Overnight Cybersecurity: Apple issues fix for Mac security flaw | House Intel panel to push own surveillance bill | Justices struggle with privacy of cellphone data

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

 

THE BIG STORY:

–UPDATE YOUR MAC:

Apple on Wednesday issued a security update to fix a vulnerability in the latest MacOS operating system that allowed anyone to gain access to a computer without a password. Cybersecurity researchers discovered the vulnerability in the MacOS High Sierra operating system and publicized it on Tuesday, sending Apple scrambling to find a fix.

To read the rest of our piece, click here.

–SERIOUSLY, UPDATE YOUR MAC:

The bug allows a would-be hacker to log in as a “root” user and leave the password field blank. After attempting to log in multiple times, the individual can gain access to the system. It was announced to the public over Twitter by a programmer before Apple could work on a patch, making the easy-to-exploit vulnerability widely available to anyone who wanted to use it. “Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as ‘root’ with empty password after clicking on login button several times. Are you aware of it @Apple?” tweeted Lemi Orhan Ergin.

To read the rest of our piece, click here.

 

LISTEN TO THE HILL’S NEW PODCASTS! 

In today’s Hillcast PM View, the daily evening update on what went down in Washington: Trump’s latest tweets panic Washington and cause a stir in the media; Alabama Senate hopeful Roy Moore seems to be making a comeback; and the new threat from North Korea is leaving the U.S. with few good options. Host Niv Elis talks to The Hill’s Jonathan Easley, Ben Kamisar, and Rebecca Kheel about what happened today. Listen here.

Subscribe here to all of The Hill’s new podcasts: Apple Podcasts | Soundcloud | Stitcher | Google Play | TuneIn

 

A RUSSIA PROBE UPDATE:

Special counsel Robert Mueller is delaying the testimony of an associate to former national security adviser Michael Flynn before a grand jury due to the possibility of reaching a plea deal, according to CNN.

A public relations consultant hired by Flynn’s lobbying firm who was scheduled to testify in December in a time-sensitive manner had his testimony postponed, with no reason given, according to a member of the firm.

The move comes days after Flynn’s attorneys met with Mueller’s team on Monday, and after it was announced that Flynn had terminated his information-sharing agreement with President Trump’s legal team.

Mueller’s team reportedly has sufficient evidence to indict both Flynn and his son, Michael Flynn Jr., who also worked for the Trump campaign.

According to multiple reports, Flynn is under investigation for an alleged quid pro quo deal with Turkey’s government, in which Flynn would have been paid millions of dollars in exchange for the extradition of an exiled Muslim cleric living in the U.S.

Federal records also show that the former national security adviser did not register $530,000 he was paid last year for work he did that the Justice Department said principally benefited Turkey, in a potential violation of the Foreign Agents Registration Act.

Mueller’s special counsel office has the authority to investigate “any matters that arise” as a result of the probe into possible collusion between Trump’s campaign and Russia during the 2016 election.

To read the rest of our piece, click here.

 

A LEGISLATIVE UPDATE:

The House Intelligence Committee is preparing to drop its own bill to renew a controversial but critical surveillance authority, Chairman Devin Nunes (R-Calif.) tells The Hill.

The proposal, expected this week, would not require federal investigators to obtain a warrant before accessing the communications of Americans caught up in foreign surveillance.

The new legislation could spark a turf war with the House Judiciary Committee, which recently advanced its own renew-and-reform proposal — a bill that does include a limited warrant requirement.

Supporters of that bill in the last several weeks issued a warning letter to House leadership, exhorting them not to support any measure that “weakens the privacy protections built into the USA Liberty Act.”

The House Intelligence Committee has been in quiet talks with House leadership on the future of the current law, which is set to expire at the end of the year.

As described by Nunes, their bill will more closely track a similar proposal from the Senate Intelligence Committee, which specifies that if an FBI search turns up a known U.S. person’s information, it must submit a request to the secret Foreign Intelligence Surveillance Court within one business day. The court would then have two business days to weigh in on its legality.

