Overnight Cybersecurity: Sessions denies Russia collusion | First agency gets 'A' grade on IT | Feds out North Korean botnet | Unusual security update for Windows XP

Overnight Cybersecurity: Sessions denies Russia collusion | First agency gets 'A' grade on IT | Feds out North Korean botnet | Unusual security update for Windows XP
© Greg Nash

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



--THE SESSIONS SESSION: Attorney General Jeff SessionsJefferson (Jeff) Beauregard SessionsIntel leaders: Collusion still open part of investigation Republicans jockey for position on immigration Biden to Alabama: No more extremist senators MORE gave his hotly anticipated testimony before the Senate Intelligence Committee on Tuesday.

To read our live blog of the event, click here.

--...THE BIG TAKEAWAYS: Sessions was adamant he had neither witnessed nor participated in any collusion with a foreign power while on the Trump campaign. He defended his denying meetings with Russian officials during his confirmation hearing as correct in the context of the questions he had been asked by Al FrankenAlan (Al) Stuart FrankenThe Hill's 12:30 Report The Hill's 12:30 Report John Oliver rips AT&T-Time Warner merger MORE, which he felt were alluding to regular contact between campaign officials and Russians. He acknowledged discussing firing James Comey with Deputy Attorney General Rod Rosenstein before either was confirmed, but believed through the process of firing Comey that it was in response to the Clinton investigation.


FRANKEN: "CNN has just published a story and I'm telling you this about a news story that's just been published. I'm not expecting you to know whether or not it's true or not. But CNN just published a story alleging that the intelligence community provided documents to the president-elect last week that included information that quote, 'Russian operatives claimed to have compromising personal and financial information about Mr. Trump.' These documents also allegedly say quote, 'There was a continuing exchange of information during the campaign between Trump's surrogates and intermediaries for the Russian government.' Now, again, I'm telling you this as it's coming out, so you know. But if it's true, it's obviously extremely serious and if there is any evidence that anyone affiliated with the Trump campaign communicated with the Russian government in the course of this campaign, what will you do?"

SESSIONS: "Sen. Franken, I'm not aware of any of those activities. I have been called a surrogate at a time or two in that campaign and I did not have communications with the Russians, and I'm unable to comment on it."

--...CONFIRMS COMEY / TRUMP MEETING: Sessions shed light on his conversation with Comey following what the former FBI director has described as a private meeting in the Oval Office during which President Trump asked him to let go of the investigation into former national security adviser Michael Flynn. Sessions said that Comey expressed concerns with him about the private conversation but didn't offer "any details" about what Trump said that he interpreted as improper. "He was concerned about it," Sessions said. "I affirmed his concern that we should be following the proper guidelines of the Department of Justice and basically backed him up on his concerns," Sessions said.

Sen. Martin HeinrichMartin Trevor HeinrichThe Hill's 12:30 Report New Mexico Gov: GOP health care bill 'still needs some work' Dems ask FEC to create new rules in response to Russian Facebook ads MORE (D-N.M.) sparred with Sessions over his refusing to answer questions based on "appropriateness" despite it not being a legal argument. Sessions had said President Trump had not exerted executive privilege. "There is no appropriateness bucket. It is not a legal standard," said Heinrich. "I'm protecting the president's constitutional right by not giving it away before he has a chance to review it," said Sessions. Heinrich compared Sessions strategy of not answering questions to NSA Director Mike Rogers' and Director of National Intelligence Dan CoatsDaniel (Dan) Ray CoatsDon’t throw the baby out with the BATwater Overnight Cybersecurity: DHS bans agencies from using Kaspersky software | Panel calls Equifax CEO to testify | Facebook pulling ads from fake news Mueller investigation focusing on social media's role in 2016 election: report MORE' similar answers last week. "You are obstructing this investigation by not answering these questions," said Heinrich.

--...HARRIS CUT OFF AGAIN: For the second week in a row, Sen. Kamala Harris (D-Calif.) was cut off from her questioning of a witness at a Senate Intelligence Committee hearing. The first time was last week as she questioned Deputy Attorney General Rod Rosenstein. On Tuesday, it was as she asked questions to Attorney General Jeff Sessions. Harris had been asking whether Sessions had reviewed any written rule giving him permission to refuse to answer questions without invoking executive privilege, which Sessions had done throughout the hearing. Sessions declined to answer Harris's question as she pushed for a yes or no answer as to whether he had reviewed a policy or rule that was in writing. "You knew that you would be asked these questions when you relied on that policy," Harris interjected. "Did you not ask your staff to see the rule that would be the basis of your refusing to answer…" Sen. John McCainJohn Sidney McCainRubio asks Army to kick out West Point grad with pro-communist posts The VA's woes cannot be pinned on any singular administration Overnight Defense: Mattis offers support for Iran deal | McCain blocks nominees over Afghanistan strategy | Trump, Tillerson spilt raises new questions about N. Korea policy MORE (R-Ariz.) then objected, saying Harris was not allowing Sessions to answer the question. "Chairman, the witness should be allowed to answer the question," McCain said. As Sessions chuckled at the commotion, Chairman Richard BurrRichard Mauze BurrTrump: Why isn't Senate looking into 'Fake News Networks'? Overnight Cybersecurity: Equifax security employee left after breach | Lawmakers float bill to reform warrantless surveillance | Intel leaders keeping collusion probe open Special counsel looking into dossier as part of Russia probe: report MORE (R-N.C.) said he would run his own committee but instructed Harris to allow Sessions to answer. Sessions then gave a winding answer that exhausted the rest of Harris's time, and he did not answer whether he had seen a written rule.

To read the rest of our piece, click here.

