Sens. Kirsten Gillibrand (D-N.Y.) and Cynthia Lummis (R-Wyo.), Elizabeth Warren (D-Mass.) and Roger Marshall (R-Kan.), have teamed up to put forward the proposal, geared at preventing the use of crypto assets in illicit financial transactions, in an amendment to annual legislation the that sets the budget for the nation’s armed forces.

The amendment would “require regulators to set examination standards for financial institutions engaged in crypto asset activities and require the Treasury Department to give recommendations to Congress regarding crypto asset mixers and anonymity-enhancing crypto assets,” according to Gillibrand's office.

“Prohibiting the use of cryptocurrencies for money laundering and illicit finance is critical to both our national security and economy. This amendment will require federal regulators to enact strong examination standards that will help prevent the utilization of cryptocurrencies in illegal activities,” Gillibrand said in a release. 

The Senate began considering the annual national defense policy package on Tuesday following the House’s approval of the must-pass legislation last week. Conservative Republican lawmakers in the House added several amendments, leading to an unusually partisan vote.

The proposed amendment on cryptocurrency was developed from a bill Lummis and Gillibrand reintroduced earlier this month that’s aimed at creating a regulatory framework for crypto assets — as well as from a bill by Warren and Marshall introduced last year to extend anti-money laundering to cryptocurrency.

Lummis and Gillibrand have been seen as more supportive of the crypto sector, while Warren and Marshall have been more critical of the quickly growing industry, pushing to expand the government's regulatory power over crypto.

Marshall said in a statement that the newly proposed bipartisan amendment to the NDAA “will set commonsense standards to ensure that proper guardrails are in place as crypto use continues [to] grow across the world.”  

The Surveillance Technology Oversight Project (STOP) released a report Tuesday detailing the elevated dangers for patients who travel for abortions or gender-affirming care.  

“Surveillance doesn’t stop at the state line,” said Albert Fox Cahn, the executive director of STOP. “Even as progressive states seek to protect abortion and gender affirming care within our borders, anti-choice states are continuing to expand the threat that they will prosecute residents who leave the state to find evidence-based medical treatment.”  

Cahn emphasized that it’s crucial for patients to understand how they can be tracked by law enforcement even when outside of the state, writing, “Every hotel reservation and bridge toll will be just one subpoena away from being used against a patient in court.”  

The report comes a little over a year after the Supreme Court struck down Roe v. Wade, which eliminated the 1973 precedent granting the constitutional right to abortion. The Supreme Court granted states the authority to limit or ban the procedure.  

In the months that followed, several Republican-led states moved against residents' access to abortions.

The report found law enforcement and state officials can use license plate readers, ticket information and street cameras to track and identify residents “seeking, facilitating, or providing out-of-state care.” Furthermore, the report claims law enforcement agencies can “weaponize data,” that is already commercially available to them, while being able to buy more data from hotels and smartphones.  

STOP research director Eleni Manis said while “there’s no such thing as an open road anymore,” there are “relatively safer travel methods.” The report found mass public transportation is preferable, as prosecutors and state officials are “unlikely to leverage knowledge,” about where a patient took a specific subway or bus stop.  

Mass public transportation still does have surveillance concerns however, with some cities increasing tracking of public buses or subways and others forcing riders to pay with phone or credit card instead of cash, according to the report.  

The report found using private cars, Uber or Lyft present the risk of collecting the rider’s data including email addresses, phone numbers, payment information, app location service and destination data, while also having a camera in the vehicle. The report noted taking taxi rides could lower the risk in some cities that don’t collect ridership data.  

“Although this database is anonymized, taxi trip data can be combined with street camera footage to track an individual passenger, mitigating the anonymizing effects of paying for a tax using cash,” the report stated.

Researchers went on to detail the differing surveillance risks associated with scooter and bike share programs, airplanes, long haul buses and Amtrak.

The report also examined the risks connected with hotels and motels, which it found both volunteer or sell information to law enforcement. In comparison, the report found the U.S. Civil Code prohibits law enforcement from having access to short-term rental data, without an administrative subpoena. The report stated staying at the home "of a trusted person" is a safe option, but noted those in public housing have limited privacy from law enforcement.

In a STOP report published last year, researchers determined abortion seekers were being tracked even before Roe v. Wade was overturned.

