Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
–STOP THEM!: President Obama and South Korean President Park Geun-hye are expected to discuss North Korean hacking during a White House meeting on Friday. Park is in Washington for a three-day visit, which featured a dinner in her honor Wednesday night and a visit to NASA’s Goddard Space Flight Center on Thursday before Friday’s official meeting. For several years, South Korea has been increasingly pestered with cyberattacks from its northern neighbor and will be looking to the U.S. for increased cooperation in countering Pyongyang’s cyber efforts. The U.S. was also made keenly aware of North Korea’s developing cyber warfare capabilities last year when Pyongyang allegedly ordered a destructive cyberattack on Sony Pictures Entertainment. The U.S. and South Korea countries last had high-level meetings in May, when Secretary of State John Kerry traveled to Seoul. There, the allies pledged greater cooperation on “cyber issues.” Victor Cha, the Korea chair at the Center for Strategic and International Studies, told The Hill that Park will also likely ask Obama for details on the recent agreement between the U.S. and China to not conduct or support digital commercial espionage. The deal, he said, included provisions that would theoretically stop North Korea from routing cyberattacks through China, a clause that would greatly benefit South Korea. To read our full coverage, check back tomorrow and this weekend.
{mosads}–SHIFTING TIDES?: A prominent tech trade group representing major players in Silicon Valley, telecom and e-commerce has come out against a cybersecurity bill that is set to soon hit the Senate floor. The Computer & Communications Industry Association (CCIA) on Thursday published a blog post saying the group is “unable to support” the Cybersecurity Information Sharing Act (CISA) in its current form. CISA would boost the exchange of cyber-threat data between companies and the government by giving businesses legal liability protection when sharing their information. “CISA’s prescribed mechanism for sharing of cyber threat information does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government,” wrote Bijan Madhani, public policy and regulatory counsel at CCIA. Privacy advocates and many technologists have been fighting various iterations of the bill on similar grounds for years. In recent months, several prominent tech companies, including Apple, have joined them in opposition. CCIA’s statement will give these opponents even more tech-industry support. The group’s members include Silicon Valley bigwigs such as Facebook, Google and Yahoo, telecom companies such as Sprint and T-Mobile, e-commerce giants Amazon and eBay, and Netflix and Microsoft. To read our full piece, click here.
–FIX THIS IMMEDIATELY. The heat is on after the European high court struck down a key data flow agreement between the U.S. and EU earlier this month. A group of tech giants — including Google and Microsoft — is pressing House leadership to pass a bill giving key Privacy Act rights to European Union citizens to help bolster European confidence in the U.S. approach to privacy. “The enactment of the Judicial Redress Act is a critical step in rebuilding the trust of citizens worldwide in both the U.S. government and our industry and in addressing the misperceptions underlying the decision,” the group wrote in a Thursday letter to Speaker John Boehner (R-Ohio) and House Democratic Leader Nancy Pelosi (D-Calif.). Yesterday, a group of 56 members of the House and Senate urged regulators to move quickly to restore smooth data flow between the United States and the European Union by updating the invalidated agreement. To read about the tech letter, click here. To read about the lawmaker letter, click here.
UPDATE ON CYBER POLICY:
–STOP THE MADNESS. A myriad of financial sector trade groups sent a letter to House members on Thursday urging them to move on a data breach bill. Congress has long been considering legislation that would set nationwide data security standards as well as a timeframe for when companies have to notify customers following a data breach.
“Legislation addressing data security is long overdue,” the letter said.
See the full thing here.
LIGHTER CLICK:
–JUST SO Y’ALL KNOW… How and why Berlin street artists hacked “Homeland” — and how they got away with it. Find out, here.
A FEATURE READ:
–CYBERPALOOZA. Online attacks on infrastructure are proliferating, a host of tech companies are now offering “bug bounties,” and even the unconnected can be hacked, according to a series of features in a special cybersecurity section of The New York Times on Thursday. Read on, here.
A REPORT IN FOCUS:
–WHAT HAPPENS NEXT? A new report from McAfee looks at the marketplace for stolen digital information. What happens to stolen data in the hacking-as-a-service economy?
One finding: A stolen credit card number in the U.S. only goes for between $5 and $30, depending on how much information it’s associated with.
An ATM card with a high balance, meanwhile, goes for around $110.
The report also highlights the risk of data ransom. In one example, a hacker posted identifiable patient data because the Labio service did not pay them a ransom of €20,000.
Read on, here.
WHO’S IN THE SPOTLIGHT:
–THE AMERICAN PUBLIC. We’re a fearful bunch, prone to hysteria. An annual survey of the top 10 fears of Americans is out, and cyberterrorism is right up there. Forty-five percent of a nationally-representative sample group rated themselves as either “afraid” or “very afraid” of such an event. We’re also super nervous about government tracking of our personal information (41 percent), corporate tracking of personal information (45 percent), identity theft (40 percent) and credit card fraud (37 percent). All five made the top 10. Read on, here.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
Nearly three-dozen smaller, poorer nations have begun using cyber espionage tools in recent years, according to research, showing the growing popularity of digital snooping. (The Hill)
Netflix blamed it smaller than expected subscriber growth in the United States partly on the U.S. adoption of microchip-embedded credit cards. (The Hill)
The Defense Department will create a database of victims of the Office of Personnel Management (OPM) hacks. (NextGov)
Why are universities getting hacked so frequently? (Reuters)
Yahoo is letting users ditch the password. (Associated Press)
Is a simple cryptographic software flaw behind the National Security Agency’s ability to perform mass decryption? (ArsTechnica)
When it comes to hacking, the message to China was simple, Secretary of Commerce Penny Pritzker said this week: “You can’t keep stealing things.” (Fortune)
If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A