Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

 

THE BIG STORY:

–WAS SUSAN RICE RESPONSIBLE FOR UNMASKING TRUMP TRANSITION OFFICIALS’ NAMES? Bloomberg news’s Eli Lake reports that the former Obama national security adviser was the one who requested unmasking Trump administration officials in raw intelligence files now viewed by Reps. Devin Nunes (R-Calif.) and Adam Schiff (D-Calif.), the heads of the House Intel Committee.

President Trump went on Twitter to tout the report, arguing the press including “Sleepy Eyes Chuck Todd” should “start talking about the Obama SURVEILLANCE SCANDAL.” That’s not necessarily the case, since it is not clear that Rice’s request to learn the names led to any surveillance. 

{mosads}–WOULD RICE UNMASKING TRUMP OFFICIALS EXPLAIN WHY NUNES HAD TO GO TO WHITE HOUSE GROUNDS? Bloomberg suggests this is a possibility. If the files were on the NSC network, heading to the NSC offices would be a natural place to view them.

–IT DOES NOT IMMEDIATELY APPEAR RICE DID ANYTHING ILLEGAL. The national security adviser has the authority to unmask names and some compelling reasons to do so if foreign officials discuss an incoming president or staff.

–RICE DENIED KNOWLEDGE OF THE REPORTS. Bloomberg quotes Rice from her appearance on PBS NewsHour when the scandal broke. “I know nothing about this,” she says, “I was surprised to see reports from Chairman Nunes on that account today.”

Click here for The Hill’s recap.

–RAND PAUL WANTS ANSWERS. Sen. Rand Paul (R-Ky.) on Monday said Rice should testify under oath about her reported requests to “unmask” the identities of Americans associated with President Trump in intelligence reports.

The Kentucky senator, while acknowledging he has little information about the matter beyond the news report, called the unmasking an “enormous deal” and indicated that it should be illegal.

“I don’t think we should discount how big a deal it was that Susan Rice was looking at these, and she needs to be asked, did President Obama ask her to do this? Was this a directive from President Obama?” Paul told reporters.

“I think she ought to testify under oath on this. I think she should be asked under oath, did she reveal it to The Washington Post.” Click here to read more.

 

AN ADMINISTRATION UPDATE:

SESSIONS’ NO. 2 ADVANCES:

The Senate Judiciary Committee approved Rod Rosenstein’s nomination to be the deputy attorney general on Monday, setting him up for a full Senate vote.

Senators on the committee voted 19-1. Democratic Sen. Richard Blumenthal (Conn.) was the only senator to vote against his nomination.

If approved by the full Senate, Rosenstein will take over the No. 2 spot at the Justice Department.

The position would give him control over the investigation into Russia’s meddling in the White House race, including potential connections between Trump campaign officials and Russia, after Attorney General Jeff Sessions recused himself earlier this year.

Sen. Patrick Leahy (D-Vt.), who supported Rosenstein, praised him as possessing a “reputation of integrity that’s unusual for this administration’s nominees.”

“He is on the American side, not on the Russian side, and I trust that he’ll hold true to that statement,” Leahy said ahead of the vote.

To read the rest of our piece, click here.

 

A LIGHTER CLICK: ‘AI-PRIL’ FOOLS PRANK: “A Neural Networks Approach to Predicting How Things Might Have Turned Out Had I Mustered the Nerve to Ask Barry Cottonfield to the Junior Prom Back in 1997.”

 

A REPORT IN FOCUS:

KASPERSKY CONFERENCE TWO-FER: Two interesting tidbits came out of Kaspersky Lab’s St. Maarten-based security conference Monday, one an intriguing idea about cybersecurity history and another a possible look at a threat to come.

A celebrity team of researchers, including Thomas Rid from Kings College London and Costin Raiu from Kaspersky took a thorough look at possible connections between an active espionage group nicknamed “Turla” and one of the first widely publicized instances of cyberespionage, “Moonlight Maze.”

Moonlight Maze struck computers at United States universities, NASA, the Departments of Defense and Energy and more in 1996 in what was considered a wildly successful attack. If Moonlight Maze and Turla are actually from the same group, they would become one of the longest surviving nation-run cyberespionage groups in history. Currently, the only other group known to survive the ’90s, ’00s and into the ’10s is the Equation Group, which appears to be an offshoot of the NSA.

