Overnight Cybersecurity: Bipartisan bill aims to deter election interference | Russian hackers target Senate | House Intel panel subpoenas Bannon | DHS giving 'active defense' cyber tools to private sector

Overnight Cybersecurity: Bipartisan bill aims to deter election interference | Russian hackers target Senate | House Intel panel subpoenas Bannon | DHS giving 'active defense' cyber tools to private sector

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



--SENATORS UNVEIL BIPARTISAN PUSH TO DETER ELECTION INTERFERENCE: A pair of senators from each party is introducing legislation meant to deter foreign governments from interfering in future American elections. The bill represents the latest push on Capitol Hill to address Russia's meddling in the 2016 presidential election and counter potential threats ahead of the 2018 midterms. Sens. Marco RubioMarco Antonio RubioTrump must send Russia powerful message through tougher actions McCain, Coons immigration bill sparks Trump backlash Taking a strong stance to protect election integrity MORE (R-Fla.) and Chris Van HollenChristopher (Chris) Van HollenTrump must send Russia powerful message through tougher actions Taking a strong stance to protect election integrity Overnight Cybersecurity: Trump taps finance exec as federal CIO | White House downplays talk of 5G takeover | Massive cryptocurrency heist sparks scrutiny MORE (D-Md.) on Tuesday introduced the "Defending Elections from Threats by Establishing Redlines (DETER) Act," which lays out specific foreign actions against U.S. elections that would warrant penalties from the federal government. Van Hollen said in a statement that the bill would send "an unequivocal message to Russia and any other foreign actor who may follow its example: if you attack us, the consequences will be severe." Congress imposed additional sanctions on Moscow for its election interference last summer. However, fears have mounted over the potential for future foreign influence efforts, which some lawmakers are seeking to address through legislation.


--UNDER THE BILL introduced Tuesday, it would be up to the Trump administration to decide the retaliatory measures for potential election interference by China, Iran and North Korea, and any other nation the administration singles out as a threat. The administration would be required to report to Congress within 90 days of the bill's enactment on plans to counter potential election interference from each specific country. In the event of future interference specifically by Russia, the bill expands on penalties already imposed by the Countering America's Adversaries Act of 2017. For instance, it mandates that the U.S. government immediately impose sanctions on Russia's finance, energy and defense sectors. It would also blacklist senior Russian political figures or oligarchs identified under the law, preventing them from entering the United States and blocking their assets.

To read our full coverage of the bill, click here.


--RUSSIA-LINKED HACKERS TARGETING THE SENATE: Russian hackers from the group known as "Fancy Bear" are targeting the U.S. Senate with a new espionage campaign, according to cybersecurity firm Trend Micro. The Tokyo-based cybersecurity group said that it has discovered a chain of suspicious-looking websites set up to look like the U.S. Senate's internal email system, and learned that the sites were being operated as part of an email-harvesting operation. The websites were reportedly set up by Fancy Bear, a group linked to Russia's military intelligence agency, the GRU. The group has been implicated in the hack of the Democratic National Committee ahead of the 2016 presidential election. The Associated Press first reported Trend Micro's findings on Friday. The tactic used by Fancy Bear's hackers to obtain Senate emails is "identical" to an operation carried out against French President Emmanuel Macron during the French elections last year, which led to the publication of Macron's campaign emails two months later. The revelation by Trend Micro prompted Sen. Ben SasseBenjamin (Ben) Eric SasseSasse statement: Trump nominee who spread conspiracy theories has a ‘tinfoil hat’ Senate Republicans call on Trump to preserve NAFTA Trump action on tariffs triggers GOP alarm MORE (R-Neb.) to demand a briefing from Attorney General Jeff SessionsJefferson (Jeff) Beauregard SessionsDems pick up deep-red legislative seat in Missouri Grassley to Sessions: Policy for employees does not comply with the law New immigration policy leaves asylum seekers in the lurch MORE on the steps that the Trump administration has taken to counter Russian hackers.

To read the rest of our coverage, click here and here.


