— The cyber industry’s eyes are on Las Vegas this week, where two of the biggest conferences of the year are taking place.
HAPPY MONDAY, and welcome back to Morning Cybersecurity! I’m your host, Maggie Miller, and we’re officially into the part of summer where Washington, D.C., is filled exclusively with tourists while Capitol Hill clears out for the month. The “stand on the right, walk on the left” thoughts are about to go into overdrive.
Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Email your MC hosts Eric Geller ([email protected]) and Maggie Miller ([email protected]). You can also follow @POLITICOPro and @MorningCybersec on Twitter. Full team contact info is below. Let’s dive in.
VIVA LAS VEGAS — Federal cybersecurity officials and industry experts will make the annual pilgrimage to Las Vegas this week for the Black Hat and DEFCON conferences, where the impact of the war in Ukraine, election security and other issues will be in the spotlight.
— The agenda: The Black Hat conference will kick off first, with former CISA Director Chris Krebs set to give the keynote address Wednesday, and investigative journalist Kim Zetter giving the keynote address Thursday. Elsewhere at Black Hat, DHS Undersecretary for Policy Rob Silvers will provide insight into the Cyber Safety Review Board’s inaugural report on the Log4j vulnerability. Other sessions will focus on insights from Russian cyber tactics against Ukraine.
Later in the week, senior federal officials will be out in force at DEFCON, which begins Friday and runs through Sunday. CISA Director Jen Easterly will participate in a talk on how Aerosmith can teach lessons on the future of cybersecurity, and National Cyber Director Chris Inglis is also slated to speak.
— Voting Village: DEFCON is known for its hacking villages, which allow professionals to come together to examine vulnerabilities in everything from cars to biotech to aviation systems. The most famous of these is the Voting Village, which is set to feature sessions on hacking infrastructure and other election vulnerabilities just three months ahead of the November midterm elections.
Harri Hursti, the co-founder of the Voting Village, told your MC host to expect talks from an official who recently left the White House’s National Security Council, along with officials from the Election Assistance Commission and from Maricopa County, Arizona, which has been in the national spotlight since the 2020 elections. Hursti noted there may be fewer machines for hacking, as three leading election infrastructure vendors recently pulled out of commitments to bring equipment to the village, though at least one voting machine designed in China will be available for attendees to examine.
The event is taking place following two years of misinformation and disinformation around the results of the 2020 U.S. presidential election, and after years of election officials being increasingly harassed. Hursti noted that while he received death threats before 2020, they had increased five times since the election. As a result, addressing threats in the cyber and information space around elections has been incorporated into the village.
“One of the reasons why fighting misinformation has become part of what we do is because there are so many lies,” Hursti said.
NEW CYBER LEAD IN THE HOUSE — Ritchie Torres, a freshman House Democrat from New York, thinks cybersecurity is one of the most dangerously overlooked issues in America, your MC hosts Eric and Maggie report in a story out today for Pros.
Torres, who’s hoping to step into a looming void in the congressional cyber leadership space, isn’t afraid to blast President Joe Biden, whom he admires, for what Torres sees as a failure to address systemic cyber weaknesses in government networks and critical infrastructure.
“I’m a partisan Democrat who supports Joe Biden wholeheartedly,” Torres, a member of the House Homeland Security Committee, said during an interview in his office. “Having said that … I have a job to do. It’s oversight.”
— Background: Torres, who won his Bronx district with 89 percent of the vote in 2020, joined the homeland security panel because the Russian government’s 2020 SolarWinds cyber espionage campaign piqued his interest in cybersecurity. In his second term, he said, he wants to do more legislating and oversight on cyber issues, hoping to fill the gap left by the January retirements of Rep. John Katko (R-N.Y.), the homeland panel’s ranking member and a bipartisan cyber dealmaker, and Rep. Jim Langevin (D-R.I.), one of the issue’s earliest champions and a lawmaker who helped spearhead virtually every major cyber bill.
Torres is seeking to become a leading Democratic voice on cybersecurity in negotiations with House Republicans, a role that could prove especially pivotal if the GOP retakes the lower chamber this fall and implements a more confrontational and industry-friendly cyber agenda.
WHOOPS — An exploited vulnerability in Twitter’s code left some user emails and phone numbers exposed online, potentially compromising the identities of anonymous accounts.
Twitter on Friday wrote in a blog post that a threat actor had exploited a known vulnerability to input phone numbers and emails and match them up with existing accounts. The individual or group then offered to sell the information online, which resulted from a vulnerability that Twitter was notified about and had patched in January. The vulnerability was exploited prior to the patch.
Twitter noted that while no passwords were exposed, users impacted would be notified, and the company encouraged all users to implement two-factor authentication on their accounts to help protect themselves. The flaw came to Twitter’s attention through its bug bounty program.
This is not the first time the company has seen user data compromised. In July 2020, hackers gained access to the accounts of high-profile figures including that of now President Joe Biden to post messages asking for donations to a bitcoin account.
FACE THE MUSIC — A Russian national alleged to have run a criminal bitcoin exchange that laundered more than $4 billion in funds was extradited to the U.S. late last week, marking a win for the Justice Department’s fight against ransomware attacks.
Alexander Vinnik was extradited from Greece to face a 21-count indictment in the Northern District of California in connection to the BTC-e bitcoin exchange, which allegedly was responsible for laundering funds gained from ransomware attacks and other computer intrusions. Vinnik was originally arrested in Greece in 2017, and BTC-e shut down shortly after.
The arrest is the latest step in the Justice Department’s effort to crack down on individuals and groups behind ransomware attacks. The agency stood up a task force last year to combat ransomware, and make it a priority goal in a strategic plan released this year, including increasing the pace of investigating attacks.
Black Hat and DEFCON founder Jeff Moss with a joke … maybe?: “On the road to Las Vegas for @BlackHatEvents, @defcon better not be cancelled.”
— Industry groups and cyber experts object to proposed oversight of water sanitation systems. (CyberScoop)
— German Chambers of Industry and Commerce hit by a cyberattack. (The Record)