Overnight Cybersecurity: DHS bans agencies from using Kaspersky software | Panel calls Equifax CEO to testify | Facebook pulling ads from fake news

Overnight Cybersecurity: DHS bans agencies from using Kaspersky software | Panel calls Equifax CEO to testify | Facebook pulling ads from fake news
© Getty Images

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

 

THE BIG STORIES:

--EQUIFAX LEADERSHIP CALLED BEFORE CONGRESS: The CEO of the credit reporting company at the center of a massive cybersecurity scandal has been called to testify before congressional lawmakers at the beginning of October. Republicans on the House Energy and Commerce Committee sent a letter to Equifax CEO Richard Smith on Wednesday formally requesting his testimony before members of the committee on October 3. Smith will testify before members of the subcommittee focused on digital commerce and consumer protection. He had already agreed to testify before the lawmakers, but the letter represents a formal notification of his invitation to appear before the committee.  Rep. Greg Walden (R-Ore.), who chairs the committee, announced last Friday that he would hold a hearing on the breach after receiving a briefing from Equifax. The company disclosed the breach on Thursday, opening Equifax up to questions and criticism from lawmakers on Capitol Hill.  "We look forward to hearing directly from Mr. Smith on this unprecedented breach that has raised serious questions about the security of consumers' personal information," Walden and Rep. Bob Latta (R-Ohio), chairman of the subcommittee, said in a joint statement on Wednesday.  

To read the rest of our piece, click here.

--...AND A TOP DEM IS EYEING EQUIFAX COMPETITORS: A top Democrat on the House Financial Services Committee asked Equifax's competitors on Wednesday whether they've taken steps to prevent a similar security breach. Rep. Carolyn Maloney (D-N.Y.) asked the CEOs of credit reporting agencies TransUnion and Experian about their security measures after hackers accessed the personal financial information of more than 140 million U.S. individuals stored by Equifax. "Because of the nature of the information that was stolen -- largely Social Security numbers and birth dates, which are both critical and unchangeable for consumers -- criminals could be using this information to steal consumers' identity for years to come," Maloney said.

To read the rest of our piece, click here.

--DHS SUED OVER BORDER PHONE SEARCHES: The American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation are suing the federal government over warrantless searches of phones and laptops at the U.S. border. The advocacy organizations announced Wednesday that they have filed a lawsuit against the Department of Homeland Security (DHS) on behalf of 11 travelers -- 10 U.S. citizens and one permanent resident of the United States -- who had their smartphones and laptops searched without warrants. The lawsuit argues that the seizures violate the First and Fourth Amendments. "Because government scrutiny of electronic devices is an unprecedented invasion of personal privacy and a threat to freedom of speech and association, searches of such devices absent a warrant supported by probable cause and without particularly describing the information to be searched are unconstitutional," states the complaint filed in Massachusetts on Wednesday.

To read the rest of our piece, click here.

 

A LEGISLATIVE UPDATE:

A Democratic U.S. senator worried Wednesday that self-driving trucks could be leveraged by "out-of-state actors" looking to cause harm to Americans.

Sen. Maggie HassanMargaret (Maggie) HassanDemocratic Homeland Security members request additional DHS nominee testimony Bipartisan group of lawmakers aim to reform US sugar program Trump transportation nominee comes under fire for sexual assault comments MORE (D-N.H.) made the comment at a Senate Commerce Committee hearing Wednesday, signaling the need for federal regulations on autonomous vehicles to sufficiently address cybersecurity concerns.

"There is no doubt that automated vehicles have tremendous potential to save lives," Hassan said. "But what is less clear to me and I think what you're hearing some questions about is how we can guard against potential harms of this technology from in and out-of-state actors who are looking to harm us."

"I am very concerned that we are all assuming that there are going to be levels of cybersecurity built into this technology when ... we've seen in all various industry sectors that sometimes we think about cybersecurity after the harm is done," Hassan continued.

To read the rest of our piece, click here.

 

THE MOSCOW MILE:

--DHS BLACKLISTS KASPERSKY LAB: The Department of Homeland Security (DHS) is ordering federal agencies and departments to stop using software produced by Russian firm Kaspersky Lab, citing potential risks to U.S. national security. Kaspersky has come under intense scrutiny in recent months amid news reports alleging connections between the firm and Russian intelligence. Homeland Security cited "information security risks" posed by the presence of Kaspersky software on federal information systems, explaining that Kaspersky products "provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems." Rob Joyce, President Trump's cybersecurity coordinator, applauded DHS on Wednesday. "For us, the idea of a piece of software that's able to live on our networks and touch every file on those networks, going to be able to, at the discretion of the company, decide what goes back to their cloud in Russia, and then what you really need to understand is under Russian law, the company must collaborate with the FSB," Joyce, speaking at a cybersecurity conference in Washington, said. Kaspersky has long maintained that it has no ties to the Russian government.

To read the rest of our piece, click here

--...RESEARCH WING FEELS BETRAYED: In response, Aleks Gostev, the chief security expert of Kaspersky Labs' Global Research and Analysis Team (GReAT) tweeted "Perhaps, it's time to reconsider our samples sharing program with US companies." GReAT has done critical research on a number of international threats, including, recently discovering the believed Russian espionage operation "WhiteBear" earlier this year. Security companies frequently share threat information.

