Overnight Cybersecurity: Anti-doping agency casts doubt on leaked docs | FCC tees up vote on internet privacy rules

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORY:

–WADA ATTACKER’S CRED NADA? Not all data from leaked Olympians’ anti-doping enforcement records is authentic, the World Anti-Doping Association (WADA) wrote in a press release on Wednesday. Hackers breached an account on the Anti-Doping Administration and Management System (ADAMS) that contained a list medical exemptions issued to athletes who use banned substances to treat injury and disease. WADA believes Fancy Bear, a suspected Russian intelligence hacking outfit, is behind the attacks. Since Sept. 13, the hackers have been posting the ADAMS data to an official website. “It should also be noted that in the course of its investigation, WADA has determined that not all data released by Fancy Bear (in its PDF documents) accurately reflects ADAMS data. However, we are continuing to examine the extent of this as a priority and we would encourage any affected parties to contact WADA should they become aware of any inaccuracies in the data that has been released,” wrote WADA in its release.

{mosads}–…ALL LEAKERS MAY NOT BE BORN EQUAL: WADA won’t be the last organization to complain that leaked documents are inauthentic. Accuracy may always be an issue. The highest profile document leaks — from the Pentagon Papers to Edward Snowden to the Panama Papers — used authentic documents. But there is no reason to assume state actors or other motivated hackers would abstain from editing leaked files to better spread misinformation. There will be more leaks in the future and not all of them will be spearheaded by those whose first goal is increasing transparency.

To read more on the anti-doping agency’s new claim, click here.

A POLICY UPDATE:

–IT’S A SENSITIVE MATTER: Internet service providers would be required to get customers’ permission to use certain types of “sensitive” data under proposed rules Federal Communications Commission (FCC) Chairman Tom Wheeler released on Thursday.

Sensitive data include information on a person’s web browsing history, according to the commission, as well as health information, financial information and the substance of communications sent over the internet. The proposed rule would also cover location data, the commission said, and data related to children or collected on application usage.

“Calibrating consent requirements to the sensitivity of the information aligns with consumer expectations and is in harmony with other key privacy frameworks and principles — including those outlined by the [Federal Trade Commission] and the Administration’s Consumer Privacy Bill of Rights,” Wheeler said in a blog post.

“The proposed rules are designed to evolve with changing technologies, and would provide consumers with ways to easily adjust their privacy preferences over time.”

Other data, like a person’s name and home and internet protocol addresses, would not be considered sensitive. Internet providers would simply need to give consumers a chance to opt-out of having that data used.

Internet providers such as Comcast or Verizon would have to tell customers which data they were collecting and for what use. The rules would apply to both traditional wired broadband and mobile internet service.

To read the rest of our piece, click here

A LIGHTER CLICK:

–THE STRANGEST THING: Freedom of information Act requests reveal the Department of Energy’s real thoughts on “Stranger Things.”

A TOOL IN FOCUS:

–THWARTING MAC SURVEILLANCE-WARE: Feel free to remove the tape from your webcam. A security researcher at a conference in Denver on Thursday introduced a tool that can alert Mac users when their webcams are in use.

“Oversight” is a free extension developed by Patrick Wardle, the director of research at the security firm Synack. It warns users when their cameras or microphones are in use and which program is using them — giving users a heads-up if a hacker has hijacked either device.

Many security-conscious people place tape, stickers or other blocking devices over computer cameras to prevent hackers from spying on them.

In theory, Macs should show a green light when the camera is in use. But certain types of attacks can disable that signal — and the piece-of-tape solution isn’t foolproof.

And any time users want to make a video call or record audio, they need to remove it.

Wardle said that leaves them open to a newer potential — malware designed to record only when the camera is already engaged.

An attacker could wait until the user begins a video call or otherwise intentionally engages the camera, which means the green light would be on before hackers start recording.

“As there are no visible indications of this malicious activity (as the LED light is already on), the malware can record both audio and video without fear of detection,” reads the description of Wardle’s conference talk. This is a problem he says is uniquely solved by Oversight.

To read the rest of our piece, click here:

WHO’S IN THE SPOTLIGHT:

–SO LONG, FAREWELL. Department of Homeland Security (DHS) Deputy Secretary Alejandro Mayorkas, a top government advocate for public and private cooperation in cybersecurity, is stepping down.

Mayorkas will leave office at the end of October to join the law firm WilmerHale.

“Ali has been my partner at the helm of this department for the last 34 months. From the beginning, Ali has been a source of encouragement, strength, and optimism,” said DHS Secretary Jeh Johnson.   

To read our full piece, click here.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

What is the Obama administration’s tech legacy? (Nextgov)

Constantly changing credit cards could kill copious cyber crimes. (ZDNet)

Malicious advertisements installed malware on Spotify users. (Infosecurity Magazine)

Someone, convince Vanilla Ice to evacuate the path of Hurricane Matthew. (Twitter)

For younger readers, Vanilla Ice wrote “Ice Ice Baby” and the best song in Teenage Mutant Ninja Turtles 2: The Secret of the Ooze. (YouTube).

If you’d like to receive our newsletter in your inbox, please sign up here.