Overnight Cybersecurity: OPM wants to split the check after hack

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry wrap their arms around cyberthreats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORIES:

–CAN WE SPLIT THE CHECK?: The Office of Personnel Management (OPM) wants federal agencies to help pay for credit monitoring services that will be offered to the 21.5 million people victimized by the recent breach at the agency. The agency is strategizing about how to notify and provide identity fraud protections for the individuals affected by a breach of the agency’s security clearance database. Victims will have access to three years of monitoring services, which will come from an outside contractor. Part of the solution appears to be spreading around the costs of that contract to other federal agencies. The revelation comes the day before a Senate subcommittee marks up a bill that will fund the OPM. To read our full piece, click here.

{mosads}–YOU’RE COMING WITH ME: Four men in Florida and Israel have been arrested for allegedly manipulating stocks and orchestrating a series of cyberattacks on financial institutions, including JPMorgan Chase. While authorities didn’t directly tie the group to last fall’s JPMorgan hack, multiple reports indicate they played a role in what’s considered one of the financial industry’s biggest hacks. Bank officials had initially argued Russian hackers were behind the digital assault, which exposed data on over 83 million households and small businesses. The individuals arrested may have had a loose affiliation with Russian gangs, but appear to have no direct tie to Russian cyber crime rings or the Russian government. The people arrested are Israeli and American citizens. To read our full piece, click here.

–NO, YOU’RE OUT OF ORDER: Federal regulators are going after identity fraud protection firm LifeLock for allegedly deceiving customers about how secure their data is. The Federal Trade Commission (FTC) on Tuesday accused LifeLock, which has over 3 million subscribers, of violating a $12 million 2010 settlement with the agency and 35 state attorneys general. The FTC said LifeLock did not live up to the agreement and continued to promote its products with inaccurate statements and rely on an inadequate information security program. In a statement, LifeLock vigorously opposed the FTC’s allegations and will take the FTC to court in what will likely be a closely watched case. As the FTC has gradually become the government’s de facto data security watchdog, the vast majority of dinged companies have chosen to settle with the agency rather than go to court. To read our full piece, click here.

UPDATE ON CYBER POLICY:

–RULES OF THE “ROAD.” A pair of Democratic senators want rules requiring automakers to develop hacking and privacy protections for their cars and trucks.

Sens. Ed Markey (Mass.) and Richard Blumenthal (Conn.) on Tuesday introduced the Spy Car Act, which would require the Federal Trade Commission (FTC) and the National Highway Traffic Safety Administration (NHTSA) to develop standards to protect drivers’ privacy and to guard against a potentially deadly hack of a vehicle.

“Drivers shouldn’t have to choose between being connected and being protected,” Markey said in a statement. “We need clear rules of the road that protect cars from hackers and American families from data trackers.”

The hacking issue came into clear focus Tuesday after a Wired reporter detailed his experience being a test driver for researchers who were able to control a Chrysler vehicle’s brakes, steering and transmission through its wireless entertainment system. The researchers are slated to present their findings next month, and Chrysler recently released a patch for the vulnerability.

To read our full piece, click here.

To read the full Wired piece, “Hackers Remotely Kill a Jeep on the Highway — With Me in It,” click here.

LIGHTER CLICK:

–SO THIS MIGHT SOON EXIST. Today in “Hollywood does things to blatantly target teens and it makes you feel like a curmudgeonly old man” is this little nugget, per Vulture: “Sony Pictures Animation is the proud new owner of a hypothetical movie about emoji from director Anthony Leondis, which reportedly drew strong interest from a variety of Hollywood studios thanks to the lack of intellectual property protections on the little yellow symbols.” Read on, here.

WHO’S IN THE SPOTLIGHT:

–THE FBI. The agency that has been making waves in recent weeks with its crackdown on cyber crime is also apparently losing cyber agents in droves.

Per The New York Times:

As attacks on networks and thefts of data grow, federal agents with just a few years of investigations into Internet crime under their belts need not look too hard for work in the private sector.

In the last three months, at least a half-dozen agents on the online security squad of the New York office of the Federal Bureau of Investigations have left the federal government for more lucrative jobs in the private sector. The flurry of departures is beginning to concern top law officials at the F.B.I., who are struggling to figure out ways to recruit younger agents and retain veteran investigators.

Read on, here.

A LOOK AHEAD:

WEDNESDAY

–The Senate Financial Services and general Government Subcommittee at 10:30 a.m. will mark up a bill that funds the OPM for the 2016 fiscal year.

–The Heritage Foundation will host an event called “Terrorism Gone Viral” at 10:30 a.m. House Homeland Security Committee Chairman Michael McCaul (R-Texas) will give remarks.

–The AEI will host an event on the “Chinese cyber threat” at 12:15 p.m. Sen. Cory Gardner (R-Colo.) will speak.

THURSDAY

–The Senate Health, Education, Labor and Pensions Committee will hold a hearing at 10 a.m. on health IT.

–The Software & Information Industry Association will hold an event at noon on digital privacy and data collection practices.

FRIDAY

–New America will host an event at 9:30 a.m. on the “New Half-Life of Secrets” about intelligence and national security secrets within the government.

–The Congressional Internet Caucus Advisory Committee will hold an event at noon titled, “Data Across Borders: Treaties, Law Enforcement, and Digital Privacy in the Aftermath of Snowden.”

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

The Army flagged a legitimate notification email as a potential cyberattack in the wake of the Office of Personnel Management (OPM) data breach that exposed more than 22 million government employees’ data. (The Hill)

A major tech industry group is pressing Senate leaders to take up stalled cybersecurity legislation before Congress leaves town for the August recess. (The Hill)

Google is warning that the Commerce Department’s attempt to control the export of hacking tools will “hamper our ability to defend ourselves, our users, and make the web safer.” (The Hill)

Cheating spouses website AshleyMadison.com, facing hackers’ threats to leak clients’ nude photos and sexual fantasies, said it is heartened by some initial public response that sees the site as a victim. (Reuters)

From writer/programmer Paul Ford, “Fairly Random Thoughts on Ashley Madison & The Swiftly Moving Line.” (Medium)

Delving into what the Ashley Madison hack means for cybersecurity. (Rolling Stone)

The top six ways a hacker could disrupt the upcoming election. (Huffington Post)

Apple experienced a three-hour disruption for some of its services today. (Reuters)

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A