Overnight Cybersecurity: Cyber thieves go after the IRS

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you...


--THERE ARE MORE IMPORTANT THINGS THAN FOOTBALL: Identity thieves used an automated bot in an attempt to generate phony login information to breach the Internal Revenue Service (IRS), the agency said Tuesday. Using Social Security numbers stolen from elsewhere, the thieves used malware to try to create e-file PINs, used by some taxpayers to file their returns. No personal taxpayer information was exposed during the attempt, according to the agency, and the hack has been halted. An internal investigation identified unauthorized attempts involving around 464,000 Social Security numbers, 101,000 of which were used to successfully access an e-file PIN in December. Some lawmakers have already reacted to the breach. Sen. Steve Daines (R-Mont.) on Wednesday slammed President Obama for not alerting Congress to the incident. "The President has a duty to inform Congress of cyber attacks on federal infrastructure, yet once again has tried to sweep this under the rug," Daines said in a statement. To read about the breach, click here. To read about Daines's reaction, read here.

--NOW HOLD ON JUST A SECOND: Two lawmakers want to halt state lawmakers from moving on legislation that could affect encryption standards. Reps. Ted Lieu (D-Calif.) and Blake FarentholdRandolph (Blake) Blake FarentholdFive things to watch for in Texas primaries Congressional interns required to sign nondisclosure agreements House ethics panel opens probe into Meehan harassment allegations MORE (R-Texas) on Wednesday introduced a bill, the so-called Encrypt Act, that would preempt state and local government from passing encryption-related laws. The measure comes on the heels of nearly identical legislation in two states -- New York and California -- that would ban the sale or manufacture of fully encrypted smartphones that lock out law enforcement officials. Lieu and Farenthold's measure would bar states from passing any mandate that requires companies to alter the design of their encryption for investigators seeking access. "You can't have Apple and Google making a smartphone just for California and New York and then making a different one for the rest of the country," Lieu told The Hill. To read our full piece, click here.

--WHERE'S THE OSCAR NOD FOR 'THE INTERVIEW'? The Senate easily backed new sanctions against North Korea Wednesday in the wake of a string of controversial moves from the isolated country. The Senate's 96-0 vote comes after Pyongyang says it successfully tested a hydrogen bomb, restarted its nuclear reactor and, most recently, tested a long-range missile. The legislation represents a bipartisan moment for an upper chamber frequently divided on foreign policy, with both Majority Leader Mitch McConnellAddison (Mitch) Mitchell McConnellGOP senator blocking Trump's Intel nominee Spending bill delay raises risk of partial government shutdown support GOP leaders to Trump: Leave Mueller alone MORE (R-Ky.) and Minority Leader Harry ReidHarry Mason ReidTrump presses GOP to change Senate rules Only thing Defense’s UFO probe proves is power of political favors Nevada Democrat accused of sexual harassment reconsiders retirement: report MORE (D-Nev.) urging their colleagues to vote "yes." Senators suggested the legislation is a long-needed step amid frustration that the United Nations Security Council is moving too slowly to pass new sanctions targeting North Korea's economy. Sen. Robert MenendezRobert (Bob) MenendezPoll: Menendez has 17-point lead over GOP challenger Russian attacks on America require bipartisan response from Congress Justice Dept intends to re-try Menendez in corruption case MORE (D-N.J.), who helped spearhead the sanctions legislation, urged his colleagues to pass the bill unanimously, saying it would "create a ripple effect, not only here but across the world." The legislation would require the Obama administration to sanction anyone involved with North Korea's nuclear weapons program, arms-related materials, luxury goods, human rights abuses, activities that negatively impact cybersecurity and the use of coal or metals in any of the activities. Penalties would include freezing assets under U.S. jurisdiction, banning individuals from traveling to the United States or blocking government contracts. To read our full piece, click here.

--AND ANOTHER ONE: Beth Cobert is one step closer to being approved as the permanent director of the Office of Personnel Management (OPM). The Senate Homeland Security and Governmental Affairs Committee on Wednesday approved Cobert's nomination to head the agency behind the largest-ever government hack. "She has a strong record of strong management and she is the right person for this job," said Sen. Tom CarperThomas (Tom) Richard CarperWarren turns focus to Kushner’s loans Overnight Energy: Dems probe EPA security contract | GAO expands inquiry into EPA advisory boards | Dems want more time to comment on drilling plan Overnight Regulation: Senate takes first step to passing Dodd-Frank rollback | House passes bill requiring frequent reviews of financial regs | Conservatives want new checks on IRS rules MORE (D-Del.), the committee's ranking member, in his opening statement. Cobert has been the OPM's acting director since June, when former Director Katherine Archuleta resigned in the wake of the data breaches that exposed over 22 million people's personal information. In November, President Obama tapped Cobert to take over the agency full time. To read our full piece, click here.



