411 on the 702 – POLITICO | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

With help from Maggie Miller

It’s been a couple months in the making, but the House Intel committee is about to get a taste of the Trump-Russia investigation. And there could be some discussion of Section 702 surveillance powers set to sunset at year-end.

HAPPY TUESDAY, and welcome to Morning Cybersecurity! We at MC hope you had a restful long weekend. I hate to break it to you (and to myself) but now we’re back to business.

Got tips, feedback or other commentary? Send them to Joseph at [email protected]. You can also follow @POLITICOPro and @MorningCybersec on Twitter. Full team contact info is below.

The House Select Intelligence Committee is holding a closed-door hearing on the FBI’s Trump-Russia investigation with former special counsel John Durham. 3 p.m.

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

SPYING UNDER CROSSFIRE — Former special counsel John Durham will appear in front of both the House Select Intelligence and House Judiciary committees today to discuss his scathing, five-year-in-the-making report into the investigation into Trump’s 2016 campaign ties to Russian agents. And lawmakers may find the opportunity during the closed-door meeting to bring up the much-debated Section 702.

— In his own words: While Durham doesn’t explicitly mention Section 702 — which allows the government to snoop on electronic communications of foreigners but has also been misused by the FBI for domestic surveillance — in his 300-plus page report, there’s certainly reference to it with pressing implications.

The report says it “considered but did not include proposals that would curtail the scope or reach of FISA or the FBI’s investigative activities … in a time of aggressive and hostile terrorist groups and foreign powers.”

— The 702 Trump ties: Durham’s conclusion that the FBI bungled the Trump-Russia probe is causing both law enforcement and the intelligence communities to hold their collective breath in anticipation of lawmakers deciding how hard they need to knock on 702’s door. The report reignited suspicion on the Republican side that the FBI is politically motivated, leading the agency to stress in its own response that all the senior executives involved in the investigation “have left the FBI as the result of termination, resignation or retirement.”

And as John reported last week, lawmakers aren’t likely to re-up 702 without substantial reforms.

— A gift and a curse: The White House has been pushing to convince lawmakers to renew 702 with very minimal changes come December in the name of national security. One example the administration points to is its key role in identifying the hacking group behind the 2021 Colonial Pipeline ransomware attack.

Still, it’s going to take a lot more than that to convince lawmakers on both sides of the aisle who aren’t too pleased with the other examples of overreach to keep it as is.

“I think the full committee is exactly on the same page of ‘let’s reauthorize but with meaningful reforms,’” ranking member Jim Himes (D-Conn.) told Morning Cyber. “And I haven’t heard anybody say we should reauthorize without reform.”

TRAINING UP THE CYBER CORPS — Cyber diplomats wrapped up several days of training in Estonia last week in an exercise aimed at upping cyber expertise and cooperation globally.

The fourth Tallinn Cyber Summer School took place across five days and involved 60 diplomats from 43 countries across Latin America, Asia, Africa and other regions.

The all-star caliber program also featured Christopher Painter, a former State Department cyber ambassador under the Trump and Obama administrations.

“Cyberspace is not just a technical realm but is a geopolitical one involving national security, economic policy and, ultimately, diplomacy,” Painter said. “It’s amazing to see how much this area has grown in just over 10 years and the Tallinn school is a great introduction.”

— People all over the world: Tanel Sepp, Estonia’s ambassador at large for cyber diplomacy whose office hosted the event, told Maggie. “The intention was really to bring together rather junior diplomats who are dealing with cyber issues” and provide knowledge to help with their countries’ cyber defense.

— Hot topics: The raison d’être of the school ranged from the war in Ukraine and how cyberattacks endanger human rights to attributing cyberattacks to the government.


BIDEN IN THE GOLDEN STATE — If a tech bubble bursts in San Francisco but no one is around to hear it, did it really make a sound? That’s a question President Joe Biden is not looking to answer, as he wrangles a number of tech-bros and girls to discuss the opportunities and risks rooted in AI regulation in sunny California later today.

Topics will also include the impacts on jobs, education, children, and bias and prejudice.

“Generative AI tools have increased significantly in the past several months and we don’t want to solve yesterday’s problem,” the White House said in a statement.

The roundtable of experts will include Sal Khan, Tristan Harris, Fei-Fei Li, Rob Reich and others.

When in San Francisco, am I right?

CYBER SCHOOL — Class is soon to be in session for ArmyCyber, which signed its first-ever educational partnership with Dakota State University to train budding professionals in the art of cybersecurity.

The five-year plan is set to launch today as part of the Pentagon’s effort to meet demand within a national security scene rife with rising digital threats. A 2022 Government Accountability Office report found that military personnel would leave soon after completing cybersecurity training, which may take a year and costs DOD “hundreds of thousands of dollars.”

It’s also a way for students to see themselves in civilian roles within the military, as well as “on the front lines with jobs that haven’t been created yet,” DSU president José-Marie Griffiths said.

— Congressional support: Ranking member of the Senate Armed Services subcommittee on cybersecurity Mike Rounds (R-S.D.) and Rep. Dusty Johnson (R-S.D.) attended the on-campus event in Madison, S.D., on Monday alongside Gov. Kristi Noem and U.S. Army Cyber Command’s Lt. Gen. Maria Barrett.

MALWARE IN EAST ASIA — Remote workers should be aware of a new sophisticated custom malware sweeping through East Asia seen for the first time in the open.

— Complex code: A new report by Bitdefender is dubbing the custom-developed virus “RDStealer” as it monitors and infects Remote Desktop Protocol clients through a DLL sideloading implant. It’s written in the Go programming language, meaning it can subdue operating systems across the spectrum. The malware is so elaborate the level of disguise “surpasses anything witnessed thus far,” the report reads.

— The details: The attacks are primarily honing in on stealing credentials, private keys, certificates and other sensitive data. The culprits haven’t yet been identified but are behaving in a similar manner to state-sponsored, China-based threat actors.

The research points to the threat actor being active since 2020, but transitioning to custom-developed attacks in late 2021 or early 2022. It’s also a part of a growing trend by hackers to transition toward custom malware as an evasive maneuver to avoid detection.

OT:ICEFALL FINALE — Forescout Vedere Labs is wrapping up its yearlong project looking at design vulnerabilities in operational technology with a closing report today that blames many of the issues they’ve encountered on vendors of the technology not implementing designs that would build security into the systems.

The price of admission.

ON TWITTER FIRST — A zero-day vulnerability in the MOVEit hack was exposed on Twitter on June 15, reports Bloomberg’s Katrina Manson.

API ROLLBACK FOR DATA — The BlackCat hacking group is said to have stolen 80GB of data from Reddit, and is demanding a rollback of planned API pricing and a $4.5 million payout for the data. Get the details from Mia Sato’s piece in The Verge.

RANSOMWARE KILLS — When a ransomware attack hits just one hospital, its network of nearby medical providers can be compromised as well. Listen to this report by NPR cybersecurity reporter Jenna McLaughlin on a new study out of the University of California San Diego.


Click Here For The Original Source.

National Cyber Security