With help from Eric Geller, Mary Lee and Martin Matishak
Editor’s Note: This edition of Morning Cybersecurity is published weekdays at 10 a.m. POLITICO Pro Cybersecurity subscribers hold exclusive early access to the newsletter each morning at 6 a.m. Learn more about POLITICO Pro’s comprehensive policy intelligence coverage, policy tools and services at www.politicopro.com.
Story Continued Below
— The alleged Saudi hack of Amazon owner Jeff Bezos took over the cyber world Wednesday, but that doesn’t mean every question got answered.
— Defending Digital Campaigns is significantly expanding its partnerships in an effort to aid 2020 candidates and parties.
— All signs suggest that the Trump administration is gearing up for a major battle with Apple over encryption, and the political climate may be in the government’s favor.
HAPPY THURSDAY and welcome to Morning Cybersecurity! With all the (oft-deserved) mixed responses to Star Wars stories of late, it’s good to get excited about the next installment of a series with a pretty unimpeachable record. Send your thoughts, feedback and especially tips to email@example.com. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
BEZOS DAY — A statement on Wednesday from U.N. human rights experts about the Saudi crown prince’s possible involvement in the hacking of Bezos, as well as a call for further U.S. investigation, triggered an explosion of reaction, analysis, speculation, questions and deeper reporting. It was kind of a big deal.
— What it is, and what it isn’t: Contrary to some news accounts, this wasn’t a U.N. report but a response to a report led by FTI Consulting, commissioned by Bezos’ chosen security consultant. Motherboard obtained said report and did some breakdowns of the wonderland of technical details about how the hack happened, and the evidence that led to the Saudis. That includes what evidence was missing, and one of the reporters on the story, frequent POLITICO contributor Kim Zetter, raised a tantalizing question about whether Crown Prince Mohammed bin Salman might have been hacked himself.
David Kaye, U.N. special rapporteur on freedom of expression who was involved in the initial statement, pointed to the idea that that this was most importantly a story about how governments can use spyware for blackmail and other nefarious purposes. The Committee to Protect Journalists reacted with alarm at the notion that the Saudis used spyware in a bid to silence The Washington Post, which is owned by Bezos. Besides the Motherboard story, this Wall Street Journal account provides a big helping of other vital information.
— The official response (or, mostly, non-response): Amazon didn’t answer requests for comment. An attorney for Bezos said he was cooperating with investigations. Bezos subtweeted the whole thing. DOJ declined to comment to MC on whether it was investigating, although the Journal reported the FBI was still probing the phone hack. FTI Consulting wouldn’t confirm anything. Saudi Arabia issued a fresh denial during a Reuters video interview that the foreign ministry posted on Twitter.
DDC GOES XXL — The nonprofit Defending Digital Campaigns is announcing today that it has more than doubled the number of companies participating in its work to offer free- and low-cost cybersecurity tools to 2020 candidates and parties. The organization, led and founded by the former presidential campaign managers for Hillary Clinton and Mitt Romney as well as former top NSA and DHS officials, will now include partnerships with Altitude Networks, Atlantic Data Forensics, BlueVoyant, Cloudflare, Cofense, Kryptowire, Microsoft, Rumble, TruSTAR and Yubico.
Those companies offer services like cloud security, incident response, phishing defenses, mobile app security and security keys for two-factor authentication. They join existing partners Agari, Area 1 Security, Cybrary, Elevate Security, GRA Quantum, Lookout and Wickr. The Federal Election Commission ruled last year that DDC could offer services to political campaigns and party organizations.
ENCRYPTION FIGHT ROUND 2 — It seems clearer by the day that the Trump administration is preparing for a legal or legislative fight over encryption, Eric reported. President Donald Trump bashed Apple again on Wednesday in Davos, Switzerland, after Attorney General William Barr complained last week about encryption hurting investigations. Eric points out the political landscape has shifted since the Obama administration battled Apple over encryption, with frequent bipartisan complaints about Big Tech potentially aiding Barr’s fight. His rhetoric is “probably a prelude to more litigation,” Stewart Baker, a former NSA general counsel, said. “He wants to make sure he’s making DOJ’s case in public, not just in court.”
YOU’VE GOT MAIL? — A command-and-control server tied to commodity malware popular with Iranian hackers exchanged data with a “European energy sector organization” between November 2019 and early January, the cybersecurity firm Recorded Future said in a report published today. The company couldn’t confirm a compromise but said it was “likely” given “the high volume and repeated communications.” Recorded Future also couldn’t confirm that Iran was behind the operation, because the remote access trojan in question, dubbed “PupyRAT,” is publicly available on GitHub. However, two Iran-linked groups have used the tool in the past.
