THE KEY

It was Democrats for a change — not Republicans — who invoked President Trump’s CrowdStrike conspiracy theory during the first day of public impeachment hearings.

House Intelligence Chairman Adam Schiff (D-Calif.) hammered on the baseless theory — which Trump urged Ukrainian President Volodymyr Zelensky to investigate — as he built a case that Trump abused his power for personal political gain and painted Republicans as touting conspiracy theories untethered to the facts of the probe.

Republicans, meanwhile, steered clear of the bizarre theory involving CrowdStrike, which posits that the cybersecurity firm was somehow helping Ukraine interfere in the 2016 election to hurt Trump. GOP questioners, however, did repeatedly suggest Ukraine was working to elect Hillary Clinton, though the location  of the DNC server examined by CrowdStrike wasn't name-checked by them.

That’s a far cry from earlier hearings when some of Trump’s GOP allies eagerly parroted his claims on the cybersecurity firm that has taken center stage in the impeachment inquiry. Instead, Democrats invoked CrowdStrike to paint Trump and Republicans as peddling unfounded claims.

In fact, State Department official George Kent, one of two witnesses called by Democrats, announced he’d never heard of CrowdStrike before reading the transcript of the Trump-Zelensky call and quickly declared he saw “no factual basis” to the president’s claims.

“I think it’s amply clear that Russian interference was at the heart of the interference in the 2016 election cycle,” Kent said, echoing the unanimous conclusions of the U.S. intelligence community, the Mueller report and the Senate Intelligence Committee.

As my colleagues Shane Harris and John Hudson put it, “Kent emerged as a forceful debunked of some of the most frequently cited assertions and conspiracy theories among Trump’s allies.”

Indeed, no Republican lawmakers even mentioned CrowdStrike during the course of the more than five-hour hearing. Instead, their questions focused mainly on a separate investigation Trump urged into former vice president Joe Biden’s son Hunter’s work on the board of a Ukrainian oil company — claiming he was underqualified for the post and that the president did nothing wrong because Ukraine never launched the investigation. 

They also argued Trump's withholding military aid was based on concern about corruption in Ukraine, a point Schiff hit back at noting the president's conversation with Zelensky mentioned no major corruption cases. 

“What the President brings is CrowdStrike, the server and the Bidens, am I right?” Schiff said.

There were also other fireworks for security hawks during the hearing. 

The big reveal came when acting U.S. ambassador to Ukraine, William B. Taylor Jr., described a previously undisclosed phone call about the investigations between Trump and U.S. Ambassador to the European Union Gordon Sondland, who spoke on a cellphone from a restaurant in Kyiv.

That call last summer “was a stunning breach of security” that was almost certainly overhead by Russian intelligence agencies, my colleague Ellen Nakashima reports.

It also raises serious concerns about Trump officials playing fast and loose with operational security — and giving the Kremlin ammunition it could use to blackmail or embarrass U.S. officials in the process.

“The security ramifications are insane — using an open cellphone to communicate with the president of the United States,” Larry Pfeiffer, a former senior director of the White House Situation Room, told Ellen. “In a country that is so wired with Russian intelligence, you can almost take it to the bank that the Russians were listening in on the call.”

PINGED, PATCHED, PWNED

PINGED: Lawmakers are raising alarms about foreign actors impersonating veterans on social media as a tactic to con other veterans and sow disinformation. The concerns come after Russian agents imitated veterans as part of their efforts to sow discord in the 2016 election and amid fears they could deploy the tactic again in 2020.

House Veterans' Affairs Committee Chairman Mark Takano (D-Calif.) urged social media companies to take action on the problem or “Congress will need to step in directly” during a hearing yesterday.

“By impersonating veterans, these foreign actors are effectively eroding the hard-earned power and integrity of veterans’ voices,” he said.

The scams, known as “Internet spoofing,” can imitate a person by using their name, picture and other information or taking over a real account. Researchers and veterans groups have also found alleged veterans organization pages that are actualy  run by foreign agents and that target the group with misinformation.

Here are more details from my colleague Cat Zakrzewski. 

PATCHED: A Russian man charged by federal authorities with committing more than $20 million in computer fraud made his first appearance in a U.S. court yesterday after being extradited from Israel, my colleagues Paul Duggan and Tom Jackman report. Russia unsuccessfully tried to derail the extradition by offering to exchange an Israeli American prisoner with Israel for the suspected hacker..

U.S. attorneys say Aleksei Burkov operated a website called CardPlanet that sold hacked credit and debit card numbers. He also ran a website where cyber criminals could advertise stolen goods and criminal services. He’s also charged with wire fraud, money laundering and identity theft.

PWNED: Mexico’s national oil company Pemex is refusing to pay hackers a $5 million ransom demand to get back access to their computer systems, Reuters's Adriana Barrera reports

The hack, which follows a string of ransomware attacks against major industrial firms, caused Pemex to shut down computers across Mexico, including corporate networks and payment systems, over the weekend. But the company's plants and wells are still in operation, Energy Minister Rocio Nahle said.

The company was still issuing payments but was forced to revert to manual processes for billing as of Tuesday, Bloomberg News reports.

PUBLIC KEY

— Cybersecurity news from the public sector:

Immigration
Wolf, the fifth person to hold the top DHS job under Trump, was opposed by Democrats for his role in family separations at the U.S. southern border.
Nick Miroff
Every two years, power-grid authorities throw the kitchen sink of digital and physical mayhem at electric utilities and government organizations across North America. It is one of the biggest tests of the utilities’ ability to withstand wave upon wave of hypothetical attacks — and they are not necessarily supposed to pass the test.
CyberScoop
The House Science, Space and Technology Committee will mark up new legislation Nov. 14 that would mandate new research into voting machine cybersecurity vulnerabilities and update the way the government certifies such equipment.
Federal Computer Week

PRIVATE KEY

— Cybersecurity news from the private sector:

Facebook’s latest transparency report is out. The social media giant said the number of government demands for user data increased by 16% to 128,617 demands during the first half of this year compared to the second half of last year.
TechCrunch
Hacker was detected after creating a giant archive file that took up all the free disk space. Had been inside the company's network for almost two years, undetected.
ZDNet
Tech Policy
Facebook took action against tens of millions of posts, photos and videos over the past six months for violating its rules that prohibit hate speech, harassment and child sexual exploitation, illustrating the vast scale of the tech giant’s task in cleaning up its services from harm and abuse.
Tony Romm

THE NEW WILD WEST

— Cybersecurity news from abroad:

The French government signed on Thursday a three-year cybersecurity pact with ei...
Reuters
Phone numbers, addresses and passport details of more than 1m are vulnerable, say researchers
Financial Times

ZERO DAYBOOK

— Today:

  • Rep. Bennie G. Thompson (D-MS), Chairman of the Committee on Homeland Security, will speak at the Georgetown University 2019 “State of Cyber” Conference in Washington DC at 10:30 a.m.

— Coming up:

  • New York University’s Center for Cybersecurity, the Journal of National Security Law & Policy will host an event titled “Catching the Cybercriminal: Reforming Global Law Enforcement” on November 18 at 10 a.m.
  • The House Financial Services Committee will host a hearing on the role of big data in financial services on November 21 at 9:30 a.m.
  • The 2019 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 18-20 Nov 2019 in at the Crystal Gateway Marriott in Arlington, VA.
  • CYBERWARCON takes place on November 21 in Arlington, Va.