Overnight Cybersecurity: Sessions denies Russia collusion | First agency gets 'A' grade on IT | Feds out North Korean botnet | Unusual security update for Windows XP

Overnight Cybersecurity: Sessions denies Russia collusion | First agency gets 'A' grade on IT | Feds out North Korean botnet | Unusual security update for Windows XP
© Greg Nash

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

 

THE BIG STORY:

--THE SESSIONS SESSION: Attorney General Jeff SessionsJefferson (Jeff) Beauregard SessionsConservatives moving to impeach Rosenstein soon: report Senators urge DOJ to probe whether Russians posed as Islamic extremist hackers to harass US military families The Hill's Morning Report — Trump readies for Putin summit: 'He’s not my enemy’ MORE gave his hotly anticipated testimony before the Senate Intelligence Committee on Tuesday.

To read our live blog of the event, click here.

--...THE BIG TAKEAWAYS: Sessions was adamant he had neither witnessed nor participated in any collusion with a foreign power while on the Trump campaign. He defended his denying meetings with Russian officials during his confirmation hearing as correct in the context of the questions he had been asked by Al FrankenAlan (Al) Stuart FrankenFranken offers Dems a line of questioning for Kavanaugh's 'weirdly specific bit of bulls---' The Hill's Morning Report — Sponsored by PhRMA — GOP lawmakers race to find an immigration fix Richard Painter puts out 'dumpster fire' in first campaign ad MORE, which he felt were alluding to regular contact between campaign officials and Russians. He acknowledged discussing firing James Comey with Deputy Attorney General Rod Rosenstein before either was confirmed, but believed through the process of firing Comey that it was in response to the Clinton investigation.

--...FLASHBACK - THE EXCHANGE BETWEEN FRANKEN AND SESSIONS:

ADVERTISEMENT
FRANKEN: "CNN has just published a story and I'm telling you this about a news story that's just been published. I'm not expecting you to know whether or not it's true or not. But CNN just published a story alleging that the intelligence community provided documents to the president-elect last week that included information that quote, 'Russian operatives claimed to have compromising personal and financial information about Mr. Trump.' These documents also allegedly say quote, 'There was a continuing exchange of information during the campaign between Trump's surrogates and intermediaries for the Russian government.' Now, again, I'm telling you this as it's coming out, so you know. But if it's true, it's obviously extremely serious and if there is any evidence that anyone affiliated with the Trump campaign communicated with the Russian government in the course of this campaign, what will you do?"

SESSIONS: "Sen. Franken, I'm not aware of any of those activities. I have been called a surrogate at a time or two in that campaign and I did not have communications with the Russians, and I'm unable to comment on it."

--...CONFIRMS COMEY / TRUMP MEETING: Sessions shed light on his conversation with Comey following what the former FBI director has described as a private meeting in the Oval Office during which President Trump asked him to let go of the investigation into former national security adviser Michael Flynn. Sessions said that Comey expressed concerns with him about the private conversation but didn't offer "any details" about what Trump said that he interpreted as improper. "He was concerned about it," Sessions said. "I affirmed his concern that we should be following the proper guidelines of the Department of Justice and basically backed him up on his concerns," Sessions said.

--...RUNS AFOUL OF DEMS FOR AVOIDING QUESTIONS: 
Sen. Martin HeinrichMartin Trevor HeinrichCNN congressional correspondent talks about her early love of trolls and family Overnight Energy: DNC to reject fossil fuel donations | Regulators see no security risk in coal plant closures | Senate committee rejects Trump EPA, Interior budgets Energy commission sees no national security risk from coal plant closures MORE (D-N.M.) sparred with Sessions over his refusing to answer questions based on "appropriateness" despite it not being a legal argument. Sessions had said President Trump had not exerted executive privilege. "There is no appropriateness bucket. It is not a legal standard," said Heinrich. "I'm protecting the president's constitutional right by not giving it away before he has a chance to review it," said Sessions. Heinrich compared Sessions strategy of not answering questions to NSA Director Mike Rogers' and Director of National Intelligence Dan CoatsDaniel (Dan) Ray CoatsTop Democrats request meeting with intel chief over sharing of classified info Overnight Defense: Fallout from tense NATO summit | Senators push to block ZTE deal in defense bill | Blackwater founder makes new pitch for mercenaries to run Afghan war NSA deletes scores of call records over ‘technical irregularities’ MORE' similar answers last week. "You are obstructing this investigation by not answering these questions," said Heinrich.

