Overnight Cybersecurity: DHS, DOJ chiefs to face tough questions on Apple, cyber defenses

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you…

THE BIG STORIES:

–STORMING SAN JUAN (OR CAPITOL) HILL: The heads of the Homeland Security and Justice Departments will both testify before the Senate in the coming days. While the ostensible subject is normal oversight and the agency’s budget requests, you can also expect pointed questions about the Apple-FBI tussle and the government’s cyber defenses. Homeland Security Secretary Jeh Johnson is up first, appearing on Tuesday before the Senate Homeland Security Committee. In recent months, Johnson has been defending “Einstein,” the major digital shield that protects the government’s networks. A recent audit from the Government Accountability Office (GAO) concluded Einstein was largely ineffective at thwarting hackers. The report echoed long-standing criticism from security experts who describe the program as a much-delayed boondoggle that is already outdated. Lawmakers will likely press Johnson on the shortcomings and whether the so-called Federal Cybersecurity Enhancement Act — approved in December — will actually help address the GAO’s concerns. On Wednesday, Attorney General Loretta Lynch will go before the Senate Judiciary Committee. The DOJ has been in the spotlight since Apple defied a court order from the FBI, which operates under the DOJ’s authority. The bureau wants Apple to create software that would help investigators hack into an iPhone used by one of the San Bernardino shooters. But the tech giant has resisted, characterizing the software as a “backdoor” that could allow hackers to crack into all iPhones. Lynch has tried to strike a balance in her public remarks on the issue, calling for “open dialogue” between technology firms and law enforcement. “That’s how we move closer to our shared goal of ensuring that as the American people reap the benefits of innovation, they continue to enjoy the full protection of the law,” Lynch told an audience last week at the RSA Conference in San Francisco. Expect lawmakers to press her on the issue as Capitol Hill increasingly argues it must weigh in on the matter with legislation.

{mosads}–THE RIPPLE EFFECT: The fight between the FBI and Apple over a locked iPhone is threatening to undermine the Pentagon’s attempt to recruit talent from Silicon Valley. Defense Secretary Ash Carter spent last week out West, meeting with tech executives and launching new cybersecurity initiatives that will rely on help from the Bay Area. But under the looming shadow of the FBI’s request that Apple help bypass the iPhone’s security measures, Carter also made a noticeable effort to send a signal to techies: We get you. “We need our data security and encryption to be as strong as possible,” he said, later adding, “I’m not a believer in backdoors,” echoing the arguments Apple has used to rebuff the FBI’s appeal. Carter’s outreach is part of a broad push across the government to build ties to the center of the tech industry. The Department of Homeland Security has opened a Silicon Valley office and President Obama held a daylong cybersecurity conference at Stanford University last year. The military is also working to quickly ramp up a half-staffed U.S. Cyber Command that is trying to fill 6,200 positions across 133 teams by 2018. And officials acknowledged last week they had launched an unprecedented cyber war campaign against the Islamic State in Iraq and Syria (ISIS). Given the staffing needs, the Apple-FBI standoff is coming at a bad time for the Pentagon. “I do think the timing is unfortunate from a relationship perspective,” said Michael McNerney, a former cybersecurity policy advisor for the secretary of Defense who now runs anti-hacking firm Efflux Systems. To read our full piece, click here.

–WHAT’S JAMES FRANCO’S TAKE?: South Korea has accused North Korea of trying to hack into government websites and smartphones amid rising tensions between the neighbors, The Wall Street Journal reported. Pyongyang on Monday threatened to launch a preemptive nuclear strike on South Korea and the U.S. in response to joint U.S.-South Korea military exercises taking place this week. Seoul did not give any more details on the cyber offensive, but maintained it was working to ensure the security of government networks. North Korea has increasingly tied cyber campaigns to its blustery rhetoric and military drills. In January, shortly after Pyongyang officials claimed to have conducted a successful hydrogen bomb test, South Korea deployed more cyber defense agents in anticipation of a possible digital assault. Several weeks later, Seoul said it believed North Korea had launched a spate of cyberattacks on southern targets. Reportedly the digital assaults planted malware on a number of government networks. North Korea is not considered a top global cyber power, but it has aggressively ramped up its digital arsenal in recent years. To read our full piece, click here.

 

UPDATE ON CYBER POLICY:

–‘C’ IS FOR COOKIE, THAT’S GOOD ENOUGH FOR ME. Verizon Wireless will pay a fine and make changes to its internal practices as part of a settlement with the Federal Communications Commission (FCC) over the use of so-called supercookies to track its customer’s Web browsing habits.

