Overnight Cybersecurity: Kushner was contacted about WikiLeaks before election | Tech experts blast Trump's 'extreme vetting' plan | Senate passes defense bill with measure to modernize feds' IT

Overnight Cybersecurity: Kushner was contacted about WikiLeaks before election | Tech experts blast Trump's 'extreme vetting' plan | Senate passes defense bill with measure to modernize feds' IT
© Greg Nash

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

 

THE BIG STORIES:

--KUSHNER RECEIVED EMAILS ABOUT WIKILEAKS, RUSSIA BEFORE ELECTION: Senate Judiciary Committee Chairman Chuck GrassleyCharles (Chuck) Ernest GrassleySenate aides met with tax return whistleblower: report Booker, Sanders propose new federal agency to control drug prices GOP eager for report on alleged FBI surveillance abuse MORE (R-Iowa) and ranking member Dianne FeinsteinDianne Emiel FeinsteinHillicon Valley: Commerce extends Huawei waiver | Senate Dems unveil privacy bill priorities | House funding measure extends surveillance program | Trump to tour Apple factory | GOP bill would restrict US data going to China Senate Democrats unveil priorities for federal privacy bill Political purity tests are for losers MORE (D-Calif.) on Thursday disclosed that White House senior adviser Jared Kushner received an email about WikiLeaks in the lead-up to the 2016 presidential election. The two senators sent a letter to Kushner's lawyer Thursday demanding additional documents from Trump's son-in-law as part of the committee's ongoing investigation of Russia's election interference. In the letter, Grassley and Feinstein say Kushner received an email about WikiLeaks in September 2016 that he passed on to an official within President Trump's campaign, in addition to communication about a "Russian backdoor overture and dinner invite." "For example, other parties have produced September 2016 email communications to Mr. Kushner concerning WikiLeaks, which Мr. Kushner then forwarded to another campaign official," the letter reads. "Likewise, other parties have produced documents concerning a 'Russian backdoor overture and dinner invite' which Mr. Kushner also forwarded," the letter says. "And still others have produced communications with Sergei Millian, copied to Mr. Kushner. Again, these do not appear in Mr. Kushner's production despite being responsive to the second request. You also have not produced any phone records that we presume exist and would relate to Mr. Kushner's communications regarding several requests." Kushner's lawyer, Abbe Lowell, pushed back Thursday, saying that they had been responsive "to all requests" from the committee but expressed willingness to respond to additional requests.

To read the rest of our piece, click here.

ADVERTISEMENT

--TECH EXPERTS BLAST TRUMP'S 'EXTREME VETTING' PLAN: A chorus of technology experts on Thursday heavily criticized President Trump's plan to use artificial intelligence to screen individuals seeking entry to the United States, calling it "neither appropriate nor feasible." More than 50 computer scientists, engineers and mathematicians wrote a letter to the Department of Homeland Security (DHS) urging officials to abandon the so-called "Extreme Vetting Initiative" proposal to use data mining to vet immigrants and visa applicants using data from the internet and social media platforms. "Simply put, no computational methods can provide reliable or objective assessments of the traits that ICE seeks to measure," the experts wrote. "In all likelihood, the proposed system would be inaccurate and biased. We urge you to reconsider this program." The department's Immigration and Customs Enforcement (ICE) published details on the proposed initiative in June, laying out its intention to leverage automation to "determine and evaluate an applicant's probability of becoming a positively contributing member of society as well as their ability to contribute to national interests" in order to fulfill Trump's executive orders on immigration.

To read the rest of our piece, click here.

--KASPERSKY RELEASES MORE DETAILS ON INTERNAL PROBE AFTER NSA ALLEGATIONS: Kaspersky Lab says it has identified an unrelated hacking campaign it says struck the same computer the company is accused of aiding Russians with hacking. The original allegations came from an Oct. 11 article in The Wall Street Journal that claimed Israeli intelligence caught Russian operatives using Kaspersky Antivirus's file-scanning system to search for classified files and stealing classified National Security Agency (NSA) hacking tools from a contractor's home computer in 2015. The article appeared to provide some context for what had been until that point a largely unexplained Department of Homeland Security (DHS) ban on Kaspersky Lab products for federal systems levied one month earlier. "It is appalling to see that accusations against our company continue to appear without any proof or factual information being presented. Rumors, anonymous sources, and lack of hard evidence spreads only fear, uncertainty and doubt," Kaspersky Lab wrote in its investigation report, released Thursday. The new Kaspersky report fills in some gaps from a prior Kaspersky report on the issue and claims to confirm its earlier analysis. Kaspersky found the classified hacking tools largely because its antivirus software was trained to protect users from some of the malware found on the system. Other suspicious files were uploaded to the company for analysis and ultimately discarded when they were discovered to be classified American intelligence files.

To read the rest of our piece, click here.

 

A LEGISLATIVE UPDATE:

The Senate on Thursday passed by a voice vote the fiscal year 2018 National Defense Authorization Act (NDAA), sending the nearly $700 billion defense policy bill to President Trump's desk.