--FLYNN SON NOW EMBROILED IN RUSSIA ROW: The son of President Trump's former national security adviser, Michael Flynn, is a subject of the federal investigation into Russian election meddling and any possible ties between the Trump campaign and Moscow, according to a Wednesday report from NBC News. The focus on Michael Flynn Jr. has to do, at least in part, with his work with the Flynn Intel Group, his father's lobbying group.

To read the rest of our piece, click here.

--JUSTICE DELAYED: A letter obtained by The Hill shows The Justice Department is blocking Senate investigators from interviewing two top FBI officials who could provide testimony on the firing of former Director James Comey and the handling of the investigation into Hillary ClintonHillary Diane Rodham ClintonGOP rushes to cut ties to Moore Papadopoulos was in regular contact with Stephen Miller, helped edit Trump speech: report Bannon jokes Clinton got her ‘ass kicked’ in 2016 election MORE's use of a private email server. Senate Judiciary Chairman Chuck GrassleyCharles (Chuck) Ernest GrassleySenators push mandatory sexual harassment training for members, staff Senate panel to hold hearing on bump stocks, background checks Senate panel to hold hearing on bump stocks MORE (R-Iowa) and ranking member Dianne FeinsteinDianne Emiel FeinsteinSenators push mandatory sexual harassment training for members, staff Bipartisan group of lawmakers aim to reform US sugar program Senate panel to hold hearing on bump stocks MORE (D-Calif.) have repeatedly requested that the two senior bureau officials, Carl Ghattas and James Rybicki, appear for a transcribed interview. The Justice Department in July declined the committee's request to speak with Rybicki and Ghattas, citing the appointment of Robert Mueller to serve as special counsel in the Russia investigation and "related matters." "As a threshold matter, the scope of the Committee's inquiry has not been de-conflicted with Special Counsel Mueller's investigation," Assistant Attorney General Stephen Boyd wrote in a Monday letter to the committee declining the request. Rybicki is Comey's former chief of staff. Ghattas is the head of the FBI's national security division and is in charge of leading the FBI's operations and intelligence efforts.

To read the rest of our piece, click here.

 

A LIGHTER CLICK:

SHORTCUT TO SCIENCE. Scam science journals will put your name on someone else's scientific paper for as little as $300.

 

A NEW CORPORATE POLICY IN BRIEF:

Facebook is implementing new standards for content makers looking to earn ad revenue from the social network, explicitly excluding "misinformation and false news" sites.

"Those who share content that repeatedly violates our Content Guidelines for Monetization, share clickbait or sensationalism, or post misinformation and false news may be ineligible or may lose their eligibility to monetize," wrote Nick Grudin, vice president of media partnerships, in a blog post Wednesday.

Facebook came under fire after the 2016 election for not doing more to prevent the spread of "fake news," intentionally inaccurate, viral sites that capitalized on partisan discord and news stories spun far from the truth.

In a separate post linking to Grudin's, Carolyn Everson, vice president of global marketing solutions, announced the company would provide advertisers more insight into what Facebook content their ads are attached to.

To read the rest of our piece, click here.

 

WHO'S IN THE SPOTLIGHT:

ANYONE WHO CROSSES THE BOSS: Director of National Intelligence Dan CoatsDaniel (Dan) Ray CoatsCounterintelligence needs reboot for 21st century Ending FISA’s sunset provisions is not a risk worth taking Overnight Cybersecurity: Facebook's Sandberg backs release of Russian ads | Watchdog to probe alleged FCC cyberattack | Trump officially nominates new DHS head MORE on Wednesday called it "troubling" to hear outside officials criticize the White House's approach to intelligence.

In a speech at the Billington CyberSecurity Summit in Washington, Coats ended with a shot at officials like his predecessor, James Clapper, who have slammed the Trump administration.

"I find it troubling many outside the current arena, including former officials, criticize the [intelligence community's] recent record and expressed concern about [its] capabilities with the president," said Coats.

Last month, Clapper told CNN that he believes Trump "likes intelligence on a selective basis," suggesting this meant that when the intelligence suited Trump's politics, he was OK with it.

"He seems to accept the intelligence on Korea, or on Syria, on China, on other areas, on terrorism, but when it comes to Russia, not so much," Clapper said.

Coats acknowledged a variety of threats in the cyber realm during his talk, including Russia, which he said had "assumed an ever more aggressive cyber posture."

To read the rest of our piece, click here.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

The Mueller probe is training its sights on social media. (The Hill)

Think tank exiles allegedly fired for crossing Google have started their own shop. (The Hill)

The House Judiciary Committeee reached a deal on surveillance reform. (The Hill)

This Brazilian is trying to prove e-voting is fraud proof. (ZDNet)

A bipartisan pair introduced the House side of a Senate proposal to require voting machines purchased with federal funds to have a paper backup. (Rep. Langevin)

Europe is eyeing a pan-continent cyber agency. (EU Observer)

Twitter didn't suspend Hope Hicks, but that hasn't stopped conservatives from being mad about it. (Wired)

Equifax had a security incident in Argentina, unrelated to the big one in the US.

If you'd like to receive our newsletter in your inbox, please sign up here.