--HOUSE INTEL SUBPOENAS BANNON: The House Intelligence Committee on Tuesday subpoenaed former White House strategist Stephen Bannon after he declined to answer investigators' questions in their probe into Russian interference in the election, according to multiple sources. According to one source, Bannon did not immediately comply with the subpoenas, which were for both testimony and documents. Bannon appeared to pique lawmakers when he tried to cite executive privilege to avoid answering some questions related to his work for President TrumpDonald John TrumpTillerson: Russia already looking to interfere in 2018 midterms Dems pick up deep-red legislative seat in Missouri Speier on Trump's desire for military parade: 'We have a Napoleon in the making' MORE.

"I certainly think that when the committee expects an executive privilege, when does that attach is the question that is sort of dominating the day. You know, at what time does it attach? During the transition or during the actual swearing in?" Rep. Tom RooneyThomas (Tom) Joseph RooneyHouse Intel votes to release Dem countermemo Several lawmakers have seen intelligence behind Nunes memo Fierce battle erupts over releasing intelligence report MORE (R-Fla.) told reporters. He declined to comment on the issuance of the subpoenas, first reported by Fox News' Chad Pergram. Bannon joined the campaign in August of 2016, stayed on through the transition and left the White House in August of 2017. The move to issue a subpoena during the middle of an interview is an unusual one--and is a break from how committee lawmakers have handled other witnesses who have declined to answer certain questions.

To read the rest of our coverage, click here.


--BANNON REPORTEDLY SUBPOENAED IN RUSSIA PROBE: Former White House chief strategist Stephen Bannon was subpoenaed last week by special counsel Robert MuellerRobert Swan MuellerSasse: US should applaud choice of Mueller to lead Russia probe MORE as part of the federal probe into Russian interference in the presidential election, The New York Times reported Tuesday. Bannon, who joined the Trump campaign in August of 2016 and left the White House almost exactly a year later, is one of the few known instances that Mueller has used a subpoena to compel information from a member of President Trump's inner circle. Mueller previously obtained subpoenas targeting former campaign chairman Paul ManafortPaul John ManafortDem lawmaker to Trump: 'How dare you lecture us about treason' Trevor Noah: Hannity is ‘Trump’s archbishop of bulls---’ DOJ wants Manafort’s suit against Mueller dismissed MORE, who has since been charged with a slate of federal crimes, including money laundering. Mueller interviewed dozens of Trump associates in the closing months of the year, but those individuals were not served with a subpoena, according to the Times. It was not immediately clear why Bannon was treated differently. The revelation came as Bannon was appearing behind closed doors with the House Intelligence Committee to testify in that committee's probe into possible collusion between the Trump campaign and Russia. He reportedly recently retained Bill Burck, of the law firm Quinn Emanuel. The Mueller subpoena was handed down as Bannon has been in the spotlight over comments he made to Michael Wolff, the author of a controversial new book about the Trump White House.

To read the rest of our coverage, click here and here.



--BILL CRACKS DOWN ON CHINESE TELECOMS FIRMS: A Republican lawmaker has introduced legislation that would bar the federal government from contracting with firms that use equipment produced by Chinese telecommunications firms Huawei and ZTE, citing spying concerns.

Rep. Mike ConawayKenneth (Mike) Michael ConawayOvernight Cybersecurity: Tillerson proposes new cyber bureau at State | Senate bill would clarify cross-border data rules | Uber exec says 'no justification' for covering up breach House Intel postpones Bannon interview in dispute over questioning Despite subpoena, Bannon won’t appear before House Intelligence Committee: reports MORE (R-Texas) announced the bill on Friday, drawing renewed attention to concerns in Congress about the firms and their relationship with the Chinese government.

"Chinese commercial technology is a vehicle for the Chinese government to spy on United States federal agencies, posing a severe national security threat," Conaway said in a statement. "Allowing Huawei, ZTE, and other related entities access to U.S. government communications would be inviting Chinese surveillance into all aspects of our lives."

Huawei is the largest telecommunications manufacturer in the world, its competitor ZTE following close behind. Both firms are headquartered in China.

The bill introduced last week would prohibit the federal government "from using or contracting with an entity that uses" telecommunications equipment or services from Huawei or ZTE or any of their subsidiaries. There have been previous efforts in Congress to restrict the firms' access to the federal market.

