| Welcome to The Cybersecurity 202! Today marks 63 years since "The Day the Music Died," when Buddy Holly, Ritchie Valens and "The Big Bopper" were killed in a plane crash in Clear Lake, Iowa. Below: The FBI acknowledged testing NSO spyware, and the Biden administration may crack down on TikTok and other Chinese-owned apps. | Some Trump supporters wanted to leverage federal intelligence for political advantage |  Former President Donald Trump. (AP Photo/Alex Brandon, File) | | | In the waning weeks of Donald Trump's presidency, allies proposed an extraordinary plan to keep him in office. The plan, outlined in a memo floated to GOP lawmakers, involved seizing raw electronic communications collected by the National Security Agency. An outside team would then sift through that data looking for evidence foreign actors interfered in the 2020 election to aid Joe Biden's victory, Josh Dawsey, Rosalind S. Helderman, Emma Brown, Jon Swaine and Jacqueline Alemany report this morning. The previously undisclosed scheme – which doesn't appear to have ever reached the White House – would have marked an unprecedented use of the government's intelligence powers for a president's political advantage. It comes amid a crush of revelations about similar plans to overturn Biden's victory, most of which relied on baseless and outlandish conspiracy theories about foreign powers hacking the election from China and Venezuela. Another prominent memo, which is being investigated by the Jan. 6 committee, would have ordered the Defense Department to seize voting machines from local governments to search for evidence of such hacking. The efforts collectively paint a picture of a radical — though ham-handed — effort to reverse the will of the voters in 2020. |  Former president Donald Trump with My Pillow CEO Mike Lindell. (Jabin Botsford/The Washington Post) | | | The NSA memo seems to have been on the fringes of that effort. | | It's not clear who wrote the memo, though it was floated to Republican lawmakers by Michael Del Rosso, a failed GOP House candidate from Virginia. Del Rosso and others tried to get the memo into Trump's hands, but there's no evidence it ever reached the White House. | - The plan called for Trump to ask acting secretary of defense Christopher Miller to seize the "NSA unprocessed raw signals data" and tap Del Rosso, former National Security Council member Richard Higgins and an Army lawyer named Frank Colon to do the review.
- Colon, however, said he had never heard of the plan and has no idea who Del Rosso is. Colon currently serves as a civilian legal adviser assigned to a military intelligence brigade headquartered at Fort Meade in Maryland, home to NSA. Miller similarly said he had never heard of the plan.
- Del Rosso sent the memo to Sen. Kevin Cramer (R-N.D.) after the pair met at a Jan. 4 meeting on election interference claims that was hosted by My Pillow magnate Mike Lindell, my colleagues report. He also sent it to Sen. Ron Johnson (R-Wis.), who was then chair of the Senate Homeland Security Committee.
- NSA collects a wide range of foreign electronic data, ranging from emails and phone calls to satellite data. The spy agency is barred from targeting U.S.-based people's communications without a court order.
| | It's also not clear if the memo authors had the legal know-how to accomplish their goal. The memo claimed the seizing of NSA data could be authorized by a classified White House policy memo — known as National Security Presidential Memorandum 13 — which deals primarily with the process for approving offensive cyberattacks. Michael Daniel, who led White House cyber operations during the Obama administration, called that a misunderstanding of the policy's authorities and described the memo as "a crazy tangle of things." "It would have been a radical departure from normal procedure," Daniel, who now leads the Cyber Threat Alliance industry group, told my colleagues. The final weeks of the Trump administration were chock-full of similarly outlandish plans to overturn the election results, people familiar with the period told my colleagues. "That period in time was amateur hour with people who did not know Trump or had never met with Trump before in their lives, attempting to get into the Oval Office to get authorized to do investigations that the rest of the government had examined and had said there was no evidence for," said Michael Pillsbury, an informal adviser to Trump at the time. | | |  | The keys | | For the first time, the FBI acknowledged testing NSO spyware |  The FBI said it hadn't used the spyware "in support of any investigation." (Jose Luis Magana/AP) | | | The FBI explored how the controversial spyware might be used in criminal investigations, but never actually deployed it in any investigations, Ellen Nakashima reports. The FBI decided not to deploy the spyware last summer, around the time when The Washington Post and 16 media partners found that NSO's Pegasus spyware was used to target the phones of activists, executives and journalists around the world, according to the New York Times Magazine. | | One big concern: Using the spyware could complicate subsequent prosecutions if the Justice Department were to bring charges, people familiar with the events who spoke on the condition of anonymity because of the matter's sensitivity told Ellen. NSO critics expressed concern about the FBI's moves. "This is extremely troubling and raises basic questions about whether Americans' constitutional rights are being sufficiently protected as the FBI explores or uses hacking tools," said John Scott-Railton, senior researcher at the University of Toronto research group Citizen Lab, which has examined infected devices and published research on NSO spyware. He called on the U.S. government to be "much more transparent about the use of such contractors and what ethical oversight is involved." "Democracies and dictatorships shouldn't share a hacking toolbox," Scott-Railton said. In other spyware news: Israeli police reportedly used spyware to hack a key person involved in a criminal case against former prime minister Benjamin Netanyahu, the Times of Israel reports. It's not clear whether Pegasus was involved, but Israeli media reported that authorities discovered the hack as part of an investigation into reports that the country's police illegally used NSO spyware. Netanyahu called the revelation an "earthquake." | The Biden administration is considering rules that could expand government oversight of TikTok and other foreign-owned apps |  The Committee on Foreign Investment in the United States has an "ongoing" review of TikTok, National Security Council spokeswoman Saloni Sharma said. (Kiichiro Sato/AP) | | | The rules would apply to apps that can be exploited "by foreign adversaries to steal or otherwise obtain data." They could let the Commerce Department require apps to submit to audits, opening the door to independent scrutiny of their source code and the types of data that they collect, Cat Zakrzewski and Drew Harwell report. | - Trump earlier sought to outright ban TikTok, WeChat and other Chinese-owned apps — a move that had faced court challenges.
