The DNC hack takes a turn

With help from Cory Bennett, Eric Geller and Martin Matishak

AS THE DNC HACK TURNS — The person who wants credit for having infiltrated Democratic National Committee servers has dumped the apparent DNC opposition research on Donald Trump on the web. With the dump, the apparent hacker made a number of bold claims that could have ripples beyond just this hack. For starters, the hacker bragged about gaining access to documents from the State Department computer of Hillary Clinton, which would be a monumental development, if true. (The State Department did not respond to requests for comment.) The hacker also posted alleged financial information about DNC donors. Stories such as this are often unreliable (especially when the alleged hacker in question is devoted to taking down the “illuminati”), so a grain of salt is necessary.


Speaking of: Trump alleged that the DNC hacked itself, without any evidence whatsoever. He argued that the DNC’s motive was to distract the public from Clinton’s own private email server controversy.

— WHO’S TO BLAME: Another bit of doubt is about the hackers responsible. "I notice that my friend Dmitri Alperovitch of CrowdStrike is now publicly attributing this information theft to Russian intelligence, but our best guess is that the second (and apparently less skillful) of the two intruders was not Russian intelligence,” Scott Borg, head of the U.S. Cyber Consequences Unit, told MC. “We are also uncertain about the first group, but Dmitri has better information." The hacker claiming credit taunted CrowdStrike for claiming the attack was “sophisticated.”

CrowdStrike’s official statement: “CrowdStrike stands fully by its analysis and findings identifying two separate Russian intelligence-affiliated adversaries present in the DNC network in May 2016. On June 15, 2016, a blog post to a Wordpress site authored by an individual using the moniker Guccifer 2.0 claim[ed] credit for breaching the Democratic National Committee. This blog post presents documents alleged to have originated from the DNC. Whether or not this posting is part of a Russian Intelligence disinformation campaign, we are exploring the documents’ authenticity and origin. Regardless, these claims do nothing to lessen our findings relating to the Russian government’s involvement, portions of which we have documented for the public and the greater security community.”

— MORE INDUSTRY PERSPECTIVE: Assuming the partly-Crowdstrike-blamed Russian hacking group Cozy Bear is behind the hack: “I think, first of all, they’re using techniques that are working,” said Anup Ghosh, founder and CEO of Invincea, who noted his company worked with the FBI to avert an attack from the group on a large health insurance company. (Those techniques include “file-less malware,” as in, not dropping a program onto a machine that could be picked up by anti-virus software.) Another insight, from Neill Feather, president of Sitelock: “I'd say it's a little surprising that this type of intrusion is starting so early in candidacies. It shows the sophistication and planning that goes into these hacking efforts.”

HAPPY THURSDAY and welcome to Morning Cybersecurity! You don’t see REPORTERS walk out of interviews very often. Your MC host has had the urge before, to be sure, but unless I’m missing something, the ruling here is “advantage, ‘Warcraft’ director.’” Send thoughts, feedback and especially your tips to [email protected] and follow @timstarks, @POLITICOPro and @MorningCybersec. Full team info below.

THE ENCRYPTION FIGHT IS BACK — As soon as today, the House could vote on an amendment that would block the government from mandating encryption backdoors or conducting searches of information collected under the Foreign Intelligence Surveillance Act for information about U.S. citizens without getting a warrant first. The amendment has been adopted overwhelmingly in previous years (and then was stripped during Senate negotiations), but opponents this time around are raising the specter of the Orlando shooting.

“If this amendment were enacted, the Intelligence Community would not be able to look through information lawfully collected under FISA Section 702 to see if Omar Siddiqui Mateen, the Orlando nightclub attacker, was in contact with any terrorist groups outside the United States,” Reps. Devin Nunes and Lynn Westmoreland wrote in a letter to colleagues about the amendment sponsored by Reps. Tom Massie and Zoe Lofgren.

Lofgren took issue with that in a statement: “Nothing in the Massie-Lofgren amendment would prevent the Intelligence Community from querying their database for Omar Mateen’s online communications collected under Section 702 – or under any other FISA authority for that matter. The Massie-Lofgren amendment merely requires a warrant be obtained to search a U.S. person’s online communications.”

The fight spilled onto the floor Wednesday night during debate. “Sunday’s deadly attack proves once again that the terror threat has not dissipated,” said House Judiciary Chairman Bob Goodlatte, arguing against the amendment. Rep. Ted Poe, a co-sponsor of the amendment, responded, “fear tactics, I’m sorry, on the other side, don’t change the facts.”

— ELSEWHERE ON DEFENSE SPENDING: Another amendment to the defense bill would add $5 million to a scholarship program for military cyber personnel. The amendment, from Rep. Pete Aguilar, would bolster the Information Assurance Scholarship Program, which is seen as an important part of the military’s effort to retain highly skilled cyber warriors who often leave the government to pursue higher-paying jobs in the private sector.

CIA CHIEF OUT IN THE OPEN — CIA Director John Brennan is set to testify during an open hearing of the Senate Intelligence Committee today. In his brief testimony, the nation’s top spy walks lawmakers through a range of threats including “the cyber domain, where states and sub-national actors are threatening financial systems, transportation networks, and organizations of every stripe, inside government and out.” He pays special heed to ISIL’s “expansive propaganda machine,” including online where the group “primarily uses Twitter, Telegram, and Tumblr, and it relies on a global network of sympathizers to further spread its messages.”

