Overnight Cybersecurity: Bipartisan bill aims to deter election interference | Russian hackers target Senate | House Intel panel subpoenas Bannon | DHS giving 'active defense' cyber tools to private sector

Overnight Cybersecurity: Bipartisan bill aims to deter election interference | Russian hackers target Senate | House Intel panel subpoenas Bannon | DHS giving 'active defense' cyber tools to private sector

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



--SENATORS UNVEIL BIPARTISAN PUSH TO DETER ELECTION INTERFERENCE: A pair of senators from each party is introducing legislation meant to deter foreign governments from interfering in future American elections. The bill represents the latest push on Capitol Hill to address Russia's meddling in the 2016 presidential election and counter potential threats ahead of the 2018 midterms. Sens. Marco RubioMarco Antonio RubioGOP looks to injure Nelson over Russia comments Rubio’s pro-family, conservative family leave policy promotes stability Dems make history in Tuesday's primaries MORE (R-Fla.) and Chris Van HollenChristopher (Chris) Van HollenDem campaign chairman expresses confidence over path to Senate majority Trump draws bipartisan fire over Brennan New sanctions would hurt Russia — but hurt American industry more MORE (D-Md.) on Tuesday introduced the "Defending Elections from Threats by Establishing Redlines (DETER) Act," which lays out specific foreign actions against U.S. elections that would warrant penalties from the federal government. Van Hollen said in a statement that the bill would send "an unequivocal message to Russia and any other foreign actor who may follow its example: if you attack us, the consequences will be severe." Congress imposed additional sanctions on Moscow for its election interference last summer. However, fears have mounted over the potential for future foreign influence efforts, which some lawmakers are seeking to address through legislation.


--UNDER THE BILL introduced Tuesday, it would be up to the Trump administration to decide the retaliatory measures for potential election interference by China, Iran and North Korea, and any other nation the administration singles out as a threat. The administration would be required to report to Congress within 90 days of the bill's enactment on plans to counter potential election interference from each specific country. In the event of future interference specifically by Russia, the bill expands on penalties already imposed by the Countering America's Adversaries Act of 2017. For instance, it mandates that the U.S. government immediately impose sanctions on Russia's finance, energy and defense sectors. It would also blacklist senior Russian political figures or oligarchs identified under the law, preventing them from entering the United States and blocking their assets.

To read our full coverage of the bill, click here.


--RUSSIA-LINKED HACKERS TARGETING THE SENATE: Russian hackers from the group known as "Fancy Bear" are targeting the U.S. Senate with a new espionage campaign, according to cybersecurity firm Trend Micro. The Tokyo-based cybersecurity group said that it has discovered a chain of suspicious-looking websites set up to look like the U.S. Senate's internal email system, and learned that the sites were being operated as part of an email-harvesting operation. The websites were reportedly set up by Fancy Bear, a group linked to Russia's military intelligence agency, the GRU. The group has been implicated in the hack of the Democratic National Committee ahead of the 2016 presidential election. The Associated Press first reported Trend Micro's findings on Friday. The tactic used by Fancy Bear's hackers to obtain Senate emails is "identical" to an operation carried out against French President Emmanuel Macron during the French elections last year, which led to the publication of Macron's campaign emails two months later. The revelation by Trend Micro prompted Sen. Ben SasseBenjamin (Ben) Eric SassePollster: Attitudes toward Trump's farm aid are 'highly wrapped up' in feelings toward president Poll: Majority of Americans support Trump's plan to offer aid to farmers hit by tariffs Hillicon Valley: 'QAnon' conspiracy theory jumps to primetime | Senate Intel broadens look into social media manipulation | Senate rejects push for more election security funds | Reddit reveals hack MORE (R-Neb.) to demand a briefing from Attorney General Jeff SessionsJefferson (Jeff) Beauregard SessionsSentencing reform deal heats up, pitting Trump against reliable allies Hill.TV poll: 41 percent of Americans want Mueller to wrap up probe before midterms The Hill's Morning Report: Dems have a majority in the Senate (this week) MORE on the steps that the Trump administration has taken to counter Russian hackers.