The firms have long fought concerns in Washington that their equipment could be compromised by the Chinese government. The House Intelligence Committee issued a report in 2012 labeling Huawei and ZTE a national security threat.

To read the rest of our piece, click here.


--HOUSE SET TO VOTE ON 'CYBER DIPLOMACY' BILL: House lawmakers are scheduled to vote on a bill later this week that would restore an office within the State Department focused on cyber diplomatic efforts. The bill was introduced by House Foreign Affairs Committee Chair Ed RoyceEdward (Ed) Randall RoyceOvernight Tech: Uber exec says 'no justification' for covering up hack | Apple considers battery rebates | Regulators talk bitcoin | SpaceX launches world's most powerful rocket Overnight Cybersecurity: Tillerson proposes new cyber bureau at State | Senate bill would clarify cross-border data rules | Uber exec says 'no justification' for covering up breach Tillerson proposes new unified bureau at State to focus on cyber MORE (R-Calif.) and ranking member Eliot EngelEliot Lance EngelTop Dems demand answers from State Department after employees cite career concerns The happiest place on earth is now the center of American polarization Overnight Cybersecurity: Tech execs testify on countering extremist content | House approves cyber diplomacy bill | Pentagon reportedly mulling nuclear response to cyberattacks MORE (D-N.Y.) last year after Secretary of State Rex TillersonRex Wayne TillersonTillerson: Russia already looking to interfere in 2018 midterms Overnight Tech: Uber exec says 'no justification' for covering up hack | Apple considers battery rebates | Regulators talk bitcoin | SpaceX launches world's most powerful rocket Overnight Cybersecurity: Tillerson proposes new cyber bureau at State | Senate bill would clarify cross-border data rules | Uber exec says 'no justification' for covering up breach MORE moved to close the department's Office of Cybersecurity Coordinator as part of a broader reorganization of the department.

The State Department has folded its responsibilities into a bureau responsible for economic and business affairs.

Some cybersecurity experts and lawmakers have sounded alarm over the decision to close the cyber office, saying that it signals a downgrade to the department's efforts to engage the international community on cyber policy. State Department officials have emphasized that cyber remains a top priority at the department.



Cybersecurity firm Agari has updated figures on the count of federal agencies that have deployed email security tool DMARC. As of Tuesday 63 percent of federal agencies had deployed the tool, which helps crack down on fraudulent emails. The new figures come a day after a deadline set by the Department of Homeland Security (DHS) for agencies and departments operating .gov domains to implement DMARC.



RESEARCHERS IDENTIFY ANDROID SPYWARE: Kaspersky Lab on Tuesday sounded the alarm about the discovery of highly advanced surveillance software that it said can infiltrate Android mobile devices and gather "targeted" information without users' consent.

Researchers at the Moscow-based cybersecurity firm described the spyware, named Skygofree, as a sophisticated mobile implant "designed for targeted cyber-surveillance" that can be potentially used as an "offensive security" product.

"Skygofree is a sophisticated, multi-stage spyware that gives attackers full remote control of an infected device," the company said in a Tuesday press release.

Alexey Firsh, a malware analyst at Kaspersky Lab, said in a statement that the malware is not only hard to identify, but it also "can spy extensively on targets without arousing suspicion."

Skygofree, which has been active since 2014, can go as far as listening in on conversations when a mobile device enters a particular location.

"It has undergone continuous development since the first version was created at the end of 2014 and it now includes the ability to eavesdrop on surrounding conversations and noise when an infected device enters a specified location -- a feature that has not previously been seen in the wild," it continued.

The spyware has a large range of sophisticated capabilities that allow it to assume control of a mobile device. Kaspersky identified "48 different commands that can be implemented by attackers, allowing for maximum flexibility of use."

To read the rest of our piece, click here.



HOMELAND SECURITY SECRETARY Kirstjen NielsenKirstjen Michele NielsenMcConnell: 'Whoever gets to 60 wins' on immigration Overnight Tech: Senators want probe of company selling fake Twitter followers | Google parent made over 0B in 2017 | House chair threatens to subpoena DHS over Kaspersky Overnight Cybersecurity: Trump poised to allow release of intel memo | GOP chair threatens to subpoena DHS over Kaspersky docs | Pompeo defends meeting Russian spy chief MORE: Homeland Security Secretary Kirstjen Nielsen faced a number of cyber-related questions during an oversight hearing before the Senate Judiciary Committee on Tuesday, in addition to being grilled on President Trump's alleged vulgar comments at a closed-door immigration meeting last week.

