Russian govt. cyberweapon revealed - FBI ID’s second intel leaker - Bridging the NSA/ CyberCom divide

With help from Tal Kopan, Erin Mershon, Anila Alexander and Darren Samuelsohn

SIREN: RUSSIAN GOVT. CYBERWEAPON REVEALED — Security firm FireEye is poised to release a report today accusing the Russian government of creating a sophisticated cyber weapon that is capable of hopping between computers that are walled off from the Internet and has targeted NATO, Eastern European governments and defense contractors, according to a Wall Street Journal scoop. The report was backed up by findings from other private sector firms and from U.S. Intelligence agencies, the Journal reported. “Collectively, the new research offers evidence supporting a view long expressed privately by U.S. officials and American security researchers: Moscow commands the A-team of Internet adversaries,” the Journal wrote.


From the Journal: “The malware program also deployed countermeasures to deter investigators from determining how it worked. It encrypted stolen data and exported it in a way to resemble that victim’s email traffic to better conceal it. FireEye analysts determined the group has been active since at least 2007 and has steadily updated its hacking tools. The malware’s authors also designed it, if needed, to harvest data from machines not connected to the Internet by jumping onto USB thumb drives. Governments often disconnect computers with highly sensitive information to guard against cyberspies. But government spies in the U.S. and elsewhere have used USB drives to overcome this defense in the past. The Russian hackers used this technique in the 2008 Defense Department intrusion, U.S. officials have said. The story: http://on.wsj.com/1sxj2Zb

FBI ID’S SECOND INTEL LEAKER — The FBI has identified a contractor it believes is the so-called “second leaker” who was inspired by Edward Snowden to disclose classified documents to Glenn Greenwald’s news site The Intercept, according to an exclusive report by Yahoo’s Michael Isikoff citing unnamed sources. The documents showed roughly half of people on the government’s largest terrorist screening database had “no recognized terrorist affiliation.” From Isikoff’s report: “The FBI recently executed a search of the suspect's home, and federal prosecutors in Northern Virginia have opened up a criminal investigation into the matter, the sources said. But the case has also generated concerns among some within the U.S. intelligence community that top Justice Department officials — stung by criticism that they have been overzealous in pursuing leak cases — may now be more reluctant to bring criminal charges involving unauthorized disclosures to the news media, the sources said.”

It became clear over the summer that a second leaker was likely responsible for some reporting by Greenwald and his colleagues. The fact of the second leaker was acknowledged in dramatic fashion in the close of Laura Poitras’ documentary on the Snowden leaks “Citizenfour,” which hit theaters this month. It’s not clear from Isikoff’s story whether the second leaker was exposed by relatively new programs across the intelligence community to continuously monitor employees’ and contractors’ paths through computer networks to spot anomalies or if the leaker was exposed by more old fashioned police work. Isikoff’s story: http://yhoo.it/12UmGHK

HAPPY TUESDAY and welcome to Morning Cybersecurity, where we’re overjoyed to see even the cyber set is getting into the Halloween spirit: http://bit.ly/1yG3vMc Whatever horror you’re combating today, drop us a line. Send your thoughts, tips and feedback this week to [email protected] and follow @ talkopan, @j oseph_marks_, @ POLITICOPro and @ MorningCybersec. Full team info is below.

ICYMI: ARMY CYBER INSTITUTE DRAWS FROM HISTORY, ETHICS — The Army Cyber Institute, which has just completed its first year of a three-year hiring binge, aims to be something like a D.C. think tank for the Army's cyber forces, bringing together civilian faculty from an array of fields with military leaders who’ve had hands-on experience planning cyber defense and offense. The institute, which was first authorized in 2012, has 21 faculty members now, including military technical experts and civilian fellows in policy, law and ethics, most of whom also teach undergraduate courses at West Point. Leaders are currently seeking a psychology fellow. The plan is to increase to 75 faculty members over the next two years.

The institute has also sought civilian fellows, including some critics of current government practice, and granted them academic freedom protections to pursue their research. The institute’s ethics fellow Stephanie Pell, for example, is working on a long-range project on the ethics of surveillance in a post-Snowden world, which she said affects the military as both a producer and consumer of digital surveillance. “Many places tend to think of cybersecurity in terms of just technical people or just policy and law people or, at some extremes, a combination of the two,” the institute’s director, Col. Gregory Conti, said. “We’ve taken a more comprehensive approach. We think almost every discipline intersects with cyber in some way, from psychology to systems engineering.” The story from your MC-er: http://politico.pro/1DnA0iU

RICH: WE'RE INVESTIGATING BREACHES AT 'VERY LARGE COMPANIES' — FTC Bureau of Consumer Protection Director Jessica Rich sat down with Pro Tech’s Katy Bachman for a wide-ranging interview about the agency's work in tech — and while she didn't disclose any details, she did promise that the agency's working on some big data breach cases. Other highlights from the sit down: You can expect more cases on health apps. "A big area of work for us is misrepresentations of health claims, cancer claims, weight loss claims. We’re seeing that happen more and more on mobile apps," Rich said. She also made it very clear she's not holding out hope for quick Congressional action on baseline privacy legislation. "I hope over the next decade we’ll get baseline privacy legislation," she said. Rich didn't weigh in on recent decisions from Google and Apple to more fully encrypt the data on their smartphones — that's been controversial among law enforcement agencies who say it will jeopardize their ability to fight crime and terrorism. All Rich would say: "We've encouraged companies to compete on privacy." The full interview: http://politico.pro/12UADpa

