| Welcome to The Cybersecurity 202! Fridays are good. Was this forwarded to you? Sign up here. Below: The U.S. ambassador to China's emails were compromised, and North Korean hackers breach an IT company to target crypto firms. First: | Amendments on election security, State Department personnel protection and more await Senate consideration |  Senate Majority Leader Chuck Schumer (D-N.Y.) holds a news conference last month. (Elizabeth Frantz for The Washington Post) | | | Last week was the House's turn to take up the annual mammoth defense policy bill. This week and next, it's the Senate's. The hundreds of proposed amendments awaiting possible consideration would address the overlap of artificial intelligence and cybersecurity, testing election systems for vulnerabilities, protection of federal networks and much more. In recent years, cyber ideas have found a home in the annual legislation, known as the National Defense Authorization Act (NDAA), because it's considered "must-pass" legislation that has been passed for decades. That's in danger this year, with a divided House and Senate and with the House passing its version of the bill with a nearly party-line vote after Republicans loaded the measure up with far-right proposals. Senate Majority Leader Chuck Schumer (D-N.Y.) has signaled he prefers a more bipartisan approach. Before the Senate and House can reconcile their differences, though, the Senate version of the bill needs to advance. Schumer hopes to have the legislation done before departing for the August recess at the end of next week. | | The most sweeping cyber-related proposals are those that are bigger bills that their sponsors have transformed wholesale into amendments. Two such amendments are authorization measures for other parts of the federal government: the intelligence authorization bill and the State Department authorization bill. The Senate Intelligence Committee approved the intel authorization legislation last month. Its chairman, Mark Warner (D-Va.), introduced the amendment. | - Most notably, it includes a provision that would direct the Election Assistance Commission to conduct penetration testing — where ethical hackers simulate cyberattacks on a system to find weaknesses — as part of the certification of voting system hardware and software.
- It also would have the commission carry out a trial vulnerability disclosure program where researchers could discover flaws and report them to both the commission and the voting system manufacturers.
| | The State Department authorization legislation is fresher still, with the Senate Foreign Relations panel approving it just last week. Its chairman, Robert Menendez (D-N.J.), introduced it in amendment form with the top Republican on his committee, James Risch (Idaho). | - In a particularly timely proposal, the amendment would require the State Department to provide enhanced cyber protections — such as training and services — to personnel whose personal email accounts and devices are deemed at high risk of cyberattack. The department first discovered a recent campaign by apparent Chinese hackers to infiltrate the emails of its officials and others in the federal government. (More on this a little later in The 202.)
- It would also create a Cyberspace, Digital Connectivity and Related Technologies fund and a Digital Connectivity and Cybersecurity Partnership, both aimed at helping foreign governments secure cyberspace.
| | Yet another significant bill converted into an amendment is one from Senate Homeland Security and Governmental Affairs Chairman Gary Peters (D-Mich.) that would update a major law for protecting the federal government's networks, the Federal Information Security Modernization Act last updated in 2014. Sen. James Lankford (R-Neb.) is co-sponsoring the amendment. Its provisions include requirements that civilian agencies report cyber incidents to the Cybersecurity and Infrastructure Security Agency and Congress. Peters's committee delayed planned consideration of the bill this week. | | A hot topic is artificial intelligence. One amendment would order the National Security Agency to develop a strategy for collaborating with AI developers on cyberthreat information sharing, network security and threat mitigation. Another would direct the Defense Department to establish a bug bounty program on AI products being used at the Pentagon. Sen. Mike Rounds (R-S.D.) is sponsoring both. | | A countless number of amendments aim to strengthen cybersecurity partnerships between the United States and other regions and countries, from the Black Sea region to the Caribbean. And many more attempt to study or improve cybersecurity subtopics, like cyberthreats to nuclear security or border security tech. For instance, Sens. Maggie Hassan (D-N.H.) and John Thune (R-S.D.) have an amendment intended to strengthen quantum research. | | |  | The keys | | U.S. ambassador to China hacked in China-linked email breach |  U.S. ambassador to China nominee Nicholas Burns speaks during a hearing to examine his nomination in 2021. (Jabin Botsford/The Washington Post) | | | Beijing-linked hackers breached U.S. Ambassador to China Nicholas Burns's emails as part of a larger cyberattack that compromised thousands of government email messages, Dustin Volz and Warren P. Strobel report for the Wall Street Journal, citing people familiar with the matter. Assistant Secretary of State for East Asia Daniel Kritenbrink's email was also compromised, they report, adding: "The two diplomats are believed to be the two most senior officials at the State Department targeted in the alleged spying campaign disclosed last week, one of the people said." | - Burns and Kritenbrink are the second and third senior administration officials to have been compromised in the breach after Commerce Secretary Gina Raimondo.
