Overnight Cybersecurity: Trump standing by wiretapping claim | Cyber gets boost in Trump budget | Bad bots on the rise | McDonald's Twitter hack

Overnight Cybersecurity: Trump standing by wiretapping claim | Cyber gets boost in Trump budget | Bad bots on the rise | McDonald's Twitter hack
© Greg Nash

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

 

THE BIG STORY:

-- BUDGET DAY: President Trump released his 2018 budget blueprint, and cybersecurity makes a few appearances. The proposal twice uses cites "effectiveness, efficiency, cybersecurity, and accountability" as a goal.

--...ONE BILLION DOLLARS TO DHS CYBER PROGRAMS: President Trump's first federal budget blueprint proposes $1.5 billion for the Department of Homeland Security (DHS) to protect federal networks and critical infrastructure from cyberattacks. The budget request, which bolsters DHS funding by 6.8 percent while making deep cuts to other agencies and departments, also calls for heightened cooperation between the government and the private sector on cybersecurity.  The proposed budget "safeguards cyberspace with $1.5 billion for DHS activities that protect federal networks and critical infrastructure from an attack," according to the blueprint, which was publicly released Thursday morning.

To read the rest of our piece, click here.

--...CALLS FOR TREASURY, PENTAGON AND NASA TO BOOST INTERNAL CYBERSECURITY: Cybersecurity is included as one of the  "pressing shortfalls" in U.S. Armed Forces' infrastructure. The blueprint also funds IT initiatives in NASA and the Treasury.

ADVERTISEMENT
--...AND AN INTERESTING NOTE ABOUT JUSTICE. In its section on the Department of Justice, the blueprint calls for "The FBI [to] devote $61 million more to fight terrorism and combat foreign intelligence and cyber threats and address public safety and national security risks that result from malicious actors' use of encrypted products and services." Overnight Cybersecurity spoke to a few policy experts, none of which were certain what "address public safety and national security risks that result from malicious actors' use of encrypted products and services" exactly meant. The line is an obvious reference to what FBI Director James Comey has described as the problem of "going dark" - that bad guys both criminal and terrorist can use encryption to evade surveillance. Comey has advocated for laws requiring manufacturers to develop special access systems to allow law enforcement to defeat otherwise undefeatable encryption - something Trump supported during the campaign. But Trump's budget blueprint seems to suggest he has moved away from that stance. Lawmakers, including a bipartisan study group, and encryption researchers say Comey's call for encryption backdoors would make all products vulnerable to new attacks. It's unclear what the budget blueprint wants the FBI to do. In theory, the FBI could develop hacking techniques or purchase them from contractors and hackers. The figure allocated, $61 million, strikes experts as a low number to accomplish that, especially when divided u up between "fighting terrorism and combating foreign intelligence and cyberthreats."

 

THE OTHER BIG STORY

--JUST WHEN WE'RE ALL ON THE SAME PAGE...: On Wednesday, House Intelligence Chairman Devin Nunes reiterated that there is no evidence that then-President Obama wiretapped then-nominee Donald TrumpDonald John TrumpIvanka Trump pens op-ed on kindergartners learning tech Bharara, Yates tamp down expectations Mueller will bring criminal charges Overnight Cybersecurity: Equifax security employee left after breach | Lawmakers float bill to reform warrantless surveillance | Intel leaders keeping collusion probe open MORE's phones. On Thursday, Paul RyanPaul RyanThe Hill Interview: Budget Chair Black sticks around for now Gun proposal picks up GOP support GOP lawmaker Tim Murphy to retire at end of term MORE joined in. "The intelligence committees, in their continuing, widening, ongoing investigations of all things Russia, got to the bottom -- at least so far with respect to our intelligence community -- that no such wiretap existed," Ryan said during a news conference." He was soon followed by a joint statement from the Senate Intelligence Commiteee leadership. "Based on the information available to us, we see no indications that Trump Tower was the subject of surveillance by any element of the United States government either before or after Election Day 2016," wrote Sens. Richard BurrRichard Mauze BurrTrump: Why isn't Senate looking into 'Fake News Networks'? Overnight Cybersecurity: Equifax security employee left after breach | Lawmakers float bill to reform warrantless surveillance | Intel leaders keeping collusion probe open Special counsel looking into dossier as part of Russia probe: report MORE (R-N.C.) and Mark WarnerMark Robert WarnerTrump: Why isn't Senate looking into 'Fake News Networks'? 5 takeaways from Senate Russian meddling presser Trump: 'America is truly a nation in mourning' MORE (D-Va.). Also Thursday, Rep. Adam SchiffAdam SchiffOvernight Tech: Facebook, Twitter to testify before Senate | EU orders Amazon to pay 0M in back taxes | Reddit hires first lobbyists Facebook, Twitter will testify at Senate hearing Schiff: Almost all RT ads on Twitter designed to push negative coverage of Clinton MORE (D-Calif.) confirmed he expected FBI Director James Comey to debunk the wiretap claims during their hearing Monday.

To read more, click here for a story on Ryan, here for one on Senate Intelligence and here for Schiff.

