Overnight Cybersecurity: Pentagon sets sights on ISIS hackers

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry wrap their arms around cyberthreats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORIES:

–THE NEXT DAY: The killing of two Islamic State in Iraq and Syria (ISIS) hackers is raising new questions about whether the Pentagon is targeting the group’s tech-savvy members. Focusing on digital leaders in ISIS could be an effective way to counteract the extremist group’s online recruitment — an area where the U.S. has struggled — military and cyber experts say. “You might impact the propaganda which is getting them a lot of attention, a lot of young members in Western countries who are being radicalized,” said Robert Lee, a former cyber officer in the Air Force and co-founder of Dragos Security, which helps secure critical infrastructure networks. But those same specialists caution that the U.S. could be on a slippery slope going after these “hackers,” who some describe as more digital pranksters than actual cyber threats. “The U.S. has to be very careful here,” Lee said. “The fact that someone’s involved in hacking or cyber anything should never be the justification for the strike,” he added. “But if they’ve made the kill list, applying some sort of prioritization based on that [skill] absolutely could be a very good consideration.” To read our full piece, click here.

{mosads}–I’M IN UR INTERNET, CLOGGING UR TUBES: The teenaged hackers who broke into CIA Director John Brennan’s personal email account have now hit a White House official. The group, which calls itself Crackas with Attitude, broke into the home phone and email accounts of President Obama’s senior advisor on science and technology, John Holdren. They then set all of his calls to forward to the Free Palestine Movement, as they did in a hack of Director of National Intelligence James Clapper’s personal accounts last week. The hackers gained access to Holdren’s account through a simple phishing scheme, according to Motherboard. “[The hacker] sent [Holdren’s wife] Cheryl an email claiming to be John LOL,” group spokesman Cracka told Motherboard in an online chat. The email read “something like ‘Hey honey, do you have the password for our joint Xfinity account? I lost it,'” according to Cracka. Cheryl Holdren allegedly sent the password to the hacker, allowing him to gain access to the account. To read our full piece, click here.

–WE CAN WORK IT OUT: A bipartisan pair of lawmakers is set to introduce legislation that would establish a national commission to figure out how police can get at encrypted data without endangering Americans’ privacy. “I do think this is one of the greatest challenges to law enforcement that I have probably seen in my lifetime,” said House Homeland Security Committee Chairman Michael McCaul (R-Texas), a former federal prosecutor, during a conference call Tuesday with reporters. The bill, which McCaul first discussed in a December speech, is intended to cut through the heated rhetoric that has defined the encryption debate in the wake of the terror attacks in Paris and San Bernardino, Calif. “What we’re trying to do is get that collaboration started,” said Sen. Mark Warner (D-Va.), who joined McCaul on the call and will sponsor the upper chamber bill. “Let’s get the experts in the room.” The panel would include tech industry leaders, privacy advocates, academics, law enforcement officials and members of the intelligence community. McCaul said the group would be given “a tight time frame” to develop “recommendations to the Congress as to what can be done to solve this urgent, and I think very challenging threat to our national security.” Those recommendations would likely involve a host of technological options, the lawmakers said, but could include legislative proposals as well. The two lawmakers declined to discuss specific tech companies that might participate, but Warner said the idea has “had a very positive reception” among those that would likely be involved. A Congressional aide with knowledge of the call told The Hill the bill would be introduced “in the near future.” To read our full piece, click here.

AN UPDATE ON POLICY:

–CLOCK’S TICKING. The European Union wants to place strict limits on the U.S.’s power to request citizens’ personal information from companies in order to reach a new data transfer agreement between the two governments, a top EU official said.

Negotiators are racing to meet a looming deadline from Europe’s privacy regulators, who have said they will start to take enforcement action at the end of this month if a resolution is not reached.

“We need guarantees that there is effective judicial control of public authorities’ access to data for national security, law enforcement and public interest purposes,” EU Justice Commissioner Vera Jourova said at a conference in Brussels.

At issue is the recently invalidated Safe Harbor agreement, which allowed U.S. firms to handle European citizens’ data by “self-certifying” that they met Europe’s more stringent privacy requirements.

Ongoing talks led by the Commerce Department and the EU Commission have attempted to find a solution for the 4,400 firms that had relied on Safe Harbor to transfer data across the Atlantic. The degree of access that U.S. intelligence agencies will maintain has been a sticking point in the negotiation of a new agreement.

Business groups including the U.S. Chamber of Commerce and BUSINESSEUROPE on Tuesday pressed the executive branches of both the United States and the European Union to intervene in the discussions.

“This issue must be resolved immediately or the consequences could be enormous for the thousands of businesses and millions of users impacted,” reads the letter to President Obama and the presidents of both the European Commission and the European Council.

“It is against this backdrop that we respectfully request your leadership to both support the efforts to negotiate a strengthened Safe Harbor agreement and to help establish a long-term, sustainable framework for data flows between Europe and United States,” it states.

