Overnight Cybersecurity: Judge denies Mozilla request for FBI hacking trick

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORIES:

–CUT OUT THE MIDDLE MAN: If Mozilla wants the FBI to disclose a potential hacking vulnerability on its Firefox browser, it should take it up with the government directly, a judge ruled on Monday. Federal judge Robert Bryan denied Mozilla’s motion to intervene in a related criminal case in Washington involving a child pornography site. Mozilla believes a security vulnerability in its browser helped law enforcement track down the location of computers that visited the site. Mozilla pressed the court last week to force the FBI to disclose the vulnerability to it before releasing it to anyone else, including the defendant in the case. But the judge on Monday said Mozilla’s request did not apply anymore, since the judge recently ruled that the government would not be required to share the vulnerability with the defendant in the case. “It appears that Mozilla’s concerns should be addressed to the United States and should not be part of this criminal proceeding,” the judge wrote in a two-page order. Mozilla says there is good reason to believe the unknown vulnerability is still active and putting millions of users at risk. The government has previously refused to disclose the vulnerability to Mozilla directly. To read our full piece, click here.

{mosads}–HERE WE GO: A conservative legal watchdog’s interviews with current and former aides to Hillary Clinton about her use of a private email server while serving as secretary of State will begin Wednesday and stretch into late June, the group announced. The first person to be deposed as part of a court case concerning Clinton’s bespoke email setup is Lewis Lukens, a former executive director of the State Department’s executive secretariat, Judicial Watch said in a court filing Tuesday. Sworn testimony with Cheryl Mills, Clinton’s former chief of staff, is set to follow and has been scheduled for next Friday. In subsequent weeks, the watchdog group will question former department executive secretary Stephen Mull, IT expert Bryan Pagliano, an official representative from the State Department, longtime Clinton adviser Huma Abedin, and sitting Undersecretary for Management Patrick Kennedy. Kennedy’s interview, scheduled for June 29, is slated to be the final interview as part of the Freedom of Information Act case. Each interview could last for as long as seven hours, Judicial Watch predicted. The depositions are the first of two separate court-ordered processes for Judicial Watch to obtain evidence as part of different open records cases concerning Clinton’s email setup. The twin court cases were launched to obtain separate documents from Clinton’s time in office but have evolved as judges have raised questions about whether the likely Democratic presidential nominee’s arrangement allowed her to circumvent open records laws. To read our full piece, click here.

UPDATE ON CYBER POLICY:

–TEAMWORK. The House on Monday passed a cybersecurity bill from Rep. Joaquín Castro (D-Texas) that aims to help state and local officials battle hackers.

The bill, known as the National Cybersecurity Preparedness Consortium Act, would allow nonprofits, such as universities, to work with the Department of Homeland Security on better protecting state and local networks.

“It’s critical that localities understand the impact cyber attacks could have on their ability to function, and are prepared to prevent, detect, respond to, and recover from harmful cyber incidents,” Castro said in statement.

The measure passed overwhelmingly, 394-3, late Monday afternoon.

To read our full piece, click here.

A LIGHTER CLICK:

–BINGE TIME. The trailer for Season 2 of Mr. Robot has arrived.

Watch, here.

A LOOK AHEAD:

WEDNESDAY:

–The Senate Homeland Security and Government Affairs Committee will hold a hearing on security threats to critical infrastructure at 10 a.m.

–The House Oversight Committee’s subcommittee on IT will hold a hearing to release an updated Federal Information Technology Reform Act scorecard, at 2 p.m.

–The Senate Judiciary Committee’s subcommittee on crime and terrorism will examine the threat of ransomware at 3 p.m.

BONUS:

–Join us 5/24 for State of the Sharing Economy: A Discussion on the Future of Cross-Border Commerce, featuring conversations with Rep. Darrell Issa (R-Calif.) and Navdeep Bains, Canadian Minister of Innovation, Science, and Economic Development.

Topics of discussion include: New markets created by technological innovation, the global sharing economy, and policy & regulatory reforms to protect personal and proprietary data.

Register here.

A REPORT IN FOCUS:

–BUSINESS AS USUAL. Hackers are increasingly operating as professionals in a traditional business economy.

They rely on specialists for a range of activities from background checks to marketing and selling exploit kits.

Some even offer 24/7 help desks and money-back guarantees on their products, according to a new report on the business of hacking from Hewlett Packard Enterprise.

Read on, here.

–GUYS, REALLY? Further proof that people do dumb things online: According to a survey conducted by Intel, 88 percent of consumers have clicked on pop-up ads for diets and fitness programs despite knowing the security risks associated with such ads.

Read on, here.

WHO’S IN THE SPOTLIGHT:

–SEXTORTION. Sen. Barbara Boxer (D-Calif.) wants the Department of Justice to begin tracking cases of “sextortion,” in which criminals use the internet to extort victims into engaging in sexual activities.

“Court records show that some of these cyber-criminals have blackmailed hundreds of different victims online,” Boxer wrote in a Tuesday letter to the agency. “However, since specific data is not collected by any federal entity on online sexual extortion, the full extent of this crime is largely unknown.”

Boxer’s letter comes in response to a Brookings Institution report from last week that identified 78 recent cases of online sexual extortion involving at least 1,397 victims.

The report estimates the number of actual victims to be between 3,000 and 6,500, but because there are no federal records tracking sextortion, researchers found no way to definitively establish a number.

The scheme frequently involves a perpetrator hacking into a victim’s computer, then using compromising information found there — usually in the form of sexually explicit photos or videos — to force the target to engage in sexual behavior.

To read our full piece, click here.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

A Ukrainian hacker has pleaded guilty to participating in a scheme to hack into three business newswires, steal unpublished press releases and use the information to make illegal trades. (The Hill)

Cyber-criminals unsuccessfully tried to send money from a Vietnamese bank to a Slovenian one in December, but there have been no other cases of attempted fraudulent transfers identified in Vietnam, a top central bank official said. (Reuters)

Recent “social engineering” tests undertaken by an independent auditor reveal Homeland Security Department employees are getting savvier about basic cybersecurity. (NextGov)

Buzzfeed is switching to HTTPS as its default in a new security upgrade. (International Business Times)

Security experts say that online hacking forum Nulled.io has been breached, with the account information of 536,000 registered users now a few clicks away from ordinary Internet users and law enforcement. (U.S. News and World Report)

Norton antivirus software has a gaping security hole. (Yahoo)

If you’d like to receive our newsletter in your inbox, please sign up here.