Overnight Cybersecurity: White House says 'cyber unit' with Russia wouldn't share intel | Colorado moves to audit digital voting | Top State Department cyber official leaving | Dow Jones customer data exposed

Overnight Cybersecurity: White House says 'cyber unit' with Russia wouldn't share intel | Colorado moves to audit digital voting | Top State Department cyber official leaving | Dow Jones customer data exposed
© Getty Images

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



--QUESTIONS MOUNT ON KUSHNER: Jared Kushner is moving closer to the eye of the storm surrounding President TrumpDonald John TrumpReturn hope to the Middle East by returning to the Iran Deal Government shutdowns tend to increase government spending 'Full Frontal' gives six-bedroom house to group that works with detained immigrants MORE and Russia. Calls for Kushner to lose his security clearance have mounted as congressional investigators probe whether the Trump campaign's digital operation -- run by the president's son-in-law -- coordinated efforts with Russian bots spreading fake news about Democratic presidential nominee Hillary ClintonHillary Diane Rodham ClintonChelsea Clinton working on new children’s book about endangered animals GOP Sen. Lamar Alexander won't seek reelection GOP rep says there was a double standard in Flynn, Clinton probes MORE. Kushner is also a figure in Donald Trump Jr.'s controversial meeting with a Russian lawyer promising damaging information on Clinton. He and former Trump campaign manager Paul Manafort both attended the meeting, as did a Russian-American lobbyist with past ties to Russian intelligence. Kushner reportedly left the meeting after 10 minutes. Revelations of the meeting have gripped Washington for the past week, a controversy that shows little signs of slowing down.

To read the rest of our piece, click here.

--MORE ON 'CYBER UNIT' WITH RUSSIA: The controversial joint United States–Russia cybersecurity unit would focus on hashing out rules for cyber espionage between the countries, not sharing intelligence, according to White House homeland security adviser Tom Bossert. President Trump earned widespread criticism last week after tweeting that he and Russian President Vladimir Putin had "discussed forming an impenetrable Cyber Security unit so that election hacking, & many other negative things, will be guarded." He later walked back the idea. Bossert told reporters on Air Force One on Friday that the unit still might be pursued in the future, but claimed it had never been about developing "impenetrable cybersecurity," as the president had tweeted. Instead, the unit would discuss the rules for permissible use for both nation's cyber spies. Those rules are often called norms. "What was broached at that [Group of 20] conversation, as I understand it, was an opportunity to continue a dialogue -- one that had in the past existed between the two countries, and I think one that we could pursue in the future with the appropriate reservations and the appropriate expectations, that we at least start with what is acceptable behavior in cyberspace and what norms and expectations that we'll have moving forward," said Bossert.

To read the rest of our piece, click here.

--MEANWHILE, IN THE STATES: The state of Colorado is moving to audit future digital election results, hiring a Portland-based startup to develop software to help ensure that electronic vote tallies are accurate. The startup Free & Fair announced on Monday that it had been selected by the state to develop a software system for state and local election officials to conduct what are called "risk-limiting audits." A risk-limiting audit, or RLA, is a method that checks election outcomes by comparing a random sample of paper ballots to the accompanying digital versions, and has been pointed to by cybersecurity experts as an efficient way to ensure the integrity of digital election results. The development comes amid deepening fears on Capitol Hill about the possibility of foreign interference in future elections, following Russia's use of cyberattacks and disinformation to influence the 2016 presidential election. Moscow's effort included targeting state and local election systems not involved in vote tallying.

To read the rest of our piece, click here.

--INTEL REPORTEDLY FINDS UAE HAND IN QATARI GOVT HACK: U.S. intelligence officials have evidence that the United Arab Emirates was behind the hacking of Qatari government news websites that resulted in false and controversial quotes about Iran and Israel attributed to Qatar's emir being published on the web in May, the Washington Post is reporting. U.S. intelligence officials recently became privy to new information showing that UAE officials discussed the plan to hack the websites and social media. It is unclear whether UAE actually executed the hacking. A group called Global Leaks claimed responsibility for the hacking effort. Meanwhile, the country's government denied the allegations. "The Washington Post story is not true, purely not true," Anwar bin Mohammed Gargash, UAE's Minister of State for Foreign Affairs, said Monday, according to CNN. Qatar has blamed the hacking effort for causing Gulf Arab states to break ties with its government days later over its alleged support for terrorism.

To read the rest of the report from the Post, click here.



The House on Friday overwhelmingly passed its version of an annual defense policy bill authorizing $696.5 billion in funds for defense in fiscal year 2018. The bill included a number of cybersecurity-related provisions, including one that would bar the Pentagon from contracting with telecommunications firms knowingly supporting North Korean cyberattacks.

The amendment offered by Rep. Robert Pittenger (R-N.C.) was approved Friday morning by the full House to be included in an annual defense policy bill.

Specifically, the provision would prohibit the Pentagon from doing business with telecommunications firms found "to have knowingly assisted or facilitated a cyberattack carried out by or on behalf of the government" of North Korea or individuals associated with the government.

Director of National Intelligence Dan CoatsDaniel (Dan) Ray CoatsDems slam Trump for siding with Saudi Arabia in Khashoggi killing Dem senator demands public intelligence assessment on Khashoggi killing Hillicon Valley: Official warns midterm influence could trigger sanctions | UK, Canada call on Zuckerberg to testify | Google exec resigns after harassment allegations | Gab CEO defends platform | T-Mobile, Sprint tailor merger pitch for Trump MORE would be required within 30 days of the law's enactment to make a list of the telecommunications contractors associated with North Korean cyberattacks.

The amendment does, however, give President Trump the authority to waive the prohibition for a national security justification.

On Friday, the House also approved an amendment to the legislation offered by Rep. Brendan Boyle (D-Pa.) expressing the sense of Congress that it is in the Defense Department's national security interests to help Ukraine shore up its cyber capabilities.

During the debate earlier in the week, House lawmakers approved a provision requiring the Pentagon to notify Congress of any attempts by the Russian government or actors it supports to attack the Defense Department's systems within the last two years.

To read the rest of our piece, click here.



Read the terms of service -- or you might end up on bathroom duty.



TOP CYBER OFFICIAL AT STATE LEAVING: The State Department's top cyber official will leave his position at the end of this month. Chris Painter, appointed the department's coordinator for cyber issues in 2011 during the Obama administration, will leave State at the end of July.

The news was first reported by Politico and confirmed by a State Department official Monday afternoon.

"After six and a half years of exceptional service, Coordinator Painter's extended detail comes to an end at the end of July," the official told The Hill in an email. "The State Department will continue to address and prioritize these important cyber issues."

In his position, Painter is responsible for coordinating U.S. diplomatic efforts to advance cybersecurity, including by promoting norms of responsible behavior by states in cyberspace. Painter has launched government-to-government "cyber dialogues" with other countries to help reduce cyber threats and crime.

Painter's exit comes as many political appointee positions remain unfilled in President Trump's State Department.

To read the rest of our piece, click here.



DOW JONES INADVERTENTLY EXPOSES CUSTOMER DATA ON AMAZON CLOUD: Data on millions of Dow Jones customers was potentially exposed to unauthorized access on Amazon Cloud due to a configuration error, a spokesman for the publishing and financial information giant confirmed Monday.

The spokesman told The Hill that personal data on 2.2 million customers had been over-exposed on Amazon Cloud as a result of an internal error. There is no evidence that malicious actors accessed the information, however.

The data included customers' names, email addresses and some financial details -- including the last four digits of some credit cards -- though Dow Jones said that neither full account login credentials nor full credit card information was exposed.

"This was due to an internal error, not a hack or attack," the spokesman said. "We have no evidence any of the over-exposed information was taken."

Cybersecurity firm UpGuard discovered the exposure and notified Dow Jones of it in early June. Those affected include subscribers to Dow Jones publications like The Wall Street Journal. UpGuard put the number of affected accounts closer to 4 million.

When asked whether the company had notified customers caught up in the data exposure, the Dow Jones spokesman indicated that the information was not sensitive enough to require it.

"The customer information included basic contact information; it did not include full credit card or account login information that could pose a significant risk for consumers or require notification," the spokesman said.

To read the rest of our piece, click here.



Links from our blog, The Hill, and around the Web.

Federal court rejects challenge to national security data requests. (The Hill)

Lloyds of London: Insure cyberattacks like natural disasters. (The Hill)

Juan Williams: Trump's war on U.S. intelligence. (The Hill)

Ex-Trump aide tells lawmakers he didn't hear talk of Russian collusion. (The Hill)

Iranian nationals charged with selling weapons software to sanctioned countries. (The Hill)

The Trump administration plans to split U.S. Cyber Command from the NSA. (Associated Press)

A British cyber agency warns of hacking threats to the U.K. energy sector. (Motherboard)

There were nearly 150,000 attempts to hack into the South Carolina voter registration database on Election Day. (Wall Street Journal)

The parent company of Ashley Madison proposes a $11 million settlement with users exposed in breach. (The Verge)

If you'd like to receive our newsletter in your inbox, please sign up here.