Overnight Cybersecurity: Trump planning State, CIA shakeup? | Group sues feds over tattoo recognition machines | Russian cyber criminal gets more jail time

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

 

THE BIG STORY:

–COTT-IN? The New York Times is reporting a potential Trump staff shakeup replacing Secretary of State Rex Tillerson with current CIA head Mike Pompeo, and Pompeo with Tom Cotton, currently a senator from Arkansas. It’s a move that could have cascading impact.

–…BUT HOLD ON. A big caveat: the White House appears to have told Tillerson the allegations are not true. Chief of staff John Kelly called the State Department on Thursday to dispel the media reports, agency spokeswoman Heather Nauert said. Nauert said at a department press briefing that Tillerson shrugged off reports that the White House had a plan in place to force him out and install CIA Director Mike Pompeo as the Trump administration’s top diplomat. “He kind of brushed this off today; he’s heard these kinds of stories before,” Nauert said. “He’s just going on about his business.”

To read the rest of our piece, click here.

{mosads}

–…WHITE HOUSE WON’T GIVE TILLERSON VOTE OF CONFIDENCE: White House press secretary Sarah Huckabee Sanders on Thursday refused to say whether President Trump has confidence in Secretary of State Rex Tillerson. Sanders was asked multiple times if Tillerson still enjoys Trump’s backing in response to reports the White House has hatched a plan to force him out. “When the president loses confidence in someone, they will no longer serve in the capacity that they’re in,” Sanders replied. The spokeswoman said Trump and Tillerson are “continuing to work together to close out what we’ve seen to be an incredible year.”

To read the rest of our piece, click here.

–…WHAT WOULD THAT MEAN FOR CYBER AT STATE? Tillerson had sought to diminish cybersecurity’s place in the diplomatic hierarchy, originally intending to demote it from its own State Department office to a subdivision of an economic office. Lawmakers pushed legislation requiring the office to remain open, but not before State lost its top cyber diplomat, Christopher Painter. Would a Pompeo regime maintain State’s zeal to reduce its own footprint?

–…AND CIA? Former Intelligence officials who spoke to Overnight Cybersecurity – as well as those quoted elsewhere – expressed a similar set of concerns with Tom Cotton becoming the new chief, including the senator’s defense of waterboarding as something other than torture, his pick-and-choose approach to the Russia intelligence assessment — Cotton denies Russia had any intent to bolster President Trump — and his lack of experience in intelligence. “The guy’s smart, no question about that,” said Bob Dietz, a George Mason professor who served as General Counsel at the NSA, Acting General Counsel at the National Geospatial Intelligence Agency and Acting Council for Intelligence at Defense.” But it’s very difficult for someone without intelligence experience to come into an intelligence post and do anything intelligent. When I started at NSA, I did all the research I could about the agency before I came in. It was entirely different.”

 

A LITIGATION UPDATE:

GOOGLE SUED FOR IPHONE DATA HARVESTING: A British consumer group is accusing Google of illegally collecting data on iPhone users by working around their devices’ privacy protections in 2011 and 2012.

The group, Google You Owe Us, alleges that Google’s algorithms were able to bypass default iPhone privacy settings through the Safari web browser and collect individuals’ data to target them with advertisements. They filed a lawsuit against the tech giant on Thursday, saying it’s the first time a major company has faced a class action suit over the abuse of data.

“I believe that what Google did was quite simply against the law,” said Richard Lloyd, who’s representing the group. “Their actions have affected millions, and we’ll be asking the courts to remedy this major breach of trust.”

To read the rest of our piece, click here.

 

AGENCIES SUED OVER TATTOO RECOGNITION TECHNOLOGY: The Electronic Frontier Foundation (EFF), a digital rights advocacy group, is suing government agencies for information on tattoo recognition technology being developed to assist law enforcement.

The EFF filed a lawsuit under the Freedom of Information Act (FOIA) on Thursday against the Department of Commerce, the Department of Justice and the Department of Homeland Security (DHS), which are collaborating on the new technology.

The group is concerned that tattoo recognition programs raise concerns about privacy violations and could infringe on First Amendment rights to free expression.

“Tattoos have served as an expression of the self for thousands of years, and can represent our innermost thoughts, closely held beliefs, and significant moments,” EFF fellow Camille Fischer said in a statement. “If law enforcement is creating a detailed database of tattoos, we have to make sure that everyone’s rights to freedom of expression are protected.”

According to the lawsuit, the National Institute of Standards and Technology (NIST), an office within the Department of Commerce, began studying how to improve tattoo recognition programs in 2014 to use for the identification and linking individuals to others with similar tattoos. With the help of the FBI, it created a database of 15,000 images and allowed access to researchers from public and private institutions.

To read the rest of our piece, click here.

 

A LIGHTER CLICK: 

MAX WANTS TO BE IN THE LIBRARY. We do not want Max to be in the library. 

 

A REPORT IN FOCUS:

A credit repair service appears to have left files of extremely sensitive personal information in Amazon cloud account without securing it with a password. Anyone who knew where to look could have accessed the files without having to log in.

Upguard reports that a Florida business, the National Credit Foundation, left information on around 40,000 people in that cloud account. That included names, addresses, and phone numbers, as well as unredacted scans of Social Security cards and drivers’ licenses.

The National Credit Foundation did not reply to a Hill request for comment.

Upguard says it first contacted the firm in late October and the files were taken down by mid-November.

 

WHO’S IN THE SPOTLIGHT:

ROMAN SELEZNEV: A Russian cyber criminal already serving a 27-year sentence in federal prison has been given an additional 14 years for his role in a $50 million scheme that involved trafficking stolen credit card numbers.

The Justice Department on Thursday sentenced Roman Seleznev, the son of a member of Russian parliament, to additional jail time for his role in the organized cybercrime ring and for defrauding banks of $9 million through a computer hacking scheme.

Seleznev has also been ordered to pay over $50 million in restitution, according to federal officials. 

Seleznev pleaded guilty in both criminal cases, which were investigated in Nevada and Georgia, in early September.

The 33-year-old Russian was previously convicted in federal court in Washington on 38 counts related to his role in a wire fraud and computer hacking scheme targeting U.S. businesses.

To read the rest of our piece, click here.

 

LISTEN TO THE HILL’S NEW TWICE-DAILY PODCASTS!

In today’s PM View, your daily evening update on what went down in Washington: Secretary of State Rex Tillerson’s future is once again in doubt, but President Trump doesn’t like having to say “you’re fired”; the GOP tax plan steams ahead; and Congress seeks more time to avert a government shutdown.

Host Niv Elis talks to the Hill’s Jordan Fabian, Naomi Jagoda, and Cristina Marcos about what happened today on Capitol Hill. Listen here.

And subscribe to the podcasts here: Apple Podcasts | Soundcloud | Stitcher | Google Play | TuneIn

 

IN CASE YOU MISSED IT:

‘Links from our blog, The Hill, and around the Web.

While lawmakers ponder the cybersecurity of a financial records database, activists worry the process is taking too long. (The Hill)

In closed meet with House Intel, Jeff Sessions refuses to answer whether Trump has interfered with the Russia investigation. (The Hill)

…Intel also subpoenaed New York comedian Randy Credico, the believed conduit between Roger Stone and WikiLeaks. (The Hill)

…Meanwhile, the FBI is trying to “get in front” of future Russian threats. (The Hill)

If you’d like to receive our newsletter in your inbox, please sign up here.

 

This newsletter was updated on Dec. 4 at 10:43 a.m.