Overnight Cybersecurity: Mueller adds cyber prosecutor to Russia team | DHS steps up election security aid to states | Dem bill would punish credit reporting firms for breaches

Overnight Cybersecurity: Mueller adds cyber prosecutor to Russia team | DHS steps up election security aid to states | Dem bill would punish credit reporting firms for breaches
© Getty Images

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



--DHS SPEEDS UP ELECTION SECURITY HELP TO STATES: A top cybersecurity official at the Department of Homeland Security said Wednesday he expects the department to complete rigorous election security tests requested by a number of states by April. Bob Kolasky, the acting deputy undersecretary in Homeland Security's cyber unit, acknowledged previous reports of a backlog of risk and vulnerability assessments, which the department has offered to states as part of its designation of election infrastructure as critical. Politico reported in late December that states faced up to 9-month waits for the thorough assessments, leaving little time before the 2018 midterm elections for states to mitigate any potential flaws in their voting systems. "I am here today to tell you we have the ability now to meet all the state requests that we have received," Kolasky said during a keynote address at a summit organized by the U.S. Election Assistance Commission in Washington. The department has already completed assessments for three states and expects to meet the remaining 11 requests by mid-April, he said. "We want all the rest of the states to sign up, and if they do we believe we will be able to do those risk and vulnerability assessments onsite before the midterm elections," Kolasky said. "That is a significant shift of our own resources."

To read the rest of our piece, click here.



--MUELLER BRINGS ON CYBER PROSECUTOR: Ryan Dickey, a veteran cyber crime prosecutor, has joined special counsel Robert MuellerRobert Swan MuellerSasse: US should applaud choice of Mueller to lead Russia probe MORE's team of investigators. A spokesman for the special counsel's office confirmed to The Hill on Wednesday that Dickey was assigned to Mueller's investigation in early November from the Justice Department's Computer Crime and Intellectual Property Section. The Washington Post first reported that Dickey had joined Mueller's team. Dickey is the first known veteran prosecutor of cyber crimes to join the special counsel investigation, which is examining Russian meddling in the 2016 presidential election and possible collusion between the Trump campaign and Moscow. Mueller took over the law enforcement investigation in May, after President TrumpDonald John TrumpThe Guardian slams Trump over comments about assault on reporter Five takeaways from the first North Dakota Senate debate Watchdog org: Tillerson used million in taxpayer funds to fly throughout US MORE fired FBI Director James ComeyJames Brien ComeyFormer FBI lawyer speaks with House lawmakers on Rosenstein, 2016 Emmet Flood steps in as White House counsel following McGahn departure McGahn departs as White House counsel MORE. His team mostly consists of white-collar crime prosecutors and investigators.

To read the rest of our piece, click here.


--TRUMP WON'T COMMIT TO INTERVIEW WITH MUELLER: President Trump said Wednesday it is "unlikely" he will have to sit down with Mueller for an interview, arguing that there was "no collusion" between his campaign and Russia. Trump repeatedly dodged whether he would submit to an interview with Mueller by citing his claim that there was no collusion during the 2016 presidential election. "We'll see what happens," the president said when pressed by a reporter on Wednesday. "When they have no collusion ... it seems unlikely that you'd even have an interview." Trump was speaking during a joint press conference alongside Norwegian Prime Minister Erna Solberg following a meeting at the White House. Multiple reports this week said that Mueller is likely to interview Trump in the coming weeks as part of the special counsel investigation into Russia's meddling in the 2016 presidential race. NBC News reported that Trump's lawyers have discussed whether to ask for stipulations to the interview, such as answering questions in writing or signing an affidavit asserting the president's innocence.

To read the rest of our piece, click here.



--DEMS REVIVE PUSH FOR LEGISLATION ON CREDIT FIRM BREACHES: Sens. Elizabeth WarrenElizabeth Ann WarrenOn The Money: Mnuchin pulls out of Saudi summit | Consumer bureau to probe controversial blog posts on race | Harris proposes new middle-class tax credit Overnight Health Care — Presented by Purdue Pharma — Trump says GOP will support pre-existing condition protections | McConnell defends ObamaCare lawsuit | Dems raise new questions for HHS on child separations Booker holds 'Get Out the Vote' event in South Carolina as presidential speculation builds MORE (D-Mass.) and Mark WarnerMark Robert WarnerDems can use subpoena power to reclaim the mantle of populism Is there a difference between good and bad online election targeting? Collusion judgment looms for key Senate panel MORE (D-Va.) have introduced a bill aimed at penalizing credit reporting agencies for breaches following the Equifax data breach.

The Data Breach Prevention and Compensation Act would provide the Federal Trade Commission (FTC) with additional direct supervisory authority over data security at the agencies, as well as impose penalties and provide consumers with compensation as a means of preventing future breaches.

"We are introducing a bill today to say that when a credit reporting agency lets your data be stolen, that there are substantial automatic penalties that go into place, and there's money that automatically goes back to the people whose data has been stolen," Warren told CNN's Alisyn Camerota on "New Day."

Equifax announced in September hackers had taken advantage of a software flaw and accessed the personal data of over 140 million customers.

The breach resulted in bipartisan outrage on Capitol Hill and the resignations of the company's chief information and security officers.

To read more about the bill, click here.


--SPY BILL TO GET A VOTE: The full House is poised to vote Thursday on a bill that would reauthorize Section 702 of the Foreign Intelligence Surveillance Act (FISA), a controversial provision that allows the intelligence community to spy on non-American targets outside the United States without a warrant.

The bill was approved by the House Rules Committee on Tuesday night.

