Overnight Cybersecurity: DNC beefs up cybersecurity staff | Trump says he would speak to Mueller under oath | Wyden slams FBI chief on encryption

Overnight Cybersecurity: DNC beefs up cybersecurity staff | Trump says he would speak to Mueller under oath | Wyden slams FBI chief on encryption
© Getty Images

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



--TRUMP 'LOOKING FORWARD' TO INTERVIEW WITH MUELLER IN RUSSIA PROBE: President TrumpDonald John TrumpDavid Axelrod after Ginsburg cancer treatment: Supreme Court vacancy could 'tear this country apart' EU says it will 'respond in kind' if US slaps tariffs on France Ginsburg again leaves Supreme Court with an uncertain future MORE said Wednesday that he plans to speak with special counsel Robert MuellerRobert (Bob) Swan MuellerMueller report fades from political conversation Trump calls for probe of Obama book deal Democrats express private disappointment with Mueller testimony MORE, laying the groundwork for a high-stakes meeting that could shape the course of the Russia investigation. "I'm looking forward to it," Trump told reporters at the White House when asked whether he would submit to questioning by Mueller's team. "I would do it under oath," he added. Trump has ridiculed the Russia investigation as a "witch hunt" and a "hoax," but the White House has sought to comply with the special counsel's requests in hopes that the investigation will wrap soon and clear the president of wrongdoing. Trump said he expects to speak with Mueller in two to three weeks but cautioned the specifics are being worked out by his lawyers. Ty Cobb, the White House lawyer leading the response to the probe, told The Hill Trump was speaking in a rush before departing for Davos but stressed that he remains committed to continued complete cooperation with Mueller's office and looks forward to an interview with Mueller's team. Cobb said arrangements are still being worked out between the special counsel's office and Trump's personal attorneys. Trump said he was willing to talk because of his belief there was "no collusion" between members of his campaign and Moscow. "I couldn't have cared less about Russians having to do with my campaign. The fact is -- you people won't say this but I'll say it -- I was a much better candidate than her," Trump said, referring to Hillary ClintonHillary Diane Rodham ClintonTrump takes aim at media after 'hereby' ordering US businesses out of China Trump knocks news of CNN hiring ex-FBI official McCabe Taylor Swift says Trump is 'gaslighting the American public' MORE, his Democratic opponent.

To read the rest of our piece, click here.


--DNC BEEFS UP ON CYBER: The Democratic National Committee (DNC) is bringing on new talent from the private sector to bolster its cyber defenses ahead of the 2018 midterm elections. DNC Chair Tom PerezThomas Edward PerezClinton’s top five vice presidential picks Government social programs: Triumph of hope over evidence Labor’s 'wasteful spending and mismanagement” at Workers’ Comp MORE announced Thursday that the committee has hired Bob Lord, who previously held top technology roles at Yahoo and Twitter, to serve as its chief security officer. Perez has made cybersecurity a top priority at the DNC after the organization saw its networks breached by Russian hackers ahead of the 2016 presidential election. Other new hires include Raffi Krikorian, a former Uber executive, who currently serves as the DNC's chief technology officer. Lord most recently served as the chief information security officer at Yahoo. He was responsible for managing the company's response efforts in the aftermath of two high-profile security breaches that occurred in 2013 and 2014. Those breaches occurred before he was employed at the company. Yahoo disclosed just last October that the 2013 breach impacted all 3 billion of its user accounts, triple the figure originally reported. Separately, the Justice Department has indicted two Russian intelligence officers and two criminal hackers in the unrelated 2014 breach. One of the individuals charged, a Canadian citizen, pleaded guilty to the charges in November. In a statement, Lord pledged to work to bolster the DNC's defenses as well as those of state Democratic parties across the country.

To read the rest of our piece, click here.

--DOJ SAYS IT FOUND MISSING FBI TEXTS: Months of missing text messages between two FBI officials have been located, according a letter obtained by The Hill. Justice Department Inspector General Michael Horowitz told Sens. Chuck GrassleyCharles (Chuck) Ernest GrassleyThe road not taken: Another FBI failure involving the Clintons surfaces White House denies exploring payroll tax cut to offset worsening economy Schumer joins Pelosi in opposition to post-Brexit trade deal that risks Northern Ireland accord MORE (R-Iowa) and Ron JohnsonRonald (Ron) Harold JohnsonThe road not taken: Another FBI failure involving the Clintons surfaces GOP senator: Gun control debate 'hasn't changed much at all' back home GOP senators call for Barr to release full results of Epstein investigation MORE (R-Wis.) in a letter that the messages spanning from December 2016 to May 2017, previously thought missing due to a technological glitch affecting FBI phones, have been found. "The [Office of the Inspector General] has been investigating this matter, and, this week, succeeded in using forensic tools to recover text messages from FBI devices," the letter read. The messages between FBI agents Peter Strzok and Lisa Page have come under scrutiny primarily by GOP lawmakers who say that they are proof of political bias against President Trump in the Russia investigations and in the FBI overall.  The glitch that resulted in their missing messages reportedly affected thousands of FBI phones. In all, Attorney General Jeff SessionsJefferson (Jeff) Beauregard SessionsA better way to run the Federal Bureau of Prisons Trump admin erases key environmental enforcement tool DOJ should take action against China's Twitter propaganda MORE said at least 50,000 messages were exchanged between Strzok and Page. Strzok was removed from special counsel Robert Mueller's investigation into Russian election meddling after anti-Trump messages between him and Page were revealed. Strzok also worked on the investigation into former Secretary of State Hillary Clinton's use of a private email server.

