Overnight Cybersecurity: Feds consider charging Russian officials over DNC hack | Trump signs cybercrime bill | Sessions jumps into encryption fight | Meet Russia’s Twitter bot accounts

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

 

THE BIG STORY:

–DEPARTMENT OF JUSTICE IDENTIFIED SIX RUSSIAN OFFICIALS IN ELECTION HACKS: Justice Department investigators have identified at least six Russian government officials who took part in hacking the Democratic National Committee (DNC), The Wall Street Journal reported early Thursday. Prosecutors may file charges next year. Though it is unlikely the officials would be arrested unless they were caught traveling out of Russia, the United States has used grand jury indictments as a tool to embarrass, “name and shame” suspected government-funded hackers in the past.

To read the rest of our piece, click here.

–…ELECTION PHISHING CAMPAIGN A LITTLE MORE CLEAR: The Associated Press filled in the some of the gaps of the phishing campaign by the group known as Fancy Bear that snagged Clinton campaign chief John Podesta. Months ago, the security firm Secureworks announced stumbling upon a bit.ly account used by Russian government-backed phishing scamsters to attack nearly 5,000 different individuals, including Podesta. The attackers used the URL shortener bit.ly to conceal the true web address in its malicious links. While threat detection software from flagging would flag a link to the actual phishing site, bit.ly would be viewed as safe. We had learned bits and pieces about the campaign in the past. Professor Thomas Rid mentioned that campaign had also hooked Colin Powell and Air Force Gen. Philip Breedlove at a hearing earlier this year. But the public knew little about many of the remaining targets. On Tuesday, the AP got its hands on that list. The list was littered with U.S. defense contractors, more than 130 Democratic operatives and more than 500 Ukrainians opposing the Russian incursion. Targets also included more than 100 Kremlin agitators within Russia, including Mikhail Khodorkovsky, Alexei Navaln and Pussy Riot’s Maria Alekhina.

{mosads}

–…AND IN OTHER FANCY BEAR NEWS: ThreatConnect believes that the Fancy Bear group has once again attacked the Bellingcat blog. Bellingcat focuses on foreign affairs, including Russia. The case for the latest campaign is weaker than attributions in the past – the new attacks share a single node of infrastructure with known Fancy Bear attacks whereas past attacks included several. If indeed it was Fancy Bear, the attacks show a new evolution in how the group hides its phishing links. With Podesta, the group used bit.ly to disguise the links to its phishing site. In this attack, it used the blogging platform Blogspot to route the users to the malicious link. “It shows Fancy Bear is consistently finding ways to make the spearphishing links in the emails better,” said ThreatConnect threat researcher Kyle Ehmke.

 

A LOOK AT A NEW LAW: 

President Trump on Thursday signed legislation to help state and local law enforcement better combat cyber crime.

The bill was introduced by Rep. John Ratcliffe (R-Texas) earlier this year. It authorizes into law the National Computer Forensics Institute, a federally funded training center located in Hoover, Ala., that educates state and local officials throughout the United States in probing digital evidence for electronic crime cases.

The institute is estimated to have trained over 6,000 local law enforcement officials from across the country. A version of the legislation passed the House last Congress but stalled in the Senate.

To read the rest of our piece, click here. 

 

A STAFFING UPDATE:

RUSSIA PROBE-LINKED USDA NOMINEE CLOVIS WITHDRAWS: Sam Clovis, a former Trump campaign official who has become entangled in special counsel Robert Mueller’s Russia investigation, has withdrawn his nomination for a top post in the Agriculture Department.

Clovis’s attorney confirmed to NBC news that he was the supervisor that agreed to send policy advisor George Papadopoulos to Russia to meet with that nation’s officials. Papadopoulos pled guilty in July to lying to investigators to conceal planned dealings with Moscow during the campaign, including being told Russia had thousands of Clinton emails.

Clovis was nominated to be the Agriculture Department’s chief scientist. He was already facing scrutiny over his apparent lack of credentials for the post – Clovis would have been the USDA’s top scientist, but lacks any background in science. Media outlets uncovered a history of racially charged remarks, including calling progressives and former-President Obama “race traders [sic].”

In a Thursday letter to Trump obtained by The Hill, Clovis blamed the “political climate” for his decision to withdraw.

