Cybersecurity and Cyberwarfare

The FBI will not investigate a cyberattack that crashed the Federal Communications Commission’s website during an influx of comments on an agency plan to reverse network neutrality.

Agency chief Ajit Pai said the FBI declined to investigate the FCC cyberattack that followed a “Last Week Tonight with John Oliver” segment in May, when Oliver called on viewers to submit comments opposing Pai’s plan to scale back net neutrality rules. “In speaking with the FBI, the conclusion was reached that, given the facts currently known, the attack did not appear to rise to the level of a major incident that would trigger further FBI involvement,” Pai wrote to a pair of Senate Democrats, who were skeptical of the attack. “The FCC and FBI agreed to have further discussions if additional events or the discovery of additional evidence warrant consultation.”

The Federal Communications Commission's network neutrality docket continues to draw a crowd of critics. The latest is House Commerce Committee Ranking Member Frank Pallone (D-NJ). Rep Pallone has called on the Department of Justice and the FBI to investigate whether any federal law has been broken in the filing of fake comments using stolen identities, as some have claimed.

Rep Pallone said he was also worried that some "unknown parties" may be trying to influence federal policy. hat came in a letter to attorney general Jeff Sessions and acting FBI director Andrew McCabe. Rep Pallone wants them to investigate net neutrality activist group Fight for the Future's assertion that at least 14 people had told the FCC that their identities had been used to file comments without their permission, as well as that some 450,000 identical comments were submitted by an "unknown party" that may have been using info gained via data breaches. "Federal law prohibits knowingly making any materially false statement or representation in any matter within the jurisdiction of the executive, legislative, or judicial branch," Rep Pallone's office said.

A new wave of powerful cyberattacks hit Europe on June 27 in a possible reprise of a widespread ransomware assault in May that affected 150 countries. Ukraine reported ransom demands targeting the government and key infrastructure, and the Danish Maersk conglomerate said many of its systems were down. The Russian oil giant Rosneft was also hit, as was the British advertising and marketing multinational WPP. Norway’s National Security Authority said an “international company” there was affected.

Ukraine first reported the cyberattacks, saying they targeted government ministries, banks, utilities and other important infrastructure and companies nationwide, airport departure tables and demanding ransoms from government employees in the cryptocurrency bitcoin. By midafternoon, breaches had been reported at computers governing the municipal energy company and airport in Ukraine’s capital, Kiev, the state telecommunications company Ukrtelecom, the Ukrainian postal service and the State Savings Bank of Ukraine. Payment systems at grocery stores were knocked offline, as well as the turnstile system in the Kyiv metro.

Federal Communications Commission Chairman Ajit Pai unveiled new details about a reported cyberattack that came after comedian John Oliver urged his viewers to flood the agency with pro-network neutrality comments. In response to a series of questions about the incident from Sens Ron Wyden (D-OR) and Brian Schatz (D-HI), Chairman Pai said he was taking the issue seriously. “I agree that this disruption to [the Electronic Comment Filing System] by outside parties was a very serious matter,” Pai wrote in a letter. “As a result, my office immediately directed our Chief Information Officer (CIO) to take appropriate measures to secure the integrity of ECFS and to keep us apprised of the situation. The Commission's CIO has informed me that the FCC's response to the events sufficiently addressed the disruption, and that ECFS is continuing to collect all filed comments."

The ECFS slowed to a crawl after Oliver’s HBO show addressed the net neutrality proceeding in May, leading many to assume that the system was bogged down by an influx of public filings. But the next day, FCC CIO David Bray said the disruption was caused by a malicious distributed denial of service (DDoS) attack, a move designed to take down a site by flooding it with fake traffic. “I appreciate the FCC’s response,” Sen Wyden said. “I’m waiting to draw any final conclusions until the FBI weighs in. However, it is clear that FCC wasn’t ready for this attack. In the future, the agency should consider other ways to submit comments if its web portal fails again.”

Early last August, an envelope with extraordinary handling restrictions arrived at the White House. Sent by courier from the CIA, it carried “eyes only” instructions that its contents be shown to just four people: President Barack Obama and three senior aides. Only in the administration’s final weeks in office did it tell the public, in a declassified report, what officials had learned from Brennan in August — that Russian President Vladimir Putin was working to elect Donald Trump.