To read the rest of our piece, click here.



DEM RIPS FBI CHIEF OVER ENCRYPTION PROPOSAL: A Democratic senator is blasting the leader of the FBI over recent comments he made about encryption, calling them "ill-informed."

Sen. Ron WydenRonald (Ron) Lee WydenWyden blasts FEC Republicans for blocking probe into NRA over possible Russia donations Wyden calls for end to political ad targeting on Facebook, Google Ex-CIA chief worries campaigns falling short on cybersecurity MORE (D-Ore.) wrote a letter to FBI Director Christopher Wray on Thursday criticizing him for advocating for a technological solution to what is often referred to as the "going dark" problem--the inability of officials to access data on encrypted devices for ongoing investigations.

Wray said during recent remarks that devices could be designed "that both provide data security and permit lawful access with a court order." He also dismissed the idea that law enforcement investigators are looking for some kind of "back door" into encrypted devices.

In his letter Thursday, Wyden slammed the suggestion, saying that it would inevitably degrade the security of the devices themselves.

"Regardless of whether the Federal Bureau of Investigation labels vulnerability by design a backdoor, a front door, or a 'secure golden key,' it is a flawed policy that would harm American security, liberty, and our economy," Wyden wrote.

Wray made the remarks at a conference in New York earlier this month, during which he described the bureau's inability to access encrypted communications as a "major public safety issue."

According to Wray, the bureau was unable to access digital content of nearly 7,800 devices for investigations last fiscal year despite having the "legal authority" to do so.

"If we can develop driverless cars that safely give the blind and disabled the independence to transport themselves; if we can establish entire computer-generated virtual worlds to safely take entertainment and education to the next level, surely we should be able to design devices that both provide data security and permit lawful access with a court order," Wray said.

"We're not looking for a 'back door'--which I understand to mean some type of secret, insecure means of access," Wray added. "What we're asking for is the ability to access the device once we've obtained a warrant from an independent judge, who has said we have probable cause."

On Thursday, Wyden countered that such a proposal that preserves security would be impossible.

To read more from our piece, click here.



Gear up for the Super Bowl with some high-tech toys. (Wired)



The Online Trust Alliance released its annual analysis of cyber incidents and breach trends on Thursday, finding that the number of cyber incidents targeting businesses almost doubled from 2016 to 2017, largely driven by the rapid rise in ransomware.

According to the report, the number of cyber incidents targeting businesses increased to nearly 160,000 in 2017 over 82,000 the previous year. This includes 134,000 ransomware attacks. The analysis covers a range of different threats, including ransomware attacks, data breaches, and distributed denial-of-service (DDoS) attacks.

The alliance is a project within the Internet Society, a non-profit focused on web standards and policy.

"Surprising no one, 2017 marked another 'worst year ever' in data breaches and cyber incidents around the world," Jeff Wilbur, the director of the Online Trust Initiative at the Internet Society, said in a statement. "This year's big increase in cyberattacks can be attributed to the skyrocketing instances of ransomware and the bold new methods of criminals using this attack."

To read more from the report, click here.



SECURITY CLEARANCES: The Government Accountability Office (GAO) is adding the federal security screening process to its "high risk list" of government procedures in need of significant reform.

The decision, announced Thursday morning, comes after revelations about the government awarding security clearances to individuals with criminal backgrounds and suspicious financial dealings.

GAO comptroller general Gene Dodaro positioned the decision as an effort to limit unauthorized leaks of classified information and to weed out individuals with criminal histories or questionable backgrounds.

The announcement came one day after the Defense Department released a report showing that the government revoked security clearances of 165 defense contractors last year, many of whom further investigations showed had "pre-existing issues" that initial checks had not picked up.

The way in which the federal government vets individuals to handle sensitive government data has long attracted scrutiny from lawmakers on Capitol Hill, particularly as a result of the significant case backlog and lack of transparency surrounding the process.

As of September, the federal government faced a 700,000-case backlog across agencies and departments.

The government's screening process has also attracted scrutiny as a result of high-profile leaks of classified information. Last June, a pair of bipartisan senators pressed the Office of Personnel Management for details about the handling of the security clearance for Reality Winner, a government contractor accused of leaking classified files to a news outlet.

"A high-quality and timely personnel security clearance process is essential to minimize the risks of unauthorized disclosures of classified information and to help ensure that information about individuals with criminal histories or other questionable behavior is identified and assessed," Dodaro said in a statement.

To read more from our piece, click here.



Links from our blog, The Hill, and around the Web.

Regulators ask Congress for more power to police cryptocurrencies. (The Hill)

Employee who sent false alert in Hawaii not cooperating with FCC probe, official says. (The Hill)

Kansas secretary of state's office leaked sensitive information online. (Gizmodo)

Technology firms have allowed Russia to review code of software used widely throughout the government. (Reuters)

Florida law enforcement official purchased malware that enables spying. (Motherboard)