The two intelligence committees have been in talks to “hammer out” small differences in their two proposals, according to Senate Intelligence Committee Chairman Richard Burr (R-N.C.).

To read the rest of our piece, click here.

 

A LIGHTER CLICK: 

SCIENCE SAYS MYTHIC YETI BONES ACTUALLY CAME FROM BEARS. Overnight Cyber still believes.

 

A HEARING IN FOCUS:

LOUISIANA PUSHES BACK ON VOTING MACHINE HACK FEARS: At a House Oversight hearing discussing voting machine security, Louisiana Secretary of State Tom Schedler pushed back on the idea that the flawed security in voting machines is the end of the election cybersecurity discussion.

Schedler argued that voting officials employing best practices could serve as a valid cybersecurity check. He noted that his Louisiana office scrubs the computer used to transfer ballot information to voting machines before and after the election. One popularly mentioned mechanism for hacking elections would be to put malware on the main computer which would transfer with the ballot info.

He then described the difficulty of tampering with the machines in any other way, noting that the machines were sealed shut with metal clamps.

“In 36 hours … [you would have to] get into 64 warehouses across my state, get into 10,200 machines, undetected, under camera – no one saw you – unscrew the back of the camera, do what you’re going to do, and figure out how you’re going to put that metal clamp back on.”

At the hearing, Rep. John Duncan (R-Tenn.) argued that we should move to paper ballots, avoiding what he called a “multibillion dollar hoax” of trying to secure machines that no measures could provide perfect security for.

“Even with a paper system you need good protocols,” said Schedler.

 

WHAT’S IN THE SPOTLIGHT:

CELL PHONE SURVEILLANCE: Members of the Supreme Court appeared troubled Wednesday that police can search cellphone location histories without a warrant, but struggled with where the line should be drawn on privacy in the digital age.

Justice Sonia Sotomayor said most Americans want to avoid a situation where the government can peer into every aspect of their lives, including their whereabouts. She asked whether the government really believes that police should be able to search location history without probable cause.

“Right now we’re only talking about the cell sites records, but as I understand it, a cellphone can be pinged in your bedroom,” she said. “It can be pinged at your doctor’s office. It can ping you in the most intimate details of your life. Presumably at some point even in a dressing room as you’re undressing,” she said.

The government argued Wednesday that it was well within its rights under the Stored Communications Act of 1986 to get a court order for the records. The law allows location data to be searched if the government can show reasonable grounds to believe it will be relevant to a criminal investigation.

“I agree with you that new technology is raising very serious privacy concerns, but how much of existing precedent do you want us to overrule or declare obsolete?” Justice Samuel Alito asked.

But on Wednesday, Justice Anthony Kennedy wasn’t sure people have an expectation of privacy when it comes to cellphone location data.

He said it seems to him to be a normal expectation that cellphone companies have that data.  

“If I know it, everybody does,” he said.

To read the rest of our piece, click here.

 

IN CASE YOU MISSED IT:

A major shipping firm acknowledged it was hacked and its CEO suggested someone might be holding data hostage. (The Hill)

Donald Trump Jr. will meet with House Intel about Russia contacts. (The Hill)

…Dianne Feinstein asked Trump aides for information in a tranche of letters. (The Hill)

…Meanwhile, Attorney General Jeff Sessions is facing increasing conservative pressure to somehow indict Hillary Clinton or her inner circle. (The Hill)

The Fed is looking into cryptocurrencies. (The Hill)

Is Trump’s cybersecurity policy working? Who knows. (NextGov)

In 2011, the NSA caught a Naval officer illegally surveilling a phone. (Buzzfeed)

Accused hacker Lauri Love’s extradition hearing begins. (The Register)

 

‘Links from our blog, The Hill, and around the Web.

If you’d like to receive our newsletter in your inbox, please sign up here.