Over that five-month interval, the Obama administration secretly debated dozens of options for deterring or punishing Russia, including cyberattacks on Russian infrastructure, the release of CIA-gathered material that might embarrass Putin and sanctions that officials said could “crater” the Russian economy. But in the end, in late December, President Obama approved a modest package combining measures that had been drawn up to punish Russia for other issues — expulsions of 35 diplomats and the closure of two Russian compounds — with economic sanctions so narrowly targeted that even those who helped design them describe their impact as largely symbolic. President Obama also approved a previously undisclosed covert measure that authorized planting cyber weapons in Russia’s infrastructure, the digital equivalent of bombs that could be detonated if the United States found itself in an escalating exchange with Moscow. The project, which President Obama approved in a covert-action finding, was still in its planning stages when he left office. It would be up to President Trump to decide whether to use the capability.

The House Communications Subcommittee, chaired by Rep Marsha Blackburn (R-TN), held a hearing examining cybersecurity risks to wireless technologies with a particular focus on wireless networks and mobile devices. Cyber criminals often utilize a number of strategies to launch attacks on wireless technologies. Often times exploiting vulnerabilities within a network to gain unauthorized access to wireless networks or target mobile devices through malware and phishing attacks.

“Mobile connectivity has become essential to our daily lives as a result of advances in technology and consumer demand,” said Chairman Blackburn. “Increasing reliance on wireless devices and networks has provided more avenues for cyber criminals to compromise our security and harm consumers. Hackers are smart and they are adapting. The sophistication and frequency of cyberattacks against mobile devices continues to escalate and we must meet this challenge head on.”

Top Democratic Sens on the Homeland Security Committee are asking inspectors general at 24 federal agencies to investigate whether Trump Administration officials are skirting federal records laws by using encrypted and vanishing messaging apps. The committee’s current and former ranking members, Sens Claire McCaskill (D-MO) and Tom Carper (D-DE) also want the IGs to investigate whether top agency officials are barring staffers from responding to information requests from congressional Democrats.

That request follows a report that Trump Administration lawyers advised agencies to ignore Democratic requests. The senators collected the requests into a single, alphabetically arranged document that runs to 120 pages, beginning with the Agriculture Department IG and ending with Veterans Affairs.

Russia’s cyberattack on the US electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported.

The scope and sophistication so concerned Obama administration officials that they took an unprecedented step -- complaining directly to Moscow over a modern-day “red phone.” In October, the White House contacted the Kremlin on the back channel to offer detailed documents of what it said was Russia’s role in election meddling and to warn that the attacks risked setting off a broader conflict. The new details, buttressed by a classified National Security Agency document recently disclosed by the Intercept, show the scope of alleged hacking that federal investigators are scrutinizing as they look into whether Trump campaign officials may have colluded in the efforts. But they also paint a worrisome picture for future elections: The newest portrayal of potentially deep vulnerabilities in the US’s patchwork of voting technologies comes less than a week after former FBI Director James Comey warned Congress that Moscow isn’t done meddling.

Russian hackers were meddling with the 2016 US election right from the start of the campaign season. Former FBI director James Comey testified before a Senate Intelligence hearing on June 8, a month after President Donald Trump fired him on May 9. The hearing, centered on Comey's conversations with President Trump, comes amid the FBI's investigations into potential campaign ties with Russia that continue to haunt the commander-in-chief. Allegations of Russian influence on the US presidential election stretch all the way back before the midyear Democratic National Convention, when hackers spear-phished officials and released documents through WikiLeaks.

NTIA, on behalf of the Department of Commerce, is requesting comment on actions that can be taken to address automated and distributed threats to the digital ecosystem as part of the activity directed by the President in Executive Order 13800, "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure." Through this Request for Comments, NTIA seeks broad input from all interested stakeholders - including private industry, academia, civil society, and other security experts - on ways to improve industry's ability to reduce threats perpetuated by automated distributed attacks, such as botnets, and what role, if any, the U.S. Government should play in this area.