GOT SIX BUCKS? WANNA BUY A SERVER? — An underground hackers’ market features an inventory of more than 70,000 servers for sale for as low as $6, according to new analysis from Kaspersky Lab. The massive xDedic marketplace offers servers from 173 countries that once belonged to governments and corporations, as well as servers with access to certain web services, like gambling. Other devices available for sale come with pre-installed software that can facilitate a malicious digital attack, the examination found. “The ultimate victims are not just the consumers or organizations targeted in an attack, but also the unsuspecting owners of the servers: they are likely to be completely unaware that their servers are being hijacked again and again for different attacks, all conducted right under their nose,” said Costin Raiu, director of the Lab’s Global Research and Analysis Team.

TEST-DRIVING CISA — A House Homeland Security subcommittee heard on Wednesday that last year’s information sharing law is just the newest potentially confusing method of swapping cybersecurity data that small businesses have little capacity to navigate. Ola Sage, founder and CEO of cyber firm e-management, which works with small businesses, said the law makes little mention of small businesses, which already have less time and fewer resources to figure out how to juggle the various outlets for info exchanges, including the information sharing and analysis organizations, or ISAOs, and the National Cybersecurity & Communications Integration Center. Rep. Loretta Sanchez said she was “discouraged” by Sage’s testimony, but Sage suggested a solution: “In our world, it’s all about simplification.” And Matthew Eggers, executive director of cybersecurity policy for the U.S. Chamber of Commerce, said his business group was touring the country trying to help smaller firms understand the new law.

Another witness, USTelecom’s John Mayer, said the new law conflicts with an FCC broadband privacy rule in the works, which could give companies pause. And Rep. Jim Langevin said of the news that ISACs aren’t yet signing up: “I find that troubling.” But most of the witnesses and lawmakers said there were good signs of progress, and that it was early still. “With only six months since its passage, industry relayed a sense of confidence that [the Department of Homeland Security] is making positive strides in implementation and has so far met its obligations,” said Rep. John Ratcliffe, who chaired the hearing. “While there may only be a few dozen companies participating in the automated component of the DHS portal, several panelists expressed that more will participate as companies have time to review final guidance and confidence in the program grows.”

— CISA DOCUMENTS HIT THE STREET: Final guidelines on sharing threat indicators and privacy, jointly developed by DHS and the Justice Department, came out Wednesday on deadline. One significant change from the interim guidelines, according to Akin Gump’s David Turetsky: It specifies that liability protections under law would extend both to companies sharing with the government, and with each other. “I think it’s helpful,” said Turetsky, who co-heads the law firm’s cybersecurity practice. “There was some confusion” from industry about the executive branch’s guidelines, although the intent of lawmakers was clear, he added. “Over time as we see more clarity, simplicity and predictability for companies respecting the liability protection mechanisms of sharing, more will engage in it,” Turetsky told MC.

— SEASON OF INFORMATION SHARING: A bill to encourage DHS to share more cyber threat data with state, local and private-sector partners is on the schedule for a House Homeland Security subcommittee markup today. Rep. Dan Donovan’s bill, the Cyber Preparedness Act of 2016, would add “cybersecurity risk information” to the list of data that DHS shares with so-called fusion centers, or regional hubs that collect threat-related information. It would also extend DHS grant funding to "enhancing cybersecurity, including preparing for and responding to cybersecurity risks and incidents."

FERIZI PLEADS… — A 20-year-old hacker who stole 1,300 civilian and military employees’ personal information pleaded guilty on Wednesday to two charges in a case that Assistant Attorney General for National Security John Carlin called “the first of its kind” because it combined hacking and terrorism. Ardit Ferizi was charged with providing material support to ISIL and gaining unauthorized access to a protected computer. He hacked the company holding the data — which U.S. officials stressed was unclassified and largely already public — in June 2015 and then sent the database to an ISIL-affiliated hacker who publicly shared it in August. The two charges could land Ferizi in prison for up to 25 years.

QUICK BYTES

— The Pentagon has launched an ISIL-focused cyberspace task force. Voice of America.

— A Chinese cyber espionage group that might have ties to the government has been trying to profit from hacking in a number of countries, including the United States, according to a firm. Security Week.

— “Law Enforcement Contacts Gay Hookup App Regarding Orlando Shooter.” BuzzFeed.

— “Orlando shooter posted messages on Facebook pledging allegiance to the leader of ISIS and vowing more attacks.” The Washington Post.

— Gartner identified the top 10 infosec technology trends of 2016. Infosecurity Magazine.

— The FBI issued a warning about business email scams. NBC.

— The cyber jihad is going down, says the Institute for Critical Infrastructure Technology. CNBC.

— The outgoing State Department chief information security officer warned of “security fatigue.” FedScoop.

— “Flaw Allowed Hackers to Steal Emails From Verizon Users.” Security Week.

That’s all for today. This is moving in the right direction: LEEROY JENKINS!

Stay in touch with the whole team: Cory Bennett ([email protected], @Cory_Bennett); Bryan Bender ([email protected], @BryanDBender); Eric Geller ([email protected].com, @ericgeller); Martin Matishak ([email protected], @martinmatishak) and Tim Starks ([email protected], @timstarks).

Follow us on Twitter Heidi Vogt @HeidiVogt



Eric Geller @ericgeller



Martin Matishak @martinmatishak



Tim Starks @timstarks