--GET OFF MY (DIGITAL) LAWN. A Senate committee on Wednesday approved three bills intended to help combat the massive online propaganda wing of the Islamic State in Iraq and Syria (ISIS).

Lawmakers and experts agree the government has been ineffective at countering ISIS's Internet recruitment campaigns.

Supporters say the trio of bills, passed by the Senate Homeland Security Committee, will focus and bolster the government's efforts in this area.

"At the beginning of this Congress I outlined countering violent extremism ... as one of this committee's top five priorities," said Chairman Ron JohnsonRonald (Ron) Harold JohnsonSenate GOP shoots down bill blocking Trump tariffs Possible North Korea summit raises anxiety in Washington Wisconsin Republican would sign on to bill to nullify Trump tariffs MORE (R-Wis.). "So I am pleased that three bills that we are marking up today address a heightened homeland threat from violent extremism."

To learn more about the three bills, click here.



--CLEAR EYES. FULL HEARTS. (SAY IT WITH ME.) Panthers fans, get pumped up. There is going to be a cast reunion of inarguably one of the greatest achievements of modern television (one of us will fight you). This has overshadowed pretty much everything else that may or may not have happened today. Texas Forever.

Read on at Buzzfeed, here.

--MY NEW LIFE STARTS TOMORROW. From The Onion: "Jogger Clearly On First Run Of Plan To Turn Life Around" More here.



--YOU GIVE 110 PERCENT ALL THE TIME, NOT JUST WHEN YOU FEEL LIKE IT. IT security professionals are stressed out by the rising volume of cyberattacks too.

Sixty-three percent of cybersecurity experts felt more pressure to secure their organizations last year compared to the year before, and 65 percent expect the amount of pressure they face to grow, according to new study from the security firm Trustwave released today.

Check out the rest of the results here.



--ISIS. The Islamic State in Iraq and Syria (ISIS) has opened up a new technical "help desk" that instructs terrorists on how to hide from Western authorities, according to researchers.  

The Electronic Horizon Foundation (EHF) was launched on Jan. 30 as a joint effort of several of the top ISIS cybersecurity experts, the Middle East Media Research Institute (MEMRI) said in a new report.

While researchers have previously uncovered an ISIS "help desk" and 34-page manual that help extremists encrypt their communications, MEMRI said the EHF takes these services to an "alarming" new level.

"Jihadis have long sought technical information, which has been confined in the past to various password-protected jihadi forums," said the MEMRI report, shared exclusively with The Hill. "However, the freedom and ease by which they can now obtain that information is alarming, especially when such information is shared over private and secure channels."

The EHF operates on the encrypted messaging platform Telegram but also maintains a Twitter account that disseminates information and directs followers to its secure Telegram channel.

The group's self-stated goal is clear: "Spreading security and technical awareness among the monotheists."

To read our full piece, click here.




--Rep. Will Hurd (R-Texas), who chairs the House Subcommittee on Information Technology, will speak on a cybersecurity policy panel at LEVICK Live, starting at 8 a.m.

--Three senior White House tech officials will discuss President Obama's cybersecurity priorities in 2016 at a New America event at 2 p.m.

--The House Oversight Committee will hold a hearing on the Internal Revenue Service's data security, among other things, at 1 p.m.

--Homeland Security Secretary Jeh Johnson will deliver his annual "State of Homeland Security" speech at 10 a.m.



Links from our blog, The Hill, and around the Web.

As many as 30 separate email accounts were included in messages on Hillary ClintonHillary Diane Rodham ClintonKoch-backed group launches six-figure ad buy against Heitkamp Trump keeps up 'low IQ' attack on Maxine Waters GOP leaders to Trump: Leave Mueller alone MORE's private server that have been classified at the highest levels, according to a new report. (The Hill)

The FBI is requesting $38 million in funding to combat the risk of "going dark" -- a 23-percent increase over what the agency spent last year to counter the growing use of encryption technology. (The Hill)

Beth Cobert is one step closer to being approved as the permanent director of the Office of Personnel Management. (The Hill)

NATO and the European Union have signed an agreement to improve cooperation in cyberdefense. (ABC News)

Department of Homeland Security cyber official Andy Ozment discusses the potential impact of the recently passed Cybersecurity Information Sharing Act. (The Wall Street Journal)

The departments of Justice and Homeland Security are investigating a Justice hack allegedly made possible by its IT support team. (Next Gov)

If you'd like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A