Overnight Cybersecurity: House panel releases Fusion GPS testimony | Senate votes to extend NSA spy program | Russian hackers find new political targets

Overnight Cybersecurity: House panel releases Fusion GPS testimony | Senate votes to extend NSA spy program | Russian hackers find new political targets
© Greg Nash

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



--HOUSE INTEL PANEL RELEASES FUSION GPS TRANSCRIPT: The House Intelligence Committee Thursday afternoon released the full transcript of its interview with Glenn Simpson, the co-founder of opposition research firm Fusion GPS. The panel voted early Thursday to release the transcript from its seven-hour interview with Simpson, whose firm was behind the controversial "Steele dossier," which linked President TrumpDonald TrumpJan. 6 panel faces double-edged sword with Alex Jones, Roger Stone Trump goes after Woodward, Costa over China Republicans seem set to win the midterms — unless they defeat themselves MORE to Russia. Sen. Dianne FeinsteinDianne Emiel FeinsteinProgressive groups urge Feinstein to back filibuster carve out for voting rights or resign Senators call for Smithsonian Latino, women's museums to be built on National Mall Five faces from the media who became political candidates MORE (D-Calif.) earlier this month unilaterally released the transcript of Simpson's closed-door interview with the Senate Judiciary Committee after Simpson asked that the testimony be made public. 


--IN OVER 150 PAGES OF TESTIMONY released by the committee, Simpson alleged a constellation of business deals that he said suggested the Russians could be laundering money through then-candidate Donald Trump. Simpson stopped short of saying the firm had found definitive proof of such dealings, telling investigators that, "evidence, I think, is a strong word." Some of Trump's dealings, Simpson told lawmakers, showed "patterns of buying and selling that we thought were suggestive of money laundering." The testimony is likely to reinforce battle lines surrounding the dossier, a compendium of opposition research memos compiled by former British spy Christopher Steele as part of the firm's research into the real estate mogul. Some of the allegations in the memos have been disproven, and Republicans have largely argued that the document is a politically motivated hit job on the president. Democrats, meanwhile, have argued that the dossier could provide the framework for meaningful inquiry into Trump's alleged ties to Russia, citing Steele's credibility in the intelligence community. 

To read the rest of our coverage, click here. To read the full transcript, click here.

--RUSSIAN HACKERS FIND POST-2016 TARGETS: Russia's cyber operations against the United States are showing signs of accelerating even as lawmakers grapple with how to deter and respond to the threat. Moscow-linked hackers have expanded to new political targets, including the U.S. Senate, in the wake of the hacking and disinformation campaign during the 2016 presidential race. The hackers, said to have links to Russia's GRU military intelligence unit, are part of the same group that was implicated in the 2016 hacks of the Democratic National Committee (DNC) and Hillary ClintonHillary Diane Rodham ClintonRepublicans seem set to win the midterms — unless they defeat themselves Poll: Democracy is under attack, and more violence may be the future Popping the progressive bubble MORE's campaign. The cybersecurity firm Trend Micro revealed last week that the cyber espionage group known as APT 28, "Fancy Bear" or "Pawn Storm" had begun targeting the Senate in June, orchestrating a phishing campaign using fake websites to steal official credentials for the Senate's email system.

--Fancy Bear has been active since the mid-2000s, conducting cyber espionage operations that have been widespread across the globe, with a particular eye to members of NATO. "By and large, we see global coverage," said Adam Meyers, vice president of intelligence at CrowdStrike, a cyber firm that tracks a number of Russian state-sponsored cyber groups. "We haven't really seen them stop or slow down." Some cybersecurity experts who have tracked the group's operations for years say they saw an increase in activity in 2016, particularly with regards to the targeting of political organizations. "It's definitely going more political, and their activity has increased," said Ed Cabrera, chief cybersecurity officer at Trend Micro. "We definitely saw a marked increase in volume in 2016." While experts say it is too early to give a full accounting of the group's activity in 2017, early signs suggest that Moscow's hackers are expanding their list of targets to fit Russia's broader geopolitical objectives.

To read the rest of our piece, click here.



SENATE VOTES TO EXTEND SPY PROGRAM: The Senate on Thursday passed an extension of a government surveillance program, sending the bill to President Trump's desk.

Senators voted 65-34 on the bill, which includes a six-year extension with minimal changes to the National Security Agency (NSA) program.

The vote comes after a tension-filled hour on the Senate floor earlier this week. Opponents tried, but failed, to mount a filibuster to force additional debate on the legislation, with both sides spotted lobbying key holdouts.

Opponents rallied against the bill ahead of Thursday's vote, arguing the legislation is being rushed through.

