Overnight Cybersecurity: Texas shooter’s phone renews encryption debate | Russian bots diverted attention from ‘Access Hollywood’ tape | WikiLeaks publishes source code for CIA hacking tools
Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORY:
–WIKILEAKS POSTING SOURCE CODE: WikiLeaks began posting source code for its CIA leaks Thursday. The secret documents portal started posting a series it called Vault 7 of documentation, intra-office communication and change logs of CIA hacking tools in the spring. The new posts, billed as Vault 8, will contain much of the computer code to create those tools.
–…BUT THERE WON’T BE A WANNA-CIA: WikiLeaks claims the posts will not contain code taking advantage of previously unknown, unpatched security flaws in computer products. Keeping those largely removes the fangs from the snake. Recent malware outbreaks known as WannaCry, NotPetya and Bad Rabbit were so virulent because they used leaked alleged NSA-built hacking tools that took advantage of flaws many system administrators had not yet patched.
{mosads}
–…SO FAR SO GOOD ON NOT-INCLUDING-THOSE-UNPATCHED-FLAWS: Jake Williams of Rendition Infosecurity scoured Thursday’s post — with a tool used to route attacks through intermediary computers — and found there were, as advertised, none of those types of flaws included in the source code. “Nothing in the dumps I’ve seen so far would suggest that this could lead to another WannaCry (or similar) event,” he said, in an internet chat.
A LEGISLATIVE UPDATE:
–DOJ BEGINS USING TEXAS SHOOTINGS TO PUSH FOR ENCRYPTION BACKDOORS:
Deputy Attorney General Rod Rosenstein used the encrypted phone of the Texas shooting suspect to argue against tech companies encrypting data in a way that law enforcement could not later access.
“[N]o reasonable person questions our right to access the phone,” he said, giving keynote remarks at a breakfast in Linthicum, Md.
The FBI announced that Texas church shooter Devin Kelley’s iPhone was encrypted, leaving them unable to access data on the phone for their investigation.
Rosenstein and Attorney General Jeff Sessions have argued throughout the Trump administration that tech companies either need to weaken or subvert the encryption process so that law enforcement can access cellphone data.
Apple has said it immediately reached out to the FBI to offer assistance getting information off of Kelley’s cellphone. This was not mentioned in Rosenstein’s speech.
“When you shoot dozens of innocent American citizens, we want law enforcement to investigate your communications and stored data,” he said.
Encryption and counter-terrorism experts, including former heads of the National Security Agency (NSA), CIA and Department of Homeland Security, argue that creating such “back doors” is a much greater security risk than hindering investigations. Hackers, they say, may either capitalize on the back doors by researching weaknesses or by targeting government agencies tasked with guarding the keys.
To read the rest of our piece, click here.
A LIGHTER CLICK:
UNLIKELY HEADLINE: “Letting robots kill without human supervision could save lives“
A REPORT IN FOCUS:
SOUR SIXTEEN: Three quarters of men and women believe they have determined what career to pursue before the age of 16, according to a survey of college-bound and college attending 16-to-24 year olds in the U.S., Europe and Israel. But women have a far lower opinion of cybersecurity as a career path and their own cybersecurity qualifications.
The commonly cited statistic is that women make up only around 11 percent of the information security field. The survey, produced by Arlington Research and Kaspersky Lab looked at some of the recruitment issues that lead into that number.
The report speculates that the lack of women in mentorship roles may tint their perspective on cybersecurity. Only 11 percent of young adults had met a woman who worked in information security, a factor that could weigh heavily on decision-making. Nearly half of young women said the gender balance of a profession impacted their likelihood to pursue it, while a plurality of young men had no strong opinions. And nearly two-thirds of young women were more likely to have a higher opinion of the career path when they knew someone who participated in it.
“Our research found that young women want to enter careers and work environments where they see other women succeeding. Right now, those young women aren’t seeing successful female role models in the cybersecurity industry, and that plays a major factor in driving them away from the career path,” said Todd Helmbrecht, senior vice president, Kaspersky Lab North America.
There may be a second tier of problems even after increasing recruitment. Many professionals attribute the gender gap in cybersecurity to cultural problems within the profession that can impact women’s career trajectory.
WHAT’S IN THE SPOTLIGHT:
RUSSIAN TWITTER BOTS: Twitter accounts linked to Russian agents sought to draw attention away from President Trump’s crude comments to “Access Hollywood” late in last year’s campaign and focus criticism on the mainstream media and Hillary Clinton, according to an analysis by The Associated Press.
After The Washington Post released a 2005 recording of Trump boasting about groping and kissing women without their permission, Russian-backed Twitter accounts promoted the release of hacked emails from Clinton’s campaign chairman, John Podesta, and criticized the media for reporting on the so-called “Access Hollywood” tapes, the analysis shows.
“MSM (the mainstream media) is at it again with Billy Bush recording … What about telling Americans how Hillary defended a rapist and later laughed at his victim?” one account, “America_1st–,” tweeted at the time, according to the AP.
To read the rest of our piece, click here.
IN CASE YOU MISSED IT:
‘Links from our blog, The Hill, and around the Web.
Trump’s former bodyguard says the now-president was offered the services of five women during his Miss Universe trip to Russia, but turned them down. It is a change from the way the trip was reported in the Steele dossier. (The Hill)
NATO is upping its cyberweaponry game to push back Russia. (AFP)
Coding blunders may be exposing data on 180 million phones. (Reuters)
Meet the ex-Marine that solved the DNC hack. (Buzzfeed)
Equifax announced an earnings drop after its historic breach. (Reuters)
An angry Minnesotan hired criminals to fire denial of service attacks against his former employer for more than a year. (Sophos).
Tech companies handle a whole bunch of data. (Op-Ed) (The Hill).
If you’d like to receive our newsletter in your inbox, please sign up here.
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.