Overnight Cybersecurity: NSA links Wanna Cry ransomware to North Korea | Dem proposes center to counter Russian … – The Hill

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

THE BIG STORY:

--THE NSA BELIEVES WANNA CRY WAS NORTH KOREAN:

The National Security Agency (NSA) linked ransomware that negatively impacted more than 300,000 people in 150 countries to North Korea, according to The Washington Post. The NSA's assessment, which is not available to the public, states that "cyber actors" thought to be sponsored by North Korea's spy agency, the Reconnaissance General Bureau, were behind the WannaCry computer worm.

To read the rest of our piece,click here.

--...'MODERATE[LY]' CONFIDENT: According to theWashington Post report, the NSA reached that conclusion with "moderate" confidence.

--...SPEAKING OF KASPERSKY AND WANNA CRY: Rep. Clay Higgins (R-La.) told two House Science subcommittees they should take antivirus magnate Eugene Kaspersky up on his offer to testify before Congress during a joint hearing on Wanna Cry on Thursday. Kaspersky Lab continues to receive government contracts, despite lawmakers' suspicions that the Moscow-headquartered outfit may have ties to the Russian government. There is no public evidence linking the two, but the Department of Homeland Security has issued guidance to avoid the vendor. Kaspersky has also become a frequent topic of conversation at Senate Intelligence Committee meetings. Both Kaspersky and his company have pushed back against these claims. In May, Eugene Kaspersky said he would testify before Senate Intelligence. "The FBI, CIA and NSA advise this body that they do not trust Kaspersky," said Higgins, adding, "I strongly suggest we take him up on his offer." Eugene Kaspersky was educated at a KGB-sponsored university and served in Russian military intelligence. As is the case with American cybersecurity firms, many of the Russia-based employees come from the public sector.

--...A SIMILAR, MORE FRIENDLY OFFER FOR NORTH KOREAN PROGRAMMERS: Witnesses at the hearing noted that coding errors likely prevented millions of additional infections of the malware and that the prevailing theory was that North Korea had launched the attack. Higgins jokingly asked the panel what they thought might happen to the coders and issued an invitation to any programmers feeling heat from Pyongyang to come to America. "We'd love to have you before the Committee," he said. "We'll give you some real good food."

To read the rest of our piece,click here.

A RUSSIA INVESTIGATION UPDATE:

--PUTIN OFFERS COMEY POLITICAL ASYLUM:

Russian President Vladimir Putin on Thursday offered to give political asylum to former FBI Director James Comey, poking at tensions between Comey and President Trump. "If Comey will be under the threat of political persecution, we are ready to accept him here," Putin said at a press conference, according to Russian state media outlet TASS.

To read the rest of our piece,click here.

--WHO WILL INVESTIGATE OBSTRUCTION? With the announcement yesterday that the Senate Judiciary would investigate political pressures at the FBI, the Senate Intelligence Committeewill notbe focusing on the issue and will turn over evidence to the special prosecutor. Over in the House Intelligence committee, Ranking Member Adam SchiffAdam SchiffOvernight Cybersecurity: NSA links Wanna Cry ransomware to North Korea | Dem proposes center to counter Russian hacks | Senators raise questions about leaker's security clearance Top House Dem: Obstruction should be part of Trump-Russia probe The Hill's 12:30 Report MORE (D-Calif.) said he wanted to keepthat focus alive.

--DEM PROPOSES RUSSIAN HACKING DEFENSE CENTER: Rep. Joseph Kennedy (D-Mass.) introduced legislation on Thursday to create a response center to combat Russian cyber attacks amid ongoing probes into Moscow's interference in last year's election. Dubbed the National Russian Threat Response Center, the new initiative would be responsible for examining information relevant to Russia's online aggression and seek to close gaps in intelligence collected about the Kremlin. "Russia's attack on our election was not guided by party affiliation but instead by a deep desire to weaken trust in our institutions and shake the very foundation of our democracy," Kennedy said in a statement.

To read the rest of our piece,click here.

--MEANWHILE, PRESIDENT TRUMP DID SOME TWEETING. "They made up a phony collusion with the Russians story, found zero proof, so now they go for obstruction of justice on the phony story. Nice"(6:55 a.m.)... "You are witnessing the single greatest WITCH HUNT in American political history - led by some very bad and conflicted people! #MAGA"(7:57 a.m.)... "Why is that Hillary Clintons family and Dems dealings with Russia are not looked at, but my non-dealings are?"(3:43 p.m.)... "Crooked H destroyed phones w/ hammer, 'bleached' emails, & had husband meet w/AG days before she was cleared- & they talk about obstruction?"(3:56 p.m.).

