Overnight Cybersecurity: Equifax security employee left after breach | Lawmakers float bill to reform warrantless surveillance | Intel leaders keeping collusion probe open

Overnight Cybersecurity: Equifax security employee left after breach | Lawmakers float bill to reform warrantless surveillance | Intel leaders keeping collusion probe open
© Getty Images

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

THE BIG STORY:

--EQUIFAX TRILOGY PART 1: Wednesday saw a trio of hearings on the Equifax breach on Capitol Hill. Senators ripped former Equifax CEO Richard Smith over executives unloading almost $2 million worth of stock after the credit reporting firm suffered a massive hack but before the public was notified. "I've got to tell you something and this is just a fact. It may have been done with the best of intentions and no intent for insider trading, but this really stinks. I mean it really smells, really bad," said Sen. Jon TesterJonathan (Jon) TesterGOP and Dems bitterly divided by immigration Senate panel moves forward with bill to roll back Dodd-Frank GOP defeats Schumer bid to delay tax vote MORE (D-Mont.). Smith defended the executives in question: John Gamble, the chief financial officer; Joseph Loughran, president of U.S. information solutions and Rodolfo Ploder, president of workforce solutions. He said they were not aware of the hack when they sold their stocks. At the time they unloaded their shares, Smith told lawmakers, Equifax only knew that "suspicious activity," had occurred but did not understand the extent of the breach. Smith said the company sees suspicious activity from attempted hacks millions of times a year and suggested this hack initially seemed no different. But lawmakers appeared skeptical. "The stock sales seem to suggest more information than we are getting here," said Sen. Tim ScottTimothy (Tim) Eugene ScottMcConnell names Senate GOP tax conferees GOP senator: Trump shouldn't pardon Flynn Trump should fill CFPB vacancy with Export-Import chief MORE (R-S.C.).

To read the rest of our piece, click here.

ADVERTISEMENT

--...PART 2: There may be a non-controversial explanation to a controversial no-bid contract the Internal Revenue Service granted Equifax amid the fallout of its recent cyberattack. Officials testified Wednesday it was a stopgap measure to prevent a taxpayer service from being shut off as the IRS attempts to move to a new vendor. On Tuesday night, reports emerged that the IRS had granted a $7 million fraud-prevention contract to Equifax on Sept. 29, well after the credit reporting firm announced a massive hack.  Jeffrey Tribiano, IRS deputy commissioner for operations support, testified that the contract was to continue the electronic authentication service Equifax had already been providing as the agency attempted to move that contract to a new vendor. In July, after the IRS decided to replace Equifax with another company's successful bid, Equifax challenged the procurement. That challenge is currently under review at the Government Accountability Office (GAO). With the procurement still unresolved, the IRS entered into a temporary contract with Equifax to maintain services. "We had to either, one, stop the service, which means millions of taxpayers would not be able to get their transcripts, including those that are in need of it -- like in the hurricane disaster areas, they use those tools to get their transcripts -- or do a bridge contract with Equifax until GAO decides on the protest, and we move forward," Tribiano said.  

To read the rest of our piece, click here.

--...PART 3: Former Equifax CEO Richard Smith testified Wednesday before a Senate Judiciary privacy subcommittee that the employee responsible for not updating the company's security software had stepped down in the weeks after the massive data breach was revealed. In a hearing on Tuesday, Smith had told lawmakers that the breach could be attributed to a "combination of human error and technological error." According to Smith's testimony, an employee had failed to patch software, leaving Equifax's consumer data vulnerable, and scanning software had failed to detect the vulnerability later on. That employee hasn't been identified and Equifax has stayed quiet until now about the person's employment status.

To read the rest of our piece, click here.

 

A LEGISLATIVE UPDATE:

--WARRANTLESS SURVEILLANCE: A powerful pair of House lawmakers is poised to introduce legislation this week that would place modest limits on the National Security Agency’s warrantless surveillance program, likely reigniting debate on Capitol Hill and setting up a potential showdown with the Trump administration. 

The bill, from the chairman and ranking member of the House Judiciary Committee, is set to be introduced as early as Thursday.

According to a draft version obtained by The Hill, the proposal would require criminal investigators to obtain a court order before viewing the content of any communications collected under that program — including those sent by Americans. 

The standard for viewing metadata is set lower, requiring investigators only to seek higher-level approval. Metadata information includes things like call time and sender and receiver.

The Trump administration has been campaigning fiercely for a clean, permanent renewal of the surveillance program, which is set to expire at the end of this year. Intelligence officials, who briefed reporters on their use of the authority last week, believe it to be one of the most critical tools they have to combat terrorism.

But Judiciary Committee chairman Bob Goodlatte (R-Va.) has said that a wholesale permanent reauthorization of the law is a nonstarter in the House.

The proposal would extend the law until 2023, with a number of other tweaks aimed at boosting oversight and ensuring the agency is only spying on legal targets.

It would also prohibit the agency for six years from collecting communications that are about a foreign target but are neither sent nor received by that person. The NSA voluntarily halted such collection, known as “about” surveillance, earlier this year, but wants to retain the authority to resume it.