“The political climate inside Washington has made it impossible for me to receive balanced and fair consideration for this position,” Clovis wrote.

To read the rest of our piece click here.

 

A LIGHTER CLICK: 

ELEVEN HERBS AND BATH SALTS: Kentucky Fry your bathtub.

 

A SPEECH IN FOCUS:  

SESSIONS JUMPS INTO ENCRYPTION FRAY: At a Tuesday morning address in New York, Attorney General Jeff Sessions said technology companies’ use of strong encryption forced law enforcement to “waste… valuable time” and “could have potentially deadly consequences.”

It marked the second speech this week where a top ranking Department of Justice official mentioned law enforcement’s feeling hamstrung by encryption. On Monday, Sessions’s no. 2, Rod Rosenstein made a similar call for “responsible” encryption.

The Trump DOJ – primarily Rosenstein – has taken up the charge against uncrackable encryption. It had been a pet issue of former FBI Director Jim Comey until his departure. Until his speech, Sessions had stayed largely out of the fray.

There had been clues Sessions might enter the fight. In his written answers at his confirmation hearing, Sessions wrote it would be “critical, however, that national security and criminal investigators be able to overcome encryption.”

Experts in encryption are almost unanimous in believing that weakening encryption would be devastating to cybersecurity, causing more harm to security than good. Opponents believe any gateway built for law enforcement can be exploited or stolen by hackers and claim the recent ShadowBrokers leaks demonstrate the inability of even the nation’s most secure government agencies to keep its most secret files out of the public’s hands.

A Congressional working group came out in favor of strong encryption last year.

To read the rest of our piece, click here.

 

WHAT’S IN THE SPOTLIGHT:

IF YOU TWEETED HERE YOU’D BE HOME BY NOW: Following yesterday’s disclosure of 14 Russian advertisements used to sew discord during the 2016 election season, House Intelligence members released a list of more than 2,700 Twitter accounts used in the Russian disinformation campaign.

A wide number of accounts were clearly meant to look domestic, including NewYorkDem, PatriotBlake, JackieCowboy, USA_Gunslinger and the now-infamous Ten_Gop.

There were a wide assortment of names that would appear to be fake local news sites, with names like TodayPittsburgh, TimesOfParis, TheTimesOfLondn, Atlanta_Online DailyNewsDenver and Seattle_Post. The Russian campaign used many of the same formats more than once – TodayPittsburgh was joined by TodayBostonMA, TodayMiami, TodayCleveland, TodayCincinatti.

All in all, in a cursory look at the list, there were usernames that would appear to be news accounts covering cities or the totality of 20 different states (Arizona, California, Colorado, Florida, Georgia, Illinois, Kansas, Louisiana, Maryland, Massachusetts, Michigan, Missouri, Minnesota, New York, Ohio, Pennsylvania, Tennessee, Texas, Virginia and Washington) and four countries (including Syria and North Korea).

Many were clearly intended to appeal to partisan groups, including Tenn_GOP, PeeOnHillary, PatriotArchive and TPartyNews. Some appear to have targeted the left as well as the right, including a series of LGBT accounts, including ParisGaaaaay.

All accounts have been suspended, making it difficult to verify what content was actually tweeted.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Jared Kushner handed over documents to the Mueller investigation. (The Hill)

More Americans think the President committed a crime than think he didn’t. (The Hill)

Paul Ryan thinks everyone should “let Bob Mueller do his job.” (The Hill)

Osama Bin Laden was a fan of vintage pornographic video games. (The Register)

One day after its preview release, iOS 11.1 has been hacked. It’s not uncommon for bugs to surface immediately after the release of an operating system. (ZDNet).

George Foreman explaining his grill in a too-good-to-fact check story: While I was KOd [by Ali], I saw a giant piece of meat screaming Grill me; when I woke I said ‘gotta find a Grill”‘. Thus the George Foreman grill.” (Twitter)

The Russian embassy compared Sen. Ron Wyden (Ore.) to a Nazi over his social media hearing comments. (TASS)

The above story contains this sick burn from the Russians: “It seems that yet another Washington lawmaker has said goodbye to adequacy.”

Attackers used last week’s Bad Rabbit ransomware outbreak as cover for more subtle attacks in Ukraine.

If you’d like to receive our newsletter in your inbox, please sign up here.