Overnight Cybersecurity: Mueller adds cyber prosecutor to Russia team | DHS steps up election security aid to states | Dem bill would punish credit reporting firms for breaches

Overnight Cybersecurity: Mueller adds cyber prosecutor to Russia team | DHS steps up election security aid to states | Dem bill would punish credit reporting firms for breaches
© Getty Images

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



--DHS SPEEDS UP ELECTION SECURITY HELP TO STATES: A top cybersecurity official at the Department of Homeland Security said Wednesday he expects the department to complete rigorous election security tests requested by a number of states by April. Bob Kolasky, the acting deputy undersecretary in Homeland Security's cyber unit, acknowledged previous reports of a backlog of risk and vulnerability assessments, which the department has offered to states as part of its designation of election infrastructure as critical. Politico reported in late December that states faced up to 9-month waits for the thorough assessments, leaving little time before the 2018 midterm elections for states to mitigate any potential flaws in their voting systems. "I am here today to tell you we have the ability now to meet all the state requests that we have received," Kolasky said during a keynote address at a summit organized by the U.S. Election Assistance Commission in Washington. The department has already completed assessments for three states and expects to meet the remaining 11 requests by mid-April, he said. "We want all the rest of the states to sign up, and if they do we believe we will be able to do those risk and vulnerability assessments onsite before the midterm elections," Kolasky said. "That is a significant shift of our own resources."

To read the rest of our piece, click here.



--MUELLER BRINGS ON CYBER PROSECUTOR: Ryan Dickey, a veteran cyber crime prosecutor, has joined special counsel Robert MuellerRobert Swan MuellerSasse: US should applaud choice of Mueller to lead Russia probe MORE's team of investigators. A spokesman for the special counsel's office confirmed to The Hill on Wednesday that Dickey was assigned to Mueller's investigation in early November from the Justice Department's Computer Crime and Intellectual Property Section. The Washington Post first reported that Dickey had joined Mueller's team. Dickey is the first known veteran prosecutor of cyber crimes to join the special counsel investigation, which is examining Russian meddling in the 2016 presidential election and possible collusion between the Trump campaign and Moscow. Mueller took over the law enforcement investigation in May, after President TrumpDonald John TrumpNFL freezes policy barring players from protesting during anthem McConnell spokesman on Putin visit: 'There is no invitation from Congress' Petition urges University of Virginia not to hire Marc Short MORE fired FBI Director James ComeyJames Brien ComeyThere was nothing remotely treasonous in Trump's performance with Putin Opinion: One FBI text message in Russia probe that should alarm every American Clapper: Intel officials showed Trump evidence of Putin's role in election meddling MORE. His team mostly consists of white-collar crime prosecutors and investigators.

To read the rest of our piece, click here.


--TRUMP WON'T COMMIT TO INTERVIEW WITH MUELLER: President Trump said Wednesday it is "unlikely" he will have to sit down with Mueller for an interview, arguing that there was "no collusion" between his campaign and Russia. Trump repeatedly dodged whether he would submit to an interview with Mueller by citing his claim that there was no collusion during the 2016 presidential election. "We'll see what happens," the president said when pressed by a reporter on Wednesday. "When they have no collusion ... it seems unlikely that you'd even have an interview." Trump was speaking during a joint press conference alongside Norwegian Prime Minister Erna Solberg following a meeting at the White House. Multiple reports this week said that Mueller is likely to interview Trump in the coming weeks as part of the special counsel investigation into Russia's meddling in the 2016 presidential race. NBC News reported that Trump's lawyers have discussed whether to ask for stipulations to the interview, such as answering questions in writing or signing an affidavit asserting the president's innocence.

To read the rest of our piece, click here.



--DEMS REVIVE PUSH FOR LEGISLATION ON CREDIT FIRM BREACHES: Sens. Elizabeth WarrenElizabeth Ann WarrenOn The Money: Trump rips Fed over rate hikes | Dems fume as consumer agency pick refuses to discuss border policy | Senate panel clears Trump IRS nominee Dems fume as Trump's consumer bureau pick refuses to discuss role in border policy Trump vows to hold second meeting with Putin MORE (D-Mass.) and Mark WarnerMark Robert WarnerSenate panel advances Trump IRS nominee Bipartisan bill would bring needed funds to deteriorating National Park Service infrastructure Senate Dems press for info on any deals from Trump-Putin meeting MORE (D-Va.) have introduced a bill aimed at penalizing credit reporting agencies for breaches following the Equifax data breach.

The Data Breach Prevention and Compensation Act would provide the Federal Trade Commission (FTC) with additional direct supervisory authority over data security at the agencies, as well as impose penalties and provide consumers with compensation as a means of preventing future breaches.

"We are introducing a bill today to say that when a credit reporting agency lets your data be stolen, that there are substantial automatic penalties that go into place, and there's money that automatically goes back to the people whose data has been stolen," Warren told CNN's Alisyn Camerota on "New Day."

Equifax announced in September hackers had taken advantage of a software flaw and accessed the personal data of over 140 million customers.

The breach resulted in bipartisan outrage on Capitol Hill and the resignations of the company's chief information and security officers.

To read more about the bill, click here.


--SPY BILL TO GET A VOTE: The full House is poised to vote Thursday on a bill that would reauthorize Section 702 of the Foreign Intelligence Surveillance Act (FISA), a controversial provision that allows the intelligence community to spy on non-American targets outside the United States without a warrant.

The bill was approved by the House Rules Committee on Tuesday night.

The spy program, which will expire on Jan. 19 if Congress doesn't act, has been the subject of heated debate in Washington particularly as a result of the "incidental collection" that occurs on Americans when they communicate with foreign intelligence targets. Privacy and civil liberties advocates have been pushing for an end to the so-called "backdoor search loophole" that allows law enforcement to sift through data incidentally collected on Americans under the law without a warrant.