- While the details of the hack are not fully known and the incident was limited to unclassified exchanges, "the inboxes of Burns and Kritenbrink could have allowed the hackers to glean insights into U.S. planning for a recent string of visits to China by senior Biden administration officials," alongside internal conversations about U.S.-China policies, Volz and Strobel write.
- The estimated number of accessed emails is rough, though the people familiar with the matter told the Wall Street Journal the number could grow.
- "For security reasons, we will not be sharing additional information on the nature and scope of this cybersecurity incident at this time," a State Department spokesman told the Wall Street Journal, adding that an investigation is ongoing.
| | The breach is an example of "traditional espionage," National Security Agency Cybersecurity Director Rob Joyce said at a conference this week, per the New York Times. Hackers since May had leveraged a Microsoft digital key and a code flaw to break into the emails of U.S. government agencies and other clients, a vulnerability that has now been addressed. The breach has put Microsoft's security practices under scrutiny at a time when some in Congress are growing increasingly concerned about the Pentagon's heavy utilization of the company's products. The company this week announced that it would expand advanced logging capabilities to "worldwide customers at no additional cost." | Network of fake sellers allowed worldwide phone spyware ring to operate for years |  Vietnam-based start-up 1Byte has been able to operate a global network of fake sellers under the radar, providing buyers access to a collection of Android phone surveillance apps. (Chris Pizzello/AP) | | | Vietnam-based start-up 1Byte has been able to operate a global network of fake sellers under the radar, providing buyers access to a collection of Android phone surveillance apps known as TheTruthSpy, Zack Whittaker reports for TechCrunch. "From its software house in Vietnam, 1Byte devised a network of fake identities with forged American passports to cash out customer payments into bank accounts they controlled," according to the investigation that cites hundreds of leaked documents revealing how the operation evaded detection. "The scheme exploited weaknesses present in tech and financial system safeguards against fraud, like 'know your customer' checks for verifying a person's identity, which are designed to block organized crime gangs and money launderers from opening fraudulent accounts or moving funds using forged or stolen documents," the report adds. | - Two salespeople known as Dulce and Benjamin were 1Byte's top salespeople for more than a decade.
- But "Benjamin's passport photo was scraped from a Vietnamese photographer's website. The photos in Dulce's driver's license and passport used heavily photoshopped faces of real people, perhaps to defeat any future facial recognition checks. And the number on Dulce's signed Social Security card belongs to a man who died in 1978," Whittaker writes.
| | 1Byte director Van Thieu told TechCrunch he's not involved anymore "because I know it [spyware] is illegal in some countries." He didn't acknowledge how a photo of his identity card leaked, or his involvement with 1Byte since 2016. "A short time later, TheTruthSpy's website displayed a notice saying it was no longer taking customers," Whittaker writes. "This kind of this product is not allowed in most countries, so we have decided not to sell this product anymore," the notice said. | North Korean hackers breach U.S. IT management company, targeting crypto |  U.S. officials have previously said money pilfered by North Korean operatives has been used to fund 50 percent of Pyongyang's ballistic missile program. (Jintak Han/The Washington Post) | | - They write: "The hackers broke into Louisville, Colorado-based JumpCloud in late June and used their access to the company's systems to target 'fewer than 5' of its clients, it said in a blog post."
- CrowdStrike and Google-owned Mandiant both said the hackers were known to focus on crypto theft, according to the report, which adds that two people familiar with the matter confirmed that the JumpCloud clients in question are cryptocurrency companies.
| | "The hack shows how North Korean cyber spies, once content with going after digital currency firms piecemeal, are now tackling companies that can give them broader access to multiple victims downstream — a tactic known as a 'supply chain attack,'" Bing and Satter write. North Korea-linked hackers earlier this year pulled off an interconnected supply chain attack through voice over IP software 3CX. | - Mandiant said the hackers work for North Korea's Reconnaissance General Bureau, its foreign intelligence agency.
| | North Korea reportedly has a global shadow workforce of operatives that position themselves into information technology jobs and pilfer money for the regime's goals, which have netted the nation over $3 billion since 2017. U.S. officials have previously said the money has been used to fund about half of Pyongyang's ballistic missile program. North Korean hackers' practice of stealing cryptocurrency was explored by your Cybersecurity 202 host in March. | | |  | Government scan | | | |  | Hill happenings | | | |  | Industry report | | | |  | Global cyberspace | | | |  | Cyber insecurity | | | |  | Encryption wars | | | |  | Privacy patch | | | |  | Daybook | | - Secretary of State Antony Blinken, national security adviser Jake Sullivan and others speak at the Aspen Security Forum around 11 a.m.
| | |  | Secure log off | | | Thanks for reading. See you next week. | | |
No comments:
Post a Comment