Overnight Cybersecurity: House Intel releases final Russia report | Faults both Trump, Clinton campaigns | New NSA chief to take over next week | Federal lab launches new projects against ransomware

Overnight Cybersecurity: House Intel releases final Russia report | Faults both Trump, Clinton campaigns | New NSA chief to take over next week | Federal lab launches new projects against ransomware
© Greg Nash

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



--HOUSE INTEL RELEASES FINAL RUSSIA REPORT: The House Intelligence Committee on Friday released its final report on the 2016 presidential election, which found "no evidence" of ties between President TrumpDonald John TrumpDemocrat calls on White House to withdraw ambassador to Belarus nominee TikTok collected data from mobile devices to track Android users: report Peterson wins Minnesota House primary in crucial swing district MORE's campaign and Russia. The report, written by Republicans on the committee, did criticize "poor judgment and ill-considered actions" by Trump's campaign -- as well as the campaign run by Democratic nominee Hillary ClintonHillary Diane Rodham ClintonNAACP seeks to boost Black voter turnout in six states California Dems back Yang after he expresses disappointment over initial DNC lineup The Hill's Campaign Report: Biden picks Harris as running mate MORE. "While the Committee found no evidence that the Trump campaign colluded, coordinated, or conspired with the Russian government, the investigation did find poor judgment and ill-considered actions by the Trump and Clinton campaigns," it said.


The committee had already revealed last month in a one-page summary of the report's findings that it had found no evidence of collusion. The report said Russia did carry out a "multi-faceted" active measures campaign against the U.S. in an effort to "sow fear and division in American society." The committee voted along party lines in March to release its controversial, Republican-authored report, wrapping up a yearlong investigation that was filled with contentious panel infighting.  Democrats were outraged by the unilateral GOP decision to end the investigation last month, calling the move premature and an attempt to shield the White House from scrutiny. 

The report notes two cases where the Trump campaign made poor judgments. One was the controversial June 2016 Trump Tower meeting in which Donald Trump Jr.Don John TrumpWatchdog to weigh probe of Trump administration advancements of Pebble Mine Trump pledges to look at 'both sides' on Pebble Mine Twitter limits Donald Trump Jr.'s account after sharing coronavirus disinformation MORE and other top Trump campaign aides met with a Russian lawyer after being promised dirt on Clinton's campaign. The other noted incident is the Trump campaign's "periodic praise for and communications with Wikileaks -- a hostile foreign organization -- to be highly objectionable and inconsistent with U.S. national security interests." The report says the Clinton campaign and the Democratic National Committee (DNC) used poor judgment when they hired the opposition firm Fusion GPS to conduct opposition research on Trump.

To read more from our coverage, click here. To read the full report, click here.


--FACEBOOK EXPECTS MORE MISUSE OF DATA: Facebook warned investors Thursday that it expects to find more instances of third parties improperly obtaining user data in ways similar to the Cambridge Analytica scandal. In a filing with the Securities and Exchange Commission (SEC) on Thursday, the social network said that it's auditing third-party handling of data following media reports about the Cambridge Analytica leak.

"As a result of these efforts we anticipate that we will discover and announce additional incidents of misuse of user data or other undesirable activity by third parties," Facebook said in the filing. "Such incidents and activities may include the use of user data in a manner inconsistent with our terms or policies, the existence of false or undesirable user accounts, election interference, improper ad purchases, activities that threaten people's safety on- or offline, or instances of spamming, scraping, or spreading misinformation."

Despite the warning, Facebook stock soared this week after it posted a strong first quarter, reporting a 50 percent boost in revenue over the previous year. The numbers show that advertisers are sticking by the platform despite the scandal. Still, the company is facing new scrutiny from regulators around the world.

To read more from our piece, click here. 



The National Institute of Standards and Technology (NIST) at the Commerce Department posted notice of two new projects for countering threats from ransomware.

NIST's National Cybersecurity Center of Excellence posted a notice on the Federal Register discussing the two initiatives, inviting technology vendors to participate in them.

Both projects will use open-source technologies available on the market to develop methods aimed at countering ransomware threats.

The first project, called the Identifying and Protecting Assets Against Ransomware and Other Destructive Events, will focus on developing technology methods to identify assets that could fall victim to ransomware attacks and protect them against such attacks.

The second, called the Detecting and Responding to Ransomware and other Destructive Events, aims to develop methods to deal with ransomware attacks that do occur--to detect the ransomware and mitigate and contain damage from the attack.

NIST is encouraging private technology vendors to participate in the collaboration.



MORE EMAIL SECURITY RESEARCH: New research indicates that the vast majority of federal information technology contractors have not implemented an email security tool that helps protect users from phishing attacks.

According to a survey released this week by the Global Cyber Alliance, only one of the 50 top federal IT contractors for the federal government is using the anti-phishing tool at its strongest setting, known as the Domain-based Message Authentication, Reporting, and Conformance (DMARC).

The Department of Homeland Security (DHS) last year mandated that federal agencies and departments operating .gov domains implement DMARC in order to crack down on fraudulent messages. The directive does not apply to federal contractors.

When adopted, DMARC allows organizations to report emails that fail authentication tests and potentially block them from entering a recipient's inbox, if the strongest setting is enabled.

Twenty-one of the federal contractors reviewed by the Global Cyber Alliance have implemented DMARC on the weakest setting, meaning that no action is being taken to block the fraudulent emails. or quarantine them to a recipient's spam folder.

Homeland Security gave agencies and departments until mid-January to begin using the tool, though some appear to have missed that deadline. A study released Thursday by Valimail found that 68 percent of federal government agencies had implemented DMARC.



Rough week? How about some bitcoin yoga. (Motherboard)



NSA DIRECTOR: Congress might be out of town next week, but there will still be plenty of cybersecurity action in and around Washington.

On Friday, May 4, Pentagon officials will host a ceremony at which Lt. Gen. Paul Nakasone will officially take over leadership of the National Security Agency and U.S. Cyber Command from Adm. Mike RogersMichael (Mike) Dennis RogersHillicon Valley: Tech CEOs brace for House grilling | Senate GOP faces backlash over election funds | Twitter limits Trump Jr.'s account The Hill's Coronavirus Report: INOVIO R&D Chief Kate Broderick 'completely confident' world will develop a safe and effective COVID-19 vaccine; GOP boxed in on virus negotiations The Hill's 12:30 Report - Presented by Facebook - Barr's showdown with House Democrats MORE.

Nakasone was confirmed by the Senate to serve in the dual-hat role of NSA director and commander of Cyber Command on Tuesday. Nakasone most recently headed the Army's cyber warfare unit and IS widely cheered by current and former officials for his experience.

The event will take place at Fort Meade, according to a media advisory, and also mark the official elevation of Cyber Command--a change that President Trump authorized last August.

To read more about Nakasone, click here.



Links from our blog, The Hill, and around the Web.

Judge tosses Manafort lawsuit challenging Mueller's authority. (The Hill)

Trump: Russia probe 'MUST END NOW!' (The Hill)

New cyber provisions under consideration for next defense policy bill. (FCW)

Google, Microsoft press Georgia's governor to veto active cyber defense bill. (WXIA-TV)

Service members bid farewell to NSA Director Adm. Mike Rogers with a run. (NSA)

Tech companies battle over military cloud contract. (NextGov)

Amazon is hiking Prime prices. (Recode)

If you'd like to receive our newsletter in your inbox, please sign up here.