What Reality Winner’s sentence means
With help from Eric Geller and Martin Matishak
REALITY WINNER SAGA REACHES CONCLUSION — Reality Winner officially pleaded guilty Tuesday to leaking a classified report on Russian hacking. While her legal journey ends in prison, some see her punishment as a troubling sign for a crackdown on whistleblowers. She agreed to a 63-month sentence, the longest-known federal court sentence for an Espionage Act prosecution linked to a media leak. A judge still needs to affirm the deal. Coupled with the recent charges brought against a long-time Senate Intelligence Committee aide, where prosecutors somehow accessed encrypted apps, some viewed Winner’s case as foreboding.
Story Continued Below
“The war on whistleblowers continues under a new White House: the first journalistic source prosecuted under Trump, Reality Winner, was denied a defense, jailed over 5 years,” tweeted Edward Snowden, who knows a few things about leaking classified information. “Her ‘crime’? Showing us @NSAGov suspected Russia of hacking an election vendor.” The editor-in-chief of The Intercept, which published a story based on the leaked document, also weighed in. “Despite the fact that Winner’s disclosure served the public interest by alerting Americans to vulnerabilities in our voting system, the Trump-Sessions Justice Department prosecuted her with vicious resolve under the Espionage Act,” Betsy Reed said in a statement. “She not only faced unrelenting pressure from prosecutors, but a series of setbacks in the courtroom severely restricted her lawyers’ ability to defend her.” Reed continued: “She deserves better from her country, as do all journalistic sources who put themselves at risk for the greater good.”
HAPPY WEDNESDAY and welcome to Morning Cybersecurity! Your returning MC host would like to thank readers who didn’t follow Eric’s suggestion to send me puns. Instead, send your thoughts, feedback and especially tips to [email protected], and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
DOUBLE THE INTEL, DOUBLE THE FUN — The Senate Intelligence Committee on Tuesday unanimously approved an Intelligence Authorization Act for both fiscal years 2018 and 2019. The bipartisan bill “contains comprehensive measures to enhance our election security,” Chairman Richard Burr said in a statement. “It is vital that we ensure our voting process remains fair and free from undue influence.” The bill includes several provisions championed by Sen. Mark Warner, the panel’s ranking member, aimed at modernizing the federal government’s security clearance process, which GAO announced earlier has a 700,000-person backlog. “It has long been clear that the 70-year-old process that grants security clearances to government personnel and contractors is in desperate need of reform,” Warner said in a statement.
The measure includes another proposal from Warner requiring the Director of National Intelligence to report on the intelligence community’s outreach to the private sector and nongovernment entities about efforts by China and other countries to acquire technology and intellectual property. Sen. Ron Wyden also secured a host of amendments to the bipartisan measure, such a provision requiring congressional notification before the establishment of any U.S.-Russia cybersecurity unit — an idea floated last year by President Donald Trump that was roundly ridiculed. Another Wyden provision would require a study of the SS7 flaw in mobile networks that hackers can exploit to intercept data flowing to targets’ devices. Wyden also secured amendments removing the cap on the number of state election officials with security clearances, mandating new digital protections for intel officials’ personal devices and requiring another report on encrypting unclassified communications within the clandestine community.
It’s unclear when the authorization bill will receive floor time. The House previously passed the fiscal 2018 bill, H.R. 3180. The House Intelligence Committee is slated to mark up its fiscal 2019 authorization measure behind closed doors on Thursday.
TRUMP, SENATE AT ODDS OVER DEFENSE CYBER PROVISIONS — The Trump administration on Tuesday objected to several cyber provisions in a fiscal 2019 defense policy bill (S. 2987), saying a number of them intruded on existing executive branch authorities. One provision would establish a cybersecurity strategy that states the U.S. government alert other countries when possible if their networks are used to carry out an attack by a third country; if the notified country doesn’t take action, the U.S. would retain the right to act unilaterally. A statement of administration policy says the White House “strongly objects” to that provision because it would potentially alert adversaries to U.S. targets. Another bill provision, the policy statement says, “would prevent DOD from responding to the types of significant cyber attacks and malicious cyber activities to stop attacks in circumstances where attribution may not be feasible or immediately apparent.” Yet another provision, the administration contends, would prevent the secretary of the Energy Department from exerting traditional authority over cybersecurity.
NO REALLY, HOW? — Lawmakers are growing antsier for information about charges brought last week in a case where two defendants are accused of using data from the 2015 Office of Personnel Management breach to commit fraud. All of the discussions to date about the breach pointed to China as the likely culprit, and there had been no prior evidence revealed suggesting the data had been used. “The Department of Justice has declined to disclose how the defendants in the case obtained the personally identifiable information (PII) of victims of the 2015 OPM data breach,” said Rep. Jerry Connelly in a Tuesday letter to the department seeking a briefing. “I believe further details about how the defendants obtained the PII could be useful for the purposes of protecting victims of the breach from further criminal activity.” Warner had previously asked for more information as well.
