Overnight Cybersecurity

Overnight Cybersecurity: Feds ask to cancel Apple court hearing

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you…

THE BIG STORIES:

–A MAN THAT LIKES TO RENT PIGS WON’T BE STOPPED: Apple and the FBI were set to battle in court for the first time on Tuesday over the San Bernardino shooter’s locked iPhone. But the whole shindig may be postponed after a the government surprisingly moved late Monday to cancel the hearing. The government is trying to force Apple to unlock an iPhone used by Syed Farook, one of the two assailants who killed 14 people in last December’s terror attack. But in a last-minute court filing, prosecutors said “an outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone.” The government wants to play out this lead before continuing with its case against Apple. “If the method is viable, it should eliminate the need for the assistance from Apple Inc.” It was not immediately clear whether the hearing — set for Tuesday afternoon at the federal courthouse in Riverside, Calif. — would actually be postponed. The move came one day after researchers at Johns Hopkins University found a security flaw in Apple software that allowed them to pierce the company’s encryption. It’s not clear from the filing whether this is the “possible method” the Department of Justice is talking about. To read about this late-breaking development, click here. To read our preview of the potentially cancelled hearing, click here.

{mosads}–WHACKING A SURLY BARTENDER AIN’T MUCH OF A CRIME: If the FBI is indeed referring to the Johns Hopkins researchers, the group’s announcement is about to get a lot more attention. The Hopkins team said the flaw would likely not allow investigators to break into Farook’s iPhone, but that the discovery undermines the idea that Apple has created impenetrable encryption. Tech experts like those at the National Security Agency could easily have discovered the hole, research team leader Matthew Green told The Washington Post. “If you put resources into it, you will come across something like this,” he said. Green’s team has alerted Apple to the flaw and will publish a paper describing how they hacked in as soon as Apple issues a patch. The company is expected to address the problem in version 9.3 of its operating software, which was released Monday. Using an older version of Apple’s operating system, Green’s team wrote software to mimic an Apple server. Then they targeted a message with a link to a photo stored in Apple’s iCloud server, which was encrypted with a 64-digit key. The team guessed the code by repeatedly changing a single digit or letter in the key and sending it to the target phone. The phone would accept a correctly entered digit and thousands of tries later, Green said, “we had the key.” The same technique would work on later operating systems, Green said, but it would likely require the more sophisticated hacking skills of a nation state. To read our full piece, click here.

–UVA UVAM VIVENDO VARIUM FIT: Two House committees on Monday revealed the creation of a joint encryption working group. The panel, composed of four Republicans and four Democrats, will examine potential solutions to the challenges law enforcement officials face as encryption becomes more widespread. While the technology is seen as vital to digital security and online privacy, investigators warn it is also helping criminals and terrorists increasingly hide from authorities. Leaders from the House Judiciary and Energy and Commerce committees came together to create the working group. The panel will conduct its work in the shadow of the ongoing standoff between the FBI and Apple over a locked iPhone used by one of the San Bernardino, Calif., shooters. The court battle has become a proxy for the larger Capitol Hill debate over law enforcement access to encrypted data. Since the terror attacks in Paris and San Bernardino, pressure has grown on lawmakers to weigh in on the issue. The working group is the latest congressional attempt to do just that. The panel includes some notable congressional voices on tech, encryption and surveillance issues. To see who they are, click here to read our full piece.

 

LIGHTER CLICK:

–I NEVER MET A SOUL ON THIS EARTH AS NORMAL AS ME. This is what happens when you let the Internet do things. British scientists opened up an online poll, encouraging people to help name a new $290 million polar research ship. Predictably, the runaway winner thus far is “RSS Boaty McBoatface.”

We approve.

Read on here, at NBC News.

 

A FEATURE IN FOCUS:

–I HATE RUDE BEHAVIOR IN A MAN. Can hackers hold an entire town ransom? In Plainfield, N.J., they certainly tried. The Washington Post details the bizarre saga of a ransomware attack that locked employees in the mayor’s office out of their own files.

Read on, here.

 

THE WEEK AHEAD:

TUESDAY

–The House Homeland Security cybersecurity subcommittee will hold a hearing on how to bolster security through cyber insurance, at 10 a.m.

–The House Armed Services Committee will hold a hearing on the Pentagon’s 2017 cyber budget at 3:30 p.m.

 

WHO’S IN THE SPOTLIGHT:

–TANVEER HASSAN ZOHA. A cyber crime expert who was helping Bangladesh authorities investigate an attempted $951 million cyber heist from the country’s central bank has gone missing.

Zoha had met police on Tuesday and told the media he knew three user IDs used for the heist, Reuters reports.

According to his wife, he was blindfolded by unknown people in plainclothes early on Thursday and was driven away in a vehicle.

The incident is thought to be one of the largest cyber heists in history.

Unknown hackers made 35 requests for payments from Bangladesh Bank’s account with the Federal Reserve Bank of New York in early February, including a transfer order for $81 million paid from its account there to casinos in the Philippines.

An FBI official met with Bangladesh police on Sunday.

Read on, here.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Apple CEO Tim Cook opened up the company’s Monday product launch by doubling down on the firm’s refusal to help investigators unlock Farook’s iPhone. (The Hill)

The U.S. government was hit by more than 77,000 cyber incidents, like data thefts or other security breaches, in 2015 — a 10 percent increase over the previous year, according to a White House audit. (Reuters)

Google, Microsoft, Yahoo and others have published a new email security standard. (CSO)

A hacker has leaked dozens of Adele’s personal photos — including a sonogram, pregnancy photos, and pictures of her son — on Facebook. (Vulture)

Jumio, an online identification verification company whose clients include United Airlines and Airbnb, has filed for Chapter 11 bankruptcy protection. (Reuters)

The hackers who hit the Bangladesh Bank had been remotely monitoring its activity for several weeks and may have breached as many as 32 computers at the bank. (The Wall Street Journal)

ICYMI: Here’s the behind the scenes account of the 18 months before the Apple-FBI feud over encryption became public. (Bloomberg)

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A

 

This story was updated at 7:23 p.m.