Overnight Cybersecurity: GOP contractor exposes data on 200M voters | Spyware targets Mexican journalists, advocates | White House hosts tech CEOs

Overnight Cybersecurity: GOP contractor exposes data on 200M voters | Spyware targets Mexican journalists, advocates | White House hosts tech CEOs
© Getty Images

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

 

THE BIG STORIES:

--RNC CONTRACTOR EXPOSES DATA ON NEARLY 200M VOTERS: A data analytics contractor employed by the Republican National Committee (RNC) left databases containing information on nearly 200 million potential voters exposed to the internet without security, allowing anyone who knew where to look to download it without a password. "We take full responsibility for this situation," said the contractor, Deep Root Analytics, in a statement. The databases were part of 25 terabytes of files contained in an Amazon cloud account that could be browsed without logging in. The account was discovered by researcher Chris Vickery of the security firm UpGuard. The files have since been secured. Vickery is a prominent researcher in uncovering improperly secured files online. But, he said, this exposure is of a magnitude he has never seen before. "In terms of the disc space used, this is the biggest exposure I've found. In terms of the scope and depth, this is the biggest one I've found," said Vickery. The accessible files, according to UpGuard, contain a main 198 million-entry database with names, addresses of voters and an "RNC ID" that can be used with other exposed files to research individuals.

To read the rest of our piece, click here.

ADVERTISEMENT

--MEXICAN JOURNALISTS, LAWYERS TARGETED WITH GOVT SPYWARE: Journalists and human rights and anti-corruption defenders in Mexico have been targeted by advanced government surveillance software, according to new research. The Toronto-based Citizen Lab, in partnership with several Mexican nongovernmental organizations, has identified dozens of instances in which Mexican journalists, lawyers, and others have received SMS messages containing exploit links connected to the NSO Group. According to the research, released on Monday and first reported by The New York Times, the targets all had one thing in common: they were involved in investigations into possible corruption or human rights abuses involving the Mexican government. The NSO Group is an Israel-based company that sells smartphone surveillance software exclusively to governments. The software, called "Pegasus," provides access to cellphones if successfully deployed to a target.

To read the rest of our piece, click here.

--WHITE HOUSE DECLINES ROSENSTEIN QUESTION: The top White House spokesman on Monday did not directly answer a question about whether President Trump supports Rod Rosenstein amid speculation that the deputy attorney general may have to recuse himself from overseeing an investigation into Russian election meddling. "The president has confidence in everyone who serves in this administration," press secretary Sean Spicer said when asked by a reporter if Trump has confidence in Rosenstein. Spicer added that every political appointee "serves at the pleasure of the president." Rosenstein took over the Russia investigation and appointed former FBI Director Robert Mueller as special counsel after Attorney General Jeff SessionsJefferson (Jeff) Beauregard SessionsThe Hill's Morning Report - Presented by Facebook - Guidance on masks is coming The Hill's Campaign Report: Coronavirus forces Democrats to postpone convention Roy Moore to advise Louisiana pastor arrested for allegedly defying ban on large gatherings MORE recused himself. But Rosenstein could become a witness in the special counsel's investigation, potentially leading to his recusal. Rosenstein authored a memo the White House used to justify firing former FBI Director James Comey, whose testimony could be used as part of an obstruction of justice case against Trump, if one exists.

To read the rest of our piece, click here.

 

A POLICY UPDATE: 

WHITE HOUSE IT MODERNIZATION EFFORT GETS UNDERWAY: Apple CEO Tim Cook and Amazon CEO Jeff Bezos are among the business leaders at the White House on Monday as the internal think tank led by President Trump's son-in-law Jared Kushner begins the long process of modernizing the government's information technology systems.

The Trump administration will shift its focus to the tech sector this week as part of an ongoing effort to keep its policy ambitions on the front-burner.

Over the past two weeks, the administration's focus on infrastructure and workforce development were swamped by former FBI director James Comey's testimony before the Senate and the battle lines drawn between the White House and the special counsel overseeing a broad investigation into Russian meddling in the 2016 election.

On Monday, the Office of American Innovation, a Kushner-led group inside the West Wing, will conduct the first of many brainstorming sessions with about 18 CEOs and two-dozen more business experts. The White House also plans to unveil a new technology council.

