Overnight Cybersecurity

Overnight Cybersecurity: Lawmakers press FBI chief on encryption | Cyber world flocks to RSA conference | Defense contractors face mounting cyber threats

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

 

THE BIG STORIES:

–LAWMAKERS PRESS FBI CHIEF ON ENCRYPTION: A bipartisan group of lawmakers is pressing FBI Director Christopher Wray on the bureau’s efforts to unlock encrypted devices, in the wake of a critical watchdog report. In a letter sent Friday, the lawmakers called into question recent statements made by Wray and others that the bureau is unable to access scores of devices for ongoing criminal investigations because of encryption — often referred to as the “going dark” problem.  According to a report released last month, the Justice Department inspector general found that the FBI did not exhaust all avenues to unlock the iPhone of one of the suspects in the 2015 San Bernardino attack before seeking a court order to force Apple to unlock the device. One FBI official also voiced concerns that agents weren’t exhausting all technical avenues to unlock the device because they wanted the suit against Apple to go forward. In the Friday letter, several House lawmakers labeled the inspector general report “troubling,” arguing that it undermines statements made by FBI officials that only device makers could provide a solution to unlock encrypted devices. The lawmakers also cited news reports that private companies like Cellebrite and Greyshift have developed capabilities to unlock encrypted phones.  Taken together, they argued, the revelations cast doubt on Wray’s recent assertion that the FBI was unable to access 7,800 devices last fiscal year despite having relevant court orders.

 

{mosads}

Key quote: “According to your testimony and public statements, the FBI encountered 7,800 devices last year that it could not access due to encryption,” the lawmakers wrote. “However, in light of the availability of unlocking tools developed by third-parties and the OIG report’s findings that the Bureau was uninterested in seeking available third-party options, these statistics appear highly questionable.”  

 

The lawmakers are asking Wray to respond to several questions, including whether he has consulted with third-party vendors to understand tools that could be used to break encryption, and whether the bureau has attempted to use tools developed by third parties to access the 7,800 devices.

To read more from our piece, click here.

 

–POMPEO FACES TIGHT VOTE: CIA Director Mike Pompeo on Thursday faced a grilling from Democrats on the Senate Foreign Relations Committee, suggesting he faces uncertain prospects to win a panel vote to become the nation’s top diplomat. Pompeo declined to answer repeated questions from Democrats related to the ongoing Russia investigations and was challenged at several points to break with President Trump, as lawmakers voiced concerns that he would be too deferential as secretary of State. Pompeo’s performance seemed widely to please Republicans on the panel, but with the defection of Sen. Rand Paul (R-Ky.) and with Sen. John McCain (R-Ariz.) home receiving treatment for cancer, he will need support from Democrats to win confirmation. Getting a majority vote from the panel — the first hurdle for the former Kansas congressman — could prove difficult. Paul, who vowed to oppose Pompeo’s nomination over his support for the Iraq War and his past position on torture, sits on the committee.

 

Can Pompeo get any Dems? If the committee’s 10 Democrats join him in voting against Pompeo, it would be an 11-10 vote against his confirmation. No Democrats on the panel have so far offered their support. Sen. Tom Udall (D-N.M.) has already announced that he will oppose the nomination and at least two other Democratic committee members who supported his confirmation as CIA director — Sens. Jeanne Shaheen (N.H.) and Tim Kaine (Va.) — have expressed concerns.

To read more from our piece, click here.

 

AN EVENT IN FOCUS: 

Next week, cybersecurity professionals will descend on San Francisco for the annual RSA Conference. Among the speakers will be Homeland Security Secretary Kirstjen Nielsen, who is expected to discuss the department’s cybersecurity priorities as well as current threats facing the United States in a keynote address Tuesday afternoon. The highly anticipated information security conference takes place April 16 to 20.

 

A LIGHTER CLICK: 

What does pet-cloning mean for human-cloning? And no, this isn’t about Barbra Streisand. (Technology Review)

 

WHO’S IN THE SPOTLIGHT: 

DEFENSE CONTRACTORS: Cybersecurity experts say defense contractors are facing more aggressive attacks as nation states and other hacking groups increasingly use malicious software to block information or manipulate data.

The companies that provide U.S. military and intelligence agencies with products and services have long faced espionage-motivated attacks.

They are now, however, also confronting outside attacks that aim to thwart, or even sabotage, their operations.

“To put it bluntly, these are attacks that don’t try to steal secrets — but either try to block information or change information,” Peter Singer, a fellow at New America, told The Hill in an interview.

The rise of ransomware attacks against defense contractors coincides with a rise in the use of ransomware in general. Attacks can spread even after the original target has been hit, hurting unintended victims.

“It is the fastest growing area of cyber crime,” Singer said.

One recent victim is Boeing, which was hit by the WannaCry virus late last month. The U.S. and U.K. have blamed North Korea for the attack, which only took a week to rapidly infect hundreds of thousands of Windows devices in 150 countries last spring.

Varun Badhwar, the head of cybersecurity firm RedLock, said hackers actively search for doors that are already cracked open as they seek to infiltrate such systems.

“[P]eople are looking for low-hanging fruit in terms of misconfigured systems as was in Boeing’s case,” Badhwar told The Hill, adding that the incident could’ve been easily avoided.

“The Microsoft patch was available for close to a year now,” he said.

Linda Mills, the vice president of Boeing’s commercial airlines communications, said in a statement that the attack was quickly mitigated after their “cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems.”

To read the rest of our piece, click here.

 

LOOKING BACK ON THE WEEK:

All eyes were on Facebook CEO Mark Zuckerberg, who weathered tough questions about data privacy and his company’s policies during 10 hours of congressional testimony over Tuesday and Wednesday.

Facebook wasn’t the only company on the hot seat. Uber agreed to extend a 2016 privacy agreement with the Federal Trade Commission in light of their massive data breach.

 

IN CASE YOU MISSED IT:

The White House calls former FBI director Comey a ‘disgraced partisan hack’ ahead of book release. (The Hill)

Backpage.com pleads guilty to human trafficking. (The Hill)

Inspector general releases long-awaited report on former FBI deputy Andrew McCabe. (The Hill)

Democratic lawmakers are accusing the ex-CEO of Cambridge Analytica of giving deceiving testimony before Congress. (BuzzFeed)

A cyber expert at the Center for Strategic and International Studies argues that a ‘monopoly’ is not the issue with Facebook. (CSIS)

The former HHS cybersecurity chief nabs a job at a voting technology company. (FedScoop)

Homeland Security releases a recap of its ‘Cyber Storm‘ exercise. (DHS)

Police across the U.S. have purchased tools to unlock encrypted devices. (Motherboard)

Pennsylvania’s secretary of state is mandating voting machines that leave a paper trail. (PennLive)