Overnight Cybersecurity: Ex-Trump aide says he won’t comply with Mueller subpoena | Uber sued over breach | Putin won’t hand over indicted Russians
Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
—EX-TRUMP AIDE REBUFFS SUBPOENA IN RUSSIA PROBE: Former Trump campaign adviser Sam Nunberg said Monday he won’t comply with a subpoena to appear before the grand jury in special counsel Robert Mueller’s investigation. “When I got the subpoena it was ridiculous to me. Why should I hand them over every email I’ve had with Steve Bannon or Roger Stone since November. Since November of 2015?” Nunberg said during an interview on MSNBC. Nunberg told The Washington Post that he was summoned to appear before the grand jury this Friday and also received a two-page subpoena for documents tied to President Trump and nine others. “Let him arrest me,” Nunberg told the Post. “Mr. Mueller should understand I am not going in on Friday.” MSNBC’s Katy Tur pressed Nunberg on whether anyone from the Trump administration reached out to him and told him not to appear before the grand jury. Nunberg said he made the decision on his own. Nunberg was an early member of the Trump campaign team, but was fired in 2015 after racist social media posts emerged. Trump later sued him for allegedly violating a confidentiality agreement. Nunberg said he’s “not a fan” of Trump, adding that the president treated him “very badly” during the campaign. “But here, when I get a subpoena like this, [Trump] is right. It’s a witch hunt.” Asked whether he believes Mueller’s team has any information to indicate Trump did something illegal, Nunberg said, “I think they may.” He said he believes that because of “the way that they asked questions about anything I heard after I was fired from the campaign.” “It insinuated to me that he may have done something,” Nunberg said. Meanwhile, the White House flatly denied that allegation, Press secretary Sarah Sanders said at the afternoon press briefing that Nunberg’s suggestion was “incorrect.” “I definitely think he doesn’t know that for sure because he’s incorrect,” Sanders said. “As we said many times before, there was no collusion with the Trump campaign. Anything further on what his actions are — he hasn’t worked at the White House. I can’t speak to him or the lack of knowledge that he clearly has.” Nunberg has in the past bragged about peddling fake stories to news outlets. Nunberg made the rounds on television Monday afternoon, highlighting his promise to refuse to comply with the subpoena.
–UBER SUED OVER BREACH: The Pennsylvania attorney general is suing Uber for failing to disclose a massive 2016 data breach for over a year, alleging that the company violated state law requiring that consumers be notified of such hacks within a “reasonable” amount of time. Attorney General Josh Shapiro announced the lawsuit Monday, about four months after Uber revealed that 57 million people had been exposed in the breach a year before. “Uber violated Pennsylvania law by failing to put our residents on timely notice of this massive data breach,” Shapiro said in a statement. “Instead of notifying impacted consumers of the breach within a reasonable amount of time, Uber hid the incident for over a year — and actually paid the hackers to delete the data and stay quiet. That’s just outrageous corporate misconduct, and I’m suing to hold them accountable and recover for Pennsylvanians.” Uber has admitted to paying the hackers responsible $100,000 to destroy the stolen data and to not disclose the breach. The company’s new leadership revealed the hack in November 2017 as part of their efforts to turn over a new leaf following the ouster of the embattled former CEO and co-founder Travis Kalanick. Uber’s chief legal officer, Tony West, said that while he’s surprised by the lawsuit, he intends to continue working with Shapiro’s office and prosecutors around the country. “We make no excuses for the previous failure to disclose the data breach,” West said in a statement. “While we do not in any way minimize what occurred, it’s crucial to note that the information compromised did not include any sensitive consumer information such as credit card numbers or social security numbers, which present a higher risk of harm than driver’s license numbers.”
To read the rest of our piece, click here.
–PUTIN SAYS U.S. WON’T GET RUSSIANS: Russian President Vladimir Putin told NBC News that Moscow will never hand over to the United States the 13 Russians charged by special counsel Robert Mueller in his investigation into Russian interference in the 2016 presidential election. Putin made the comments in an interview with NBC’s Megyn Kelly. The interview comes roughly two weeks after Mueller indicted the 13 Russians and three Russian organizations. The Russian nationals allegedly worked an elaborate effort to engage with U.S. audiences and spread divisive political and cultural content through social media. It included creating fake U.S. personas and stealing the identities of real Americans to hide their tracks. When asked whether he would extradite them, he replied, “Never. Never. Russia does not extradite its citizens to anyone, just like the United States.” “Does the United States extradite its citizens to anyone?” Putin added. While the Russian president did not deny that the individuals were involved in an effort to interfere in the election, he said they “do not represent the Russian state.”
See more from the NBC interview here.
A LEGISLATIVE UPDATE:
DHS REAUTHORIZATION. A key Senate panel will take up legislation this week that would reauthorize the Department of Homeland Security (DHS), as well as institute a number of reforms to the department’s operations.
The Senate Homeland Security Committee will meet Wednesday to consider the legislation, the committee announced Monday. The House-passed version includes a number of reforms, including some that aim to improve the department’s cybersecurity efforts.
