The hits keep coming for NSA’s hacking team

With help from Eric Geller and Martin Matishak

NSA HACKING TOOLS EXPOSED AGAIN? — The news that a Booz Allen Hamilton employee and NSA contractor was charged with stealing classified information is the latest hit for an agency that has taken several on the hacking front. “NSA hackers could have years of rebuilding ahead of them after back-to-back damaging incidents that likely spilled classified surveillance tools, former federal officials and cybersecurity experts said,” Eric and Cory report. “In August, a mysterious hacker group known as ‘Shadow Brokers’ released a cache of NSA hacking weapons that were apparently secret up until that point. That same month, the FBI arrested a Booz Allen NSA contractor who reportedly stole computer code developed to crack into foreign governments’ computer networks — an arrest that was not made public until Wednesday.”


The story continues: “It is not known if the two incidents are connected, but their combined impact, the former officials and cybersecurity experts say, could disrupt the NSA’s ability to digitally snoop for years to come — compromising the secret vulnerabilities NSA hackers are exploiting, exposing footholds the spy agency has established in networks, and alerting surveillance targets that they are being monitored.” The price tag for rebuilding these cyber weapons could also set the NSA back tens of millions of dollars, several specialists estimated. But the scale of the setback all depends on what was actually compromised in each incident, something that is still unclear. NSA head Adm. Mike Rogers, though, isn’t talking . It also isn’t happy news for Booz Allen Hamilton, which was once the home of Edward Snowden.

HAPPY THURSDAY and welcome to Morning Cybersecurity! So far, “Westworld” > “Luke Cage,” in your MC host’s humble opinion. Send your thoughts, feedback and especially tips to [email protected] , and be sure to follow @timstarks , @POLITICOPro and @MorningCybersec . Full team info is below.

CLINTON FOUNDATION WARNS DONORS ABOUT PHISHERS — Danielle Stilz, chief development officer for the Clinton Foundation, sent this notice late Wednesday evening: “It has come to our attention that some Foundation donors have received emails saying their Foundation account information has been hacked, and seeking to confirm personal information via a linked website. This email is not from the Clinton Foundation — it is a phishing attempt. We urge you not to respond to or click on the link in the email. Any legitimate email from the Foundation will come only from a clintonfoundation.org email address.”

CONTRADICTING THE YAHOO STORY, SORT OF — Yahoo on Wednesday characterized a blockbuster Reuters story about a massive government-requested email scan as “misleading”: “We narrowly interpret every government request for user data to minimize disclosure. The mail scanning described in the article does not exist on our systems.” But the company stopped short of saying the story was entirely false. The New York Times offered its own partial contradiction of the Yahoo tale, specifically that Yahoo “secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials.” The Times reported: “In fact, according to the government official and other people familiar with the matter, Yahoo was served with an individualized court order to look only for code uniquely used by the foreign terrorist organization, and it adapted the scanning systems that it already had in place to comply with that order rather than building a new capability.” It also concluded that the order came through the Foreign Intelligence Surveillance Court, and that Yahoo’s use of its technology in that manner was “rare.”

Rogers on Wednesday added that the Reuters story was “a little speculative.” Asked at a CNBC-hosted forum about whether the NSA could get an order “that would just blanket look at all emails,” Rogers answered: “That would be illegal. We don't do that, and no court would ever grant us the authority to do that. We have to make a specific case. And what the court grants is specific authority for a specific period of time for a specific purpose.”

HOW COULD YOU DO THIS? — Four committee chairmen wrote a scathing letter Wednesday to Attorney General Loretta Lynch questioning the way the FBI granted immunity to people familiar with former Secretary of State Hillary Clinton’s private email server. To aid in its investigation of the server — which ultimately led to no charges being filed — the FBI arranged immunity deals with several tech company employees and senior Clinton aides. These deals, according to documents shown to a small group of lawmakers and staffers, included an FBI promise to destroy emails belonging to the immunized individuals if they were not sent to investigators, as well as a promise to destroy the individuals’ laptops. “This is simply astonishing given the likelihood that evidence on the laptops would be of interest to congressional investigators,” wrote House Judiciary Chairman Bob Goodlatte, House Oversight Chairman Jason Chaffetz, House Intelligence Chairman Devin Nunes and Senate Judiciary Chairman Chuck Grassley. The letter requests that Lynch provide additional information about the immunity agreements by Oct. 19.