The Hill's Katie Bo Williams has more here.

 

A LIGHTER CLICK: 

GREETINGS FROM AMAZON, GEORGIA.

 

THE MOSCOW MILE:

--SENATE INTEL SAYS COLLUSION INVESTIGATION ONGOING: The Senate Intelligence Committee is still investigating whether there was any collusion between the Trump campaign and Russia during the 2016 election, the panel's leaders said Wednesday. "The committee continues to look into all evidence to see if there was any hint of collusion," Chairman Richard BurrRichard Mauze BurrSessions argued presidents can obstruct justice in Clinton impeachment trial Trump Jr. to meet with Senate panel amid Russia probe Trump’s Russian winter grows colder with Flynn plea deal MORE (R-N.C.) told a room packed with reporters. "I'm not even going to discuss initial findings because we haven't any." But, he added later, "The issue of collusion is still open." In one significant development, they said committee members and staff have reached "general consensus" that they trust the intelligence community's formal assessment that Russia launched a wide-scale disinformation campaign targeted at the 2016 election. That assessment was issued during the Obama administration. Burr stopped short, however, of giving a complete endorsement of the Obama-era report, which claimed that Russia had intervened on behalf of Trump. The committee has not come to a conclusion on Russia's preferences, he said, only that Moscow intended to sow "chaos on every level."

To read the rest of our piece, click here

--...BUT DONE SOLICITING COMEY INFO, FOR THE TIME BEING:  The leaders of the Senate Intelligence Committee announced Wednesday they will no longer pursue details surrounding the memos former FBI Director James Comey wrote as personal recollections of his conversations with President TrumpDonald John TrumpHouse Democrat slams Donald Trump Jr. for ‘serious case of amnesia’ after testimony Skier Lindsey Vonn: I don’t want to represent Trump at Olympics Poll: 4 in 10 Republicans think senior Trump advisers had improper dealings with Russia MORE about the Russia investigation. "This topic has been hotly debated and the committee is satisfied that our involvement with this issue has reached a logical end as it relates to the Russia investigation," Sen. Richard Burr (R-N.C.), the chairman of the panel, said during a press conference. The committee told reporters it was leaving any further probing of the Comey memos to Special Counsel Robert Mueller. "Now again, this is not something that we have closed, but we have exhausted every person we can talk to get information that is pertinent to us relative to the Russia investigation," he told a room of reporters.

To read the rest of our piece, click here.

 

WHAT'S IN THE SPOTLIGHT:

--A DHS BUG BOUNTY PROGRAM:

A Senate panel with oversight of the Department of Homeland Security (DHS) has approved legislation that would set up a "bug bounty" program to pay researchers for catching vulnerabilities in the department's information systems.

The "Hack DHS Act" would direct the Department of Homeland Security to set up a pilot bug bounty program that would offer cash to security researchers who identify and report vulnerabilities in DHS's information systems, giving DHS an opportunity to patch them.

The idea is common in the business world and now slowly emerging in government.  The Act was modeled after a similar program established at the Pentagon to catch undiscovered vulnerabilities in the Defense Department's systems.

The bipartisan bill, introduced by Sens. Maggie HassanMargaret (Maggie) HassanDemocrats turn on Al Franken The Hill's 12:30 Report Avalanche of Democratic senators say Franken should resign MORE (D-N.H.) and Rob PortmanRobert (Rob) Jones PortmanMcConnell names Senate GOP tax conferees Overnight Finance: House approves motion to go to tax conference — with drama | GOP leaders to consider Dec. 30 spending bill | Justices skeptical of ban on sports betting | Mulvaney won't fire official who sued him How four GOP senators guided a tax-bill victory behind the scenes MORE (R-Ohio) in May, advanced the Senate Homeland Security and Governmental Affairs Committee during a meeting Wednesday. Sen. Claire McCaskillClaire Conner McCaskillDemocrats turn on Al Franken Trump rips Dems a day ahead of key White House meeting The Hill's 12:30 Report MORE (D-Mo.), the committee's ranking member, is cosponsoring the legislation, along with Sen. Kamala HarrisKamala Devi HarrisDemocrats turn on Al Franken Minnesota's largest newspaper calls on Franken to resign Democratic senator predicts Franken will resign Thursday MORE (D-Calif.).

To read the rest of our piece, click here.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

The U.S. cleared major hurdles for the extradition of two accused Russian cybercriminals from E.U. nations - suspects Russia fought to prevent the extradition of. (The Hill)

Mr. Moneybags, of Monopoly fame, attended one of the Equifax hearings. (The Hill)

Headline of the day "Here's the Leaked Anti-Leak Training Email Sent to DOE Staff." (Wired)  

There was a coup at the internet's premier Donald Trump forum. (Motherboard)

The FBI issued a flash warning for companies to fix the security flaw that snagged Equifax. (Cyberscoop)

If you'd like to receive our newsletter in your inbox, please sign up here.