Overnight Cybersecurity: Flynn guilty plea brings Russia probe closer to White House | NSA worker admits to removing classified info | Dems revive data breach bill | Uber security managers step down

Overnight Cybersecurity: Flynn guilty plea brings Russia probe closer to White House | NSA worker admits to removing classified info | Dems revive data breach bill | Uber security managers step down
© Getty

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



--FLYNN ENTERS GUILTY PLEA, BRINGING RUSSIA PROBE CLOSER TO THE WHITE HOUSE: The guilty plea from former national security adviser Michael Flynn has brought special counsel Robert Mueller's investigation onto the front lawn of the White House. Flynn, who on Friday pleaded guilty to lying to federal investigators about the nature of a series of calls with the Russian ambassador, is the first person successfully prosecuted by Mueller who held a formal position in the Trump administration. And multiple outlets on Friday reported that current senior White House adviser Jared Kushner was the one who directed at least some of Flynn's calls to the ambassador -- in a potential violation of a law prohibiting private citizens from engaging in foreign policy. Flynn is now cooperating with the special counsel's investigation, which is examining potential ties between the campaign and Moscow during the 2016 presidential race, as part of his plea deal.

To read our coverage, click here and here. In case you want more, here are five takeaways from Flynn's guilty plea.


--NSA WORKER PLEADS GUILTY TO REMOVING CLASSIFIED INFO: The Department of Justice announced Friday that a former National Security Agency (NSA) employee pleaded guilty to removing classified information from the agency's offices. Nghia Pho, a 67-year-old living in Maryland, was a developer for the NSA's hacking corps -- Tailored Access Operations (TAO). Authorities found classified documents throughout his home, according to court documents, which Pho took from work between 2010 and 2015. The New York Times reports that Pho is the NSA employee that was targeted in a reported incident where Russian spies hacked NSA tools using Kaspersky Lab software. That incident is believed to be among the reasons the Trump administration banned the use of Kaspersky software. Media reports described that employee as taking classified hacking tools to work from a home computer that was loaded with Kaspersky Antivirus. According to the same reports, spies used the file scanning function of Kaspersky Antivirus to search for classified documents on all systems running the software. Kaspersky has denied the claim of intentional espionage, noting that its applications scan for malware -- including government-designed malware. The TAO tools, it said, triggered the antivirus program.

To read the rest of my piece, click here.

--AND MORE KASPERSKY INTRIGUE: The United Kingdom's cybersecurity agency late last week said that it is assessing potential risks posed by software produced by Moscow-based Kaspersky Lab. Ian Levy, the technical director at Britain's National Cyber Security Centre, wrote in a blog post that the government is engaging with companies "who we believe could pose a risk and explore how to work together to mitigate those risks sufficiently." "Ultimately, this will be done in an evidence-based and transparent way," Levy wrote. "This is the approach we are taking with Kaspersky Labs; we're discussing whether a framework can be developed (that we and others can independently verify) that provides the UK with assurance about the security of their involvement in the wider UK market. If we can't develop solutions with these suppliers that we feel mitigate the risk to UK national security, other solutions will be needed." Meanwhile, he also said that Ciaran Martin, the cyber center's leader, has written to U.K. agencies and advised them to make risk-based decisions about the use of Kaspersky on their systems. The developments in the U.K. follow press reports that Russian spies exploited Kaspersky software to steal U.S. national security secrets. The company has denied any wrongdoing. In September, the U.S. Department of Homeland Security barred federal agencies and departments from using Kaspersky products.

--UBER SECURITY MANAGERS STEP DOWN: Three senior managers in Uber's security unit resigned on Friday following revelations that it endured a massive security breach last year and failed to notify those affected. A company spokesperson confirmed the resignations of the managers from Uber's international, business operations and physical security teams. The spokesperson noted that two of the managers would stay on until the end of the year to help ease the transition process. The managers who stepped down were Pooja Ashok, chief of staff for former Uber chief security officer Joe Sullivan; Prithvi Rai, a senior security engineer; and Jeff Jones, who handled physical security. Sullivan was fired from Uber last week over his role in the 2016 breach, which compromised the data of 57 million Uber users but was not made public until the end of last month. CEO Dara Khosrowshahi lamented the breach and its handling in a statement last week, writing that "none of this should have happened, and I will not make excuses for it."

To read the rest of our piece, click here.



DEMOCRATS REINTRODUCE DATA BREACH BILL: Three Democratic senators have reintroduced a bill to require firms to promptly notify users whose data may have been taken by hackers or have those who had knowledge of the breach face prison time.

"We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that info has been stolen by hackers," Sen. Bill NelsonClarence (Bill) William NelsonFlorida not using Broward County's recount tally because it uploaded results 2 minutes late Election Countdown: Florida Senate race heads to hand recount | Dem flips Maine House seat | New 2020 trend - the 'friend-raiser' | Ad war intensifies in Mississippi runoff | Blue wave batters California GOP DeSantis holds lead over Gillum after recount MORE (D-Fla.), who headed the bill, said in a statement.

"Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this commonsense proposal."

The bill comes on the back of Uber announcing it had withheld notifying millions of customers their data had been stolen in a breach more than a year ago.

Currently, 48 states, as well as Washington, D.C., and some of the American protectorates have local breach notification laws carrying penalties of tens to hundreds of thousands of dollars. There is no national standard.

The bill, introduced Thursday by Nelson and Sens. Richard Blumenthal (D-Conn.) and Tammy BaldwinTammy Suzanne BaldwinSchumer reelected as Senate Democratic Leader Number of LGBT lawmakers in Congress hits double digits Senate GOP readies for leadership reshuffle MORE (D-Wis.), would have penalties of up to five years in prison for anyone with knowledge of a breach failing to notify anyone impacted by it.

Nelson and Blumenthal introduced similar legislation last Congress.

To read the rest of our piece, click here.



New Netflix documentary 'Wormwood' explores a CIA conspiracy theory. (Entertainment Weekly)



STATE DEPT. DEFENDS CYBER OFFICE CLOSURE: A State Department official defended the decision to close an office dedicated to cyber diplomacy, saying it reflects an effort to integrate cyber and digital economy policymaking efforts.

Secretary of State Rex TillersonRex Wayne TillersonWhite House ousts Sessions Trump downplays potential turnover: 'Everybody wants to work in this White House' Trump says Cabinet changes likely after midterms MORE notified Congress in August of the department's decision to shutter the cybersecurity coordinator's office, an entity responsible for engaging with other countries on cyber policy. It is being folded into a bureau focused on economic affairs as part of a broader agency redesign.

The move has prompted concerns and criticism among lawmakers who worry that cybersecurity efforts at the agency would take a backseat at a time when hacking threats from criminals and nation-states abound.

Charles Faulkner, a legislative affairs official at the department, sought to allay those concerns in a recent letter to Rep. Debbie DingellDeborah (Debbie) Ann DingellRep. Debbie Dingell says she heard of gang rapes taking place when she was in college Dem rep says not enough progress has been made on hearing out misconduct allegations The Hill's Morning Report — Historic, high-stakes day for Kavanaugh and Ford MORE (D-Mich.), laying out the reasoning behind its closure.

Faulkner wrote that the decision to fold the cyber office into the Bureau of Economic and Business Affairs -- which as part of its portfolio handles international communications and information technology policy -- would consolidate the agency's efforts on cybersecurity and the digital economy.

"In recognition of the opportunities and challenges that lay ahead and the increasing convergence of cyber security and digital economy issues, it is clear that cyber statecraft requires a more deliberate and systematic treatment than the stand-alone office of a coordinator can provide," the official wrote.

The letter was sent last month and first reported by Politico in recent days.

The State Department was responding to a letter penned by Dingell and nearly two-dozen House Democrats back in July urging Tillerson to keep the cyber diplomacy office in tact.

To read the rest of our piece, click here.



BOTNET TAKEDOWN: Pan-European law enforcement group Europol announced Monday that an international coalition including the FBI had dismantled the massive Andromeda botnet and arrested a suspect as part of its investigation.

Botnets rope together vast arrays of computers infected with malware into an exploitable network. Andromeda was particularly nasty. According to the Europol press release celebrating its action, Andromeda was blocked or detected on a million different machines a month.

The goal of Andromeda appears to have been to distribute malware to other computers.

Authorities arrested a suspect in Belarus. No additional details have been issued about the suspect.

Andromeda was used in the Avalanche network, which authorities took down in 2016. The coalition investigating and mitigating Avalanche included Europol and other intra-European law enforcement groups, the FBI, the Luneburg Central Criminal Investigation Inspectorate in Germany, ICANN, the German Federal Office for Information Security and private-sector partners such as Microsoft.

To read the rest of our piece, click here.



'Links from our blog, The Hill, and around the Web.

Flynn coordinated Russia call with senior transition official, prosecutors say. (The Hill)

SEC's Cyber Unit files first charges against digital coin scam. (The Hill)

EU, UK regulators look to crackdown on bitcoin. (The Hill)

OP-ED: Securing student data is a challenge that requires cash. (The Hill)

A British member of parliament is coming under scrutiny for allowing staffers to log onto her computer. (The Guardian)

TIO Networks, recently bought by Paypal, reports security breach affecting up to 1.6 million. (ZDNet)

Sen. Ron WydenRonald (Ron) Lee WydenOvernight Energy: Trump to visit California wildfire victims | Head of Park Service climate program resigns | Dems rip Trump pick for energy panel Dems slam Trump’s energy regulator nominee Grassley defends acting AG against calls for recusal MORE (D-Ore.) argues that proponents of Section 702 are spreading misinformation. (Just Security)

If you'd like to receive our newsletter in your inbox, please sign up here.