Hunting for hackers who make political donations

With help from Eric Geller and Martin Matishak

DELIVERING CYBER CAMPAIGN CASH — Hillary Clinton’s presidential campaign is holding a fundraiser at the Black Hat hacker conference this week in Las Vegas, amid an intense focus on how hackers are affecting the 2016 campaign. For anywhere from $100 to $2,700, donors can mingle on Wednesday with Michael Sulmeyer, a former top Defense Department cyber official who now heads the Harvard Kennedy School’s Belfer Center Cyber Security project ( identified as the Clinton Campaign’s cybersecurity working group coordinator); former Homeland Security Department official Jake Braun (now CEO of Cambridge Global); and Black Hat founder Jeff Moss. Clinton’s cyber/tech platform has been greeted with a mix of praise and condemnation.


— SOME READER-SELECTED CON HIGHLIGHTS: Readers shared with us some of their picks for best sessions at Black Hat and DEF CON this week, per MC’s request Monday. One of them: a session with FTC Commissioner Terrell McSweeny and FTC Chief Technologist Lorrie Cranor, where they’ll announce more specific guidance on research about making cyberspace safer for consumers. Another session asks the question, “Does the thought of nuclear war wiping out your data keep you up at night?” (Hat tip to Greg Norcie, staff technologist for the Center for Democracy and Technology, who is giving his own presentation.) And the Atlantic Council’s Beau Woods couldn’t pick just one. Woods — who is running a track on the “I Am the Cavalry” cyber safety outreach project in Vegas this week at BSides — offered numerous picks for Black Hat, DEF CON and BSides. We heard some other suggestions, too, that we might share as the week continues.

HAPPY TUESDAY and welcome to Morning Cybersecurity! Enjoy some #BadDefConAdvice. We sure did. Send thoughts, feedback and especially your tips to [email protected], and be sure to follow @timstarks, @POLITICOPro and @MorningCybersec. Full team info below.

GOODNIGHT, SWEET NIGERIAN PRINCE — Interpol and Nigerian authorities Monday arrested the head of a global internet crime ring that is allegedly responsible for more than $60 million in cyber scams. The unnamed crime boss, who led a group of more than 40 people in three countries, favored two schemes. One was spoofing corporate CEOs’ emails to generate fraudulent wire transfers. The other was intercepting suppliers’ emails to generate fake payment instructions. “The public, and especially businesses, need to be alert to this type of cyber-enabled fraud,” said Noboru Nakatani, the executive director of Interpol’s Global Complex for Innovation, in a statement.

JUST LIKE THAT SCENE FROM ‘THE AMERICANS’ — A China-born FBI employee who gave Beijing sensitive U.S. government information pleaded guilty on Monday to a charge of illegally acting as an agent of a foreign power. Kun Shan Chun, a 46-year-old naturalized U.S. citizen, “took photos of documents displayed in a restricted area of the FBI’s New York Field Office, which summarized sensitive details regarding multiple surveillance technologies used by the FBI,” according to a Justice Department statement. He admitted to an undercover FBI agent that he had transmitted the photos to a contact working for a Chinese government-backed company. Chun faces up to 10 years in prison.

THE MORE THE MERRIER — The Pentagon has updated the charter of its Defense Innovation Advisory Board, boosting the number of panelists from 15 to 20 and adding three non-voting members — as well as axing “Advisory” from its name. The recent Federal Register notice detailing the changes says the ex-officio members will come from long-standing DoD panels, like the Defense Business Board and the Defense Policy Board. Defense Secretary Ash Carter last week announced a number of additions to the innovation panel — which he stood up earlier this year and is helmed by Alphabet Executive Chairman Eric Schmidt — including Amazon founder Jeff Bezos and astrophysicist Neil deGrasse Tyson.

RAYTHEON’S GOT A NEW SOUTHERN CYBER HUB — Raytheon opened a new installation in Augusta, Ga., in a bid to deliver a spectrum of cybersecurity capabilities to the Pentagon, the company announced Monday. Raytheon hopes the new site will work closely with U.S. Army Cyber Command once it relocates to Fort Gordon — which is in Augusta — and joins some of the service’s other digital institutions in the area, like the Cyber Center of Excellence. The firm said it wants to provide services for the 3,700 military, civilian and contractor jobs the Army projects it will add to Fort Gordon's workforce by 2019.

IN SOVIET RUSSIA, ENCRYPTION … DOESN’T WORK ANYMORE? — A Russian intelligence agency has apparently figured out a way to vacuum up cryptographic keys and break people’s encrypted communications. In a little-noticed statement released last week, the Federal Security Service, or FSB, confirmed that it had met a new surveillance law’s deadline for foiling encryption used within the country. It’s unclear whether FSB spies have discovered heretofore unknown flaws in the algorithms powering apps such as Telegram, Viber, WhatsApp, and Signal, or whether they received help from the companies. The latter seems unlikely, but so does discovering a new bug in a product like Signal, whose end-to-end encryption has won praise from cryptographers for being essentially unbreakable. The FSB may simply be claiming partial, rather than universal, encryption-breaking success.

200 MILLION YAHOO CREDENTIALS FOR SALE (MAYBE) — The same hacker affiliated with selling mass credentials for LinkedIn and MySpace has placed 200 million Yahoo credentials on the dark web for sale, Motherboard reports. But Yahoo isn’t confirming that it’s legitimate, only that it’s aware of the claim and sharing its security measures with the publication. It’s worth noting that the last time someone claimed to be selling hundreds of millions of email credentials for Yahoo, Microsoft, Google and others, most of the evidence suggested it was bogus.

RECENTLY ON PRO CYBERSECURITY — The FBI rejected a Senate Homeland Security Committee request for a briefing on the Democratic National Committee hack and the panel wants the bureau to reconsider. … Two more cybersecurity firms tied the Democratic Congressional Campaign Committee breach to a Russian intelligence-affiliated hacker group. … Privacy Shield is a go.

REPORT WATCH

— A review of the top 20 U.S. commercial banks found that 19 of them had a network security grade of “C” or below, according to a new SecurityScorecard report out today. Three-quarters of them are infected with some kind of malware, the ratings company concluded. The report is part of a broader examination of the financial services sector; SecurityScorecard reviewed more than 7,000 companies in all. “Legacy systems continue to provide challenges to cybersecurity,” the report says. “As banks continue to grow through acquisition, legacy systems from the acquired organization — and the vulnerabilities that come with them — can remain in place for years.”

QUICK BYTES

— “CIA Cyber Official Sees Data Flood as Both Godsend and Danger.” Bloomberg.

— Yup, the CEO of Niantic, developer of Pokemon Go, joins the list of tech leaders whose Twitter accounts were hacked by OurMine. CNET.

— As part of an effort to phase out passwords, Barclays is identifying customers via voice recognition. SC Magazine.

— Users of a Disney forum were alerted that hackers might now have some of their personal information. Infosecurity Magazine.

That’s all for today. “ You can make new friends by letting people use your laptop's USB port to charge their phones. Outlets are in short supply.”

Stay in touch with the whole team: Cory Bennett ([email protected], @Cory_Bennett); Bryan Bender ([email protected], @BryanDBender); Eric Geller ([email protected], @ericgeller); Martin Matishak ([email protected], @martinmatishak) and Tim Starks ([email protected], @timstarks).

Follow us on Twitter Heidi Vogt @HeidiVogt



Eric Geller @ericgeller



Martin Matishak @martinmatishak



Tim Starks @timstarks