Overnight Cybersecurity: Speaker’s race could elevate cybersecurity

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

 

THE BIG STORIES:

—COULD HOUSE SHUFFLE BENEFIT CYBER POLICY?: The wide-open race for Speaker has thrust several of the House’s more prominent tech and cybersecurity figures into the spotlight. Majority Leader Kevin McCarthy’s (R-Calif.) decision to abruptly pull himself from contention for the Speakership just minutes before a vote Thursday has upended the process and opened the door to a number of dark-horse candidates.

Reps. Jason Chaffetz (R-Utah), Lynn Westmoreland (R-Ga.), Darrell Issa (R-Calif.) and Candice Miller (R-Mich.) have all been floated as possibilities to succeed outgoing Speaker John Boehner (R-Ohio), who retires at the end of this month. In recent years, each has made a mark speaking out on issues like the government’s lagging cyber defenses, surveillance reform and encryption standards.

{mosads}While those topics are unlikely to be a factor in the race for the House’s top spot, the digital rights community is intrigued by the possibility of having a tech-savvy Speaker for perhaps the first time in history.

“That’s exactly what the Republican Party needs,” said Berin Szoka, president of TechFreedom, a libertarian-leaning think tank. “Issues like privacy are areas where you could actually get legislation passed that Republicans have led on — that they can get Democrats on board with — without having to compromise.” To read our full piece, click here.

—HAPPY MONDAY?: Another day, another hack. On Friday, Dow Jones & Co. revealed that hackers have breached its computer systems, looking for contact information to send fraudulent solicitations.

In addition, America’s Thrift Stores said that it has been the victim of a malware-driven cyberattack by Eastern European criminals who stole credit card data from the donations-based retailer. It says that according to the Secret Service, no customer names or other contact information was compromised. The hack seems to have affected transactions between Sept. 1 and Sept. 27 of this year.

Dow Jones, meanwhile, told customers that there is no evidence that data was stolen but that the hackers may have accessed credit card information of fewer than 3,500 individuals. To read about the Dow Jones hack, click here. To read about the America’s Thrift Stores hack, click here.

—HALP?: U.S. law enforcement agencies could have a tougher time operating in the European Union after a bombshell court ruling struck down Safe Harbor, a key data transfer agreement between the two governments.

“The restraints that exist now are going to make it much harder for lawyers to respond to a court order in the United States when the information involved implicates foreign affiliates and subsidiaries in the European Union,” says Christopher Swift, a former official with the Treasury Department Office of Foreign Assets Control and current national security professor at Georgetown University.

Critics of the EU decision say that agencies like the FBI and the Department of Justice may face more pushback from their counterparts overseas in light of the ruling. “[EU agencies will say] ‘unless it’s a serious national security issue, don’t cast the net so widely. Doing so violates our fundamental principles of privacy. Give us more specifics about what you need,’ ” said Kenneth Rashbaum, a partner at Barton LLP who specializes in privacy and cybersecurity.

To read our full piece, click here.

 

UPDATE ON CYBER POLICY:

—FEEL THE BERN. 2016 Democratic hopeful Bernie Sanders has staked a position against the controversial Cybersecurity Information Security Act, expected to see floor time in the Senate this month. The Vermont senator’s position puts him at odds with several Republican presidential hopefuls — including Carly Fiorina, Jeb Bush and Marco Rubio — who have expressed support for the bill. The legislation is intended to boost threat-sharing data between the federal government and private companies, but has faced stiff opposition over privacy concerns. The Daily Dot scoops: Read on, here.

 

LIGHTER CLICK:

-—OW TO PAY FOR COLLEGE. Rutgers University students are circulating a petition, arguing they deserve a partial tuition refund after the school fell victim to five cyberattacks in less than a year. In the wake of the breaches, Rutgers acknowledged that it raised tuition, in part, to cover the costs of boosting its cyber defenses. Check out the full story at New Brunswick Today.

 

A FEATURE READ:

—RUSSIA’S PATRIOTIC CYBER UNDERWORLD. The relationship between Moscow and Russian cyber gangs may be tightening, spurred by international sanctions and disputes with the United States over military action in Ukraine and Syria, experts and federal lawmakers warn.

Moscow has long been known to source its technology, world-class hacking talent and even some intelligence information from local cyber crime rings, or “the Silicon Valley of Eastern Europe,” said Tom Kellermann, chief cybersecurity officer at security research firm Trend Micro.

In exchange, officials turn a blind eye to the rampant underground economy these cyber crime syndicates have constructed, fueled largely by mammoth data breaches at major U.S. retailers and banks.

“That symbiotic relationship has been going on for at least 10 years, if not longer,” said Jonathan Wrolstad, a cyber threat analyst with FireEye, a security firm that follows two of Russia’s more prominent intelligence hacking groups.

But according to Kellermann, Russian cyber criminals have tightened cooperation with Moscow, fueled by patriotic fervor. Check out our full piece here.

 

WHO’S IN THE SPOTLIGHT:

—THE FBI. A small controversy has emerged over the FBI’s decision to post, and then take down, a post about security concerns related to chip-embedded credit and debit cards.

According to Computerworld: “The original online post was headlined, ‘New microchip-enabled credit cards may still be vulnerable to exploitation by fraudsters,’ and was replaced by a ‘page not found’ message as of mid-day Friday.”

Apparently, some pressure from the American Bankers Association led to the FBI altering the post, Computerworld reported.

That makes the FBI announcement the latest point of contention in an ongoing fight between retailers and financial firms over the new chip cards.

Retailers were required to install machines that accept the chip-embedded cards by Oct. 1, or foot the cost of any credit card fraud.

As we reported at the beginning of the month: “Financial institutions say the move will drastically reduce counterfeit fraud and help thwart hackers. But retailers maintain they haven’t had the time to make the multi-billion dollar transition to the new technology and believe the change will only shift digital fraud to other outlets.”

After seeing the Computerworld piece, prominent cybersecurity researcher and journalist Brian Krebs tweeted, “This story speaks volumes about why crooks are laughing all the way to the bank.”

 

A LOOK AHEAD:

WEDNESDAY

—USTelecom will host a national cybersecurity policy forum at 9 a.m. The Hill’s Cory Bennett will moderate a panel on industry perspectives on the state of public-private cybersecurity partnerships.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

A subsidiary of the Japanese telecommunications firm SoftBank Group Corp. has invested $50 million in the Israeli cybersecurity startup Cybereason. (The Hill)

President Obama said former Secretary of State Hillary Clinton’s use of a private email server did not create a security risk during her time in office. (The Hill)

Southwest Airlines said there is no evidence that a cybersecurity breach led to the technical failures that delayed flights and stranded passengers across the country on Sunday. (The Hill)

Tech groups are praising Obama for his decision not to pursue legislation mandating government access to encrypted data on mobile devices. (Bloomberg)

Faced with rapidly proliferating hacks, insurers have massively raised premiums for cyber insurance for some companies. (Reuters)

Dozens of countries are racing to amass cyber weapons, reconfiguring their militaries to build up arsenals of malicious code. (The Wall Street Journal)

A Slate op-ed argues that defendants should have the right to inspect the software code that is used to convict them. (Slate)

Cops don’t need a crypto backdoor to get into your iPhone — they have plenty of other avenues. (Wired)

Free media took a hit in both China and Turkey over the weekend. (Re/Code)

 

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A