The presence of Cook and Bezos could make for some interesting dynamics.

Last year, Trump called for a boycott of Apple products after the company refused to help federal authorities hack an iPhone used by one of the shooters in the San Bernardino terror attacks. Trump also has a running feud with the Bezos-owned Washington Post.

Among the other CEOs who will be present: Ajay Banga of MasterCard, Satya Nadella of Microsoft, Ginni Rometty of IBM, Brian Krzanich of Intel and Silicon Valley investor Peter Thiel, a Trump supporter.

To read the rest of our piece, click here.

 

A LIGHTER CLICK: 

A museum in Sweden is paying tribute to failed innovation products, like disposable DVDs and the Apple Newton digital assistant. (The Verge)

 

A REPORT IN FOCUS: 

CANADA BRACES FOR HACKING IN 2019 ELECTION: Canada's cyber-intelligence agency expects that hacker groups will try to influence the country's 2019 federal election through cyber means.

Canada's Communications Security Establishment (CSE) released a report last week drawing on "recent cyber threat activity" against democratic elections in the United States and Europe.

The agency said that similar activity is likely to target Canada's next federal election, but did not single out a specific nation-state or hacker group as particular cause for concern.

"We expect that multiple hactivist groups will very likely deploy cyber capabilities in an attempt to influence the democratic process during the 2019 federal election," the agency said in its report. "We anticipate much of this activity will be low-sophistication, though we expect that some influence activities will be well-planned and target more than one aspect of the democratic process."

The cyber agency said that it has not detected nation-states using cyber to influence elections in the past. However, it did detect "low-sophistication cyber threat activity" against the 2015 federal election likely attributable to hacktivists and cyber criminals.

To read the full report, click here.

 

WHO'S IN THE SPOTLIGHT: 

TERRY MCAULIFFE: One year ago, Virginia Gov. Terry McAuliffe (D) rolled out his plan to boost the cybersecurity of state governments, a move that came months before revelations about Russian election interference in the 2016 election.

As chair of the National Governors Association, McAuliffe worked to bring states "up to snuff" on cyber defense, he told The Hill in an interview as 46 states capped off the initiative at a meeting in Leesburg, Va.

"When we started out in this process, we probably had a handful of states really doing exceptional work, and some of the states were doing mediocre work, and a lot of states really had not anything in the cyber area," McAuliffe said.  

"These states are totally different as it relates to cyber from when we started this program," he said. "Every governor is now acutely aware of the challenges."

During the yearlong push, McAuliffe and his leadership set up a cyber resource center, hosted regional summits and brought in experts from inside the government -- including the Department of Homeland Security and the FBI -- to speak to the governors about cybersecurity.

Each state was also rated at the start on a series of cyber protocols -- something that McAuliffe said was a wakeup call for many governors. "Many of the states just hadn't done anything," he said.

Now, McAuliffe says that each state has met a set of basic minimums for cybersecurity -- but many have more progress to make, including bolstering the cyber workforce to keep up with a growing demand for IT professionals in the modern digital age.

To read the rest of our piece, click here.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Canadian hacker charged in Yahoo hack could accept US extradition. (The Hill)

Sen. Ron WydenRonald (Ron) Lee WydenDemocrats ask EPA, Interior to pause rulemaking amid coronavirus Democrats say more unemployment benefits needed in wake of record unemployment claims Democrats fear coronavirus impact on November turnout MORE (D-Ore.) wants DNI chief Dan Coats to answer his surveillance question. (The Hill)

British investigators blame North Korea for Wanna Cry attack. (The Hill)

False flag extortionists targeting North American mining firms, casinos. (The Hill)

FTC files to block merger of fantasy sports sites. (The Hill)

GOP considers canceling August recess to salvage agenda. (The Hill)

YouTube announces steps to fight terrorism. (Venturebeat)

Newly declassified report shows efforts to secure sensitive NSA data after Snowden fell short. (The New York Times)

An overview of Michael Flynn's work for private cybersecurity firms. (CyberScoop)

The Girl Scouts are adding a cybersecurity badge to encourage interest in the field. (CNN)

 

If you'd like to receive our newsletter in your inbox, please sign up here.