The global cyberattack that targeted a number of federal agencies should be seen as a wake-up call for the government, as the constant threat of cyberattacks for both the public and private sector is unlikely to abate.

According to an IBM report, a data breach could cost government agencies on average $2.07 million per incident. It also said that in 2018, cyberattacks cost the U.S. government $13.7 billion, Security Intelligence reports. 

The Russian-speaking ransomware group, which is reportedly behind the hack, exploited a vulnerability in a software application known as MOVEit, which is widely used by government agencies to transfer files. 

HHS among targets in government hacking attack

Rex Booth, chief information security officer at tech company SailPoint, said that people should remain concerned as the software is widely used across the federal government and private companies and may hold sensitive information, including HR files containing personal identifiable information or audit reports.

Although the impact and scope of the attack is still under investigation, the fact that the hackers targeted multiple agencies simultaneously should be of great concern, experts said. 

“In simple terms, U.S. agencies and businesses worldwide are under constant cyber threat,” said Ryan Lasmaili, CEO and co-founder of Vaultree, a data encryption company.

“The recent attack by the CLoP group is the latest reminder of this fact,” Lasmaili said in an email. 

Hack shares similarities to SolarWinds incident

Emil Sayegh, president and CEO of data security firm Ntirety, said the attack was a significant event with far-reaching implications as the hackers targeted several U.S. federal agencies, which are responsible for critical functions and hold sensitive information.

“The attack demonstrated the vulnerability of our infrastructure and the potential for serious breaches, reminiscent of the SolarWinds attack,” Sayegh said. 

In 2020, SolarWinds, a Texas-based software firm, was breached when Russian state-sponsored hackers exploited vulnerabilities in software updates from the tech company to penetrate the networks of nine federal agencies and at least 100 private sector organizations for nearly a year. 

Multiple federal agencies hit in cyberattack: report

Sayegh added that cyberattacks like this raise concerns about the country’s national security, the protection of sensitive information and the potential disruption of essential services.

Jason Blessing, a research fellow at the American Enterprise Institute, said that the recent cyberattack shows that the lessons from the SolarWinds hack are still “highly relevant” three years later. 

“While the MOVEit hack did not approach the scale of Solarwinds, the formula for protecting government networks and critical infrastructure is the same: interagency communication and cooperation, a quick response time from the private sector and imposing costs on the perpetrators to alter their calculus for future hacking attempts,” Blessing said.

Agencies team up to be ready next time

Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), said during a press call last month that her agency has been working with the FBI to understand how prevalent the issue is and provide support to the federal agencies impacted by the hack.

“While our teams are urgently focused on addressing risks posed by this vulnerability, it’s important to clarify the scope and nature of this campaign,” Easterly said. “Specifically, as far as we know, these actors are only stealing information that is being stored on the file transfer application at the precise time that the intrusion occurs.”

“These intrusions are not being leveraged to gain broader access, to gain persistence into targeted systems, or to steal specific high value information. In sum, as we understand it, this attack is largely an opportunistic one,” she added. 

The FBI told The Hill in a statement that it was aware of the cyberattack and was conducting an investigation. 

“We highly encourage the public and all organizations using MOVEit software to read the FBI and CISA’s joint cybersecurity advisory to learn more about the threat and how to mitigate potential cyber attacks,” The FBI said. 

The Department of Energy and the Department of Health and Human Services (HHS) were among the federal agencies impacted. 

Although it was originally reported that none of the federal agencies affected was asked to pay a ransom, Reuters later reported that Energy did receive such requests at two facilities that were breached by the CLoP ransomware group. 

“The wide-scale nature of this attack underscores the importance of bolstering the ability of industry specific federal agencies to secure America’s critical infrastructure and respond to complex attacks,” said House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-Wash.) and Committee Ranking Member Frank Pallone, Jr. (D-N.J.), in a statement. 

“We continue to monitor the situation and are requesting briefings from the Biden administration, including from DOE, in order to gain a complete understanding of the severity of this attack,” the lawmakers said. 

Booth said the CLoP ransomware group is known for its double extortion scheme where it encrypts the stolen data and then threatens to leak the information unless the victim pays a ransom.  

Booth also said he doesn’t believe that the breach was a targeted attack but was more so a target of opportunity.