--...HARRIS CUT OFF AGAIN: For the second week in a row, Sen. Kamala Harris (D-Calif.) was cut off from her questioning of a witness at a Senate Intelligence Committee hearing. The first time was last week as she questioned Deputy Attorney General Rod Rosenstein. On Tuesday, it was as she asked questions to Attorney General Jeff Sessions. Harris had been asking whether Sessions had reviewed any written rule giving him permission to refuse to answer questions without invoking executive privilege, which Sessions had done throughout the hearing. Sessions declined to answer Harris's question as she pushed for a yes or no answer as to whether he had reviewed a policy or rule that was in writing. "You knew that you would be asked these questions when you relied on that policy," Harris interjected. "Did you not ask your staff to see the rule that would be the basis of your refusing to answer…" Sen. John McCainJohn Sidney McCainSenate Dems tell Trump: Don't meet with Putin one-on-one McConnell: Senate to confirm Kavanaugh by Oct. 1 Overnight Defense: Fears rise over Trump-Putin summit | McCain presses Trump to hold Putin 'accountable' for hacking | Pentagon does damage control after NATO meet MORE (R-Ariz.) then objected, saying Harris was not allowing Sessions to answer the question. "Chairman, the witness should be allowed to answer the question," McCain said. As Sessions chuckled at the commotion, Chairman Richard BurrRichard Mauze BurrThe Hill's Morning Report — Sponsored by Better Medicare Alliance — Trump seeks `home run’ candidate to succeed Justice Kennedy Hillicon Valley: Senate panel upholds finding Russia backed Trump | ZTE temporarily allowed back in business | Trump targets the NSA | Court rules Yelp can't be forced to remove bad reviews Senate panel upholds finding that Russia backed Trump, contradicting House MORE (R-N.C.) said he would run his own committee but instructed Harris to allow Sessions to answer. Sessions then gave a winding answer that exhausted the rest of Harris's time, and he did not answer whether he had seen a written rule.

To read the rest of our piece, click here.

--...SESSIONS HAS NO KNOWLEDGE OF RUSSIAN HACKING OF DNC: When pressed by Sen. Angus KingAngus Stanley KingHillicon Valley: Hacker tried to sell military docs on dark web | Facebook fined over Cambridge Analytica | US closer to lifting ZTE ban | Trump, Obama lose followers in Twitter purge | DOJ weighs appeal on AT&T merger Senators press federal election officials on state cybersecurity 'Paws for Celebration' event brings rescue animals to the Capitol MORE (I-Me.), Sessions said that it "appears" Russia tried to interfere in the presidential election--but that he never received a classified briefing on Russian active measures against the election. "It appears so. The intelligence community appears to be united in that," Sessions said, adding, "But ... I know nothing but what I've read in the paper." When asked whether he ever received a briefing, Sessions replied, "No, I don't believe I ever did." Sessions said he had refused briefings on Russian election interference because he was worried he would have to recuse himself. The U.S. intelligence agencies have publicly identified Russia as the hackers.

--...NSA DIRECTOR ANSWERED QUESTIONS BEHIND CLOSED DOORS: 
NSA Director Adm. Mike Rogers answered the committee's questions in a closed setting on Monday evening, Burr said. Rogers was criticized by lawmakers on the committee for dodging a number of questions related to the Russia investigation at a recent open hearing.