The spy program, which will expire on Jan. 19 if Congress doesn't act, has been the subject of heated debate in Washington particularly as a result of the "incidental collection" that occurs on Americans when they communicate with foreign intelligence targets. Privacy and civil liberties advocates have been pushing for an end to the so-called "backdoor search loophole" that allows law enforcement to sift through data incidentally collected on Americans under the law without a warrant.

On Thursday, lawmakers will consider a bipartisan amendment offered by Rep. Justin AmashJustin AmashWatchdog files Hatch Act complaint against Sanders for picture with Kanye in MAGA hat Cook Political Report shifts 7 more races towards Dems Rand Paul ramps up his alliance with Trump MORE (R-Mich.) and several others that would require a warrant for any agency to sift through Americans' communications. A bipartisan, bicameral group of lawmakers held a press conference on Wednesday to support the bill, called the USA Rights Act.

"We need more oversight of the intelligence community, not less," Sen. Rand PaulRandal (Rand) Howard PaulSaudi mystery drives wedge between Trump, GOP Noisy democracy, or rude people behaving like children? Lawmakers, Wall Street shrug off Trump's escalating Fed attacks MORE (R-Ky.) said at the event.  "We need to make sure, because men are not angels, that there are rules."

Lawmakers faced a deadline to reauthorize the program before the end of 2017, but added a provision to a short-term funding bill extending it and punting the debate into the new year.



Now, that's just weird.



WHATSAPP SECURITY WEAKNESSES COULD ALLOW UNINVITED GUESTS INTO GROUP CHATS: Computer researchers have discovered a set of flaws in WhatsApp that could allow uninvited individuals into private group chats.

WhatsApp, owned by Facebook, is a popular secure messaging application that uses end-to-end encryption.

The team of cryptographers at Ruhr University in Bochum, Germany, found a set of security weaknesses in the messaging app that together allow anyone controlling the WhatsApp server to insert other parties into a private group thread without getting permission from the administrator who controls the group.

The design flaws allow "an attacker ... controlling some of the messages sent by the WhatsApp server, to become a member of the group or add other users to the group without any interaction of the other users," according to their research paper released earlier this month.

The researchers detailed the findings at the Real World Crypto security conference in Zurich on Wednesday, according to Wired. They also found less significant weaknesses in secure messaging apps Signal and Threema.

While the flaws could allow an attacker to gain full control of group chats on the application, any would-be attacker would still first need to take control of the WhatsApp server to exploit the security flaws.

WhatsApp said in a statement that the company has carefully examined the issue and noted that the platform is built so that users are alerted when new people are added to a group message chat.

"We've looked at this issue carefully," a WhatsApp spokesperson said. "Existing members are notified when new people are added to a WhatsApp group. We built WhatsApp so group messages cannot be sent to a hidden user. The privacy and security of our users is incredibly important to WhatsApp. It's why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted."

To read the rest of our piece, click here.



PENTAGON CYBER OPS: The U.S. military is facing a host of challenges as it seeks to cultivate and expand cyber operations in the new year.

The expected departure of National Security Agency (NSA) Director Mike RogersMichael (Mike) Dennis RogersTrump's praise for North Korea complicates cyber deterrence Overnight Defense: Trump approves new counterterrorism strategy | Mattis calls Russian arms treaty violations 'untenable' | Trump may fire Air Force chief over Space Force, report says Trump considering firing Air Force secretary over 'Space Force' position: report MORE this spring has spawned a fresh challenge for the Trump administration. The White House must find someone to replace him who can helm not only the NSA, but also U.S. Cyber Command, the Pentagon's young offensive cyber unit that became more powerful last year after the president elevated it to a full combatant command.

Complicating matters, the Pentagon is currently mulling whether and how to split the two agencies, a decision widely viewed as inevitable but which some have worried could have negative consequences if done too swiftly.

Rogers's tenure has been a rocky one, plagued by continuous intelligence leaks and reports of low morale amid a sometimes-unpopular reorganization. Still, he remains in high regard among some, who acknowledge the high stakes of a job that requires balancing two distinct but related missions.

Rogers took over for Keith Alexander at NSA in 2014 as the intelligence agency faced intense public scrutiny over former contractor Edward Snowden's disclosures.

More recently, the agency has been forced to contend with embarrassing leaks of its hacking tools by the "Shadow Brokers" group.

In the dual-hat role, Rogers is also responsible for helming Cyber Command, which was born out of the NSA headquarters at Fort Meade, Md., in 2009.

"Having somebody that has that ability to understand the technical capabilities of the work ... but can still do the public outreach part -- it's tough to find someone that can do both of those," said Steve Bucci, a former Army officer and cybersecurity expert at the right-leaning Heritage Foundation.

"You generally need somebody with that technical background to understand the issues well, because it's not a normal military command," Bucci added. "The group gets pretty small."

The cyber unit has seen its status grow over the years, capped by President Trump's decision in August to officially elevate it to a full combatant command.

The move triggered a Pentagon review of whether to split the dual-hat leadership of NSA and Cyber Command, which would effectively separate the government's intelligence functions from its war-fighting cyber operations.

Some say Rogers's departure will create the perfect opportunity for the administration to move forward on splitting the two bodies by naming a successor at the NSA and a different commander for Cyber Command.

To read the rest of our piece, click here.



Links from our blog, The Hill, and around the Web.

Five takeaways from the Fusion GPS testimony. (The Hill)

Trump orders new guidance on 'unmasking' requests. (The Hill)

GOP senator presses Apple on phone slowdowns. (The Hill)

Dems warn of Russian election interference across Europe. (The Hill)

Taiwanese police hand out malware-infected devices as prizes in cyber quiz. (BBC)

FBI disrupting fewer cyber crime operations than in previous years. (NextGov)

White House personal cell phone ban will soon take effect. (Politico)