BRIDGING THE NSA/ CYBERCOM DIVIDE — NSA and U.S. Cyber Command officials may have access to a bevy of different intelligence sources within their lanes of study but they sometimes don’t know what’s happening on the other side of the organization, Col. Bob Fanelli said yesterday. Fanelli is Army chief of the U.S. Cyber Command/NSA combined action group, which focuses on building stronger ties between the military and civilian agencies that share a boss in Adm. Michael Rogers. MC caught up with Fanelli after a panel discussion hosted by the firm Counter Tack and asked about how his action group connects employees across the military-civilian divide. One of the task force’s main goals, he said, is making sure Rogers is getting the best information from both organizations. The job also involves “just getting people talking,” he said, “knowing that somebody on the U.S. Cyber Command side and someone on the NSA side may be addressing the same problem and ensuring they’re aware of that. In any large organization it’s easy to have pockets of excellence where two people are working the same problem and don’t realize they can work together and possibly reinforce each other.” Fanelli’s deputy is a civilian NSA employee, he said, and the action group draws from different military services and different areas of expertise inside NSA. The group also helps overcome cultural barriers, he said. “Folks who work in the intelligence community maybe don’t understand or haven’t had experience with all the ins and outs of the military culture even down to ‘what does this acronym mean’?” he said. “Similarly, on the intelligence community side, they have their own internal jargon.” From Fanelli’s panel: http://politico.pro/1wFz1fo

FALLON: MAKE A CYBER DEAL WITH CHINA — MC also caught up with Adm. William Fallon, former commander of U.S. Central Command and of U.S. Pacific Command, who spoke on the same panel with Fanelli yesterday. Fallon, who now chairs Counter Tack’s board of directors, questioned the usefulness of the Obama administration’s indictment of five members of the Chines People’s Liberation Army in May, calling it “a political statement” and “an exercise that diverted attention away from a lot of important issues.” When asked to list those issues, he described building up the continuous monitoring, threat detection and forensics capabilities of government and private sector enterprises. He also described building more resilience into vital systems, including by taking any critical infrastructure that could be removed from the Internet off of it. “That’s a shock for people, because they were sold the idea that computers are going to give you access to the Internet and look at the possibilities,” he said. “[But], are all these things you’d like to have essential to treating water? The answer is no. So disconnect.” Fallon also urged ramping up cyber diplomacy with China to negotiate a diminution of attacks, which he said was possible despite the ideological gulf between the nations. “If there’s a will, there’s a way,” he said. “You start with the worst case and say ‘if this thing gets out of control, what’s going to happen? Is that really what we want to see?’ I don’t think so. So how do we build up some confidence measures?”

ON THE MOVE: CANTOR AND E&C ADVISER CUTLER GOES TO HOGAN LOVELLS — Aaron Cutler, who was senior policy and outreach adviser for former House Majority Leader Eric Cantor, is heading to Hogan Lovells to focus on tech, media and telecom policy, as well as energy, environment and financial services issues. Cutler was previously a GOP deputy policy director and counsel on the House Energy and Commerce Committee, where he specialized on energy, cybersecurity and tech.

QUICK BYTES

— Former CBS reporter Sharyl Attkisson claims in a new book that a U.S. “government-related agency” hacked her laptop and planted spyware and classified documents. Daily Mail: dailym.ai/10wwMO4

— U.K. police busted an ATM malware scheme, arresting three suspected members of an Eastern European criminal ring. Security Week: http://bit.ly/1wD4MlS

— A hacker was sentenced to 11 years in prison for his role in the RBS WorldPay attack in 2008 that cost $9.4 million. Security Week: http://bit.ly/1tAMvHU

— Android users are being targeted by a new version of the ransomware Koler that tricks users into downloading malware through SMS messages. Threatpost: http://bit.ly/1rOqhg6

— Samsung pushes back against criticism of its password security in its Galaxy and Note mobile devices. http://bit.ly/1oO1GN1

— The ACLU calls school policies to search kids’ phones and laptops unconstitutional. Wired: http://wrd.cm/1zdSEfy

— Verizon Wireless has been inserting a “perma-cookie” into its customers’ web browsing requests for the past two years. Wired: http://wrd.cm/1yFVzui

That’s all for today. Have a great Tuesday!

Stay in touch with the whole team: Tal Kopan ( [email protected], @ TalKopan); Shaun Waterman ( [email protected], @ WatermanReports); Joseph Marks ( [email protected], @ Joseph_Marks_); and David Perera ( [email protected], @ daveperera).

NOW LIVE: PRO LABOR & EMPLOYMENT, the newest policy offering from POLITICO Pro, featuring insight and analysis on developments from the Department of Labor and the National Labor Relations Board, plus intelligence about state workforce policies, immigration, the minimum wage, unions, pensions and relevant court cases. E-mail [email protected] to learn more.

**From infrastructure to military, Northrop Grumman has the adaptability to face evolving cyber threats and the expertise to eliminate them — working shoulder-to-shoulder with our customers.

That’s why we’re a leader in Cyber. Click here to learn more. http://www.northropgrumman.com/Capabilities/Cybersecurity/Pages/default.aspx **

Follow us on Twitter Heidi Vogt @HeidiVogt



Eric Geller @ericgeller



Martin Matishak @martinmatishak



Tim Starks @timstarks