To read the rest of our coverage, click here and here.


--HOUSE INTEL SUBPOENAS BANNON: The House Intelligence Committee on Tuesday subpoenaed former White House strategist Stephen Bannon after he declined to answer investigators' questions in their probe into Russian interference in the election, according to multiple sources. According to one source, Bannon did not immediately comply with the subpoenas, which were for both testimony and documents. Bannon appeared to pique lawmakers when he tried to cite executive privilege to avoid answering some questions related to his work for President TrumpDonald John TrumpBrennan fires new shot at Trump: ‘He’s drunk on power’ Trump aides discussed using security clearance revocations to distract from negative stories: report Trump tried to dissuade Melania from 'Be Best' anti-bullying campaign: report MORE.

"I certainly think that when the committee expects an executive privilege, when does that attach is the question that is sort of dominating the day. You know, at what time does it attach? During the transition or during the actual swearing in?" Rep. Tom RooneyThomas (Tom) Joseph RooneyHillicon Valley: FBI fires Strzok after anti-Trump tweets | Trump signs defense bill with cyber war policy | Google under scrutiny over location data | Sinclair's troubles may just be beginning | Tech to ease health data access | Netflix CFO to step down House Intel lawmakers introduce bipartisan election security bill Meadows leaves door open to impeachment vote on Rosenstein MORE (R-Fla.) told reporters. He declined to comment on the issuance of the subpoenas, first reported by Fox News' Chad Pergram. Bannon joined the campaign in August of 2016, stayed on through the transition and left the White House in August of 2017. The move to issue a subpoena during the middle of an interview is an unusual one--and is a break from how committee lawmakers have handled other witnesses who have declined to answer certain questions.

To read the rest of our coverage, click here.


--BANNON REPORTEDLY SUBPOENAED IN RUSSIA PROBE: Former White House chief strategist Stephen Bannon was subpoenaed last week by special counsel Robert MuellerRobert Swan MuellerSasse: US should applaud choice of Mueller to lead Russia probe MORE as part of the federal probe into Russian interference in the presidential election, The New York Times reported Tuesday. Bannon, who joined the Trump campaign in August of 2016 and left the White House almost exactly a year later, is one of the few known instances that Mueller has used a subpoena to compel information from a member of President Trump's inner circle. Mueller previously obtained subpoenas targeting former campaign chairman Paul ManafortPaul John ManafortMueller recommends Papadopoulos be sentenced to up to 6 months in prison Hillicon Valley: Trump escalates feud with intel critics | Tesla shares fall after troubling Musk interview | House panel considers subpoena for Twitter's Jack Dorsey | Why Turkish citizens are breaking their iPhones Manafort jury adjourns for the weekend with no verdict MORE, who has since been charged with a slate of federal crimes, including money laundering. Mueller interviewed dozens of Trump associates in the closing months of the year, but those individuals were not served with a subpoena, according to the Times. It was not immediately clear why Bannon was treated differently. The revelation came as Bannon was appearing behind closed doors with the House Intelligence Committee to testify in that committee's probe into possible collusion between the Trump campaign and Russia. He reportedly recently retained Bill Burck, of the law firm Quinn Emanuel. The Mueller subpoena was handed down as Bannon has been in the spotlight over comments he made to Michael Wolff, the author of a controversial new book about the Trump White House.

To read the rest of our coverage, click here and here.



--BILL CRACKS DOWN ON CHINESE TELECOMS FIRMS: A Republican lawmaker has introduced legislation that would bar the federal government from contracting with firms that use equipment produced by Chinese telecommunications firms Huawei and ZTE, citing spying concerns.

Rep. Mike ConawayKenneth (Mike) Michael Conaway17 times Brennan has torched Trump GOP lawmaker calls for ethics rules changes after Collins charged with insider trading GOP Rep. Chris Collins charged with insider trading MORE (R-Texas) announced the bill on Friday, drawing renewed attention to concerns in Congress about the firms and their relationship with the Chinese government.

"Chinese commercial technology is a vehicle for the Chinese government to spy on United States federal agencies, posing a severe national security threat," Conaway said in a statement. "Allowing Huawei, ZTE, and other related entities access to U.S. government communications would be inviting Chinese surveillance into all aspects of our lives."

