Overnight Cybersecurity: Lawmakers press FBI chief on encryption | Cyber world flocks to RSA conference | Defense contractors face mounting cyber threats

Overnight Cybersecurity: Lawmakers press FBI chief on encryption | Cyber world flocks to RSA conference | Defense contractors face mounting cyber threats
© Greg Nash

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



--LAWMAKERS PRESS FBI CHIEF ON ENCRYPTION: A bipartisan group of lawmakers is pressing FBI Director Christopher Wray on the bureau's efforts to unlock encrypted devices, in the wake of a critical watchdog report. In a letter sent Friday, the lawmakers called into question recent statements made by Wray and others that the bureau is unable to access scores of devices for ongoing criminal investigations because of encryption -- often referred to as the "going dark" problem.  According to a report released last month, the Justice Department inspector general found that the FBI did not exhaust all avenues to unlock the iPhone of one of the suspects in the 2015 San Bernardino attack before seeking a court order to force Apple to unlock the device. One FBI official also voiced concerns that agents weren't exhausting all technical avenues to unlock the device because they wanted the suit against Apple to go forward. In the Friday letter, several House lawmakers labeled the inspector general report "troubling," arguing that it undermines statements made by FBI officials that only device makers could provide a solution to unlock encrypted devices. The lawmakers also cited news reports that private companies like Cellebrite and Greyshift have developed capabilities to unlock encrypted phones.  Taken together, they argued, the revelations cast doubt on Wray's recent assertion that the FBI was unable to access 7,800 devices last fiscal year despite having relevant court orders.



Key quote: "According to your testimony and public statements, the FBI encountered 7,800 devices last year that it could not access due to encryption," the lawmakers wrote. "However, in light of the availability of unlocking tools developed by third-parties and the OIG report's findings that the Bureau was uninterested in seeking available third-party options, these statistics appear highly questionable."  


The lawmakers are asking Wray to respond to several questions, including whether he has consulted with third-party vendors to understand tools that could be used to break encryption, and whether the bureau has attempted to use tools developed by third parties to access the 7,800 devices.

To read more from our piece, click here.


--POMPEO FACES TIGHT VOTE: CIA Director Mike PompeoMichael (Mike) Richard PompeoTrump warns Iran's Rouhani: Threaten us 'and you will suffer' Pompeo: Iran's leaders resemble the mafia US commander: Challenge with North Korea is making progress despite lack of trust MORE on Thursday faced a grilling from Democrats on the Senate Foreign Relations Committee, suggesting he faces uncertain prospects to win a panel vote to become the nation's top diplomat. Pompeo declined to answer repeated questions from Democrats related to the ongoing Russia investigations and was challenged at several points to break with President TrumpDonald John TrumpTrump warns Iran's Rouhani: Threaten us 'and you will suffer' Pompeo: Iran's leaders resemble the mafia NYT's Haberman: Trump 'often tells the truth' MORE, as lawmakers voiced concerns that he would be too deferential as secretary of State. Pompeo's performance seemed widely to please Republicans on the panel, but with the defection of Sen. Rand PaulRandal (Rand) Howard PaulThe Hill's Morning Report — Trump and Congress at odds over Russia GOP leader blocks resolution backing intelligence community on Russia Rand Paul blocks Sanders's Russia resolution, calls it 'crazy hatred' against Trump MORE (R-Ky.) and with Sen. John McCainJohn Sidney McCainThe Memo: Summit fallout hits White House Graham: Biggest problem is Trump ‘believes meddling equals collusion’ Obama, Bush veterans dismiss Trump-Putin interpreter subpoena MORE (R-Ariz.) home receiving treatment for cancer, he will need support from Democrats to win confirmation. Getting a majority vote from the panel -- the first hurdle for the former Kansas congressman -- could prove difficult. