Overnight Cybersecurity: Kaspersky Lab founder won't move firm out of Russia | Feds warn of infrastructure hacking threats | House to vote on port cybersercurity | Hackers target upcoming DC cyber conference

Overnight Cybersecurity: Kaspersky Lab founder won't move firm out of Russia | Feds warn of infrastructure hacking threats | House to vote on port cybersercurity | Hackers target upcoming DC cyber conference
© Wikimedia Commons

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...




--KASPERSKY LAB FOUNDER WON'T MOVE FIRM OUT OF RUSSIA: Eugene Kaspersky, the founder of Kaspersky Lab, said he would not consider moving the Moscow-based firm out of Russia to alleviate U.S. concerns about espionage, in an email interview with The Hill on Monday. "I get it -- it's not popular to be Russian right now in some countries," Kaspersky said. "I cannot change my origin or my company's foundation. If we moved we would probably still be referred to as 'the Russian cybersecurity company,' even though more than 85 percent of our sales and operations are outside of Russia," he added. The Trump administration has banned federal agencies from using Kaspersky software, citing security concerns but revealing few details other than pointing to the company's location in Russia. Some lawmakers and media reports have even suggested that Kaspersky Lab software was involved with Russian espionage operations. Reports claimed Kremlin-affiliated hackers stole NSA hacking tools from a contractor's home computer using Kaspersky software that scanned for files matching NSA tools or containing phrases like "top secret." Kaspersky in his email interview with The Hill noted that while the firm's operations are headquartered in Moscow, the company is incorporated in London. And he slammed the case against his products as built off anonymous sources and innuendo.

To read the rest of our piece, click here.

Kaspersky Lab on Monday also launched a new effort to regain trust after the espionage allegations. To read more on that, click here.

--FEDS WARN OF CRITICAL INFRASTRUCTURE HACKING THREATS: The Department of Homeland Security and the Federal Bureau of Investigation issued a joint alert on Friday warning of an increased danger posed to infrastructure sectors by a malicious "multi-stage intrusion campaign," which the agencies warned had successfully compromised several of their security networks. The analysis points to cyberattack campaigns going on since at least May of 2017 that the agencies said have been targeting the aviation, energy and nuclear industries. The agencies did not name any specific networks that had been compromised by the attacks. Hackers reportedly used emails and malicious websites in a phishing campaign to obtain the credentials necessary to access and sabotage the networks. According to the report, the campaigns first focus on "staging targets," third-party and peripheral organizations tied to the primary targets which hackers then use to house their malware for attacks. Fears over potential threats to the energy sector in particular have mounted in the wake of successful cyberattacks on Ukraine's electric grid in 2015 and 2016, in which Russia is suspected of having a hand. The issue could come up at a Senate Energy and Natural Resources Committee hearing scheduled for Thursday to explore technologies to protect energy infrastructure from cyberattacks.

To read the rest of our piece, click here.

--CYBER AWARENESS MONTH ENTERS FINAL STAGE: National Cybersecurity Awareness month will enter its final stage this week as October comes to a close (that was fast!). There are a slew of cyber-focused events planned for this week, including Mozilla's Cyber(in)security policy summit scheduled for Tuesday, which includes remarks by Sen. Brian SchatzBrian Emanuel SchatzOvernight Defense: House passes defense bill that Trump threatened to veto | Esper voices concerns about officers wearing military garb Senate rejects broad restrictions on transfers of military-grade equipment to police Hillicon Valley: Russian hackers return to spotlight with vaccine research attack | Twitter says 130 accounts targeted in this week's cyberattack | Four fired, dozens suspended in CBP probe into racist, sexist Facebook groups MORE (D-Hawaii) and Christopher Krebs, a top cybersecurity and infrastructure protection official at the Department of Homeland Security (DHS). The Girl Scouts and Palo Alto Networks are also holding a panel discussion on encouraging youngsters to pursue careers in cybersecurity. And Palo Alto Networks is hosting its first-ever Federal Ignite conference, with keynotes from Tom Bossert, President Trump's adviser on homeland security and counterterrorism, and Rep. John Ratcliffe (R-Texas), who chairs a House subcommittee focused on Homeland Security's cybersecurity efforts.

--RUSSIA PROBE REPORTEDLY TURNS TO PODESTA GROUP: Special counsel Robert Mueller is investigating Democratic lobbyist Tony Podesta and the Podesta Group, according to an NBC News report. Mueller, who is leading the investigation into Russia's attempts to meddle in the U.S. presidential election, is reportedly probing the firm to determine whether it violated the Foreign Agents Registration Act (FARA) in its work for the European Centre for a Modern Ukraine (ECFMU). The nonprofit ECFMU was part of a public relations campaign run by President Trump's former campaign chairman, Paul Manafort, to bolster Ukraine's reputation. A spokesperson for the Podesta Group said in a statement to The Hill that the firm "fully disclosed its representation of the European Centre for a Modern Ukraine (ECFMU), and complied with FARA by filing under the lobbying disclosure act over five years ago and within weeks of starting our work." "Any insinuation to the contrary is false," the spokesperson added.


To read the rest of our coverage, click here.



House lawmakers are scheduled to vote on legislation Tuesday that would boost information sharing between federal officials and critical infrastructure operators in order to better protect U.S. ports from cyberattacks.

The bill, called the Strengthening Cybersecurity Information Sharing and Coordination in Our Ports Act of 2017, was reintroduced by Rep. Norma Torres (D-Calif.) in June after the "notPetya" malware attack crippled operations at the largest terminal at the Port of Los Angeles.

The bill passed the House last Congress but never moved in the Senate. It was approved by the House Homeland Security Committee back in September.

There are a slate of hearings on cybersecurity planned for this week, including the highly anticipated House Science Committee hearing on Kaspersky Lab scheduled for Wednesday. The hearing is expected to be the first in a series of hearings on potential threats posed by Kaspersky anti-virus software to U.S. information systems.

The Department of Homeland Security's recent decision to bar federal agencies and departments from using Kaspersky products is sure to figure prominently at the public hearing.

Before that, a task force formed by congressional Democrats will hear from state officials on the steps they are taking to secure future elections from cyber threats.

The commission, formed over the summer by Reps. Bennie Thompson (D-Miss.) and Robert Brady (D-Pa.), has invited Rhode Island Secretary of State Nellie Gorbea (D) and Virginia Department of Elections Commissioner Edgardo Cortes, as well as a representative from the Election Assistance Commission (EAC), to meet with the panel on Tuesday.

The meeting will be the task force's second briefing; the lawmakers met with former Department of Homeland Security (DHS) officials, including Obama-era Homeland Security Secretary Jeh Johnson, last month.

Also on tap: A House Oversight subcommittee hearing on federal political ad regulations on Tuesday; a joint House committee hearing on the cyber workforce also on Tuesday; and yet another House hearing on the Equifax data breach on Wednesday.




Here's a fun breakdown of where people are most likely to use Snapchat. (Recode)



HACKERS TARGET UPCOMING D.C. CYBER CONFERENCE: Cisco's Talos threat intelligence group said in a blog post over the weekend that it had discovered a new malicious campaign used by Russia-linked hackers to target a U.S. cybersecurity conference hosted by the U.S. Military Academy and NATO.

The campaign is tied to hackers known as APT 28 or Fancy Bear, who are said to be linked to the Russian government.

According to Talos, the hackers are pushing out a fake, malicious flier for the conference, which will take place at the beginning of November in Washington, D.C.

The event, called the International Conference on Cyber Conflict, is a joint project between the Army Cyber Institute at the U.S. Military Academy and the NATO Cooperative Cyber Military Academy housed at the alliance's cyber defense center. It boasts a slate of notable speakers, including Army Chief of Staff Gen. Mark Milley, former NSA director Keith Alexander, and two U.S. senators.


"Due to the nature of this document, we assume that this campaign targets people with an interest in cyber security. Unlike previous campaigns from this actor, the flyer does not contain an Office exploit or a 0-day, it simply contains a malicious Visual Basic for Applications (VBA) macro," the research states.

The Talos analysts go into greater detail about the malicious document in the blog post available here.



WHITE HOUSE CYBER CZAR ROB JOYCE: President Trump's cybersecurity coordinator, former NSA official Rob Joyce, got a lot of attention last week on Capitol Hill, but probably not for the reasons he would want.

The White House blocked Joyce from testifying before the Senate Armed Services Committee at a hearing on Thursday, rankling both Republicans and Democrats on the committee.

Now, a Senate Democrat is doubling down on his push for committee leaders to issue a subpoena to get the White House official to testify on efforts to protect the United States from cyberattacks, amid continuing concerns over Russian interference in the presidential election. Chairman John McCainJohn Sidney McCainChuck Todd's 'MTP Daily' moves time slots, Nicolle Wallace expands to two hours Senate GOP divided over whether they'd fill Supreme Court vacancy  Asian American voters could make a difference in 2020 MORE (R-Ariz.) has already said that the committee would meet to discuss the issue, though it was unclear when that meeting would take place.


Sen. Bill NelsonClarence (Bill) William Nelson Trump, facing trouble in Florida, goes all in NASA names DC headquarters after agency's first Black female engineer Mary W. Jackson NASA, SpaceX and the private-public partnership that caused the flight of the Crew Dragon MORE (D-Fla.) wrote a formal letter to Chairman John McCain (R-Ariz.) and ranking member Jack ReedJohn (Jack) Francis ReedOvernight Defense: Embattled Pentagon policy nominee withdraws, gets appointment to deputy policy job | Marines, sailor killed in California training accident identified | Governors call for extension of funding for Guard's coronavirus response Controversial Trump nominee placed in senior role after nomination hearing canceled Overnight Defense: Pompeo pressed on move to pull troops from Germany | Panel abruptly scraps confirmation hearing | Trump meets family of slain soldier MORE (D-R.I.) on Thursday, urging them to "subpoena the appropriate White House official to appear before the Armed Services Committee to discuss efforts to defend the Nation from cyberattack."

"It is troubling that the White House prevented the Cybersecurity Coordinator--the Administration's top cybersecurity official--from testifying at [Thursday's] hearing. This is unacceptable," Nelson wrote in the letter obtained by The Hill.

McCain revealed at the start of Thursday's hearing that the White House had declined to allow Joyce to testify, citing executive privilege and the precedent of nonconfirmed National Security Council staff not testifying before Congress.

While it was consistent with practices by previous administrations, McCain expressed frustration over the move, saying that the issue of cyber "requires us to completely rethink our old ways of doing business."

To read the rest of our piece, click here.



'Links from our blog, The Hill, and around the Web.

House Dem questions internet platforms on policing content. (The Hill)

Google X lab hires first lobbyists. (The Hill)

FBI director says bureau couldn't access content of nearly 7,000 mobile devices because of encryption. (Associated Press)

Niger ambush caused in part by intelligence failure. (NBC News)

Researchers sound alarm over new Internet of Things botnet. (CyberScoop)

If you'd like to receive our newsletter in your inbox, please sign up here.