Overnight Cybersecurity: House defense bill would elevate Cyber Command

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORIES:

–MOVIN’ ON UP: The defense authorization bill that cleared the House on Wednesday would elevate the U.S. military’s cyber unit to a standalone warfighting entity — despite direct opposition from the White House. The House passed the bill by a 277-147 margin late Wednesday. U.S. Cyber Command is currently under the authority of Strategic Command, meaning it must obtain permission before it conducts cyber operations. But the National Defense Authorization Act (NDAA) would make Cyber Command its own unified command unit. The move is a nod to the increasing importance that cyber actions are playing in U.S. defense operations — Deputy Secretary of Defense Robert Work said recently that the U.S. is “dropping cyber bombs” on the Islamic State in Iraq and Syria (ISIS). It also had widespread support from lawmakers who were skeptical that the unit should remain under the roof of the National Security Agency (NSA), where it currently shares a commander with the spy agency. The White House, however, has pushed back against the move, arguing that the secretary of Defense and chairman of the Joint Chiefs of Staff “should retain the flexibility to recommend to the President changes to the unified command plan that they believe would most effectively organize the military to address an ever-evolving threat environment.” To read our full piece, click here.

{mosads}–HERE WE GO: Sen. Ron Wyden (D-Ore.) on Thursday introduced a bill that would block an expansion of the Justice Department’s hacking powers. “When the public realizes what is at stake, I think there is going to be a massive outcry: Americans will look at Congress and say, ‘What were you thinking?'” Wyden wrote in a Medium post announcing the legislation. The DOJ has proposed amendments to a little-known criminal procedure rule that would take effect in December and expand their hacking powers unless Congress acts. Wyden’s one-page bill, the Stopping Mass Hacking Act, would prevent those changes to what’s known as Rule 41. The changes would allow judges to grant a single warrant for multiple electronic searches in different locations — even when investigators don’t know the physical location of a device. The feds argue broader search powers are needed to keep pace with the rapidly progressing technology that criminals use to mask their identities online. But civil liberties advocates — and some tech companies — are horrified by the proposal. Allowing multi-district, multi-computer searches, they say, would allow the government to conduct bulk hacking with very little oversight. “By allowing so many searches with the order of just a single judge, Congress’s failure to act on this issue would be a disaster for law-abiding Americans,” Wyden said Thursday. To read our full piece, click here.

UPDATE ON CYBER POLICY:

–NOT PLEASED AT ALL. A Democratic congressman who wants to outlaw the use of federal funds for government “back doors” into commercial devices is pushing back on House leadership for refusing to allow the amendment to come up for a vote as part of the annual defense authorization bill.

“I am deeply disappointed and equally concerned that House Republicans continue to put politics ahead of national security,” Rep. Ted Lieu (D-Calif.) said in a Thursday statement.

Lieu’s amendment to the National Defense Authorization Act (NDAA) would have prohibited the use of funds to mandate or request back doors into commercial products — like cellphones — that could be used to circumvent a device’s encryption.

To read our full piece, click here.

A LIGHTER CLICK:

–PRESENTED WITHOUT COMMENTARY. Here is some of the dialogue from a recent episode of “Arrow,” one of the CW’s inarguably seminal pieces of television. (I’m serious, we’ll fight you if you say different.)

Felicity: “Every time I knock down a firewall, five more pop back up.”

[INTENSE TYPING]

Calculator: It seems that Mr. Darhk has a counter-hacker in his employ.

Felicity: And he’s good.

Read on, here.

A LOOK AHEAD:

–Join us 5/24 for State of the Sharing Economy: A Discussion on the Future of Cross-Border Commerce, featuring conversations with Rep. Darrell Issa (R-Calif.) and Navdeep Bains, Canadian Minister of Innovation, Science, and Economic Development.

Topics of discussion include: New markets created by technological innovation, the global sharing economy, and policy & regulatory reforms to protect personal and proprietary data.

Register here.

A HACK IN FOCUS:

–WE MEAN IT, TAKE IT BACK. LinkedIn has successfully demanded that a hacked information database remove millions of users passwords exposed during a 2012 breach, Motherboard reports.

But the data still remains for sale on the dark Web.

The site, LeakedSource, claims to have access to the full database of leaked data and makes it searchable to users who pay a subscription fee. LeakedSource has now removed the passwords from the database, pursuant to a cease and desist letter from LinkedIn.

Read on, here.

WHO’S IN THE SPOTLIGHT:

–SWIFT. The top Democrat on the Senate Homeland Security Committee is raising questions about the security of the global banking network after an $81 million hack of Bangladesh’s central bank.

“These cyberattacks raise important questions about the security of the SWIFT system and the ability of its members to prevent future attacks,” Sen. Tom Carper (D-Del.) wrote in a Thursday letter to New York Federal Reserve Bank President William Dudley and Society for Worldwide Interbank Financial Telecommunication (SWIFT) Managing Director Patrick Antonacci.

Carper pressed both Dudley and Antonacci on how their organizations are responding to the reported weaknesses in SWIFT’s security and requested that both arrange a staff briefing on the matter.

“Congress has a responsibility to continue to strengthen our nation’s cybersecurity, including ensuring that the system used by our banks to engage in cross-border transactions is secure,” Carper wrote.

To read our full piece, click here.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

A Bangladesh central bank official’s computer was used by unidentified hackers to make payments via SWIFT, a Bangladeshi diplomat said on Thursday. (Reuters)

The head of China’s industry and technology regulator stressed Chinese users’ security in a meeting with Apple Inc.’s chief executive in Beijing. (Reuters)

The pseudonymous hacker behind the catastrophic breach of notorious police surveillance tool seller Hacking Team is now teaching others how to hack. (Motherboard)

Presentation of evidence in the Oracle v. Google trial ended today, and US District Judge William Alsup has sent the jury home for a long weekend. (Ars Technica)

If you’d like to receive our newsletter in your inbox, please sign up here.