To read about the EU’s push for further privacy controls, click here.

To read the business groups’ letter, click here.

A LIGHTER CLICK:

–JUST LIKE OBAMA. For the fifth year running, “123456” and “password” were the most commonly used security codes used in North America and Europe in 2015.

Password management software company SplashData annually analyzes sample groups of leaked passwords to determine the most common phrases in circulation.

Although many on this year’s top-25 list are repeat offenders — “qwerty,” “abc123,” “football” — a few new saliently timed Star Wars phrases came into circulation this year. “Solo,” “princess” and “starwars” all made the cut.

Laugh all you want, but I bet you have at least one ridiculous password out there. We do. So does President Obama.

In remarks at a cybersecurity summit at Stanford University given last year, Obama admitted he’s used some passwords that are pretty easy for cyber criminals to access.

“It’s just too easy for hackers to figure out usernames and passwords like ‘password’ or ‘123457,’ ” he said to laughs in the crowded auditorium.

“Those are some of my previous passwords. I’ve changed them since then.”

Read more from us here.  

A FEATURE IN FOCUS:

–MILLIONS OF DOLLARS. Daniel McGahn, the head of American Superconductor, tells 60 Minutes that he spent millions of dollars developing wind turbine software, only to have it looted by Chinese hackers. The resultant losses, he says, nearly put him out of business.

“[The Chinese government] want to develop certain segments of industry and instead of trying to out-innovate, out-research, out-develop, they’re choosing to do it through theft,” John Carlin, assistant attorney general for National Security, told the news program in a segment on economic espionage originating in Beijing.

Watch it here.

WHO’S IN THE SPOTLIGHT:

–TWITTER. Users who were told they were targeted in a state-sponsored cyberattack are pushing the micro-blogging platform to reveal more information about the alleged hacks.

In December, Twitter informed users that they were part of a “small group” that may have been targeted by actors “possibly associated with a government.”

“We hoped to learn more by and by,” the 31 signees wrote in an open letter. “Some of us sent inquiring emails to Twitter. We expected follow-up reporting by journalists who had read between the lines, had connected these alerts to other similar ones sent by different companies, or had talked to inside sources at Twitter. Nothing. Today, we are as clueless as when this started.”

They list 22 questions, including queries regarding Twitter’s response to the incident and the nature of the attack itself.

Read the letter, here.

A LOOK AHEAD:

WEDNESDAY

–The Senate Homeland Security and Governmental Affairs Committee will hold a hearing at 10 a.m. on better understanding the goals and ideology of ISIS. Lorenzo Vidino, director of the program on extremism at George Washington University’s Center for Cyber and Homeland Security, will testify.

THURSDAY

–The Senate Judiciary Committee will meet at 10 a.m. to discuss the Judicial Redress Act and the Defend Trade Secrets Act, among other things.

A LOOK BEHIND:

–REMEMBER THE DEMOCRATIC DEBATE? Despite the fact that Sunday’s presidential debate was buried during a long weekend, Democratic favorite Hillary Clinton did catch some people’s attention with her brief remarks on Silicon Valley’s role in policing terrorists’ use of online platforms.

“I was very pleased that leaders of President Obama’s administration went out to Silicon Valley last week and began exactly this conversation about what we can do, consistent with privacy and security,” she said. “We need better intelligence cooperation, we need to be sure that we are getting the best intelligence that we can from friends and allies around the world.”

Journalist Andrea Mitchell then pushed back at Clinton about the meeting.

“Secretary Clinton, you said that the leaders from the intelligence community went to Silicon Valley, they were flatly turned down,” she said. “They got nowhere.”

Clinton’s response: “That is not what I’ve heard. Let me leave it at that.”

Big deal? Nothing at all? The Wall Street Journal weighs in.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Malaysian police have arrested three suspects they say were recruited by the Islamic State in Iraq and Syria (ISIS) using the encrypted app Telegram. (The Hill)

The main airport in Ukraine’s capital city, Kiev, has been hit with a cyberattack launched from a server in Russia. (The Hill)

A U.S. casino is suing the cybersecurity firm it hired to help handle a data breach in a case that experts say is likely the first of many. (The Hill)

Australian Prime Minister Malcolm Turnbull vowed to tighten collaboration with the U.S. to counter terrorists’ “sophisticated” use of the Internet on Tuesday. (The Hill)

Alleged voting records of millions of American citizens have been uploaded to the dark Web on a site affiliated with a well-known cybercrime forum. (Motherboard)

Apple asked a widow to provide a court order when she requested access to her late husband’s password. (Ars Technica)

Facebook on Tuesday announced additional support for using the Tor anonymity network with the Android version of its app. (Motherboard)

The libertarian free-trade zone that the Silk Road once stood for has devolved into a fragmented, less ethical, and less trusted collection of scam-ridden black market bazaars. (Wired)

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A