Analysis | FBI director cites mysterious Iran-linked attack in arguing for Section 702

In Top News

Good morning and welcome to The Cybersecurity 202, where today is our Friday. Was this forwarded to you? Sign up here.

Below: A look at some of the criminal cases where investigators requested push notification data, and Five Eyes cyber agencies issue a report on memory-safe software.

FBI director cites Section 702 for allowing agents to alert victims of an Iran-linked cyberattack

FBI Director Christopher A. Wray made a fresh appeal to lawmakers this week to renew an expiring surveillance power, revealing that in one recent case, it had helped authorities alert 300 potential victims in all 50 states as well as in other countries that they might be targets of a cyberattack.

He didn’t identify the case, but officials familiar with the matter told The Washington Post that it involved hackers sponsored by Iran who were launching ransomware attacks in 2021. The officials spoke on the condition of anonymity because of the matter’s sensitivity.

One target of that campaign, which has been made public, is Children’s Hospital in Boston. And Wray noted in his testimony before the Senate Judiciary Committee that “Iran has conducted a cyberattack on a children’s hospital in New England.”

The authority he’s urging Congress to extend is known as Section 702 of the Foreign Intelligence Surveillance Act, which enables warrantless collection of electronic communications like emails, texts and IP addresses when the target is a foreigner overseas. Section 702 expires at the end of the month, unless lawmakers reauthorize or temporarily extend it.

Under Section 702, the National Security Agency collects the communications from U.S.-based providers and provides the FBI a subset of the communications that pertain to FBI foreign intelligence investigations, such as cyberattacks launched by nation states. According to the Office of the Director of National Intelligence, that was 3.2 percent of Section 702 targets as of February.

  • At the hearing Wray said, “When an overseas cybercriminal breaches a transportation hub, a public utility, or even a children’s hospital, 702 is often the tool we use to find victims and get them what they need to get their systems back up and running. And just as important, it helps us identify the next targets so they can defend themselves against an attack.”

But because the FBI is lawfully permitted to conduct searches without a warrant for U.S. persons in its tranche of 702 communications, privacy advocates, including a vocal coalition of lawmakers on the left and the right, are crying foul. They are seeking a warrant requirement to search the data. U.S. officials say such a requirement is unduly burdensome and would make it virtually impossible to, for instance, find U.S. victims of cyberattacks sponsored by foreign governments, or American targets of foreign assassination plots.

The competing views of such a warrant requirement are manifested in two different major House bills. The House Intelligence Committee this morning is taking up legislation that would reauthorize Section 702 without the warrant requirement for all U.S. person queries, one day after the House Judiciary panel approved its legislation by a 35-2 vote that does require those warrants.

House Intelligence Chairman Michael R. Turner (R-Ohio) said his panel’s bill contains “real reforms” but that it would “at the same time preserve 702 as one of the most important foreign intelligence tools” at the United States’ disposal.

“We’ve been very concerned about making sure we protect Americans’ privacy,” he told reporters Wednesday. “We want to hold the FBI accountable.”

In response to the FBI’s “very serious abuses,” top panel Democrat Jim Himes (Conn.) said, the legislation would require an FBI supervisor or attorney to provide previous approval except in certain emergency circumstances before any FBI U.S. person query — which he said would reduce the number of FBI personnel permitted to undertake or approve a query by 90 percent.

Both committees believe Section 702 needs to be reauthorized in some fashion, the top Democrat on the House Judiciary Committee, Rep. Jerrold Nadler (N.Y.), said Wednesday. And Rep. Andy Biggs (R-Ariz.), the chief sponsor of the bill, said that “we were able to work with our intel counterparts who agree with much of what we have in our bill today.”

But the FBI hasn’t been able to get a handle on abuses by itself, he said. “Despite efforts to rein this in, the federal government has continued to use its powers to improperly and often illegally spy on American citizens,” Biggs said.

Civil liberties and privacy groups have praised the House Judiciary version of the bill while saying the competing House and Senate intelligence committees’ proposals fall far short.

House Judiciary Chairman Jim Jordan (R-Ohio) mentioned the two versions of the bill and said that “there will be a vote on the floor next week.” Turner said he had received no “assurances” on the process for floor consideration.

Turner said it was his “understanding” that a short-term extension through mid-April of the 702 authorities would be folded into the annual defense policy bill.

“Obviously the House has been in chaos and our legislative business has been disrupted,” he said, referencing the turmoil over the ouster of then-House Speaker Kevin McCarthy (R-Calif.) and his eventual replacement with Rep. Mike Johnson (R-Ohio). “It’s an appropriate extension to give the house the ability to address 702.” 

Law enforcement requested push notification data for Jan. 6 rioters, other suspected criminals

Police have requested push notification data in at least two dozen criminal cases, including nine relating to the Jan. 6, 2021, riot and two relating on suspects in money laundering and child sexual abuse material cases, our colleague Drew Harwell reports. The technique was outlined in a letter dated Wednesday to the Justice Department from Sen. Ron Wyden (D-Ore.). The letter was first reported by Reuters’s Raphael Satter.