--...SESSIONS HAS NO KNOWLEDGE OF RUSSIAN HACKING OF DNC: When pressed by Sen. Angus KingAngus Stanley KingSenate confirms No. 2 spot at HHS, days after Price resigns Overnight Defense: Mattis offers support for Iran deal | McCain blocks nominees over Afghanistan strategy | Trump, Tillerson spilt raises new questions about N. Korea policy Mattis: Staying in Iran deal is of US national security interest MORE (I-Me.), Sessions said that it "appears" Russia tried to interfere in the presidential election--but that he never received a classified briefing on Russian active measures against the election. "It appears so. The intelligence community appears to be united in that," Sessions said, adding, "But ... I know nothing but what I've read in the paper." When asked whether he ever received a briefing, Sessions replied, "No, I don't believe I ever did." Sessions said he had refused briefings on Russian election interference because he was worried he would have to recuse himself. The U.S. intelligence agencies have publicly identified Russia as the hackers.

NSA Director Adm. Mike Rogers answered the committee's questions in a closed setting on Monday evening, Burr said. Rogers was criticized by lawmakers on the committee for dodging a number of questions related to the Russia investigation at a recent open hearing.

--MEANWHILE, AT ANOTHER HEARING: Deputy Attorney General Rod Rosenstein on Tuesday said he has not seen good cause to fire Robert Mueller, the special counsel investigating Russian election interference. Rosenstein clarified at a Senate Appropriations Justice, Science and Related Agencies subcommittee hearing that he, and not Attorney General Jeff Sessions, has the authority to hire and fire Mueller. "Have you seen good cause for firing Mueller?" Sen. Jeanne ShaheenCynthia (Jeanne) Jeanne ShaheenHomeland Security searching some social media doesn't violate privacy The feds shouldn't blackball Kaspersky without public evidence Week ahead: Crunch time for defense bill’s cyber reforms | Equifax under scrutiny MORE (D-N.H.) asked Rosenstein. "I have not," he replied. Rosenstein added he is confident Mueller will have sufficient independence in the investigation into the Trump campaign's potential ties to Russia. Sen. Susan CollinsSusan Margaret CollinsGun proposal picks up GOP support Giffords, Scalise highlight party differences on guns Agricultural trade demands investment in MAP and FMD MORE (R-Maine) further pressed him on reports that the administration is considering firing Mueller, asking whether he would if President Trump ordered him to do so. "I am not going to follow any orders unless I believe those are lawful and appropriate," Rosenstein said, explaining that under federal regulations, Mueller can only be fired for good cause and that reason would have to be put in writing.

--RUSSIAN HACKING OF ELECTIONS OFFICIALS WIDER THAN BELIEVED: The Russian cyberattack on the U.S. electoral system reportedly had a larger scope than was previously revealed. Bloomberg News reported that the cyberattack, which occurred before President Trump's election, targeted nearly twice the number of states as was previously revealed. The Russian hackers hit systems in 39 states in all, Bloomberg reported, citing people with direct knowledge of the U.S investigation into the matter.

To read the rest of our piece, click here.



IT REPORT CARD SEASON: Federal agencies averaged a "B" grade in information technology procurement in their latest report cards, with one agency being the first to score an "A."

The fourth version of the Federal Information Technology Acquisition Reform Act (FITARA) scorecard dropped Tuesday morning, with the B average the same as in the last report, six months ago. 

FITARA uses an evolving set of gradable criteria to evaluate progress in information technology investments. Grades come out twice a year and are meant to keep agencies focused on IT targets.  

The criteria included issues of risk management, whether purchases could show incremental benefits and whether upgrading systems to the cloud had realized anticipated cost savings.

In the latest report card, the United States Agency for International Development scored the first ever A-range grade -- an A-plus. Commerce, Homeland Security, Housing and Urban Development, Justice, Veterans Affairs, the Environmental Protection Agency and the General Services Administration all scored in the B range. Defense received the only F.

To read the rest of our piece, click here.



RADIO SHACK CLEARANCE SALE. Radio Shack is auctioning off a profoundly weird mix of 1980s technology, a painting of George W. Bush and a gold record. (H/T The Verge)



FBI, DHS OUT NORTH KOREAN BOTNET: The FBI and Department of Homeland Security (DHS) on Tuesday released technical details about the methods behind North Korea's cyberattacks.

The agencies identified IP addresses associated with a malware known as DeltaCharlie, which North Korea uses to launch distributed denial-of-service (DDoS) attacks.

The alert called for institutions to come forward with any information they might have about the nation's cyber activity, which the U.S. government refers to as "Hidden Cobra."

To read the rest of our piece, click here.



WINDOWS XP: Microsoft is releasing a new patch for Windows XP, a product it no longer formally supports, out of concern for state-sponsored cyberattacks.

It's an unusual move for the company to provide fixes to older operating systems, highlighting its concerns over cyberattacks. The company also released a patch for the operating system last month in the wake of the WannaCry ransomware attacks, which targeted hospitals and other institutions.

"In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyberattacks by government organizations, sometimes referred to as nation-state actors, or other copycat organizations," said Adrienne Hall, general manager of crisis management at Microsoft, about the new update.

"To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows."

The company said that it would also release patches for Vista and all other operating systems, both supported and unsupported, because of the "elevated risk" from the WannaCry attacks.

To read the rest of our piece, click here.



Links from our blog, The Hill, and around the Web.

President Trump blocked a veterans group on Twitter. (The Hill)

Verizon finally completed its purchase of Yahoo (The Hill)

Uber executive joked that women talk too much during meeting on sexism. (The Hill)

Business email scam fleeces Southern Oregon University of nearly $2 million (Graham Cluley / Tripwire)

Track any cell phone for $500. (The Verge)


If you'd like to receive our newsletter in your inbox, please sign up here.