--...WE'RE STILL NOT ALL ON THE SAME PAGE: White House press secretary Sean Spicer, though, again argued at his Thursday press briefing that the president did not mean wiretapping when he tweeted four times that former President Barack ObamaBarack Hussein ObamaAll five living former presidents to attend hurricane relief concert Overnight Health Care: Schumer calls for tying ObamaCare fix to children's health insurance | Puerto Rico's water woes worsen | Dems plead for nursing home residents' right to sue Interior moves to delay Obama’s methane leak rule MORE had ordered the wiretapping of Trump Towers. In two tweets, Trump had put the phrase in quotes: "Terrible! Just found out that Obama had my 'wires tapped' in Trump Tower just before the victory. Nothing found. This is McCarthyism!" and "Is it legal for a sitting President to be 'wire tapping' a race for president prior to an election? Turned down by court earlier. A NEW LOW!" But Spicer said that indicated the president meant any kind of surveillance, not just wiretapping. He then recited a list of news articles that said Trump officials might have been caught in the surveillance of foreign targets. Nunes made a similar point during his press conference, that Trump was only inaccurate if his tweets are taken literally and that he may have been making a broader point. This explanation does not completely explain the tweets. So-called incidental surveillance can not legally be targeted at U.S. persons, like Trump, and is never directed by the president. It is solely in the hands of the intelligence community. Incidental surveillance may explain why wiretapping was in quotes, but not why Obama is explicitly being blamed.

--HOUSE COULD DEMAND DOCUMENTS: Rep. Mike Quigley (D-Ill.), a member of the House Intelligence Committee, introduced a special resolution of inquiry on Thursday requesting that Trump and Attorney General Jeff SessionsJefferson (Jeff) Beauregard SessionsIntel leaders: Collusion still open part of investigation Republicans jockey for position on immigration Biden to Alabama: No more extremist senators MORE give Congress any evidence to explain Trump's claim that his predecessor illegally ordered the wiretapping of Trump Tower ahead of the presidential election. Such evidence would include "copies of any document, record, memo, correspondence, or other communication in their possessions, or any portion of any such communication" that relates to Trump's claims." As a member of the Intelligence Committee, I have seen absolutely no evidence that supports the president's claims," Quigley said on the House floor Thursday. "President Trump and the Department of Justice have a responsibility to completely clarify the President's statements on Twitter."

To read the rest of our piece, click here.

 

A LIGHTER CLICK: 

UK'S MEME ARSENAL LAGGING: UK's National Cyber Security Centre tried and failed to RickRoll someone on Twitter.

 

A REPORT IN FOCUS:

NOW WE'VE GOT BAD BOTS: "Bad bots" – automated crawlers of the World Wide Web designed to perform malicious tasks – made up nearly 20 percent of the web's traffic in 2016, according a research from a firm that sells bot blocking solutions.

Distil Networks released its fourth annual bot report Thursday, providing internally determined statistics.

Bots serve multiple functions on the internet. Search engines, RSS feeds and other web staples are legitimate uses of technology – Distil classifies them as "good bots." Bad bots include programs to illicitly scrape content off of websites, rapidly corner markets on resalable products like tickets and automate certain types of password attacks.

While good bot use relative to total internet traffic has been on the decline – comprising 36 percent of traffic in 2014, 22 percent in 2015, and just under 19 percent last year – bad bot traffic has steadily been around 20 percent of online traffic. 2016 is the first year in Distil's records when bad bot traffic outdid good bot traffic.

Distil looked at different sized sites – the 10,000 largest sites ("large"), the next 40,000 ("medium"), the next 100,000 ("small") and all other sites. The company calculates that bad bots make up more than one in five visits to the largest sites on the internet, and no less than one in seven visits for sites. "Small" had the smallest proportion of bad bot traffic at slightly under 15 percent.

The report also notes that much of the bad bot campaigns take advantage of cloud computing services as base centers. More bad bots originated at Amazon's cloud services than anywhere else.

 

WHO'S IN THE SPOTLIGHT:

MCDONALD'S: McDonald's on Thursday said its corporate Twitter account had been hacked, after a tweet went out mocking President Trump on Thursday.

The fast food empire's corporate account sent out a tweet reading "@realDonaldTrump You are actually a disgusting excuse of a President and we would love to have @BarackObama back, also you have tiny hands."

It was soon deleted.

"Twitter notified us that our account was compromised. We deleted the tweet, secured our account and are now investigating this," McDonald's wrote on Twitter, roughly an hour after the original tweet was sent.

McDonald's later said they believed the account was "hacked by an external source."

To read the rest of our piece, click here.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web

Did President Trump accidentally reveal classified information during last night's Tucker Carlson interview? (The Hill)

Experts tell House that the U.S. needs to improve its anti-propaganda efforts. (The Hill)

Dems. look to boost rural access to broadband. (The Hill)

President Trump will meet with Bill Gates. (The Hill)

Intel launched a bug bounty program. (HackerOne)

Canada's Privacy Commissioner is investigating phone seizures at the U.S. border. (National Post)

Today's best headline: Tim Shields Wants You to Save Tortoises by Piloting Laser Robots With Your Phone. (Motherboard)

The USB Kill Stick - a USB stick that physically destroys computers - now does a more thorough job. (ZDNet).

 

If you'd like to receive our newsletter in your inbox, please sign up here.