Overnight Cybersecurity: How much will Clinton’s emails factor in debate?

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORIES:

–CYBER UNDER THE LIGHTS?: The tech savvy will be closely watching tonight’s first Democratic presidential debate to see if candidates go after Hillary Clinton over the private email server she used during her time as secretary of State. The last week has seen a trickle of revelations about the spam and cyberattacks that peppered the Democratic front-runner’s email and server over the years. Tuesday brought even more revelations about Clinton’s setup that the security community found troubling. The Associated Press reported the server could be controlled remotely over an open Internet connection, potentially exposing it to hackers. That connection is supposed to have additional safeguards, such as encryption, to block nefarious actors from exploiting the remote-control software and hijacking the device. Most users employ an encrypted private connection, or virtual private network (VPN), when controlling a device from afar. Cybersecurity firms were taken aback by the oversight. “I suspect her system was hacked,” said Ron Gula, chief executive officer of Tenable Network Security, by email. “A firewall should have been configured to stop this sort of access. … This implies the firm operating the server was not serious about security.” To read our full story, click here.

{mosads}–WELL, CRAP: An inspector general audit has found that the IRS is relying on outdated operating systems, potentially exposing taxpayer information to data breach and identity theft. According to the report, the agency failed to upgrade all of its Windows workstations and servers by “end of life” deadlines, when Microsoft stopped providing support for the operating system the agency was using. “When an operating system reaches its end of life, companies such as Microsoft stop supporting the operating system, which leaves the systems vulnerable to attack,” the Treasury Inspector General for Tax Administration (IG) said. “For the IRS, the use of outdated operating systems may expose taxpayer information to unauthorized disclosure, which can lead to identity theft.” The IG blamed poor project management for the delayed upgrade, slamming the agency for “inadequate oversight and monitoring of the upgrade early in its effort.” To read our full piece, click here.

–PICK ME, CHOOSE ME, LOVE ME: New York legislators from both chambers on Tuesday urged the Air Force to establish one of four planned cyber operations squadrons in New York state. Citing New York’s status as “our country’s No. 1 terror target,” New York lawmakers Sen. Kirsten Gillibrand (D) and Reps. Richard Hanna (R) and Steve Israel (D) pressed for the creation of an Air National Guard Cyber Operations Squadron in the state. “In addition to being a top terror target, New York has the strong academic and cyber defense infrastructure and the skilled workforce necessary to make it an ideal place to locate and grow a Cyber Squadron,” Gillibrand said in a statement. The three legislators join lawmakers from other states who have urged the Air Force to name their state as home to one of the new squadrons. In December, a coalition of Virginia lawmakers led by Democratic Sens. Mark Warner and Tim Kaine pressed the National Guard to place one of the squadrons at Joint Base Langley-Eustis in Hampton Roads. To read our full piece, click here.

 

UPDATE ON CYBER POLICY:

–SETTING A PRECEDENT. The recent arrests of several Chinese hackers by the Beijing government may not be the first such apprehensions, records suggest.

Although the arrests were reported to be “unprecedented,” a report unearthed by security blogger Brian Krebs indicates that U.S. authorities were successful in convincing Beijing to take similar action in 2010, after a Chinese national infiltrated NASA’s systems through a government contractor’s website.

“As a result of a [NASA Office of the Inspector General] investigation and lengthy international coordination efforts, a Chinese national was detained in December 2010 by Chinese authorities for violations of Chinese Administrative Law,” NASA Inspector General Paul Martin told a House Oversight subcommittee in 2012.

“This case resulted in the first confirmed detention of a Chinese national for hacking activity targeting U.S. Government agencies,” Martin said.

To read our full piece, click here.

 

LIGHTER CLICK:

–THE SMARTEST ANIMAL. North Korea has been in the cyber news recently, with Congress holding hearings and introducing legislation that touched on the reclusive East Asian country’s hacking threats. Check out what one reporter thinks you can learn about North Korea from its massive dolphinarium and obedient dolphins. NBC News has the story.

 

A FEATURE READ:

–SHRED, PEOPLE, COME ON. NextGov’s Aliya Sternstein spent six months shadowing one of D.C.’s busiest white hat hacker firms. The results are a chronicle of hard work, data paranoia and the federal acquisition process. Dig in, here.

 

WHAT’S IN THE SPOTLIGHT:

–THE U.S.-CHINA BILATERAL INVESTMENT TREATY. It’s the most important trade deal no one is talking about.

A separate bilateral economic treaty with Beijing that could have huge implications for U.S. businesses wanting to invest in China has been largely lost amid the furor over the recent Pacific trade deal.

Known as the bilateral investment treaty, or BIT, the deal inched quietly forward for nearly a decade, but has been accelerating in recent months. It would roll back technical barriers and investment restrictions that are limiting access to lucrative markets in both countries, similar to an investment chapter of a free-trade deal.

With China as the world’s second-largest economy, it would have a massive impact on U.S. businesses, but has largely been overshadowed by the Pacific trade agreement, known as the Trans-Pacific Partnership (TPP).

“If TPP wasn’t happening, this would be the biggest news for the U.S. trade agenda,” said Christopher Swift, a former official with the Treasury Department Office of Foreign Assets Control and current national security professor at Georgetown University.

To read our full piece, check back tomorrow morning.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Sen. Ron Wyden praised President Obama’s decision not to seek a bill that would force companies to provide access to encrypted devices. (The Hill)

The Department of Justice has indicted a Moldovan man for his role in “one of the most pernicious malware threats in the world.” (The Hill)

OPM is planning to totally replace password logins within two years. (NextGov)

Soviet spies could eavesdrop on U.S. diplomats’ typewriters in real time. (ArsTechnica)

British authorities are warning about a cyber crime scheme that is stealing millions from UK bank accounts. (The Guardian)

Rep. Chris Stewart (R-Utah) insisted Tuesday that the National Security Agency’s massive data center in Utah isn’t being used to store Americans’ personal data. (Associated Press)

The Daily Mail is the latest site to infect users’ computers via malvertising — malicious ads fed onto legitimate websites through an ad network. (Motherboard)

The recent hack of T-Mobile vendor Experian isn’t the first time the consumer credit bureau has suffered a breach. (Krebs on Security)

Law enforcement officials say they’ve been unable to unlock the phones of two homicide victims in recent months — not to mention phones owned by suspects who won’t turn over passcodes. (The Wall Street Journal)

A Slate op/ed suggests two questions that CNN moderators should ask Hillary Clinton about her private email account in tonight’s debate. (Slate)

 

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A