--...TRUMP ALLY WOULD HAVE ADVISED AGAINST IT: Rep. Chris Collins (R-N.Y.), one of President Trump's most ardent allies on Capitol Hill, on Thursday criticized the timing of the president's latest tweets attacking the investigation into Russian election meddling. "I think timing could have been better on that, and I can't speak for the president, obviously he does what he does," Collins said on CNN. "Clearly, he's frustrated by the investigation, and the investigation is going to run its course, probably for many, many, many months." "I'm not counseling the president, but I would have certainly not advised that that tweet go out today, because we're still very much reacting to yesterday's shooting," he added.

--...POLL: MAJORITY ASSUME MEDDLING: A majority of American adults in a new poll thinks President Trump has tried to interfere in the investigation into Russian meddling in the U.S. presidential race. An Associated Press/NORC Center for Public Affairs Research poll found about 60 percent of Americans think Trump attempted to obstruct or impede the investigation. But opinions are largely split among partisan lines, with only about 25 percent of Republicans saying they think Trump tried to meddle in the probe. The poll also finds that 68 percent of Americans are at least moderately concerned Trump or his campaign associates had inappropriate links to Russia. Just about 30 percent of Americans said they were not concerned. Only 22 percent of Americans support Trump's decision to fire former FBI Director James Comey, compared with the more than half of Americans who disapprove of the president's decision.

To read the rest of our piece,click here.

A LIGHTER CLICK:

TODAY IN QUESTIONABLE CORRELATIONS: Programmers who use spaces to format computer code make more moneythan those who use tabs.

A REPORT IN FOCUS:

MORE FROM THE WANNA CRY FRONT: ElevenPaths, a cybersecurity division of Telefonica, found a few new odds and ends inspecting the metadata from the files in Wanna Cry.

Telefonica is intimately familiar with Wanna Cry; the Spanish telecom was one of its largest victims.

The coding of Wanna Cry has already been torn apart by researchers, who by and large believe it was filled with coding mistakes. Those include the "killswitch" that hamstrung the ransomware, poor coding practices making it easy to recover many of the encrypted files without paying, having no method to tell who paid the ransom and struggling to infect Windows XP servers.

The choice of file types used in the attack may also have been mistakes. By using document types that allowed colorful typography, the files in Wanna Cry reveal that the default keyboard setting on the computer that typed the ransom note was Korean and that it used the EMEA version of Microsoft Word.

A package of compressed files in the .zip format reveals that the attackers updated the software until 2:22 a.m. on May 12. But the attack was first seen before 2:22 a.m. in a number of time zones. Assuming the time codes were unaltered and accurate, the only time zones with a chronologically correct 2:22 a.m. are in West Africa, Western Europe, Russia, Asia and Australia.

Other notes: Metadata shows that some software was registered in the name Messi, which may be a reference to the soccer player Lionel Messi.

ElevenPaths cautions that metadata can be changed and otherwise fabricated by programmers, making it shaky evidence. The metadata may have been altered to change the keyboard settings or time codes. It's possible all of this is a red herring.

ElevenPaths notes that the programmermight not even be a fan of Lionel Messi.

WHAT'S IN THE SPOTLIGHT:

REALITY WINNER'S SECURITY CLEARANCE: The leaders of a key Senate panel are pressing the federal government for information about the security clearance of a government contractor recently accused of passing classified material to a news outlet.

Reality Leigh Winner was arrested by the FBI in early June and charged in federal court with violating a section of the Espionage Act. Her arrest has been linked to The Intercept's publication of a purported classified National Security Agency document detailing Russian hacking efforts aimed at U.S. election and voting infrastructure.

Winner, an Air Force veteran, had worked as a contractor at Pluribus International Corporation, was assigned to a government facility in Georgia and held a top-secret clearance, according to the criminal complaint.

On Thursday, Sens. Ron JohnsonRon JohnsonOvernight Cybersecurity: NSA links Wanna Cry ransomware to North Korea | Dem proposes center to counter Russian hacks | Senators raise questions about leaker's security clearance Senators seek answers on alleged NSA leakers security clearance Insurers confront big ObamaCare decision MORE (R-Wis.) and Claire McCaskillClaire McCaskillOvernight Cybersecurity: NSA links Wanna Cry ransomware to North Korea | Dem proposes center to counter Russian hacks | Senators raise questions about leaker's security clearance Court-martial possible in Marines nude photo sharing scandal Senators seek answers on alleged NSA leakers security clearance MORE (D-Mo.) wrote to the head of the Office of Personnel Management (OPM) seeking more information about which government agency conducted Winner's initial security clearance and when. They also asked the agency to disclose the last time Winner was reinvestigated as part of her active security clearance, in addition to other inquiries.

"The leaking of classified information jeopardizes our national security," McCaskill said in a statement. "We need to determine if Ms. Winner's security clearance process was handled correctly or if we missed any red flags."

To read the rest of our piece,click here.