Overnight Cybersecurity: Hackers peppered Clinton server with attacks

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORIES:

–I’M IN UR COMPUTER, STEALING UR INTERNETS: Cyberattacks from China, South Korea and Germany targeted Hillary Clinton’s private email server after she left the Obama administration in early 2013 but were rebuffed by a “threat monitoring” product, according to a congressional letter. But that defensive tool was not installed for a three-month window from June to October 2013, possibly leaving the server exposed to other attacks, said a letter from Sen. Ron Johnson (R-Wis.), who chairs the Senate Homeland Security and Governmental Affairs Committee. The committee is investigating Clinton’s email setup, which has come under heavy scrutiny since it was revealed that the former secretary of State exclusively used a privately-hosted personal email account during her time in the Obama administration. Clinton’s White House campaign team has slammed Johnson’s “sham of an investigation” as a partisan attempt to hurt her poll numbers. To read our full story, click here.

{mosads}–THE PURGE: ANARCHY: House Majority Leader Kevin McCarthy (R-Calif.) is out. Chaos is in. The favorite to become the next House Speaker abruptly and unexpectedly quit his run for the Speakership just as Republicans were set to vote on Thursday. How does this affect cybersecurity? Shrug, probably not that much. Despite its factions, GOP leaders have been fairly united in their desire to move cybersecurity legislation, such as the two complementary information-sharing bills that passed easily in April. Together, the measures would give legal liability protections when exchanging cyber threat data with the government. However, McCarthy’s defection could open the door for underdog candidate Rep. Jason Chaffetz (R-Utah), who has made government cybersecurity a top priority as chair of the House Oversight and Government Reform Committee. For more on his cyber bonafides and whether he plans to stay in the race, check out our “Who’s in the Spotlight” feature below. Elsewhere, Rep. Lynn Westmoreland (R-Ga.) — who chairs the House Intelligence Committee’s subcommittee on cybersecurity and the National Security Agency — is now considering a bid. “He will be speaking with his family and spending time in prayer before he makes a final decision,” a spokesman said. To read more about Westmoreland’s possible bid, click here.

–I KNEW IT WAS YOU: Uber is investigating whether there is a connection between the hacker behind a major data breach at the driving service and Lyft, Uber’s chief rival, Reuters reports. Court papers claim an unidentified person using a Comcast IP address used a security key to improperly download 50,000 drivers’ names and license numbers in 2014. Sources told Reuters that internal investigations at Uber revealed that the address belongs to Lyft’s chief technology officer, Chris Lambert. Lyft denies the insinuations that it was involved, saying that “there is no evidence that any Lyft employee, including [Lambert], downloaded the Uber driver information or database, or had anything to do with Uber’s May 2014 data breach.” ICYMI, Lyft and Uber compete fiercely for both drivers and customers. Currently, Comcast is appealing a subpoena requested by Uber that would command it to turn over the unnamed subscriber’s identity, payment information and other information connecting the subscriber to the hack. To read our full piece, click here.

UPDATE ON CYBER POLICY:

–MO MONEY, MO PROBLEMS. The Internal Revenue Service (IRS) needs more funding to combat increasing cybersecurity risks, the agency said Wednesday.

“The combined pressures of reduced resources, new demands, and cyber threats have undermined our ability to deliver foundational taxpayer service and enforcement programs,” IRS Commissioner John Koskinen wrote in a letter to Senate Finance Committee ranking member Ron Wyden (D-Ore.).

In its 2016 budget request, the Obama administration has asked for $242 million in cybersecurity funding for the IRS — a 72-percent boost only distantly rivaled by a 23-percent requested increase to the Department of Health and Human Services’ information security funding.

Koskinen’s letter was a response to a September missive from Wyden, which expressed support for the president’s budget.

“Congress ought to increase resources to the IRS if it expects the agency to bring its antiquated computer systems into the 21st century to prevent these criminal attacks going forward,” Wyden wrote, calling the budget request “a sensible increase.”

To read our full piece, click here.

LIGHTER CLICK:

–YOUR HALLOWEEN COSTUME. For the cyber devotee in your life, get this mask.

A FEATURE READ:

–YO TEACH. The National Academy of Public Administration is out with a new report on cybersecurity education. The dearth of cyber talent is frequently cited as a major reason companies and government agencies can’t properly defend themselves from hackers.

The Academy decided to review two federal programs meant to boost cyber education and issue a number of recommendations on how they might be improved.

The report recommends more closely involving the Defense Department, expanding the programs to encompass the entire public sector, incorporating more hands-on elements in the training and improving metrics to track the programs.

Check it out, here.

WHO’S IN THE SPOTLIGHT:

–REP. JASON CHAFFETZ (R-UTAH). The formerly dark-horse candidate for House Speaker suddenly finds himself in a race without a front-runner after Majority Leader Kevin McCarthy (R-Calif.) rocked Capitol Hill Thursday by withdrawing himself from consideration.

Chaffetz is the one person running for the Speakership that has an aggressive record on cybersecurity. As chair of the House Oversight and Government Reform Committee, he relentlessly went after Obama administration officials in the wake of the hacks at the Office of Personnel Management (OPM), which exposed over 20 million federal workers’ data.

So with tumult currently reigning on Capitol Hill, this piece from earlier in the week suddenly seems much more relevant.

However, Chaffetz himself acknowledged on Thursday that he might not be able to build the coalition needed to win the Speakership.

“I’m not sure if I’m the right person,” he told reporters.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

U.S. authorities have identified three Chinese companies that benefited from trade secrets stolen from U.S. firms by Chinese military hackers. (The Hill)

Journalist Matthew Keys was convicted Wednesday night of helping the hacking collective Anonymous infiltrate the Los Angeles Times website to deface a story. (The Hill)

Reps. Ted Lieu (D-Calif.) and Steve Russell (R-Okla.) are upping their campaign to strip the Office of Personnel Management (OPM) of its control over security clearances. (The Hill)

Whether it’s a state-sponsored hack or a teenager with a laptop, Congress gets hit by cyberattacks daily, House Inspector General Theresa Grafenstine says. (Next Gov)

Five lessons from the summer of epic car hacks. (Wired)

FBI Dir­ect­or James Comey says ‘dozens‘ of terror suspects have used encryption to hide from law enforcement. (Next Gov)

Security researchers say that hackers are using a common Cisco product to install backdoors that collect usernames and passwords to log in to corporate networks. (Ars Technica)

A Department of Homeland Security official says the only way to improve waning morale at the agency’s cyber division is to change its name. (NextGov)

The Experian hack raises doubts about the security of credit databases. (The Guardian)

Donald Trump is silent on cybersecurity. (CSO)

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A