– The eyes of the cyber industry are on Las Vegas this week, where two of the biggest conferences of the year are taking place.
HAPPY MONDAY and welcome back to Morning Cybersecurity! I’m your host, Maggie Miller, and we’re officially in the part of summer where Washington, DC, is exclusively filled with tourists as Capitol Hill cleans up for the month. “Stand on the right, walk on the left” thoughts will overwhelm.
Do you have any tips or secrets to share with MC? Or thoughts on what we should cover? Email your MC host Eric Geller ([email protected]) and Maggie Miller ([email protected]). You can also follow @POLITICOPro AND @MorningCybersec on Twitter. Full team contact information is below. Let’s dive in.
LONG LIVE LAS VEGAS – Federal cybersecurity officials and industry experts will make the annual pilgrimage to Las Vegas this week for the Black Hat and DEFCON conferences, where the impact of the war in Ukraine, election security and other issues will be in the spotlight.
– Agenda: The Black Hat conference will kick off first, with former CISA director Chris Krebs set to keynote on Wednesday and investigative journalist Kim Zetter to keynote on Thursday. Elsewhere at Black Hat, DHS Undersecretary for Policy Rob Silvers will provide information on the Cybersecurity Review Board’s inaugural report on the Log4j vulnerability. Other sessions will focus on insights from Russian cyber tactics against Ukraine.
Later in the week, top federal officials will be out in force at DEFCON, which begins Friday and runs through Sunday. CISA Director Jen Easterly will take part in a talk on how Aerosmith can teach lessons about the future of cyber security and National Cyber Director Chris Inglis is also expected to speak.
— Voting village: DEFCON is known for its hacker villages, which allow professionals to come together to examine vulnerabilities in everything from cars to biotechnology to aviation systems. The most famous of these is the Voting Village, which will present sessions on hacking infrastructure and other election vulnerabilities just three months before the November midterm elections.
Harry Hurst, co-founder of Voting Village, told your MC host to expect talks from an official who recently left the White House National Security Council, along with officials from the Election Assistance Commission and Maricopa County , Arizona, which has been in the national spotlight since the 2020 election. Hurst noted that there may be fewer machines available for hacking, as three major election infrastructure vendors recently backed out of commitments to bring equipment in the village, though at least one Chinese-designed voting machine will be available for attendees to examine.
The event comes after two years of misinformation and disinformation about the results of the 2020 US presidential election, and after years of increasingly harassing election officials. Hurst noted that while he received death threats before 2020, they had increased fivefold since the election. As a result, addressing cyber and informational threats around elections has been incorporated into the village.
“One of the reasons why fighting misinformation has become part of what we do is because there are so many lies,” Hurst said.
The new cyber bullet at home – Ritchie Torres, a freshman Democrat in the House of Representatives from New York, thinks cybersecurity is one of the most dangerously neglected issues in America, your MC hosts Eric and Maggie report in a story published today for Pro.
Torres, who hopes to step into a looming void in the congressional cyber leadership space, isn’t afraid to attack President Joe Biden, whom he admires, for what Torres sees as a failure to address systemic cyber vulnerabilities on government networks and critical infrastructure.
“I’m a partisan Democrat who supports Joe Biden wholeheartedly,” Torres, a member of the House Homeland Security Committee, said during an interview in his office. “Having said that … I have a job to do. It’s surveillance.”
— Background: Torres, who won his Bronx district with 89 percent of the vote in 2020, joined the national security panel because the Russian government’s 2020 SolarWinds cyber espionage campaign piqued his interest in cybersecurity. In his second term, he said, he wants to do more lawmaking and oversight on cyber issues, hoping to fill the void left by the January retirement of Rep. John Katko (RN.Y.), ranking member of the country’s panel and a bipartisan cyber dealmaker and Rep. Jim Langevin (DR.I.), one of the earliest champions of the cause and a lawmaker who helped spearhead nearly every major cyber bill.
Torres is seeking to become a key Democratic voice on cybersecurity in negotiations with House Republicans, a role that could be especially important if the GOP retakes the lower chamber this fall and pursues a more confrontational and friendly cyber agenda. industry.
UP – An exploited vulnerability in Twitter’s code left some users’ emails and phone numbers exposed online, potentially compromising the identity of anonymous accounts.
Twitter on Friday wrote in a blog post that a threat actor had exploited a known vulnerability to enter phone numbers and emails and match them to existing accounts. The individual or group then offered to sell the information online, which resulted from a vulnerability that Twitter was notified of and fixed in January. The vulnerability was exploited before the patch.
Twitter noted that while no passwords were exposed, affected users would be notified, and the company encouraged all users to implement two-factor authentication on their accounts to help protect themselves. The flaw came to Twitter’s attention through its bounty program.
This is not the first time the company has seen user data compromised. In July 2020, hackers gained access to the accounts of high-profile figures, including that of now-president Joe Biden to post messages asking for donations to a bitcoin account.
Face the music – A Russian national suspected of running a criminal bitcoin exchange that laundered more than $4 billion in funds was extradited to the US late last week, marking a victory for the Justice Department’s fight against ransomware attacks.
Alexander Vinnik was extradited from Greece to face a 21-count indictment in the Northern District of California related to bitcoin exchange BTC-e, which was allegedly responsible for laundering funds obtained from ransomware attacks and hacking other computer. Vinnik was first arrested in Greece in 2017 and BTC-e was shut down soon after.
The arrest is the latest step in the Justice Department’s efforts to crack down on individuals and groups behind ransomware attacks. The agency set up a task force last year to fight ransomware and made it a priority target in a strategic plan released this year, including increasing the pace of investigating attacks.
Black Hat and DEFCON founder Jeff Moss with a joke… maybe?: “On the way to Las Vegas for @BlackHatEvents, @defcon better not be canceled.”
— Industry groups and cyber experts oppose proposed surveillance of water sewer systems. (CyberScoop)
– The German Chamber of Industry and Commerce is hit by a cyber attack. (record)
— “Finance sector delivers latest blow to NDAA’s Cyber Solarium construct”. (Next Government)
Talk to you soon.
Stay in touch with the entire team: Eric Geller ([email protected]); Konstantin Kakaes ([email protected]); Maggie Miller ([email protected]); and Heidi Vogt ([email protected]).