So are they connected? The researchers can’t say for sure. But there are a number of connections that appear to make it a very real possibility. Moonlight Maze disappeared right around the time Turla’s first code was compiled. Both use the same open source backdoor – Moonlight Maze had been taken steps to better hide the use of backdoor into the program, a strategy Turla appears to have completed.

A second presentation at the conference reported an operating system designed by Samsung to run everything from smart phones to refrigerators, and slated for use in millions of cellphones in 2017, does not provide adequate security for public use.

“It may be the worst code I’ve ever seen,” researcher Amihai Neiderman of Equus Security told Motherboard, which was given an advance briefing of a report being presented today at the security conference.

The Tizen operating system is Samsung’s attempt to replace Android, the free operating system designed by Google. It is being slowly rolled out through Samsung’s product base and is already available in phones in foreign markets, including Russia and India.

In an effort to draw developers’ interest, Samsung recently announced it would give a $10,000 bonus to top Tizen apps at the end of each month.

Neiderman claims to have discovered 40 previously undiscovered security flaws, including those that would allow hackers to run code without having physical access to the device.

To read more about Tizen hacking, click here.

 

WHAT’S IN THE SPOTLIGHT:

H1-B VISAS: The Trump administration is beefing up enforcement of the H1-B visa program used by tech companies to bring high-skilled workers to the U.S.

On Monday, the Department of Homeland Security said it was taking steps to “further deter and detect H-1B visa fraud and abuse.”

“The H-1B visa program should help U.S. companies recruit highly-skilled foreign nationals when there is a shortage of qualified workers in the country. Yet, too many American workers who are as qualified, willing, and deserving to work in these fields have been ignored or unfairly disadvantaged,” the agency said.

“Protecting American workers by combating fraud in our employment-based immigration programs is a priority.”

The measures include site visits to companies hiring workers through the visa program.

The agency intends to target cases where the Department of Homeland Security’s U.S. Citizen and Immigration Service cannot validate an employer’s information through public means, as well as cases involving firms with a high proportion of H1-B hires. Also in line for extra scrutiny are firms whose visa workers are employed at offsite locations.

The Department of Justice in a separate release on Monday also vowed to crack down on visa fraud.

“The Justice Department will not tolerate employers misusing the H-1B visa process to discriminate against U.S. workers,” said acting Assistant Attorney General Tom Wheeler of the Civil Rights Division.

To read the rest of our piece, click here.

 

UPDATE

KENNESAW STATE UNIVERSITY ELECTIONS CENTER WAS NOT MALICIOUSLY HACKED: Updating a reported hack from early March,

A breach of the Kennesaw State University (KSU) Center for Election Systems was not malicious, according to the Georgia university.

Last month’s hack raised alarms because the center handles much of the infrastructure for federal and state elections in Georgia. The center designs the ballots, houses the voter rolls and tests all voting machines used by the state.

According to the press statement from university on Friday, theFBI determined the hacker was actually a security researcher whose identity has not been released. There is “no indication of any illegal activity and no personal information was misused following unauthorized access of a dedicated server for the Center for Election Systems,” the school added.

The Atlanta Journal-Constitution reported in mid-March that a researcher had warned the Center for Election Systemsabout security flaws in its internet-connected servers before last year’s elections. That same researcher may be involved in the hack, the newspaper reported late last week.

Critical systems at the center, including those storing voter rolls, are not connected to the internet.

To read the rest of our piece, click here.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Fancy Bear struck the international group governing track and field. (The Hill)

Why did James Comey pick the Twitter pseudonym Reinhold Niebuhr? (The New Yorker)

It’s possible to hack smart TV’s using broadcast signals. Your TV may literally be taken over by Mr. Robot. (Ars Technica)

The FBI paid GeekSquad informants for tips on customers stashing child pornography on their computers. (The Verge).

Ecuador’s opposition presidential candidate narrowly lost, meaning he can’t follow through on the campaign promise to kick Julian Assange out of the Ecuadorean Embassy in London. (CNN)

Verizon is combining AOL and Yahoo! into a single entity called Oath. (The Verge)

Soon, there will be an X-Files children’s book. (Io9)

A retiree solved an impossible math problem. And no one noticed for two years. (Wired)

If you’d like to receive our newsletter in your inbox, please sign up here.