The directorate's mission is to “prevent and eradicate” foreign hackers from attacking critical U.S. targets including election infrastructure and defense companies, Neuberger said yesterday during her first public address since being named to lead the directorate in July.
Neuberger acknowledged the difficulty of her mission during an onstage interview at the Billington Cybersecurity Summit, but also said the growing hacking threats from Russia, China and other U.S. adversaries mean the nation “must” achieve it.
“The nation needs it … the threat demands it and the nation deserves that we achieve it,” Neuberger said.
That mission also means, however, that NSA, which was once colloquially known as “no such agency” and has traditionally kept mum to protect its own hacking operations and secret sources, must start sharing more threat data with cybersecurity pros in the private sector, she said. And the NSA will have to share that information far more quickly than it has in the past when many recipients hcomplained that, by the time they get the information, it's no longer useful, she said.
In some instances, the agency will have to look for “creative approaches” to share that information, Neuberger told reporters after her talk.
For instance, the agency may look for ways to present cybersecurity threat information so it can’t be traced back to the person or group that shared it, she said. Or the agency may look for cybersecurity companies that have the same information but from a different source and highlight those reports.
The new directorate is, in part, an acknowledgement that over the course of several previous reorganizations the spying agency hasn't focused enough on protecting U.S. organizations from foreign cyberattacks, NSA chief Gen. Paul Nakasone told the Wall Street Journal when he announced the new direcorate in July.
Neuberger learned how vital it is to share information about hacking threats during the run-up to the 2018 midterm elections when she was co-leader of an election security task force that combined the work of NSA and U.S. Cyber Command, the military’s hacking wing.
“A particular lesson was that we have to proactively work with private-sector partners, for example social media companies … to help them understand what they're up against,” she said.
In that effort, which NSA wants to repeat in 2020, the agency frequently shared information about hacking operations and social media influence operations with the FBI, which then passed the information along to social media companies and others to help them defend themselves, she said.
“Those companies have to invest in the problem themselves … but, when they're up against a nation-state, there are some insights and information that we should share … to enable them to look for that information on their platforms and shut it down,” she said.
In addition to safeguarding the 2020 elections, Neuberger said, the Cybersecurity Directorate will focus heavily on protecting defense companies, which have been extensively targeted by Chinese hackers looking to copy U.S. advances in military technology.
The directorate will also focus on disrupting foreign ransomware rings, she said, which lock up organizations’ computer files and refuse to release them until the victims pay a ransom.
Ransomware attackers have increasingly been targeting specific industries, she said, and the NSA is worried U.S. adversaries could try to use ransomware to disrupt the 2020 elections by locking up some vital systems on Election Day.
PINGED, PATCHED, PWNED
PINGED: Federal law enforcement officials met yesterday with top security executives from Facebook, Google, Microsoft and Twitter at Facebook’s Silicon Valley headquarters to game plan how to respond to misinformation operations targeting the 2020 election, my colleagues Tony Romm and Ellen Nakashima report.
“The gathering marked the first such meeting involving industry and government of its size this year to address 2020 election security,” Tony and Ellen reported, though sources were relatively tight lipped about specific topics they discussed.
Facebook’s head of cybersecurity policy, Nathaniel Gleicher, said the discussions focused on ways to “improve how we share information and coordinate our response to better detect and deter threats,” my colleagues reported.
The meeting comes roughly three years after Russia used an army of social media bots to spread misinformation about the 2016 election and as social media companies are facing a slew of new threats, including “deepfake” videos and inauthentic activity linked to China and Iran as well as Russia, my colleagues note.
PATCHED: Thieves used voice-mimicking software in March to pose as a British energy company executive and dupe an underling into wiring them more than $240,000, my colleague Drew Harwell reports. The first publicly reported fraud of its kind has stoked concerns over the unregulated growth of technology to create “deepfakes,” or artificial intelligence-crafted fake videos and audio.
A representative for the British company's insurer told Drew that the employee described the fake audio as a replica of his boss's voice down to “the tonality, the punctuation, the German accent.” The thieves tipped their hand, however, when they attempted to fake a call from the boss at the same time the employee was speaking to the real boss himself, according to an email shared with Drew.
While the case is unusual, it isn't isolated. Researchers at the cybersecurity firm Symantec said they have found at least three cases where voice-faking tools were used to swindle companies, sometimes out of millions of dollars, Drew reports. As low-cost artificial intelligence tools to create fake recordings become more ubiquitous, the use of the technology to commit cybercrime and other fraud also will probably increase.
“Criminals are going to use whatever tools enable them to achieve their objectives cheapest,” Andrew Grotto, a fellow at Stanford University’s Cyber Policy Center and a former senior director for cybersecurity policy at the White House during the Obama and Trump administrations, told Drew.
PWNED: A server with databases storing more than 400 million Facebook user names and phone numbers was discovered unprotected online recently, TechCrunch’s Zack Whittaker reports. The data appears to have been scraped from Facebook before the social media site stopped making phone numbers publicly available in April 2018 and could put users at increased risk from hackers and phone scammers.
Some of the records also revealed Facebook users’ personal information including names, gender, and country, Whittaker reports. The data included 133 million records of U.S.-based users, 50 million in Vietnam, and 18 million in the United Kingdom.
Facebook confirmed that the data was scraped before it made phone numbers private in 2018, a decision the company made shortly after researchers flagged how vulnerable the feature made users to scammers. “We have seen no evidence that Facebook accounts were compromised,” Facebook spokesman Jay Nancarrow told TechCrunch. The data set was taken down after TechCrunch notified the host.
Banning Chinese equipment makers such as Huawei won't be enough to defend next-generation U.S. 5G network from hacking, former Federal Communications Commission chairman Tom Wheeler is warning lawmakers in a new paper out this week.
“The hyperbolic rhetoric surrounding the Chinese equipment issues is drowning out what should be a strong national focus on the full breadth of cybersecurity risk factors facing 5G,” Wheeler and his co-author, former FCC official David Simpson, write.
The former Obama-era officials also took a dig at President Trump, who has repeatedly suggested he may remove U.S. government restrictions on Huawei as part of a trade deal with China. “We must not confuse 5G cybersecurity with international trade policy,” they write.
— More cybersecurity news from the public sector:
— Cybersecurity news from the private sector:
THE NEW WILD WEST
Chinese hackers are reverse-engineering hacking tools developed by the NSA to bolster their own cyber arsenal, according to a new report from cybersecurity research firm Check Point.
Check Point researchers aren't the first to spot the use of NSA-like tools by the Chinese, but it was unclear how Chinese hackers were mimicking high-security technology built by U.S. developers. By studying the copycat tools, Check Point researchers figured out that Chinese hackers created a “backdoor” by monitoring machines compromised by the NSA. They then captured data from NSA attacks and reverse-engineered what they found to create a nearly identical tool.
Hacking tools can be time consuming and costly to build, so copycatting rivals' software could give China a competitive edge, the report notes.
— More cybersecurity news from abroad: