HACKERS
Pentagon: The Defense Department reported a security breach of travel records, including personal information and payment card data, for up to 30,000 of US military and civilian personnel. The incident affected a single commercial vendor, the department said, and no classified information was stolen. (MT)
Router Fixer: A mysterious Russian-speaking, grey-hat hacker, who goes by the name of Alexey, is reportedly breaking into people's routers and patching security flaws in them. He is being transparent about his actions, saying that he is trying to prevent further abuse by other cyber-criminals. Analysts say that despite what appear to be his good intentions, he is breaking the law. (ZDNet)
COURTS
Fraud Ring Leader: Romeo Vasile Chita, a Romanian national, was extradited from his home country to the United States to face charges in Ohio federal court for leading an international cyber fraud ring that used malware to steal more than four million dollars. Chita is one of nine charged in a U.S. grand jury indictment in 2010. One of the group's methods was to send "phishing" emails to its targets to capture sensitive information from users, including bank account information. The phishing emails appeared to come from the Better Business Bureau, the IRS, U.S. Tax Court, the National Payroll Records Center, and other entities, according to the FBI. (Cleveland)
Genealogy Site: A website called GEDmatch has helped investigators solve fifteen murder and sexual assault cases since April. The GEDmatch database, which unlike other genealogy sites like 23andMe has no lab, is a website where people, who have had their DNA analyzed elsewhere, can locate more relatives and dive deeper into their ancestry. The GEDmatch database can now be used to identify at least 60 percent of all Americans of European ancestry. According to a study published last week in the journal Science, within three years, the DNA of nearly every American of Northern European descent - who make up the primary users of the site - will be identifiable through cousins in the site’s database. (NYT)
Campaign Hacking: In a motion to dismiss a lawsuit, lawyers for Donald Trump’s 2016 presidential campaign argue that the First Amendment protects the campaign’s “right to disclose information—even stolen information—so long as (1) the speaker did not participate in the theft and (2) the information deals with matters of public concern.” The campaign is being sued by two donors and one former employee of the DNC for allegedly working with Russia and WikiLeaks to publish hacked emails. (Atlantic)
ON THE HILL
China Hacking: Senator John Thune (R-SD), the Republican chair of the Senate Commerce Committee, asked Apple, Amazon, and Super Micro Computer, for briefings about a Bloomberg report that the Chinese government implanted malware into U.S. hardware, which the companies have denied. (Reuters)
DOD
Weapons: A newly released report from the Government Accountability Office found that nearly all of the military’s new weapons systems suffer from “mission-critical cyber vulnerabilities.” The study drew on security audits from 2012 to 2017. The agency warned that the problems probably represent “a fraction” of the holes in the Pentagon’s network. (WaPo)
Google: The company has removed itself from the running for a major cloud computing contract with the Defense Department, called the Joint Enterprise Defense Infrastructure project, after concluding the work might breach its principles for the use of artificial intelligence. (WaPo)
PRIVATE SECTOR
Google: The company has decided to shutter its failing social network Google Plus after it discovered a security vulnerability that exposed the information of up to 500,000 users. Google said it did not disclose the breach, which was discovered and patched in March, because it didn’t appear that anyone had accessed the information, and the company was not legally required to report it. (NYT)
Payment Firms: More than a dozen global payment companies, including JPMorgan Chase, Mastercard, and WorldPay, held their inaugural joint cybersecurity war games. The exercises are intended to test their readiness for simultaneous cyberattacks. (Bloomberg)
THE WORLD
Vietnam: The country is getting ready to strictly enforce a new law that requires global technology companies to establish local offices and store data locally. Analysts note that despite sweeping economic and social reforms, Vietnam’s Communist Party keeps a tight grip on media and dissent. (Reuters)