--MEANWHILE, AT ANOTHER HEARING: Deputy Attorney General Rod Rosenstein on Tuesday said he has not seen good cause to fire Robert Mueller, the special counsel investigating Russian election interference. Rosenstein clarified at a Senate Appropriations Justice, Science and Related Agencies subcommittee hearing that he, and not Attorney General Jeff Sessions, has the authority to hire and fire Mueller. "Have you seen good cause for firing Mueller?" Sen. Jeanne ShaheenCynthia (Jeanne) Jeanne ShaheenFemale lawmakers, candidates must be the voice for women worldwide GOP lawmakers plan official visit to Russia later this week Dem senator: If Nielsen doesn't reunite families, 'she should resign' MORE (D-N.H.) asked Rosenstein. "I have not," he replied. Rosenstein added he is confident Mueller will have sufficient independence in the investigation into the Trump campaign's potential ties to Russia. Sen. Susan CollinsSusan Margaret CollinsDem infighting erupts over Supreme Court pick McConnell: Senate to confirm Kavanaugh by Oct. 1 Overnight Health Care: Watchdog finds Tom Price improperly used funds on flights | Ex-Novartis CEO sent drug pricing proposal to Cohen | HHS staffers depart after controversial social media posts MORE (R-Maine) further pressed him on reports that the administration is considering firing Mueller, asking whether he would if President Trump ordered him to do so. "I am not going to follow any orders unless I believe those are lawful and appropriate," Rosenstein said, explaining that under federal regulations, Mueller can only be fired for good cause and that reason would have to be put in writing.

--RUSSIAN HACKING OF ELECTIONS OFFICIALS WIDER THAN BELIEVED: The Russian cyberattack on the U.S. electoral system reportedly had a larger scope than was previously revealed. Bloomberg News reported that the cyberattack, which occurred before President Trump's election, targeted nearly twice the number of states as was previously revealed. The Russian hackers hit systems in 39 states in all, Bloomberg reported, citing people with direct knowledge of the U.S investigation into the matter.

To read the rest of our piece, click here.

 

A POLICY UPDATE:

IT REPORT CARD SEASON: Federal agencies averaged a "B" grade in information technology procurement in their latest report cards, with one agency being the first to score an "A."

The fourth version of the Federal Information Technology Acquisition Reform Act (FITARA) scorecard dropped Tuesday morning, with the B average the same as in the last report, six months ago. 

FITARA uses an evolving set of gradable criteria to evaluate progress in information technology investments. Grades come out twice a year and are meant to keep agencies focused on IT targets.  

The criteria included issues of risk management, whether purchases could show incremental benefits and whether upgrading systems to the cloud had realized anticipated cost savings.

In the latest report card, the United States Agency for International Development scored the first ever A-range grade -- an A-plus. Commerce, Homeland Security, Housing and Urban Development, Justice, Veterans Affairs, the Environmental Protection Agency and the General Services Administration all scored in the B range. Defense received the only F.

To read the rest of our piece, click here.

 

A LIGHTER CLICK: 

RADIO SHACK CLEARANCE SALE. Radio Shack is auctioning off a profoundly weird mix of 1980s technology, a painting of George W. Bush and a gold record. (H/T The Verge)

 

A REPORT IN FOCUS:

FBI, DHS OUT NORTH KOREAN BOTNET: The FBI and Department of Homeland Security (DHS) on Tuesday released technical details about the methods behind North Korea's cyberattacks.

The agencies identified IP addresses associated with a malware known as DeltaCharlie, which North Korea uses to launch distributed denial-of-service (DDoS) attacks.

The alert called for institutions to come forward with any information they might have about the nation's cyber activity, which the U.S. government refers to as "Hidden Cobra."

To read the rest of our piece, click here.

 

WHAT'S IN THE SPOTLIGHT:

WINDOWS XP: Microsoft is releasing a new patch for Windows XP, a product it no longer formally supports, out of concern for state-sponsored cyberattacks.

It's an unusual move for the company to provide fixes to older operating systems, highlighting its concerns over cyberattacks. The company also released a patch for the operating system last month in the wake of the WannaCry ransomware attacks, which targeted hospitals and other institutions.

"In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyberattacks by government organizations, sometimes referred to as nation-state actors, or other copycat organizations," said Adrienne Hall, general manager of crisis management at Microsoft, about the new update.

"To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows."

The company said that it would also release patches for Vista and all other operating systems, both supported and unsupported, because of the "elevated risk" from the WannaCry attacks.

To read the rest of our piece, click here.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

President Trump blocked a veterans group on Twitter. (The Hill)

Verizon finally completed its purchase of Yahoo (The Hill)

Uber executive joked that women talk too much during meeting on sexism. (The Hill)

Business email scam fleeces Southern Oregon University of nearly $2 million (Graham Cluley / Tripwire)

Track any cell phone for $500. (The Verge)

 

If you'd like to receive our newsletter in your inbox, please sign up here.