Huawei is the largest telecommunications manufacturer in the world, its competitor ZTE following close behind. Both firms are headquartered in China.

The bill introduced last week would prohibit the federal government "from using or contracting with an entity that uses" telecommunications equipment or services from Huawei or ZTE or any of their subsidiaries. There have been previous efforts in Congress to restrict the firms' access to the federal market.

The firms have long fought concerns in Washington that their equipment could be compromised by the Chinese government. The House Intelligence Committee issued a report in 2012 labeling Huawei and ZTE a national security threat.

To read the rest of our piece, click here.


--HOUSE SET TO VOTE ON 'CYBER DIPLOMACY' BILL: House lawmakers are scheduled to vote on a bill later this week that would restore an office within the State Department focused on cyber diplomatic efforts. The bill was introduced by House Foreign Affairs Committee Chair Ed RoyceEdward (Ed) Randall RoyceSteyer group launching 0,000 digital ad campaign targeting millennials It’s possible to protect national security without jeopardizing the economy Dems seek GOP wipeout in California MORE (R-Calif.) and ranking member Eliot EngelEliot Lance EngelOvernight Defense: Trump tells veterans he will 'stand up for America' | McConnell, Ryan say Putin not welcome on Capitol Hill | Mattis tries to explain Trump's Iran tweet Dems request briefing on Trump's private meeting with Putin House Dems press resolution denouncing Trump in wake of Helsinki MORE (D-N.Y.) last year after Secretary of State Rex TillersonRex Wayne TillersonDems want GOP chairman to subpoena State Department over cyber docs Overnight Energy: Trump elephant trophy tweets blindsided staff | Execs of chemical plant that exploded during hurricane indicted | Interior to reverse pesticide ban at wildlife refuges Administration should use its leverage to get Egypt to improve its human rights record MORE moved to close the department's Office of Cybersecurity Coordinator as part of a broader reorganization of the department.

The State Department has folded its responsibilities into a bureau responsible for economic and business affairs.

Some cybersecurity experts and lawmakers have sounded alarm over the decision to close the cyber office, saying that it signals a downgrade to the department's efforts to engage the international community on cyber policy. State Department officials have emphasized that cyber remains a top priority at the department.



Cybersecurity firm Agari has updated figures on the count of federal agencies that have deployed email security tool DMARC. As of Tuesday 63 percent of federal agencies had deployed the tool, which helps crack down on fraudulent emails. The new figures come a day after a deadline set by the Department of Homeland Security (DHS) for agencies and departments operating .gov domains to implement DMARC.



RESEARCHERS IDENTIFY ANDROID SPYWARE: Kaspersky Lab on Tuesday sounded the alarm about the discovery of highly advanced surveillance software that it said can infiltrate Android mobile devices and gather "targeted" information without users' consent.

Researchers at the Moscow-based cybersecurity firm described the spyware, named Skygofree, as a sophisticated mobile implant "designed for targeted cyber-surveillance" that can be potentially used as an "offensive security" product.

"Skygofree is a sophisticated, multi-stage spyware that gives attackers full remote control of an infected device," the company said in a Tuesday press release.

Alexey Firsh, a malware analyst at Kaspersky Lab, said in a statement that the malware is not only hard to identify, but it also "can spy extensively on targets without arousing suspicion."

Skygofree, which has been active since 2014, can go as far as listening in on conversations when a mobile device enters a particular location.

"It has undergone continuous development since the first version was created at the end of 2014 and it now includes the ability to eavesdrop on surrounding conversations and noise when an infected device enters a specified location -- a feature that has not previously been seen in the wild," it continued.

The spyware has a large range of sophisticated capabilities that allow it to assume control of a mobile device. Kaspersky identified "48 different commands that can be implemented by attackers, allowing for maximum flexibility of use."

To read the rest of our piece, click here.