“The targeting of a mail server at a high-value critical infrastructure organization could give an adversary access to sensitive information on energy allocation and resourcing in Europe,” said Recorded Future researchers. The company noted that Iranian hackers have increasingly shifted their attention to industrial control systems to undermine rivals. Researchers further emphasized that the activity predated “the recent escalation of kinetic activity between the U.S. and Iran.”
LET’S GO PHISH — Nearly 90 percent of global organizations surveyed were targeted by hackers with business email compromise and spearphishing attacks, according to a Proofpoint report out today. More than 60 percent of U.S. organizations experienced at least one successful phishing attack last year. The survey found one-third of global organizations infected with ransomware last year chose to pay the ransom, but of those who negotiated, 22 percent failed to access their data even after payment. One sad finding: Less than half of U.S. workers correctly identified the definition of phishing and only 19 percent identified vishing, or voice phishing.
CMMC WHAT NOW? — Fewer than one-quarter of DoD contractors surveyed could identify the acronym of a rapidly developing set of cybersecurity standards that will govern them, according to a poll out today from Tier 1 Cyber. The Cybersecurity Maturity Model Certification, announced last summer, will begin requiring DoD contractor compliance this year. The broader survey of 150 total government contractors also found a disconnect between the importance of cybersecurity, the inevitability of damaging attacks and how they’re addressing risks.
WEF CAN’T STOP, WON’T STOP — The World Economic Forum today released four key principles that internet service providers should adopt to prevent cybercrime, based on recommendations from ISPs and other organizations that provide or support online communications. The principles are: protecting consumers by default and collaborating with peers on known threats; raising threat awareness and supporting consumers in defending themselves; working with hardware, software and infrastructure vendors and manufacturers on minimum security levels; and shoring up routing and signalling security. BT, Deutsche Telekom, Du Telecom, Europol, Global Cyber Alliance, Internet Society, Korea Telecom, Proximus, Saudi Telcom, Singtel, Telstra and ITU endorsed the principles.
HELP NOT REALLY WANTED — The FBI and DHS this week issued alerts warning about phony jobs and hiring scams. “Cyber criminals posing as legitimate employers spoof company websites and post fake job openings to lure victims … conduct fake interviews and even offer positions to victims before requesting [personally identifiable information] such as Social Security numbers and bank account information,” according to DHS.
ACCORD — U.S. cyber officials met on Wednesday with French counterparts for the third Cyber Dialogue between the nations, where they discussed 5G security, enhancing cybersecurity capabilities and more. “Both countries reaffirmed their support for a framework of responsible state behavior in cyberspace, based on the applicability of existing international law, adherence to non-binding peacetime norms of state behavior, and implementation of practical confidence building measures,” according to a State Department media readout. Robert Strayer, deputy assistant secretary for cyber and international communications and information policy, led a delegation with representatives from Commerce, DoD, DHS, DOJ and State.
TWEET OF THE DAY — You can never be too safe.
RECENTLY ON PRO CYBERSECURITY — “How a Russian disinfo op got Trump impeached.” … European Internal Market Commissioner Thierry Breton discounted the idea that security measures would delay the 5G rollout because Europe has its own suppliers. … European cybersecurity experts are convening a group to examine health care defenses against hackers.
— A Seattle-area district is set to allow smartphone voting for all. NPR
— The Secret Service has selected a group of private-sector advisers on cybercrime. CyberScoop
— The U.S. Merit System Protection Board said an excessively “rigid” pay system has undercut the Federal Cyber Reskilling Academy. FedScoop
— Glenn Greenwald discussed the hacking-related charges against him in Brazil. The Washington Post
— Treasury is seeking expanded powers to collect data on financial institutions’ cybersecurity. Nextgov
— Google researchers found flaws in Apple’s Safari internet browser that allowed users’ behavior to be tracked, according to the Financial Times.
— U.S. police arrested another Methbot suspect. CyberScoop
That’s all for today.
Stay in touch with the whole team: Mike Farrell (firstname.lastname@example.org, @mikebfarrell); Eric Geller (email@example.com, @ericgeller); Mary Lee (firstname.lastname@example.org, @maryjylee) Martin Matishak (email@example.com, @martinmatishak) and Tim Starks (firstname.lastname@example.org, @timstarks).