“The tokens could reveal details about who a person is communicating with over a messaging or gaming app, what times they talk and, in some cases, the text of any message displayed in the notification,” Drew writes. “Depending on how users have set up their push notifications, the token data could also potentially expose limited information about anyone who had exchanged emails, texts or social media messages with someone that federal investigators have pursued.”

Wyden said in his letter that the Justice Department restricted Apple and Google from talking about the requests and asked DOJ to change that rule. The letter also said Wyden’s office got a tip saying foreign governments began asking for the data.

  • In a statement, Apple said that “the federal government had prohibited us from sharing any information” about the requests and now that the method had become public, it was updating its upcoming transparency reports to “detail these kinds of requests.”
  • Google said in a statement that it publishes transparency reports that include data on government requests for user data and that it shares Wyden’s “commitment to keeping users informed about these requests.”

Five Eyes cyber agencies issue guide to memory-safe software migration

Cybersecurity authorities in the United States, Australia, Canada, New Zealand and the United Kingdom — which make up the Five Eyes intelligence alliance — urged software executives to switch to safer programming languages and create “memory safe” road maps, in an attempt to reduce security risks from a prevalent type of security flaw.

The vulnerabilities originate with some programming languages’ ability to let developers move memory — which is allocated for computer code to make commands — around manually.

The report by the agencies also noted that the agencies “encourage software manufacturers to lead from the top by publicly naming a business executive who will personally drive the elimination of memory safety vulnerabilities from the product line.”

  • “Executive-level leadership should drive the transition to memory safe programming languages because memory unsafety is fundamentally a business strategy problem,” the report also said. “As such, the CEO or other business executive should sign the road map.”

The report comes as federal officials push a philosophy that aims to make software secure in the design process.

After court order, Reuters takes down report on Indian hackers-for-hire

Reuters said in an editor’s note that it had “temporarily removed” a cybersecurity story to “comply with a preliminary court order issued on Dec. 4, 2023, in a district court in New Delhi,” and that the news organization “stands by its reporting and plans to appeal the decision,” 404 Media’s Joseph Cox reports.

The removed story “was based on a massive cache of documents including emails, financial records, photos, messages, and presentations from inside Appin, a cybersecurity startup-turned hacker-for-hire shop, as well as law enforcement files from multiple continents and interviews with hundreds of people,” Cox writes.

Reuters said in the editor’s note that the “order was issued amid a pending lawsuit brought against Reuters in November 2022,” and that “as set forth in its court filings, Reuters disputes those claims.”

Reuters didn’t respond to 404 Media’s request for comment.

The untold story of a massive hack at HHS in covid’s early days (Bloomberg Businessweek)

U.S. health officials call for surge in funding and support for hospitals in wake of cyberattacks that diverted ambulances (CNN)

Facebook and Instagram steer predators to children, New Mexico attorney general alleges in lawsuit (Wall Street Journal)

CISA says US government agency was hacked thanks to ‘end of life’ software (TechCrunch)

Hidden cameras, GPS data and license plate readers: How the USPIS tracks down mail thieves (404 Media)

Pentagon inspector general identifies ‘weaknesses’ in cyber defenses from contractors handling controlled unclassified information (Inside Cybersecurity)

U.S. Navy shipbuilder Austal says cyber incident had ‘no impact on operations’ (The Record)

FCC partners with four states on privacy and data protection enforcement (The Record)

Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack (Ars Technica)

Millions of patient scans and health records spilling online thanks to decades-old protocol bug (TechCrunch)

Your mobile password manager might be exposing your credentials (TechCrunch)

Fake Taylor Swift quotes are being used to spread anti-Ukraine propaganda (Wired)

Nissan is investigating cyberattack and potential data breach (Bleeping Computer)

  • From The Post’s media desk: “More than 750 Washington Post staffers said they were walking off the job early Thursday, refusing to work for 24 hours in the biggest labor protest at the company in nearly half a century…Union members said they are walking out to protest a stalemate in bargaining with the company that has left workers without a contract for 18 months.”

Thanks for reading. See you next week.

Read More: Analysis | FBI director cites mysterious Iran-linked attack in arguing for Section 702

Join Our Newsletter!

Love Daynight? We love to tell you about our new stuff. Subscribe to newsletter!

You may also read!

Biden and Trump face off

It's time to play presidential debate bingo! The game where you play along as President Joe Biden and former


Rivian shares soar 30% after Volkswagen takes $1 billion stake

Workers assemble second-generation R1 vehicles at electric auto maker Rivian's manufacturing facility in Normal, Illinois, U.S. June 21,


Florida man kills mother and 2 other women before dying in gunfight with deputies, sheriff

BRADENTON, Fla. — A Florida man fatally shot his mother and two other women he knew in separate


Leave a reply:

Your email address will not be published.

Mobile Sliding Menu

Slot Garansi

depo 25 bonus 25

depo 25 bonus 25