| Welcome to The Cybersecurity 202! We're glad you're joining us today. No matter what else is happening in the world, the cyber beat goes on. Was this forwarded to you? Sign up here. Below: The Vulkan Files are revealed, and a global commitment against spyware is announced. First: | Debate heats up over requiring some warrants under surveillance program |  Tonya Ugoretz, the assistant director of the FBI's directorate of intelligence, said it would be "very difficult to introduce additional barrier" to search for data in cyber cases. (Samuel Corum/Bloomberg News) | | | SAUSALITO, Calif. — A top FBI official said Wednesday that a warrant requirement being floated for a controversial expiring surveillance program would be a big impediment to cyber investigations. The program, known as Section 702, warrantlessly collects on foreign targets, but sometimes Americans' communications are swept up in those calls or emails. But intelligence personnel can search the program's query system using identifiers of Americans, like names or email addresses. "I think it would be very difficult to introduce additional barriers to be able to query for that," said Tonya Ugoretz, assistant director of the FBI's directorate of intelligence, speaking at the Aspen Verify conference. "In most instances, it would likely be impossible to meet the probable cause standard." Ugoretz's stance reflects one of the difficult issues Congress and the executive branch will have to bridge before lawmakers can reauthorize a program that U.S. government officials have dubbed one of their most important intelligence-gathering tools. "It really is one of our most important national security tools for not only cyber, but really any type of national security threat," Ugoretz said. | | Ugoretz spelled out a scenario where the warrant requirement would hinder a cybersecurity case. | - "So for example, say you have a ransomware attack, in which you know that a U.S. company or U.S. IP address — which also counts as a query of U.S. person information — [is] either being targeted or has been targeted," she said.
- "We often see that foreign cyber actors conduct extensive research, reconnaissance, etc., when they are targeting in the U.S. that in the times when that information becomes known to use through 702 collection, but because the information is U.S. person information that we are querying is not the target of investigation, we would not be able to meet the standard for a warrant," she continued.
| | The administration earlier signaled its opposition to a warrant requirement, but in a less specific way than Ugoretz did on the cyber front. | | The idea of a warrant requirement for U.S. person searches as part of reauthorizing Section 702 has been floated by a member of the Privacy and Civil Liberties Oversight Board, Travis LeBlanc, among others. Jeff Kosseff, an associate professor in the U.S. Naval Academy's Cyber Science Department, recently made the argument for such requirements in the online publication Lawfare. "Congress should consider requiring that the FBI obtain a warrant, supported by probable cause, before querying Section 702 data for U.S. people information," he wrote. "While the intelligence community is correct that such requirements can slow down intelligence operations or criminal investigations, the same can be said of nearly any restriction on government surveillance." | - "The question is not whether the warrant requirement would be inconvenient for the FBI, but whether it is necessary to preserve Fourth Amendment rights," Kosseff continued, referencing the U.S. Constitution's protections against unreasonable searches and seizures.
| | In addition to civil libertarians' long-standing concerns about privacy and constitutional rights, Republicans have had their own concerns. Many of those concerns stem from ways in which the overarching law housing Section 702 — the Foreign Intelligence Surveillance Act — was misused in the investigation of a campaign aide to former president Donald Trump. But it didn't help when, earlier this month, Rep. Darin LaHood (R-Ill.) said the FBI had wrongly queried his name. LaHood also happens to be heading up a House working group on the reauthorization of Section 702. While he said he still recognizes the value of the program, reauthorization "without reform is a non-starter," he has said. | | The Justice Department has taken "remedial measures" to cut down on such "compliance issues," and misuse has dropped, Deputy Attorney General Lisa Monaco said this week at the same conference as Ugoretz. | | Information gleaned from the use of Section 702 is in the president's morning intelligence briefing document every day, Monaco said. That includes intelligence on China's support of Russia in the Ukraine war. Any congressional reauthorization can't make the program less effective, she said. "We have to improve on it in a way that addresses appropriate privacy and civil liberties concerns but also preserves the efficacy of this tool," she said. | | |  | The keys | | Vulkan Files reveal new details on Russian hacking, disinformation campaigns |  Officials from several Western intelligence agencies and cybersecurity companies were able to independently verify the validity of the documents. (Peter Kollanyi/Bloomberg News) | | | A Moscow-based defense contractor aided Russian intelligence agencies to strengthen cyberattacks, deploy misinformation and surveil the internet, Craig Timberg, Ellen Nakashima, Hannes Munzinger and Hakan Tanriverdi report, citing thousands of pages of corporate documents. Officials from several Western intelligence agencies and cybersecurity companies were able to independently verify the validity of the documents, which show that contractor NTC Vulkan supported Russia-linked hacking activities, as well as operations to remotely disrupt infrastructure and spread social media disinformation, the report says. Our Post colleagues joined the investigative project, known as the Vulkan Files, which was led by European investigative news outlet Paper Trail Media and German news site Der Spiegel. "The trove offers a rare window into the secret corporate dealings of Russia's military and spy agencies, including work for the notorious government hacking group Sandworm," they write. "U.S. officials have accused Sandworm of twice causing power blackouts in Ukraine, disrupting the Opening Ceremonies of the 2018 Winter Olympics and launching NotPetya, the most economically destructive malware in history." You can read about some of the major takeaways from the investigation here. | 3CX supply chain attack has spread far and wide | | A supply chain cyberattack deployed via a weaponized version of the 3CX voice-over-IP software has affected hundreds of thousands of users and companies who use the service, multiple outlets report, citing analysis from cybersecurity firms. Firms such as CrowdStrike, SentinelOne and Sophos have published blogs over the past day that have likened the attack to the SolarWinds hack in 2020, TechCrunch's Carly Page reports. SentinelOne has labeled the attack as "Smooth Operator," which leverages a desktop app installer of 3CX that is laced with info-stealing malware. Some cybersecurity firms suspect that North Korea is behind the attack. "This malware is capable of harvesting system information and stealing data and stored credentials from Google Chrome, Microsoft Edge, Brave and Firefox user profiles," Page writes, citing findings from CrowdStrike. At times, the attackers ran manually typed commands against their targets, known as "on-hands keyboard activity." At least 600,000 companies around the world use the 3CX software, including BMW and American Express. The web domains used in the attack have been registered since at least November, according to digital forensics company Volexity. | U.S. and allies call for global restrictions on spyware usage |  Over 50 U.S. government officials have been targeted worldwide by commercial spyware tools, a senior official told reporters Monday. (Demetrius Freeman/The Washington Post) | | | The United States and several allies on Thursday called for strict global controls on the proliferation of spyware technologies, Kanishka Singh reports for Reuters. The group — the United States, Australia, Canada, Costa Rica, Denmark, France, New Zealand, Norway, Sweden, Switzerland and the United Kingdom — committed to preventing the export of the technology to those who would use it for malicious cybersecurity activities, Singh writes. More than 50 U.S. government officials have been targeted worldwide by commercial spyware tools, a senior official told reporters Monday. The Biden administration paired that news with the issuance of a spyware executive order that prohibits U.S. agencies from using commercial spyware operationally should it pose a national security or intelligence risk to the United States. The executive order has received mostly good reviews among lawmakers and experts, as we reported Tuesday. | | |  | Global cyberspace | | | |  | Government scan | | | |  | Hill happenings | | | |  | Industry report | | | |  | Privacy patch | | | |  | Daybook | | | |  | Secure log off | | | Thanks for reading. See you tomorrow. | | |
No comments:
Post a Comment