Overnight Cybersecurity: Chinese businessman jailed for defense industry hack

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORIES:

–CHINESE OPERATIVE JAILED OVER HACK SCHEME: A Chinese businessman has been sentenced to 46 months in prison for participating in a years-long conspiracy to hack into the computer networks of major U.S. defense contractors, steal sensitive military information and send the stolen data to China. As part of the conspiracy, the businessman, Su Bin, would email hackers with instructions regarding which individuals, companies and technologies to target. One of the co-conspirators would then email Su with folders showing the data he or she was able to access, and Su would identify which files the hacker should try to steal. Su, who worked in aviation and aerospace, stole data relating to the C-17 strategic transport aircraft and certain military fighter jets, according to a Justice Department statement. “Su assisted the Chinese military hackers in their efforts to illegally access and steal designs for cutting-edge military aircraft that are indispensable to our national defense,” said Assistant Attorney General John Carlin. “These activities have serious consequences for the national security of our country and the safety of the men and women of our armed services.” To read our full piece, click here.

{mosads}–MICROSOFT WINS FOREIGN DATA APPEAL: Microsoft won a major legal victory on Thursday, when a federal appeals court ruled the government cannot use a warrant to force U.S. tech companies to hand over customers’ emails that are stored overseas. The three-judge panel overturned a pair of lower court decisions that held Microsoft in contempt and compelled it to hand over a user’s email account stored on its servers in Ireland. “Neither explicitly nor implicitly does the statute envision the application of its warrant provisions overseas,” Judge Susan Carney wrote in the majority opinion. To read our full piece, click here.

A POLICY UPDATE:

–ISRAEL, HO. Reps. John Ratcliffe (R-Texas) and Jim Langevin (D-R.I.) introduced a suite of bills aimed at forming U.S.-Israel cybersecurity partnerships.

“Our recent discussions with Prime Minister [Benjamin] Netanyahu confirmed just how important it is that we unite forces to formulate ongoing, effective strategies to best address the rapidly evolving cyber threats faced by both of our nations,” said Ratcliffe in a press release.

The United States-Israel Cybersecurity Cooperation Enhancement Act and United States-Israel Advanced Research Partnership Act both expand incentives and guidance to extend joint research and development with Israel.

In part due to a private sector filled with former soldiers trained for its military’s vaunted cyber operations unit, Israel has a mature cybersecurity industry. Its ministers have claimed as high as a 20 percent international market share, second only to the United States.

A LIGHTER CLICK:

–EVERYONE’S READY FOR A BREAK. (Or a throwback and a pun all in one.)

A HEARING IN FOCUS:

–BEST BUDS. At a Senate Armed Services Committee hearing Thursday, Chairman John McCain (R-Ariz.) lashed out at colleagues for not mandating all encryption be accessible by law enforcement.

“We are furthering the cause of child pornographers and human traffickers,” said McCain about the continued inaction of Congress.

The witness pool was a largely one-sided affair in what is normally a controversial issue. The hearing featured Kenneth Wainstein, a former assistant attorney general for national security at the Department of Justice; John Inglis, the Robert and Mary M. Looker professor in Cyber Security Studies at the Naval Academy; and Cyrus Vance, the district attorney for Manhattan.

All were in favor of regulating encryption.

In his introductory remarks, McCain said Apple Chief Executive Tim Cook was invited to speak at the meeting and declined.

WHO’S IN THE SPOTLIGHT:

–THE FDIC. Officials with the Federal Deposit Insurance Corporation (FDIC) and Democrats on the House Science Committee on Thursday pushed back on Rep. Lamar Smith’s (R-Texas) claims that the agency deliberately flouted federal guidelines in declining to inform the committee of several major data breaches.

According to FDIC Chairman Martin Gruenberg, the agency reviewed the incidents in question but believed they did not rise to the level of a “major incident” that necessitated telling Congress.

“There was an honest effort here to review the guidance, consider the mitigating factors and make a judgment,” Gruenberg said during a committee hearing Thursday morning. “The judgment may have been wrong but I don’t think there was malintent here.”

Gruenberg repeatedly denied any knowledge of any alleged cover-up of breaches at the agency.

Smith had accused the agency of having “a culture of concealment.”

“This has been the overreaching theme of the Committee’s dealings with the FDIC — we’re not getting the whole story,” Smith said in his opening statement.

But ranking member Eddie Bernice Johnson (D-Texas) backed up the FDIC’s position.

“I think it’s fair to say that our May hearing [on the breaches] yielded bipartisan agreement that the FDIC’s interpretation of the OMB guidance was flawed,” she said. “However, I do not agree with my Majority colleagues as to what constitutes evidence of intent.”

IN CASE YOU MISSED IT:

The UK Secretary of State might have the power to demand encryption back doors. (The Register)

WhatsApp may be blocking calls to Saudi Arabia. (SC Magazine)

Leaders from Apple, Cisco, Tinder and elsewhere in the tech sector call Trump a “disaster” in a cosigned letter. (The Huffington Post)

Mr. Robot season two started. (Vox)

The Singapore Exchange had another technical glitch that halted trading. It’s the third one in two years. (ZDNet)

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A