“These attackers figured out that there was a vulnerability in the software and then started hunting for instances where they could try to exploit it,” Booth said. 

“It just so happens that a handful of federal agencies got swept up in that hunt. But to my knowledge, there's no indication that federal agencies were specifically targeted,” he added. 

How should the government respond?

Cyrus Walker, the founder and managing principal at cybersecurity firm Data Defenders, said federal agencies should have more coordinated and up-to-date countermeasures in place, including real-time threat intelligence sharing across agencies and with private sector industries. 

He also said that having leadership in place is as important as it ensures better coordination, enforcement and accountability.

“Having someone in a key leadership role would certainly ensure that there is appropriate coordination happening across the various domains at the federal level,” he said. 

Booth added that like any other organization, federal agencies need to improve the way in which they secure its software supply chain. 

He said the government should start by having an inventory list of their vendors and establishing a relationship with them to ensure timely notification for any security issues as well as testing the software every so often.  

“This is a good reminder for all of us that we need to take our software supply chains seriously,” Booth said. 

“The more data that we have out there, whether it's in a file transfer system or somewhere else, the higher the risk exposure,” he added. 

The FBI urged people to use its Cybersecurity Advisory as a way to report and learn about possible cyberattack risks.

"This CSA can be found at IC3.gov," the agency said in a statement to The Hill. "Anyone affected should report immediately to their local FBI field office and IC3.gov."

The White House has announced plans to launch a new program aimed at helping Americans understand which devices they may use in their home that are less vulnerable to cyberattacks.

As part of the effort, internet or Bluetooth-connected devices like baby monitors, home security cameras and refrigerators that meet U.S. government cybersecurity requirements will have an identifier mark, or "trust mark," put on them.

QR codes placed on products will link to a national registry of certified devices, with the Federal Communications Commission (FCC) also considering an annual recertification for products and a way for consumers to be updated on new product information.

The “U.S. Cyber Trust Mark” program is being launched in coordination with the FCC and participating companies, which include major electronics and appliances manufacturers and retailers, according to the White House.

Participating companies include Amazon, Best Buy, Cisco Systems, Consumer Technology Association, Google, Qualcomm and Samsung, among others.

The program is expected to be active in late 2024 and have products identified on the marketplace shortly thereafter.

Before it is rolled out, the program will undergo a public comment period to determine the criteria used for granting the trust marks.

Additionally, the administration is still working to figure out liability if a company were to use the label and their product wasn’t actually secure, according to senior administration officials.

The FCC is currently applying to register a national trademark with the U.S. Patent and Trademark Office that would be applied to products meeting the cybersecurity criteria.

The administration first released the highly anticipated strategy in March, focusing on several key pillars, including defending critical infrastructure from cyberattacks, disrupting and dismantling cyber crime and forging international partnerships.

The roadmap — which the White House noted is the “first iteration” of its implementation plan and represents a “living document” meant to be updated annually — breaks down the cybersecurity strategy into 69 initiatives, specifying various deadlines for implementation over the next three years and which agency is leading each particular initiative.

“Today, the Administration is announcing a roadmap to realize this bold, affirmative vision,” the White House said in a press release. “It is taking the novel step of publishing the National Cybersecurity Strategy Implementation Plan to ensure transparency and a continued path for coordination.”

Several initiatives are meant to be completed by the end of the year, including a review of federal cybersecurity centers, the drafting of legislation to codify the Cyber Safety Review Board and the development of an international plan to discourage countries from acting as safe havens for ransomware criminals, among others.

The surgical, targeted espionage accessed the email of a small number of individuals at an unspecified number of U.S. agencies and was discovered in mid-June by the State Department, U.S. officials said. They said none of the breached systems were classified, nor was any of the stolen data.

The hacked officials included Commerce Secretary Gina Raimondo, The Washington Post reported, citing anonymous U.S. officials. Export controls imposed by her agency have stung multiple Chinese companies.

One person familiar with the investigation said U.S. military and intelligence agencies were not among the agencies impacted in the monthlong spying campaign, which also affected unnamed foreign governments.

The officials spoke on condition they not be further identified.

In a technical advisory Wednesday and a call with reporters, the U.S. Cybersecurity and Infrastructure Security Agency and the FBI said Microsoft determined the hackers gained access by impersonating authorized users.

