Cybersecurity and Cyberwarfare

Rhode Island is suing Google over a data breach the state said compromised the information of 52.5 million users. That is according to the office of RI General Treasurer Seth Magaziner—the state's pension fund is invested in Google. The pension fund filed a motion with the court to head a class action shareholder suit after it was reported that Google execs had not disclosed the breach, which involved the Google+ attempt by the company to capture some of the social media market.

Republican leaders of the House Oversight Committee released a scathing report about the Equifax data breach on Dec 10, detailing a series of security failures that preceded the 2017 compromise of 140 million Americans’ personal information. A few hours later, committee Democrats released a competing report about the consumer credit reporting agency, lashing out at their Republican colleagues for not demanding new cybersecurity laws to prevent the next major data breach.

According to unnamed sources, the Justice Department is investigating whether crimes were committed when potentially millions of people’s identities were posted to the Federal Communications Commission’s website without their permission, falsely attributing to them opinions about net neutrality rules. The Federal Bureau of Investigation has delivered subpoenas to at least two organizations related to the comments.

Federal Communications Commission Chairman Ajit Pai said that roughly 500,000 comments submitted during the debate over the controversial repeal of Obama-era net neutrality rules were linked to Russian email addresses. The disclosure was made in a statement in response to Freedom of Information Act (FOIA) requests submitted by The New York Times and BuzzFeed. In the statement, Chairman Pai refers to "the half-million comments submitted from Russian e-mail addresses."

A senior Apple security expert left for a much lower-paying job at the American Civil Liberties Union, the latest sign of increasing activity on policy issues by Silicon Valley privacy specialists and other engineers. Jon Callas, who led a team of hackers breaking into pre-release Apple products to test their security, started Dec 3 in a two-year role as technology fellow at the ACLU.

The Defense Department is giving industry more time to come up with plans to quarantine the agency’s internal networks using the cloud. The Defense Information Systems Agency extended the deadline for vendors to submit white papers on how to build a cloud-based system that cuts off agency networks from the public web while still allowing employees to access the internet. The tech would close many of the digital doorways hackers and other online bad actors use to attack the Department of Defense Information Network, or DODIN, according to the solicitation.

The House GOP campaign arm suffered a major hack during the 2018 election, exposing thousands of sensitive emails to an outside intruder, according to three senior party officials. The email accounts of four senior aides at the National Republican Congressional Committee (NRCC) were surveilled for several months, apparently. The intrusion was detected in April by an NRCC vendor, who alerted the committee and its cybersecurity contractor. An internal investigation was initiated and the FBI was alerted to the attack.

The Federal Communications Commission has once again refused a New York Times request for records that the Times believes might shed light on Russian interference in the net neutrality repeal proceeding. The Times made a Freedom of Information Act (FoIA) request in June 2017 for FCC server logs and sued the FCC in September 2018 over the agency's ongoing refusal to release the records. The court case is still pending, but the Times had also appealed directly to the FCC to reverse its FoIA decision.

Botnets and automated, distributed attacks threaten our nation’s Internet infrastructure. Solving this and other cybersecurity challenges is a top priority for the Trump Administration. To address these threats, the Departments of Commerce and Homeland Security have developed a road map that charts a path forward, setting out steps to stop the cyber threat to our internet infrastructure. It outlines a plan for coordination among government, civil society, technologists, academics, and industry sectors to develop a comprehensive strategy for fighting these threats.

Marriott International, one of the largest hotel chains in the world, revealed that its Starwood reservations database had been hacked and that the personal information of up to 500 million guests could have been stolen. An unauthorized party had accessed the database since 2014.