HOMELAND SECURITY SECRETARY Kirstjen NielsenKirstjen Michele NielsenCybersecurity: Cause for optimism, need for continued vigilance The Hill's Morning Report — Dems split on key issues but united against Trump Hillicon Valley: Trump revokes Brennan's security clearance | Twitter cracks down on InfoWars | AT&T hit with crypto lawsuit | DHS hosts election security exercise MORE: Homeland Security Secretary Kirstjen Nielsen faced a number of cyber-related questions during an oversight hearing before the Senate Judiciary Committee on Tuesday, in addition to being grilled on President Trump's alleged vulgar comments at a closed-door immigration meeting last week.

In particular, she told lawmakers that the Department of Homeland Security is providing tools and resources to private companies to engage in "active defense" against cyber threats, a practice that has drawn scrutiny from some legal and cybersecurity experts.

"There is wide disagreement with respect to what it means," Nielsen said during a Senate Judiciary Committee hearing. "What it means is, we want to provide the tools and resources to the private sector to protect their systems."

"So, if we can anticipate or we are aware of a given threat -- and as you know, we've gone to great lengths this year to work with the [intelligence] community to also include otherwise classified information with respect to malware, botnets, other types of infections -- we want to give that to the private sector so that they can proactively defend themselves before they are in fact attacked," Nielsen explained.

Active defense measures, which fall on the spectrum between passive defense and offensive actions, can involve companies going outside their networks to disrupt attacks, identify attackers or retrieve stolen data. Companies might also use beacon technology to determine the physical location of an attacker if files are stolen.

Nielsen did not go into detail about the active defense measures that the Homeland Security Department is supporting in the private sector.

A House bill introduced by Reps. Tom GravesJohn (Tom) Thomas GravesHouse completes first half of 2019 spending bills House committee approves spending bill that would boost IRS funding House panel advances financial services spending bill MORE (R-Ga.) and Kyrsten Sinema (D-Ariz.) that would allow companies to engage in a range of active defense measures has attracted bipartisan support and triggered debate about the advantages and pitfalls of letting companies retaliate against hackers.

Nielsen also addressed questions about what the department is doing to deepen engagement with the private sector on cyber threats. She said Homeland Security is focused on tailoring threat information to specific sectors and moving towards a model that addresses critical functions of operations across critical infrastructure.

Nielsen also emphasized the need for Congress to pass legislation that would reorganize and elevate the department's cybersecurity mission, replacing the headquarters office charged with cybersecurity and critical infrastructure protection--the National Protection and Programs Directorate (NPPD)--with an operational agency.

And in response to questions from Sen. Amy KlobucharAmy Jean KlobucharHillicon Valley: Trump escalates feud with intel critics | Tesla shares fall after troubling Musk interview | House panel considers subpoena for Twitter's Jack Dorsey | Why Turkish citizens are breaking their iPhones The Hill's Morning Report — GOP seeks to hold Trump’s gains in Midwest states Tina Smith defeats former Bush ethics lawyer in Minnesota Dem primary MORE (D-Minn.), Nielsen said she was aware of a bill introduced in the Senate that would authorize grants for states to bolster the cybersecurity of their voting technology, in the wake of Russian interference in the 2016 presidential election.

While Nielsen did not offer an outright endorsement of the Secure Elections Act--introduced by a bipartisan group of senators including Klobuchar last month--she did say that providing states more cyber resources "makes sense" and said she looked forward to working with senators on the legislation.

To read the rest of our coverage from the hearing, click here.



Links from our blog, The Hill, and around the Web.

North Korean hacker group linked to cryptocurrency attacks in South Korea. (The Hill)

US to 'carefully' consider GM petition to test self-driving car. (The Hill)

States sue FCC over net neutrality repeal. (The Hill)

OP-ED: Equifax breach shows why companies need to act against known vulnerabilities. (The Hill)

An Indiana hospital was hit by ransomware. (FOX 59)

Canadian officials charge alleged operator of LeakedSource.com. (ZDNet)

Bitcoin price drops to lowest level since December. (CNN)

Cyber experts stumped by new 'Triton' malware. (CyberScoop)

Lawmakers pressed AT&T to sever ties with Huawei. (Reuters)

BSA The Software Alliance has released its 2018 policy agenda. (BSA)