In particular, she told lawmakers that the Department of Homeland Security is providing tools and resources to private companies to engage in "active defense" against cyber threats, a practice that has drawn scrutiny from some legal and cybersecurity experts.

"There is wide disagreement with respect to what it means," Nielsen said during a Senate Judiciary Committee hearing. "What it means is, we want to provide the tools and resources to the private sector to protect their systems."

"So, if we can anticipate or we are aware of a given threat -- and as you know, we've gone to great lengths this year to work with the [intelligence] community to also include otherwise classified information with respect to malware, botnets, other types of infections -- we want to give that to the private sector so that they can proactively defend themselves before they are in fact attacked," Nielsen explained.

Active defense measures, which fall on the spectrum between passive defense and offensive actions, can involve companies going outside their networks to disrupt attacks, identify attackers or retrieve stolen data. Companies might also use beacon technology to determine the physical location of an attacker if files are stolen.

Nielsen did not go into detail about the active defense measures that the Homeland Security Department is supporting in the private sector.

A House bill introduced by Reps. Tom GravesJohn (Tom) Thomas GravesSEC paperless mandate a bad deal for rural, elderly investors Lobbying World House retirement sets off scramble for coveted chairmanship MORE (R-Ga.) and Kyrsten Sinema (D-Ariz.) that would allow companies to engage in a range of active defense measures has attracted bipartisan support and triggered debate about the advantages and pitfalls of letting companies retaliate against hackers.

Nielsen also addressed questions about what the department is doing to deepen engagement with the private sector on cyber threats. She said Homeland Security is focused on tailoring threat information to specific sectors and moving towards a model that addresses critical functions of operations across critical infrastructure.

Nielsen also emphasized the need for Congress to pass legislation that would reorganize and elevate the department's cybersecurity mission, replacing the headquarters office charged with cybersecurity and critical infrastructure protection--the National Protection and Programs Directorate (NPPD)--with an operational agency.

And in response to questions from Sen. Amy KlobucharAmy Jean KlobucharOvernight Regulation: EPA sued over water rule delay | House passes bill to ease ObamaCare calorie rule | Regulators talk bitcoin | Patient groups oppose FDA 'right to try' bill Overnight Finance: Senators near two-year budget deal | Trump would 'love to see a shutdown' over immigration | Dow closes nearly 600 points higher after volatile day | Trade deficit at highest level since 2008 | Pawlenty leaving Wall Street group Dem senator presses FTC to ramp up Equifax hack probe MORE (D-Minn.), Nielsen said she was aware of a bill introduced in the Senate that would authorize grants for states to bolster the cybersecurity of their voting technology, in the wake of Russian interference in the 2016 presidential election.

While Nielsen did not offer an outright endorsement of the Secure Elections Act--introduced by a bipartisan group of senators including Klobuchar last month--she did say that providing states more cyber resources "makes sense" and said she looked forward to working with senators on the legislation.

To read the rest of our coverage from the hearing, click here.



Links from our blog, The Hill, and around the Web.

North Korean hacker group linked to cryptocurrency attacks in South Korea. (The Hill)

US to 'carefully' consider GM petition to test self-driving car. (The Hill)

States sue FCC over net neutrality repeal. (The Hill)

OP-ED: Equifax breach shows why companies need to act against known vulnerabilities. (The Hill)

An Indiana hospital was hit by ransomware. (FOX 59)

Canadian officials charge alleged operator of LeakedSource.com. (ZDNet)

Bitcoin price drops to lowest level since December. (CNN)

Cyber experts stumped by new 'Triton' malware. (CyberScoop)

Lawmakers pressed AT&T to sever ties with Huawei. (Reuters)

BSA The Software Alliance has released its 2018 policy agenda. (BSA)

If you'd like to receive our newsletter in your inbox, please sign up here.