Sens. Kamala Harris (D-Calif.) and James Lankford (R-Okla.), both committee members, are planning on introducing amendments to the bill that would help states bolster the cybersecurity of their voting systems.
Both senators are already sponsoring standalone legislation that would set up block grants for states to replace paperless voting machines with systems that provide a paper backup. The bill, called the “Secure Elections Act,” is one of several stalled efforts in Congress to secure future U.S. elections from foreign threats following Russian interference in the 2016 presidential election.
U.S. officials say that Russian hackers targeted election-related systems in 21 states as part of a broader effort to meddle in the 2016 election.
While none of the systems were involved in vote tallying, the revelation has triggered discussion about how to bolster security around and increase confidence in U.S. election infrastructure, including voter databases and actual voting systems. Homeland Security officials say that most of the targeting efforts ahead of 2016 were not successful.
The Senate Homeland Security Committee will take up the House version of the reauthorization bill on Wednesday morning.
To read more, click here.
A REPORT IN FOCUS:
CYBER THREATS TO THE HEALTH SECTOR: The health care industry is the sole industry where insider threats pose the biggest cybersecurity risk to organizations, according to a new report from Verizon.
A whopping 58 percent of the health care breaches in 2016 and 2017 analyzed by the company involved insiders, according to the report issued late last week by Verizon.
The research also found that 70 percent of cyber incidents targeting health organizations that involved malicious code were ransomware attacks. Hospitals have proven a popular target of hackers using ransomware, especially after a few high-profile cases in which the targeted hospital paid those responsible in order to regain access to their systems.
To read more from Verizon’s 2018 Protected Health Information Data Breach Report, click here.
A LIGHTER CLICK:
Fast food just got techier. (KTLA Los Angeles)
WHAT’S IN THE SPOTLIGHT:
BROADCOM’S BID FOR QUALCOMM: U.S. chipmaker Qualcomm is delaying a major shareholder meeting this week so federal regulators can review whether a hostile takeover bid from foreign technology giant Broadcom poses a national security threat.
The Committee on Foreign Investment in the United States urged Qualcomm on Sunday to postpone its annual stockholders meeting and election of its board of directors by at least 30 days to allow for the review of the deal.
It’s the latest twist in the months-long fight between the two companies, as Qualcomm tries to fight off Singapore-based Broadcom’s takeover bid. If the deal goes through, it would be the largest tech acquisition in history.
The Committee on Foreign Investment in the United States has ramped up its scrutiny of potential foreign forays into the U.S. market in recent months, but such an overt intervention is unusual for the panel.
Broadcom said in a statement Monday morning that it learned Qualcomm had secretly filed a complaint with the committee asking for the review. It accused the company of seeking to “disenfranchise its own stockholders.”
“This was a blatant, desperate act by Qualcomm to entrench its incumbent board of directors and prevent its own stockholders from voting for Broadcom’s independent director nominees,” the statement said.
Broadcom is currently in the process of moving its headquarters from Singapore to the U.S., a move intended to ease the concerns of regulators. That decision was announced in November when the head of the company joined President Trump at a White House event.
The company said in its statement Monday that once it completes the shift to the U.S., the committee will no longer have jurisdiction over the deal.
In its own statement, Qualcomm called Broadcom’s response “a continuation of its now familiar pattern of deliberately seeking to mislead shareholders and the general public by using rhetoric rather than substance to trivialize and ignore serious regulatory and national security issues.”
“[The Committee on Foreign Investment in the United States] has determined that there are national security risks to the United States as a result of and in connection with the transaction proposed by Broadcom,” Qualcomm’s statement added.
The committee is an inter-agency panel chaired by Treasury Secretary Steven Mnuchin and comprised of Cabinet officials from the Justice Department and State Department, among others. The committee is tasked with investigating the national security implications of foreign bids for American businesses.
The Qualcomm review comes as regulators have stepped up their scrutiny of foreign overtures into the U.S. market, with Chinese tech moves drawing the biggest concerns.
To read more from our piece, click here.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
House Republicans appear close to ending Russia probe (The Hill)
Schiff says Trump not acting on Russian election interference is ‘dereliction of duty.’ (The Hill)
GitHub targeted with largest DDoS attack ever recorded. (The Hill)
Reddit removed a ‘few hundred accounts’ linked to Russian propaganda. (The Hill)
The State Department hasn’t spent money on countering foreign election interference efforts. (The New York Times)
Israel solicited ‘zero days‘ from American developers. (Motherboard)
Homeland Security’s cyber hub is on Twitter. (DHS)
Cyber firm McAfee uncovers ‘Operation Honeybee’ targeting humanitarian aid groups. (McAfee)
A deep dive on Christopher Steele, the ex-British spy behind the controversial Trump-Russia dossier. (The New Yorker)
Britain’s cyber center warns that charities face mounting threats in cyberspace. (Huffington Post UK)
NIS America suffered a data breach. (International Business Times)