Officials did not specify the nature of the stolen data. But one U.S. official said the intrusion was “directly targeted” at diplomats and others who deal with the China portfolio at the State Department and other agencies. The official added that it was not yet clear if there had been any significant compromise of information.

The Blinken trip went ahead as planned, although with customary information security procedures in place, which required his delegation to use “burner” phones and computers in China.

The hack was disclosed late Tuesday by Microsoft in a blog post. It said it was alerted to the breach, which it blamed on a state-backed, espionage-focused Chinese hacking group “known to target government agencies in Western Europe,” on June 16. Microsoft said the group, which it calls Storm-0558, had gained access to email accounts affecting about 25 organizations, including government agencies, since mid-May as well as to consumer accounts of individuals likely associated with those agencies.

Neither Microsoft nor U.S. officials would identify the agencies or governments impacted. A senior CISA official told reporters in a press call that the number of affected organizations in the United States is in the single digits.

While the official declined to say whether U.S. officials are displeased with Microsoft over the breach, U.S. National Security Council spokesman Adam Hodge noted that it was “government safeguards” that detected the intrusion and added, “We continue to hold the procurement providers of the U.S. Government to a high security threshold.”

In fact, those safeguards consist of a data-logging feature for which Microsoft charges a premium. The CISA official noted that some of the victims lacked the data-logging feature and, unable to detect the breach, learned of it from Microsoft.

But of greater concern to cybersecurity experts is that The Storm-0558 hackers broke in using forged authentication tokens — which are used to verify the identity of a user. Microsoft's executive vice president for security, Charlie Bell, said on the company's website that the hackers had done that by acquiring a “consumer signing key.”

Cybersecurity researcher Jake Williams, a former National Security Agency offensive hacker, said it remains unclear how the hackers accomplished that. Microsoft did not immediately respond to emailed questions, including whether it was breached by the hackers to obtain the signing key.

Williams was concerned the hackers could have forged tokens for wide use to hack any number of non-enterprise Microsoft users. “I can’t imagine China didn’t also use this access to target dissidents on personal subscriptions, too."

The head of intelligence for the cybersecurity firm Crowdstrike, Adam Meyers, said in a statement that the incident highlights the systemic risk of relying on a single technology provider in Microsoft. He said “having one monolithic vendor that is responsible for all of your technology, products, services and security - can end in disaster.”

A Chinese foreign ministry spokesman, Wang Wenbin, called the U.S. accusation of hacking “disinformation” aimed at diverting attention from U.S. cyberespionage against China.

“No matter which agency issued this information, it will never change the fact that the United States is the world’s largest hacker empire conducting the most cyber theft,” Wang said in a routine briefing.

U.S. intelligence agencies also use hacking as a critical espionage tool and it is not a violation of international law.

Last month, Google-owned cybersecurity firm Mandiant said suspected state-backed Chinese hackers broke into the networks of hundreds of public and private sector organizations globally exploiting a vulnerability in a popular email security tool.

Earlier this year, Microsoft said state-backed Chinese hackers were targeting U.S. critical infrastructure and could be laying the technical groundwork to disrupt critical communications between the U.S. and Asia during future crises.

____

Associated Press writers Aamer Madhani in Washington and Zen Soo in Hong Kong contributed to this report. Bajak reported from Boston.

The hackers, known as Storm-0558, are “focused on espionage” and gathering intelligence by gaining access to email systems. 

“This type of espionage-motivated adversary seeks to abuse credentials and gain access to data residing in sensitive systems,” Microsoft said. 

The tech giant said it conducted an investigation into the breach and found out that the hackers initially accessed the emails in May. 

Microsoft also said it has been working with impacted customers and has notified them of the breach.

China’s foreign ministry spokesperson said the hack claims were “disinformation” intended to shift attention from U.S. cyberattacks on China, the Associated Press reported. 

“No matter which agency issued this information, it will never change the fact that the United States is the world’s largest hacker empire conducting the most cyber theft,” the spokesperson said in a briefing. 

In May, Microsoft uncovered that a Chinese state-sponsored cyber actor known as Volt Typhoon had been accessing credentials and network systems of critical infrastructure organizations in the U.S., including Guam.

The cyber actor targeted organizations in several sectors, including communications, manufacturing, utility, transportation, construction, maritime, government, information technology and education.