- Biden revoked Trump's order and launched a security review that produced the current proposed rules.
| | The Commerce Department doesn't have a timeline for when the rules will be finalized. | North Korea targeted an American hacker. He retaliated by taking down the country's Internet. |  The hacker said his cyberattacks were aimed at sending a message at North Korea's government, and he "wanted to affect the people as little as possible." (Jon Chol Jin/AP) | | | The spat began when North Korean hackers posed as security researchers and targeted Western researchers in an attempt to steal sensitive information on software vulnerabilities that they had discovered. The hacker, who goes by the pseudonym P4x, said he successfully defended himself from the North Korean attacks. But he was so outraged that he decided to retaliate, WIRED's Andy Greenberg reports. The U.S. government hasn't publicly responded to the North Korean hacking campaign. According to P4x, he found software vulnerabilities on systems that are essential for North Korea's connection to the global Internet and exploited them to take sites hosted in the country offline. He shared screen recordings with WIRED to show that he was responsible for the cyberattacks. "It felt like the right thing to do here. If they don't see we have teeth, it's just going to keep coming," the hacker told Greenberg. "I want them to understand that if you come at us, it means some of your infrastructure is going down for a while." The hacks were also meant as a message to the U.S. government that it should respond more aggressively to North Korea's digital belligerence, the hacker said. Most of North Korea doesn't have access to the global Internet. Many of the sites P4x took down were used for government activities like international propaganda, researchers said. | | |  | Hill happenings | | Rosen reintroduces cyber workforce bill |  Sens. Jacky Rosen (D-Nev.), pictured, and Marsha Blackburn (R-Tenn.) are introducing the legislation. (Jabin Botsford/The Washington Post) | | | The Cyber Ready Workforce Act would set up a Department of Labor program to award grants to support cybersecurity apprenticeship programs. It's being introduced in the Senate today by Sens. Jacky Rosen (D-Nev.) and Marsha Blackburn (R-Tenn.). Companion legislation is also being introduced in the House. Rosen previously introduced the proposal in 2019. | Criticism of EARN IT Act gets louder ahead of markup expected next week |  The sponsors of the legislation, including Sen. Richard Blumenthal (D-Conn.), say it would force tech companies to get tough on cracking down on child pornography. (Jabin Botsford/The Washington Post) | | | The bill would open up tech platforms to legal liability when their users share child pornography. It sparked panic in 2020 from encryption advocates who thought the bill could force companies to stop offering end-to-end encryption, a protection they say is important for security but that also makes it easier for criminals to share child pornography and other illegal content undetected. The system blocks anyone from reading messages besides the sender and recipient — even tech companies themselves and police with warrants. The Senate Judiciary Committee is expected to discuss a reintroduced version of the bipartisan legislation next week. The reintroduced bill includes a provision stating that companies can't be held liable for merely offering end-to-end encryption, but encryption advocates still fear the protection is in danger. | - Sen. Ron Wyden (D-Ore.): "The EARN IT Act threatens the privacy and security of law-abiding Americans by targeting any form of private, secure devices and communication. As a result, the bill will make it easier for predators to track and spy on children and also harm the free speech and free expression of vulnerable groups."
- Center for Democracy and Technology President Alexandra Reeve Givens: "By creating a massive disincentive for providers to offer encrypted services, the EARN IT Act will make us all less safe."
- TechFreedom Free Speech Counsel Ari Cohn: "EARN IT claims to protect encryption, but it fails to do so in any serious way."
| | |  | Government scan | | | |  | Global cyberspace | | | |  | Cyber insecurity | | | |  | National security watch | | | |  | Industry report | | | |  | Privacy patch | | | |  | Daybook | | - The Senate Homeland Security Committee holds a hearing with three Biden nominees for positions in the Department of Homeland Security today at 10:15 a.m.
- BSidesTLV founder Keren Elazari discusses hacker cultures at a Strauss Center event today at 1:15 p.m.
- David Nalley, the president of the Apache Software Foundation, testifies at a Senate Homeland Security Committee hearing on a vulnerability in the Apache log4j library on Tuesday at 10 a.m.
| | |  | Secure log off | | | Thanks for reading. See you tomorrow. | | |