"The American people deserve better than the legislation before us. ... The American people deserve better than warrantless wiretapping," said Sen. Martin HeinrichMartin Trevor HeinrichThis Thanksgiving, skip the political food fights and talk UFOs instead Degrees not debt will grow the economy Senators call for Smithsonian Latino, women's museums to be built on National Mall MORE (D-N.M.).

He added that senators should "consider the gravity of the issues at hand and to oppose reauthorization until we can have a real opportunity for debate and reform."

But the legislation, which also cleared the House last week, appeared likely to pass.

Supporters only needed 51 votes on Thursday, giving them more breathing room, compared to the 60 votes needed on Tuesday's procedural hurdle.

Senate Majority Leader Mitch McConnellAddison (Mitch) Mitchell McConnellRepublicans seem set to win the midterms — unless they defeat themselves Graham emerges as go-to ally for Biden's judicial picks Five reasons for Biden, GOP to be thankful this season MORE (R-Ky.) urged his colleagues to back extending the program ahead of Thursday's vote, calling it "one of the most important tools" for national security officials.

"The men and women we trust to protect this country say this capability is essential to their missions. They tell us that is has saved American lives. That is why we cannot let this capability lapse. The world remains dangerous," he said.

The law, known as Section 702 of the Foreign Intelligence Surveillance Act, allows the NSA to collect texts and emails of foreigners abroad without an individualized warrant, even when they communicate with Americans in the U.S.

To read the rest of our piece, click here.



A British television writer is developing a TV show about cyber warfare. (Variety)



Cybersecurity firm Proofpoint released its fourth quarter 2017 threats report late Wednesday, which contains a number of takeaways about the cyber landscape at the end of last year. The firm found that cyber actors are increasingly turning to malicious document attachments rather than malicious URLs to target would-be victims via email. According to the report, the count of emails holding malicious documents increased by 300 percent over the previous quarter.

Meanwhile, ransomware continues to be the most popular malware, accounting for 57 percent of malicious emails analyzed by the company.

"The fourth quarter of 2017 saw a number of shifts in the threat landscape, from a return to malicious document attachments after Q3's spike in URLs to the emergence of coin mining modules in major malware strains like The Trick banking Trojan," Proofpoint wrote in a blog post accompanying the report.

"Through these shifts, however, ransomware remained the top threat by volume across the Proofpoint customer base, while threats in social media channels continued to increase across the board quarter-over-quarter."

To read the full threat report, click here.



KASPERSKY: Kaspersky Lab filed an injunction in court on Wednesday in an attempt to block the Trump administration's order that bans its products from being used on federal systems, after the government deemed that Kaspersky antivirus software posed a "security risk."

The Department of Homeland Security (DHS) in September issued a directive that removed and banned software developed by the Moscow-based firm, citing concerns about the firm's ties to the Russian government.

The company, which has repeatedly maintained that it operates independently of the Kremlin, argued that it did not receive proper notice about the order or a chance to contest the underlying evidence used to reach the ban decision.

"DHS did not provide Plaintiffs prior notice of the [Binding Operational Directive (BOD)], nor a prior opportunity to contest the purported evidence underlying it," the court document reads.

"Plaintiffs filed this action seeking rescission of the BOD, and now move for a preliminary injunction to stem the continuing significant damage to Kaspersky Lab's reputation and the loss of sales resulting from the BOD," it continued.

DHS said in September that the company's software posed "information security risks" because they "provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems."

"The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks," DHS said in its statement.

Agencies and departments had a December deadline to remove the Kaspersky products. The cybersecurity firm said the debarment has damaged their reputation, which has consequentially impacted their business.

DHS said their decision was based on information already available in the public view -- like newspaper reports and congressional testimonies. Media reports have detailed at least one occasion in which the Russian intelligence apparatus used Kaspersky antivirus software to identify and then steal classified information.

The company, however, is challenging the bureau's use of "open source" data, stating that they used "often anonymous, and uncorroborated media stories and other self-serving public statements" to reach its decision.

To read the rest of our piece, click here.



Links from our blog, The Hill, and around the Web.

Apple to allow iPhone users to disable battery slowdowns. (The Hill)

Facebook appoints American Express CEO as first black board member. (The Hill)

OP-ED: Bitcoin's real story isn't the rampant speculation, but its untold potential. (The Hill)

Lebanon-linked hackers have been exposed in a new hacking campaign. (Axios)

The House Intelligence Committee has delayed Hope Hicks' testimony. (CNN)

U.S. intelligence officials have gathered evidence of Chinese ships violating U.N. sanctions on North Korea. (The Wall Street Journal)

Hackers are stealing Bitcoin and other digital currencies. (Bloomberg)

The Federal Trade Commission has released its annual privacy and data security overview. (FTC)