On Thursday, lawmakers will consider a bipartisan amendment offered by Rep. Justin AmashJustin AmashHouse leaders clash over resolution backing ICE Trump: ‘Dems have a death wish’ GOP lawmaker: Trump 'went out of his way to appear subordinate' at Putin press conference MORE (R-Mich.) and several others that would require a warrant for any agency to sift through Americans' communications. A bipartisan, bicameral group of lawmakers held a press conference on Wednesday to support the bill, called the USA Rights Act.

"We need more oversight of the intelligence community, not less," Sen. Rand PaulRandal (Rand) Howard PaulGOP leader blocks resolution backing intelligence community on Russia Rand Paul blocks Sanders's Russia resolution, calls it 'crazy hatred' against Trump McCain: Trump plays into 'Putin's hands' by attacking Montenegro, questioning NATO obligations MORE (R-Ky.) said at the event.  "We need to make sure, because men are not angels, that there are rules."

Lawmakers faced a deadline to reauthorize the program before the end of 2017, but added a provision to a short-term funding bill extending it and punting the debate into the new year.



Now, that's just weird.



WHATSAPP SECURITY WEAKNESSES COULD ALLOW UNINVITED GUESTS INTO GROUP CHATS: Computer researchers have discovered a set of flaws in WhatsApp that could allow uninvited individuals into private group chats.

WhatsApp, owned by Facebook, is a popular secure messaging application that uses end-to-end encryption.

The team of cryptographers at Ruhr University in Bochum, Germany, found a set of security weaknesses in the messaging app that together allow anyone controlling the WhatsApp server to insert other parties into a private group thread without getting permission from the administrator who controls the group.

The design flaws allow "an attacker ... controlling some of the messages sent by the WhatsApp server, to become a member of the group or add other users to the group without any interaction of the other users," according to their research paper released earlier this month.

The researchers detailed the findings at the Real World Crypto security conference in Zurich on Wednesday, according to Wired. They also found less significant weaknesses in secure messaging apps Signal and Threema.

While the flaws could allow an attacker to gain full control of group chats on the application, any would-be attacker would still first need to take control of the WhatsApp server to exploit the security flaws.

WhatsApp said in a statement that the company has carefully examined the issue and noted that the platform is built so that users are alerted when new people are added to a group message chat.

"We've looked at this issue carefully," a WhatsApp spokesperson said. "Existing members are notified when new people are added to a WhatsApp group. We built WhatsApp so group messages cannot be sent to a hidden user. The privacy and security of our users is incredibly important to WhatsApp. It's why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted."

To read the rest of our piece, click here.



PENTAGON CYBER OPS: The U.S. military is facing a host of challenges as it seeks to cultivate and expand cyber operations in the new year.

The expected departure of National Security Agency (NSA) Director Mike RogersMichael (Mike) Dennis RogersHillicon Valley: EU hits Google with record B fine | Trump tries to clarify Russia remarks | Sinclair changing deal to win over FCC | Election security bill gets traction | Robocall firm exposed voter data Former Intel panel chairman says Trump betrayed US intelligence community Trump and Putin should be talking about cyber weapons and social media instead of nuclear weapons MORE this spring has spawned a fresh challenge for the Trump administration. The White House must find someone to replace him who can helm not only the NSA, but also U.S. Cyber Command, the Pentagon's young offensive cyber unit that became more powerful last year after the president elevated it to a full combatant command.

Complicating matters, the Pentagon is currently mulling whether and how to split the two agencies, a decision widely viewed as inevitable but which some have worried could have negative consequences if done too swiftly.

Rogers's tenure has been a rocky one, plagued by continuous intelligence leaks and reports of low morale amid a sometimes-unpopular reorganization. Still, he remains in high regard among some, who acknowledge the high stakes of a job that requires balancing two distinct but related missions.

Rogers took over for Keith Alexander at NSA in 2014 as the intelligence agency faced intense public scrutiny over former contractor Edward Snowden's disclosures.

More recently, the agency has been forced to contend with embarrassing leaks of its hacking tools by the "Shadow Brokers" group.

In the dual-hat role, Rogers is also responsible for helming Cyber Command, which was born out of the NSA headquarters at Fort Meade, Md., in 2009.

"Having somebody that has that ability to understand the technical capabilities of the work ... but can still do the public outreach part -- it's tough to find someone that can do both of those," said Steve Bucci, a former Army officer and cybersecurity expert at the right-leaning Heritage Foundation.

"You generally need somebody with that technical background to understand the issues well, because it's not a normal military command," Bucci added. "The group gets pretty small."

The cyber unit has seen its status grow over the years, capped by President Trump's decision in August to officially elevate it to a full combatant command.

The move triggered a Pentagon review of whether to split the dual-hat leadership of NSA and Cyber Command, which would effectively separate the government's intelligence functions from its war-fighting cyber operations.

Some say Rogers's departure will create the perfect opportunity for the administration to move forward on splitting the two bodies by naming a successor at the NSA and a different commander for Cyber Command.

To read the rest of our piece, click here.



Links from our blog, The Hill, and around the Web.

Five takeaways from the Fusion GPS testimony. (The Hill)

Trump orders new guidance on 'unmasking' requests. (The Hill)

GOP senator presses Apple on phone slowdowns. (The Hill)

Dems warn of Russian election interference across Europe. (The Hill)

Taiwanese police hand out malware-infected devices as prizes in cyber quiz. (BBC)

FBI disrupting fewer cyber crime operations than in previous years. (NextGov)

White House personal cell phone ban will soon take effect. (Politico)