Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
–I’VE GOT SWINGING DOORS, A JUKEBOX AND A BARSTOOL: The debate over encryption technology has exposed a push-and-pull between federal agencies that support the technology and those that warn of its dangers. In fact, the government funds a variety of projects that either develop or promote strong encryption tools, even as the FBI advocates against algorithms that can’t be pierced with a warrant. “It’s an age-old tension in the government,” said Nathan Freitas, a fellow at Harvard University’s Berkman Center for Internet & Society and the founder of the Guardian Project, a collective of coders who develop open source security software, in part with federal funding. Many of these projects operate quietly under the radar, while the FBI’s position has been splashed across newspaper headlines across the country thanks to its public feud with Apple over the San Bernardino shooter’s locked iPhone. Among the apps developed at least in part with federal funding are Cryptocat and Signal, which allow encrypted chatting on desktop and mobile respectively, and Tor, an anonymizing browser commonly used to access the “dark Web.” Since 2009, Congress has allocated millions of dollars to promote “Internet freedom,” a foreign policy push that had its genesis during Hillary Clinton‘s tenure as Secretary of State. To read our full piece, check back tomorrow morning.
–IF WE MAKE IT THROUGH DECEMBER. The midnight hour is nigh for the Senate intelligence Committee’s encryption bill. Chairman Richard Burr (R-N.C.) told The Hill on Wednesday that his panel could review a draft of the measure sometime Wednesday, and that he was targeting Thursday or Friday for a public release. “I think we closed the technical gaps last night,” he said, heading into a Wednesday caucus meeting. “I’m hoping we get it out to our members in the committee today.” The measure — a response to concerns that criminals are increasingly using encrypted devices to hide from authorities — would require firms to comply with court orders seeking access to locked data. While law enforcement has long pressed Congress for such legislation, the tech community and privacy advocates warn that it would undermine their security and endanger online privacy. After reviewing the bill, it appears the White House has decided to not publicly support the offering, despite providing some feedback. Support from the Obama administration could be a gamechanger for a bill that will face long odds in the upper chamber. To read more about the bill’s timing, click here. To read more about the White House’s stance, click here.
–I THINK I’LL JUST STAY HERE AND DRINK: The founder of Mossack Fonseca, the law firm at the center of the massive Panama Papers leak, says the company was the victim of a hack by an outside company. The firm has filed a complaint with state prosecutors, founding partner Ramon Fonseca told Reuters. “We rule out an inside job. This is not a leak. This is a hack,” Fonseca told the news service. “We have a theory and we are following it,” he added, without providing details. The mountains of documents exfiltrated and leaked to journalists — 2.6 terabytes, which includes 4.8 million emails, 3 million database files and 2.1 million PDFs — easily constitute the largest cache ever leaked and have come with swift repercussions. The prominent Panamanian firm specializes in helping overseas clients set up international shell companies to protect their financial assets. Shell companies are commonly used for legitimate purposes, but the leak revealed some allegedly corrupt conduct that has sparked governmental investigations around the world. To read our full piece, click here.
UPDATE ON CYBER POLICY:
–MOVIN’ ON UP. The Senate’s alternative encryption bill has notched a few more supporters.
On Wednesday, Sens. Steve Daines (R-Mont.) and Gary Peters (D-Mich.) signed on as co-sponsors to the measure, which would establish a national commission to examine how law enforcement can get at secure data without endangering Americans’ privacy rights.
Sen. Mark Warner (D-Va.) introduced the bill in February with seven bipartisan co-sponsors.
In a statement to The Hill, Warner said the additional support “demonstrates continued interest in a responsible, workable solution to deal with these complex issues.”
Daines, who has become increasingly vocal on cybersecurity issues, emphasized that Congress must work in a “thoughtful and deliberate way” to deal with the complex issue of encryption.
“As someone who worked in the technology sector for over a decade, I know the importance of privacy and protecting consumer data,” he said in a statement to The Hill.
“The laws governing access to encrypted communications are woefully out of date,” he added, noting that the Warner commission “takes a step in the right direction by bringing together a mix of experts that will help Congress make informed policy decisions.”
Peters, a member of the Senate Homeland Security Committee, agreed.
“By bringing people together to provide assessments, share recommendations, and get to the root of these complex challenges, we can better protect personal liberties and defend America and our allies against groups that pose serious threats to our safety,” he said in a statement to The Hill.
Warner’s office noted that Sen. Bill Nelson (D-Fla.), the ranking member on the Commerce Committee, also recently signed on as a co-sponsor, bringing the total to 10.
Senate Homeland Security Committee Chairman Ron Johnson (R-Wis.) has also told The Hill he will back the bill.
–SILVER WINGS, SHINING IN THE SUNLIGHT. No lighter click today. We’re too sad about Merle Haggard.
A REPORT IN FOCUS:
–MAMA TRIED TO RAISE ME RIGHT. The hacker-for-hire market is booming, according to a new report from Dell SecureWorks.
Malware is becoming “much cheaper and continues to offer a low barrier to entry for cybercriminals looking to steal information,” the analysts wrote.
A few price points: $500 to hack into a corporate email, $129 to hack into a personal account like Gmail, $5 to $10 to acquire a “trojan” that allows cybercriminals to remotely control someone else’s computer.
Read on, at The Wall Street Journal, here.
Read the full report, here.
WHO’S IN THE SPOTLIGHT:
–HACKING TEAM. The Italian surveillance company has lost its global license to sell its spy software outside of Europe.
But it will still be able to get case-by-case approval to sell in 46 countries, many of which have been accused of human rights abuses.
Read on, at Motherboard, here.
THE WEEK AHEAD:
–The House Homeland Security Committee’s cyber subcommittee will hold a hearing at Austin College in Sherman, Texas on cyber preparedness at the state and local level, at 12 p.m.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
Two lawmakers issued dueling statements on Wednesday alternately praising and bashing the popular messaging platform WhatsApp for turning on default encryption for its billion users. (The Hill)
The risk that nation-state hackers will launch a destructive cyberattack on the U.S. grid is low, according to a leaked Department of Homeland Security intelligence assessment. (The Hill)
The hackers who infiltrated MedStar Health, one of the Washington area’s largest healthcare providers, exploited a network vulnerability that had been waiting for a simple update since at least 2007. (The Hill)
Turkey is investigating how hackers have posted online the identity data of some 50 million Turks, including what they said were details about the president and prime minister. (Reuters)
Who gets to define the global terms of hacking? (The Atlantic)
Here’s how Google makes sure it (almost) never goes down. (Wired)
Countries that use Tor the most are either highly repressive or highly liberal. (Motherboard)