump’s choice to lead the Department of Homeland Security (DHS) will finally get a confirmation hearing nearly a month after he officially nominated her for the position.

The Senate Homeland Security and Governmental Affairs Committee announced Wednesday that it has scheduled a confirmation hearing for Kirstjen Nielsen for Nov. 8. Trump formally nominated Nielsen, his deputy chief of staff, at a ceremony on Oct. 12, urging the Senate to bypass politics and confirm her swiftly.

Nielsen, who worked at DHS under the George W. Bush administration, was serving as chief of staff to Secretary of Homeland Security John Kelly when Trump abruptly made him White House chief of staff in July.

To read the rest of our piece, click here.

 

A LIGHTER CLICK: 

FINALLY. They’re making a dystopian thriller about figure skating androids. It’s got Mickey Rourke!

 

A REPORT IN FOCUS:

SILENCE ROARS: Kaspersky Lab identified a new banking trojan from a group they have nicknamed Silence.

Silence targets banks largely in Russia, but additional attacks have been found in Malaysia and Armenia.

The attack begins with phishing emails sent from actual employee addresses requesting an employee open up a new account. An attached file contains a command to download malware with the ability to monitor a bank network, including a capability to take video of day-to-day use of the corporate network.

The attackers use that reconnaissance to steal from the bank.

Language fragments in the code suggest the attackers speak Russian.

Kaspersky compares the thieves’ tactics to those behind the better known Carbanak malware.

 

WHAT’S IN THE SPOTLIGHT:

CYBER AUDITS: The House Science, Space and Technology Committee has amended legislation that would institute audits to track how agencies are implementing a key cybersecurity framework mandated by the Trump administration.

The legislation, introduced by Rep. Ralph Abraham (R-La.) with backing from committee Chairman Lamar Smith (R-Texas), is designed to promote the use of a lauded cybersecurity framework produced by the National Institute of Standards and Technology (NIST), a non-regulatory body within the Department of Commerce.

The original bill would have made NIST responsible for conducting audits of agencies’ cybersecurity in order to assess how well they are meeting the standards, a detail that prompted some criticism. However, the modification proposed this week would instead place this responsibility with the inspectors general within agencies, who already have the statutory authority to conduct such audits.

The legislation advanced out of the House Science, Space and Technology Committee in a party-line vote back in March. Democrats and NIST staffers have criticized the provision that put NIST in charge of conducting the audits.

A committee aide said that while agency auditors would take the lead, NIST would still have “significant input” in the audit process.

To read the rest of our piece, click here.

DATA BREACHES: Former Yahoo CEO Marissa Mayer and current and former CEOs of Equifax are slated to testify before a key Senate panel later this month on cybersecurity breaches.

The individuals will appear before the Senate Commerce Committee to answer questions about massive data breaches that hit both firms, the committee revealed on Wednesday afternoon.

“Massive data breaches have touched the vast majority of American consumers,” Chairman John Thune (R-S.D.) said in a statement. “When such breaches occur, urgent action is necessary to protect sensitive personal information.”

“This hearing will give the public the opportunity to hear from those in charge, at the time major breaches occurred and during the subsequent response efforts, at two large companies who lost personal consumer data to nefarious actors,” Thune added.

Mayer, who stepped down as CEO when Verizon acquired the company’s core Internet assets earlier this year, will face questions about a 2013 data breach that Yahoo revealed in early October affected all of its 3 billion accounts. That number was triple the number the company said were impacted when it first revealed the breach about a year ago.

To read the rest of our piece, click here.

  

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Who the heck is George Papadopoulos, anyway? (The Hill)  

According to some reports, President Trump blames his son-in-law for Mueller (The Hill)

Sens. Ron Johnson (R-Wisc.) and Claire McCaskill (D-Missouri), chair and ranking member of the Homeland Security and Governmental Affairs Committee, are requesting information on the IRS / Equifax deal. (HSGAC)

Everyone with a phone in Malaysia had personal information stolen in a massive telecom hack. (InfoSecurity)

The excellent Thomas Rid explains why Twitter is the perfect delivery system for disinformation. (Motherboard).

The Federal Energy Regulatory Commission had a cybersecurity incident, but a publicly visible report provides no additional detail. (FERC)

 

If you’d like to receive our newsletter in your inbox, please sign up here.