Overnight Cybersecurity: Anonymous to ISIS: ‘We will hunt you down’

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORIES:

–I WANTED A MAN WITH GRIT: The hacking group Anonymous appears to have declared war on the Islamic State in Iraq and Syria (ISIS) in the wake of Friday’s devastating terror attacks on Paris. In an unverified video posted to YouTube on Saturday, a spokesperson wearing the group’s signature Guy Fawkes mask warned the group that “war is declared” and to expect “major cyberattacks.” “Anonymous from all over the world will hunt you down. You should know that we will find you and we will not let you go. We will launch the biggest operation ever against you,” the spokesperson said in French. Anonymous made similar threats following the attacks on the satirical French newspaper Charlie Hebdo in January. The group in February posted hundreds of social media accounts and websites that it claimed were affiliated with the jihadist group. The hacking collective launched a series of denial-of-service attacks on ISIS sites, flooding the pages with phony traffic to disable them. Many of the Twitter accounts the group outed were ultimately suspended. Intelligence officials use ISIS’s prominent online presence to track its activities, and some suspect U.S. spies have created fake jihadist websites to attract its members. This led some foreign policy experts to criticize the Anonymous campaign on the grounds that it could hurt intelligence gathering. To read our full piece, click here.

{mosads}–FEWER HORSES, FEWER HORSE THIEVES: The Islamic State in Iraq and Syria (ISIS) attacks that killed 129 people in Paris on Friday evening have been linked to a popular gaming network that officials say is incredibly difficult to monitor when it comes to terrorist communications. “The most difficult communication between these terrorists is via PlayStation 4,” Jan Jambon, Belgium’s federal home affairs minister, said at a Politico event days before the attack. “It’s very, very difficult for our services — not only Belgian services but international services — to decrypt the communication that is done via PlayStation 4.” “PlayStation 4 is even more difficult to keep track of than WhatsApp,” a popular instant messaging app that encrypts communications, Jambon added. Unconfirmed reports show that a Sony PlayStation 4 console was confiscated from a suspect’s home during raids in Brussels, where at least some of the attackers are thought to have originated. Some security researchers have slammed the suggestion that the Paris attackers used a PlayStation 4 to communicate as hyperbolic and unsubstantiated. “My immediate response was ‘big deal,'” wrote security researcher and blogger Graham Cluley. “The PlayStation 4 is the best-selling video game console in the world. If you’re raiding the homes of young men in their twenties, don’t be surprised if they have a Sony PS4 stashed beneath their TV.” He added, “Anything which allows two people to exchange messages (whether it be by talking, typing, or waving semaphore flags at each other in a 3D virtual environment) could potentially be used by terrorists to communicate.” To read our full piece, click here.

UPDATE ON CYBER POLICY:

–YOU CAN’T SERVE PAPERS ON A RAT, BABY SISTER. Intelligence leaders, lawmakers and presidential candidates are reviving the debate around the National Security Agency’s (NSA) collection of information on Americans’ phone calls in the wake of last week’s deadly terrorist attacks in Paris.

“I think we need to restore the metadata program, which was part of the Patriot Act,” former Florida governor and 2016 Republican hopeful Jeb Bush said during an appearance on MSNBC’s “Morning Joe.”

“Let’s say that, God forbid, what happened in Paris happened in Washington. We would want access to these people’s phone records, because it would give us clues as to who they were working with, who probably may be involved in plots themselves later on down the road,” Republican candidate Sen. Marco Rubio told George Stephanopoulos in a Sunday appearance on “This Week.”

Obama signed a bill in June to end the controversial program, shifting to a more targeted system set to become active Nov. 29, according to an NSA memo shared with The Hill.

CIA Director John Brennan on Monday blamed the intelligence community’s failure to uncover the Paris plotters before the attacks on “handwringing” over intelligence practices sparked by the Edward Snowden revelations.

“In the past several years, because of a number of unauthorized disclosures and a lot of handwringing over the government’s role in the effort to try to uncover these terrorists, there have been some policy and legal and other actions that make our ability — collectively, internationally — to find these terrorists much more challenging,” Brennan said.

The NSA program has been blamed for the spread of strong encryption as tech companies seek to reassure customers that their personal information is safe from government prying.

LIGHTER CLICK:

–SHE REMINDS ME OF ME. The Wi-Fi wars continued at the Democratic debate on Saturday, where the Democratic National Committee declined to require a password to use the wireless Internet because “the Democratic party is the party of inclusion and we believe in expanding access and economic opportunity for all.

The password at last week’s Republican debate was “StopHillary.”

See, here.

A FEATURE IN FOCUS:

–FILL YOUR HANDS. The indictment of two Israelis and an American fugitive in connection with “the largest theft of customer data from a U.S. financial institution in history” last week — 2014’s attacks on JPMorgan — provided an unusual look into the burgeoning industry of criminal hackers for hire.

“They clearly had to recruit co-conspirators and have that type of hacker-for-hire,” said Austin Berglas, former assistant special agent in charge of the FBI’s New York cyber division, who worked the JPMorgan case before he left the agency in May. “This is the first case where it’s that clear of a connection.”

Read on, here.

WHO’S IN THE SPOTLIGHT:

–HOUSE OF COMMONS. In the U.K., pressure is on for lawmakers to pass the so-called Snooper’s Charter in the wake of the Paris attacks “or London will be next” warns one supporter.

The draft legislation would require telecom companies to maintain records of each user’s browsing activity, including social media, email and mobile phone messaging services. Under the legislation, companies would be required to store this data for up to 12 months.

Read an op/ed in The Telegraph, here, in support.

But one prominent American tech executive, Michael Dell, says the charter is a “horrible idea.” Click here for the view against.

A LOOK AHEAD:

TUESDAY

–The House Oversight and Government Reform Committee will hold a hearing on the Education Department’s information security, focusing on the sensitive data it maintains as part of its federal student aid programs.

–Two subcommittees of the House and Senate Homeland Security Committees will “examine what is being done to protect the millions of Americans whose private information is housed on federal government databases” in light of recent alleged violations of the Privacy Act by Secret Service employees.

WEDNESDAY

–Two House Oversight subcommittees will hold a joint hearing looking into how Internet-connected cars can be protected from hackers.

THURSDAY

–The Bipartisan Policy Center will host a cybersecurity panel that will discuss how U.S. policy toward Chinese cyber operations should be shaped. Sen. Cory Gardner (R-Colo.), who chairs the Senate Foreign Relations Subcommittee on East Asia, the Pacific, and International Cybersecurity Policy, will offer a keynote.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Veteran newsman Ted Koppel argues in a new book that the nation’s energy grid is grievously vulnerable to a catastrophic cyberattack. (CSO)

State-sponsored cyberspies inject victim profiling and tracking scripts in strategic websites, a new report shows. (CSO)

Thousands of mobile applications, including popular ones, implement cloud-based, back-end services in a way that lets anyone access millions of sensitive records created by users, according to a recent study. (CSO)

A mirror of an ISIS propaganda site has launched on the Dark Web, likely in an attempt to make its material more resilient to take-downs, or to protect the identity of the group’s supporters. (Motherboard)

The majority of smartphone owners taking part in an 11-nation survey said they’d rather have their nude pics publicly exposed than their financial information. (Ars Technica)

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A