Under the agreement, customers will have to consent to have trackers shared with services not controlled by Verizon and will either have to opt-in or opt-out for the supercookies to be shared within the Verizon universe of services. The firm must disclose that it is using the code to track users. It will also pay a roughly $1.3 million fine.

The timing of the settlement is significant because it comes as the agency is preparing new privacy rules for broadband providers spurred by its landmark net neutrality rules from last year. Industry groups have said they hope the rules will replicate the standards used by the Federal Trade Commission, but privacy advocates say those standards are weak and hope the FCC will stake out a stronger position from which to fight against privacy violations.

To read our full piece, click here.

 

LIGHTER CLICK:

–WAIT, WHAT?!?!?! Antivirus software mogul, presidential candidate and noted eccentric John McAfee has spent the last few weeks bragging that he could hack into the San Bernardino shooter’s phone if only given the chance. But wait! He was apparently lying to “get a shitload of public attention.” But it was all for a good cause, he insists…

Read on here, at The Daily Dot.

 

WHO’S IN THE SPOTLIGHT:

–RAYMOND TOMLINSON. The man who put the @ sign in email passed away on Saturday. The symbol separated user names from a destination address and changed digital messaging forever. In 2012, Tomlinson reflected on his decision: “I’m often asked, did I know what I was doing? And the answer is, yes, I knew exactly what I was doing. I just had no notion whatsoever of what the ultimate impact would be. What I was doing was providing a way for people to communicate with other people.”

Read The New York Times obituary, here.

 

A REPORT IN FOCUS:

–IS RUSSIA AT IT AGAIN? Pawn Storm, a likely Russia-based cyber espionage campaign that snoops on government officials, is now behind a series of attacks targeting Turkey.

Per a blog post from security firm TrendMicro: “Many of these targets share a common trait: that they could be perceived as a threat to Russian politics in some way or form. We believe that these attacks against Turkey were related to previous Pawn Storm-related incidents in summer and fall 2015, which targeted Syrian opposition and about all of the Arab countries that voiced criticism about Russia’s interventions in Syria.” Read more, here.

 

A LOOK AHEAD:

TUESDAY

–The Senate Homeland Security and Governmental Affairs Committee will hold a hearing on the Department of Homeland Security’s 2017 budget request at 10 a.m. Homeland Security Secretary Jeh Johnson will testify.

WEDNESDAY

–The Senate Judiciary Committee will hold a hearing on oversight of the Justice Department at 9:30 a.m. Attorney General Loretta Lynch will testify.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

The federal government on Monday appealed a judge’s decision preventing the FBI from forcing Apple to access a locked iPhone in a New York drug case. (The Hill)

CIA Director John Brennan on Monday appeared to back the FBI’s push for Apple to create new software to bypass security mechanisms on an iPhone of one of the San Bernardino, Calif., terrorists. (The Hill)

The top Democrat on the House Intelligence Committee praised the Obama administration’s decision to impose export restrictions on China’s ZTE, one of the country’s top telecommunications equipment manufacturers. (The Hill)

Apple customers have been hit by the first known ransomware attack to target Macintosh computers, according to security researchers. (The Hill)

The Romanian hacker that stole pictures of George W. Bush’s paintings is being extradited to the U.S., according to media reports. (The Hill)

An Apple executive said in a Sunday night op-ed that granting the FBI’s request to create an encryption backdoor would set Apple back in its fight to keep data safe. (The Hill)

Amazon said it plans to restore an encryption feature on its Fire tablets after customers and privacy advocates criticized the company for quietly removing the security option when it released its latest operating system. (Reuters)

The Federal Reserve Bank of New York denied that its payments systems were breached after Bangladesh’s central bank said earlier on Monday that its U.S. account had been hacked and money stolen from it. (Reuters)

The director of Britain’s spy agency said it is time for a new relationship between U.S. and British intelligence agencies and tech companies, which have been at odds over encryption. (The Guardian)

ICYMI: The intensifying legal battle over encryption between Apple and the Justice Department has all but obscured another more subtle division, the one inside the Obama administration itself. (The New York Times)

ICYMI: Hillary Clinton wrote 104 emails that she sent using her private server while secretary of State that the government has since said contain classified information, according to a new Washington Post analysis of Clinton’s publicly released correspondence. (The Washington Post)

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A