Overnight Cybersecurity: House plan for long-term surveillance law bill 'dead for now' | North Korea expands money-making hacks | Five arrested in ransomware bust

Overnight Cybersecurity: House plan for long-term surveillance law bill 'dead for now' | North Korea expands money-making hacks | Five arrested in ransomware bust
© Getty

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...




House Republicans' plans to vote on a stand-alone bill to renew a controversial surveillance authority are dead "for now," House Intelligence Committee Chairman Devin NunesDevin Gerald NunesRussia probe accelerates political prospects for House Intel Dems Nunes: Russia probe documents should be released before election Gowdy: House Intel panel should release all transcripts from Russia probe MORE (R-Calif.) told reporters less than 24 hours after lawmakers scheduled a Rules Committee vote on the measure. They are butting up against a tight deadline: The current law, which the intelligence community says is critical to identify and disrupting terror plots, is set to expire at the end of the year. FISA Section 702 allows for warrantless surveillance of non-citizens outside the country. Occasionally, note opponents, the systems to protect Americans fail and the surveillance sweeps up domestic or a citizen's chatter. GOP lawmakers will attempt to hash out stark divisions in a conference meeting later on Wednesday, but after a closed-door meeting with key lawmakers in Majority Leader Kevin McCarthyKevin Owen McCarthyOn The Money: Midterms to shake up House finance panel | Chamber chief says US not in trade war | Mulvaney moving CFPB unit out of DC | Conservatives frustrated over big spending bills Midterms to shake up top posts on House finance panel The Hill's Morning Report — Sponsored by United Against Nuclear Iran — Kavanaugh confirmation in sudden turmoil MORE's (R-Calif.) office, no decisions had yet been made. "We're still working away on it," McCarthy said, but offered few other details.

--...POSSIBLE SHORT TERM RENEWAL? Among the slate of options and unanswered questions: Will lawmakers try to attach a short-term renewal of the program to a stopgap spending measure at the end of the week, or try to push through a more long-term solution? "There's a very little chance that a long-term FISA reauthorization has support of the overall conference," said House Freedom Caucus leader Rep. Mark MeadowsMark Randall MeadowsRepublicans threaten to subpoena Nellie Ohr Conservatives left frustrated as Congress passes big spending bills Graham to renew call for second special counsel MORE (R-N.C.), whose caucus is calling for stronger privacy protections to fix what it sees as systemic Fourth Amendment violations under the current program. The Rules Committee vote, scheduled for 4 p.m. Wednesday, has since been postponed. In the upper chamber, Majority Whip Sen. John CornynJohn CornynKey GOP senators appear cool to Kavanaugh accuser's demand Trump, GOP regain edge in Kavanaugh battle GOP mulls having outside counsel question Kavanaugh, Ford MORE (R-Texas) has suggested lawmakers will try to insert a short-term renewal into its continuing resolution, effectively punting the issue at least into the new year. But it's unclear what leaders mean by "short-term." Sens. Rand PaulRandal (Rand) Howard PaulConservatives left frustrated as Congress passes big spending bills Senate approves 4B spending bill Some employees' personal data revealed in State Department email breach: report MORE (R-Ky.) and Ron WydenRonald (Ron) Lee WydenGoogle says senators' Gmail accounts targeted by foreign hackers Wyden says foreign hackers targeted personal accounts of senators, staffers Some employees' personal data revealed in State Department email breach: report MORE (D-Ore.) on Wednesday threatened to mount a filibuster of any long-term extension of the law.

To read the rest of our piece, click here.



NEW YORK MAY SIDESTEP FCC ON SOME NET NEUTRALITY: New York State Assemblymember Patricia Fahy (D) is pushing a bill in an effort to protect the principles of net neutrality in her state in the wake of the Federal Communications Commission's (FCC) vote to repeal the popular Obama-era regulations.

According to Fast Company, Fahy has introduced a short piece of legislation that would prohibit state, county and city authorities from doing business with internet service providers that engage in business practices that were prohibited by the net neutrality rules, like blocking or throttling web content or making websites buy into internet "fast lanes."

"If you are going to be a contractor and want to work with New York, then you must meet the principles," Fahy told the magazine.

To read the rest of our piece click here.






LAZARUS RAISING MONEY... AGAIN: North Korea may be doubling down on its efforts to make money by hacking, according to new research by cybersecurity firm Proofpoint.

The Lazarus Group, an industry name for the believed-to-be North Korean hackers that breached Sony Pictures and launched the disastrous WannaCry malware, has already been linked to several different attempts to generate revenue by hacking. The group was tied to a string of bank robberies using the SWIFT interbank transfer request system totaling hundreds of millions of dollars, as well as recent attempts to phish cryptocurrency exchanges.  

Proofpoint explains in a new report that Lazarus has started infecting South Korean credit card terminals, called point of sale (POS) systems, to steal credit card information.

The firm believes this would make North Korea the first known nation to steal credit cards this way.

Lazarus is also now no longer just phishing cryptocurrency exchanges, but also individuals who appear to own bitcoin and other digital currencies.

On Tuesday, the Trump administration blamed North Korea for the WannaCry malware that infected hundreds of thousands of systems in May. Such attributions from the executive branch have been extremely rare.

The report outlines two new pieces of malware being used by the group. Both are updates to the group's old malware, known as Ratankba.

To read the rest of our piece, click here.



ROMANIAN RANSOMWARE: Romanian authorities have arrested five suspects allegedly spreading the CTB-Locker ransomware throughout Europe and the U.S.

The arrests were the summation of work in concert with Dutch, United Kingdom and U.S. authorities, with help coming from Europol and the cybersecurity firm McAfee.

The five suspects are not believed to have designed the ransomware. Instead, they ran what amounted to a CTB-Locker franchise, paying the designers 30 percent of all of their proceeds

To read the rest of our piece, click here.



Links from our blog, The Hill, and around the Web.

The Coinbase cryptocurrency exchange is investigating insider trading. (The Hill)

OP-ED: WannaCry demonstrates the defensive power of working together. (CNN)

OP-ED: You might already be qualified for a cyber job. (The Hill)

OP-ED: Don't regulate AI. (The Hill)

A cybersecurity firm is suing a cybersecurity reporter over a story about security flaws in their product. (ZD NET)

A British teen will avoid jail time despite running a DDoS service. (BankInfoSec)

Chinese attackers are targeting think tanks. (FireEye)