Like Storm-0558, Volt Typhoon also focused on espionage and intelligence gathering.

Sen. Mark Warner (D-Va.), chairman of the Senate Select Committee on Intelligence, said in a statement that his committee is closely monitoring the latest breach. 

“It’s clear that the PRC is steadily improving its cyber collection capabilities directed against the U.S. and our allies,” Warner said. 

In a statement to The Hill, the agency said although no "HHS systems or networks were compromised, attackers gained access to data by exploiting the vulnerability in the MOVEit Transfer software of third party vendors.”

“HHS is taking all appropriate actions … and will provide Congress with additional information as the investigation continues,” an HHS official said.

HHS is the latest agency that was reportedly affected by the breach. It was also reported that the Department of Energy was also impacted and asked to pay a ransom.

The Russian-speaking ransomware group known as CLoP is reportedly behind the government hack. The hackers exploited a vulnerability in a software application known as MOVEit, which is widely used by government agencies to transfer files. 

U.S. officials said that they are investigating the impact and scope of the attack. 

Eric Goldstein, the executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, told CNN that his agency is “providing support to several federal agencies that have experienced intrusions.”

The study found that hospitals near a health care facility that was impacted by a ransomware attack may experience an influx of patients and lack resources that could affect time-sensitive matters. 

Other disruptions may include an increase in ambulance arrivals, waiting room times, patients left without being seen and patient length of stay.

The authors of the study concluded that the hospital disruptions tied to a cyberattack “should be considered a regional disaster.”

“This study suggests that health care cyberattacks such as ransomware are associated with greater disruptions to regional hospitals and should be treated as disasters, necessitating coordinated planning and response efforts,” the authors said. 

The rise of health care cyberattacks

Ransomware attacks targeting the health care sector have increased in frequency and sophistication over the past decade, the study found, including during the COVID-19 pandemic when “serious ransomware infections loaded additional stress on [Health Delivery Organizations].”

Congress has also been sounding the alarm over the increase in cyberthreats targeting the health care sector.

Over the past year, lawmakers have introduced policies, legislation and recommendations aimed at targeting and mitigating the impact of cyberattacks in the healthcare industry. 

“The American public has witnessed increasingly brazen and disruptive attacks on its health care sector that jeopardize sensitive personal information, delay treatment, and ultimately lead to increased suffering and death,” Sen. Mark Warner (D-Va.), chairman of the Senate Intelligence Committee, noted in a report published last fall.

In the report, Warner recommended that the federal government improve the country’s cybersecurity risk prevention in the health care sector, help the private sector mitigate cyberthreats and assist health care providers in responding to and recovering from cyberattacks.  

Sens. Jacky Rosen (D-Nev.) and Bill Cassidy (R-La.) introduced a bill last year that would require the Cybersecurity and Infrastructure Security Agency to collaborate with the Department of Health and Human Services and improve cybersecurity standards in the health care and public health sectors.

The health care sector has been particularly vulnerable to ransomware attacks because it stores sensitive data and handles patients’ safety and health, experts previously told The Hill. 

The group said in a post on Telegram that it targeted the website and stole about 500,000 files in retaliation to the state’s recent decision to ban gender-affirming care for minors, the Daily Dot reported.

“We have decided to make a message towards the U.S government,” the group said. “Texas happens to be one of the largest states banning gender affirming care and for that, we have made Texas our target.”

Texas Gov. Greg Abbott (R) signed a bill earlier this month that would prohibit doctors from prescribing hormone medication to minors or conduct surgeries to change their gender. The law will take effect on Sept. 1. 

Texas is the latest of several states that have passed similar laws.

The hackers said the documents they stole include work orders, employee list, invoices and police reports, the Daily Dot reported.

The city of Fort Worth did confirm the breach in a notice but did not mention the hackers by name or their motive. Officials also said that there’s no evidence at this time that sensitive information was accessed or released.

According to the Daily Dot, the hacking group gained access to the system after it received login credentials from a city employee.

“We targeted Fort Worth mostly because it was a vulnerable target in a list we had, we were checking any government domain associated with Texas,” a member of the group told the Daily Dot in a statement. “This is the start of a campaign against all states banning gender-affirming care, we have a few more attacks planned soon.”