ALLEGED HACKERS HAULED IN — A couple of Illinois men were charged in federal court on Wednesday for their alleged roles in hacking groups that launched attacks on individuals and companies around the globe. The duo, both 19, stand accused of conspiring to cause damage to protected computers following an international investigation into a website known as phonebomber.net that allowed paying customers to pick victims to receive repeated harassing phone calls from spoofed numbers, according to federal documents. The two men allegedly used the online monikers "Lizard Squad" and "PoodleCorp” and helped facilitate the digital assaults. One victim received a call every hour for 30 days, and Sony’s PlayStation gaming network was among the more notable targets. The charge carries a maximum of 10 years in prison.

MAYORKAS BIDS DHS ADIEU — The deputy secretary of the Homeland Security Department, Alejandro Mayorkas, is departing the job later this month for law firm Wilmer Hale, both organizations announced Wednesday. Both his future employer and his soon-to-be-former one hailed his experience and leadership on cybersecurity at the agency. Secretary Jeh Johnson singled out his cyber work, and Wilmer Hale, in its announcement, said he would be integral to the firm’s cybersecurity efforts. In an email to DHS employees, Mayorkas bid a fond farewell: “It has been the honor of my life to work alongside you. You are an extraordinary group of individuals and public servants. Each of you gives so much to our department and to our nation. You help keep our country safe and our values and proud traditions vibrant and secure.” Senate Minority Leader Harry Reid also offered praise, saying Mayorkas “served our country dutifully and worked every day to protect the innocent and most vulnerable.”

WHO WATCHES THE WATCHMEN? — A pair of international organizations intend to deploy groups of election observers around the U.S. to watch American democracy in action. The Organization of American States is deploying poll watchers for the very first time; they will be augmented by others from the Organization for Security and Cooperation in Europe. The deployments are linked, in part, to new voter ID laws in a number of states, as well as Republican Donald Trump’s repeated accusations that this November’s election will be “rigged.” A spate of hacks on election-related targets have also raised concerns about the electoral system’s integrity. A Homeland Security Department official on Wednesday said half of all U.S. states have asked the agency for help protecting their electoral infrastructure from hackers.

YOU’RE IMPORTANT — Virginia Gov. Terry McAuliffe, the chairman of the National Governors Association, wants his fellow state officials to know that they’re a vital part of U.S. cyber defense efforts. “I know firsthand from my work in Virginia that governors and states play a critical role in confronting the ever-growing and sophisticated challenge of cyberattacks,” McAuliffe said Wednesday while kicking off the first summit for his state cybersecurity initiative . Thirty states attended the event, and Suzanne Spaulding, the DHS undersecretary for the National Protection and Programs Directorate, delivered a briefing. McAuliffe — or “Governor Cyber,” as MC likes to call him — urged other governors to follow his lead in declaring October “National Cybersecurity Awareness Month,” which the president has done for 13 straight years.

TWEET OF THE DAY — Only the coolest kids will get this joke .

RECENTLY ON PRO CYBERSECURITY — The NSA’s Mike Rogers said people need to be patient about the Obama administration’s response to the Democratic National Committee breach response. … An FBI official, meanwhile, insisted the bureau hasn’t ruled out publicly blaming the hack perpetrators. … Rogers, who also leads Cyber Command, said the cyber effort against ISIL must be “very precise, very measured, very discrete.” … NIST offered advice to companies on information sharing. … BuzzFeed articles about a group of hackers were apparently altered by those same hackers. … The British telecom company TalkTalk was hit with a record fine over its big breach.

QUICK BYTES

— Accenture is acquiring Defense Point Security to bolster its cyber business with the federal government. ZDNet .

— The Washington Examiner reported on Clinton server documents obtained by the House Science Committee.

— The new FBI head in San Francisco was a key player in the San Bernardino locked phone case. The Associated Press .

— The hackers who went after a French TV station are still at it. The Associated Press .

— Cyber translators for the government? NextGov .

That’s all for today. These violent delights …

Stay in touch with the whole team: Cory Bennett ( [email protected] , @Cory_Bennett ); Bryan Bender ( [email protected] , @BryanDBender ); Eric Geller ( [email protected] , @ericgeller ); Martin Matishak ( [email protected] , @martinmatishak ) and Tim Starks ( [email protected] , @timstarks ).

Follow us on Twitter Heidi Vogt @HeidiVogt



Eric Geller @ericgeller



Martin Matishak @martinmatishak



Tim Starks @timstarks