Among the many cyber-related provisions in the bill is one that would set up two streams of funding for federal agencies to use as they transition from legacy information technology systems to more secure, newer IT. The legislation, known as the Modernizing Government Technology (MGT) Act, was spearheaded by Rep. Will HurdWilliam Ballard HurdImpeachment hearings likely to get worse for Republicans The Hill's 12:30 Report: Democrats open televised impeachment hearings Here are the key players to watch at impeachment hearing MORE (R-Texas) in the House and Sens. Jerry MoranGerald (Jerry) MoranSenate Democrats unveil priorities for federal privacy bill Microsoft embraces California law, shaking up privacy debate It's time for Congress to establish a national mental health crisis number MORE (R-Kan.) and Tom UdallThomas (Tom) Stewart UdallBureau of Land Management staff face relocation or resignation as agency moves west Overnight Energy: EPA watchdog slams agency chief after deputy fails to cooperate in probe | Justices wrestle with reach of Clean Water Act | Bipartisan Senate climate caucus grows Hillicon Valley: Twitter to refuse all political ads | Trump camp blasts 'very dumb' decision | Ocasio-Cortez hails move | Zuckerberg doubles down on Facebook's ad policies | GOP senator blocks sweeping election reform bill MORE (D-N.M.) in the Senate.

The measure passed the House earlier this year and was then included in the Senate's version of the defense bill. The provision made it into the final version of the legislation, which House and Senate negotiators hammered out in recent weeks.

The provision would set up a $500 million modernization fund for agencies to draw from as well as working capital funds they can use to transition to new technology. It has strong backing from the White House, and particularly the Office of American Innovation.

"The fact that our federal government continues to waste billions of hard-earned taxpayer dollars each year maintaining outdated, legacy IT systems is absolutely outrageous. It's 2017. The American people deserve better from their government," Hurd said in a statement on Thursday.  "We can look forward to providing more efficient, transparent services for the American people and safeguard our systems from cyberattacks. I applaud my colleagues in the House and Senate for working to get MGT across the finish line."

"This bipartisan legislation will propel our inefficient, outdated federal IT systems into the 21st century to promote productivity and strengthen cybersecurity," Moran said in a statement.

To read more about MGT, click here. To read more about the defense bill, click here.

 

A LIGHTER CLICK: McAfee spreads some early holiday cheer with advice on "hackable holiday gifts."

 

A COLLABORATION IN FOCUS:  IBM Security, Packet Clearing House, and the Global Cyber Alliance on Thursday announced that they are collaborating on a free service to help better protect consumers and businesses from internet threats.

The project, called the Quad9 Domain Name System (DNS) service, checks website links that users click on against IBM's threat intelligence database for security before users land on the address.

The protections delivered by the service apply to traditional PCs and laptops in addition to the ecosystem of internet-connected devices, commonly known as the Internet of Things (IoT).

"Protecting against attacks by blocking them through DNS has been available for a long time, but has not been used widely," Philip Reitinger, President and CEO of the Global Cyber Alliance, said in a statement on Thursday.

"Sophisticated corporations can subscribe to dozens of threat feeds and block them through DNS, or pay a commercial provider for the service. However, small to medium-sized businesses and consumers have been left behind – they lack the resources, are not aware of what can be done with DNS, or are concerned about exposing their privacy and confidential information."

"Quad9 solves these problems. It is memorable, easy to use, relies on excellent and broad threat information, protects privacy, and security and is free," Reitinger said.

 

WHAT'S IN THE SPOTLIGHT: MEDICAL DEVICE SECURITY: A House committee is asking the Department of Health and Human Services (HHS) to secure the cybersecurity of medical devices by shoring up supply chains.

House Energy and Commerce Committee Chairman Greg Walden (R-Ore.) sent a letter on behalf of the committee to HHS asking the agency begin requiring device makers to list bills of materials -- an accounting of third-party software components used in each product.

"Stakeholders do not know, and often have no way of knowing, exactly what software or hardware exist within the technologies on which they rely to provide vital medical care," the letter reads.

"This lack of visibility directly affects the ability of these stakeholders to assess their levels of risk and adjust their strategies appropriately," he wrote.

Bills of materials are a popular request among device advocacy groups, both for medical tools and beyond.

Most software includes several code snippets designed and updated by third parties and most hardware is comprised of modular components designed by someone other than the firm assembling the device. Security flaws in these components are often patched by their manufacturers but not by the companies using the components in their own devices.

The problem often manifests when a device is manufactured long before it is sold.

To read the rest of our piece, click here.

 

IN CASE YOU MISSED IT:

'Links from our blog, The Hill, and around the Web.

Carter Page hands over documents to House and Senate Intelligence Committees. (The Hill)

Twitter testing 'tweetstorm' feature. (The Hill)

Watchdog files ethics complaint against Trump's DHS pick. (The Hill)

China has a quiet vulnerabilities disclosure process. (CyberScoop)

Cyber criminals are targeting student data. (NBC News)

Researchers discover a vulnerability in Amazon Key. (Wired)

If you'd like to receive our newsletter in your inbox, please sign up here.