TECH TALKS ELECTION SECURITY WITH FEDS — Tech giants met with the FBI and DHS last month to discuss Russian election meddling, two news outlets reported, although at least one of reports included observations that the meeting was unsatisfying for the companies. Facebook hosted the meeting, according to The New York Times and The Washington Post, with Amazon, Apple, Google, Microsoft, Oath, Snap and Twitter joining in. The Times reported that while the tech companies shared info on evidence of Russian intrusions they were seeing, the FBI and DHS officials weren’t as forthcoming. “The people who attended described a tense atmosphere in which the tech companies repeatedly pressed federal officials for information, only to be told — repeatedly — that no specific intelligence would be shared,” the Times story reads.
ONE OF THE USUAL SUSPECTS — The Chinese government is likely behind a series of cyber campaigns targeting Tibetans, according to the firm Recorded Future. In a new research paper, Recorded Future analysts said the hackers deployed custom malware against a highly selective target list in two campaigns, one in 2017 dubbed hktechy and one this year called internetdocss. The company dubbed the collective hacking effort “RedAlpha” and said the attackers were as careful about picking their targets as they were sophisticated in crafting their digital weapons. “Our research shows that this group’s targeting is meticulous,” they wrote. “Starting with reconnaissance on a desired victim, by directing them to a legitimate news article via their [command-and-control] server, the attackers were able to fingerprint the victim’s operating system.”
When Recorded Future traced the IP addresses of the infrastructure supporting the attacks, the firm discovered that the same infrastructure had been used to host phishing websites mimicking several other likely targets, including the Sri Lankan defense ministry and the office of the Dalai Lama. The same hackers may also have targeted victims in India. “The use of previously undisclosed malware and infrastructure by this threat actor, along with the scarcity of public and private reporting relating to the [tactics, techniques and procedures] outlined here in our research, leads us to believe that we have uncovered a little-known threat actor, likely attributed to the Chinese state,” Recorded Future analysts wrote.
NOTAGAIN… — Russian hackers may be preparing another large-scale cyberattack on Ukraine, officials there told Reuters on Tuesday. Serhiy Demedyuk, head of the Ukrainian Cyber Police, said that Kremlin cyber warriors had been planting malware in companies across many industries, from the financial sector to energy firms, with the likely goal of activating it all at once. According to Reuters, investigators have spotted “viruses designed to hit Ukraine since the start of the year, including phishing emails sent from legitimate domains of state institutions whose systems were hacked, or a fake webpage mimicking that of a real state body.”
The U.S. blamed Russia for using the same tactics to deploy the NotPetya virus one year ago today, crippling Ukrainian businesses and spreading to companies around the world. “Everything we’re seeing, everything we’ve intercepted in this period: 99 percent of the traces come from Russia,” Demedyuk told Reuters. He also said that Ukrainian officials have spotted hackers trying to sneak malware past antivirus software by transferring it in pieces to be reassembled later. The preparations, he warned, suggest an operation comparable to NotPetya. “This is support on a government level,” he said. “Very expensive and very synchronized. Without the help of government bodies it would not be possible. We’re talking now about the Russian Federation.”
CHA-CHING — Crowdfense announced Tuesday its paid about $4.5 million to researchers during the first two months of the firm’s public bug bounty program. “Law enforcement and intelligence organizations are scrambling to procure better tools to fight crime and deter hostile activities, and we are eager to help them improve the effectiveness of their cyber operations,” said Andrea Zapparoli Manzoni, the company’s director. The United Arab Emirates-based firm has purchased four digital capabilities from researchers and has $5.5 million left to dish out as part of its ongoing, $10 million bounty effort.
RECENTLY ON PRO CYBERSECURITY — The Senate Foreign Relations Committee amended and approved a House-passed bill to create a high-level cyber office at the State Department. … Sen. Angus King asked Energy Department cybersecurity nominee Karen Evans to urge the White House to bring back the cybersecurity coordinator position. … The federal government released a handbook clarifying the roles of agency chief information security officers. … The Defense Digital Service wants to streamline the federal background check process for security clearances. … “The House today resoundingly passed a major overhaul of restrictions that the U.S. imposes on foreign investments, in response to growing concern about how China taps into critical technologies.”
TWEET OF THE DAY — *gulp*
— Bad bots, used to achieve fraud and abuse, are moving to mobile, according to a new report out today from Distil Networks. According to the company’s study of 100 million devices over 45 days, 5.8 percent of all mobile devices were used in bot attacks. They made up 8 percent of all bad bot traffic, and 44 percent of all cellular IP gateways were used in such attacks.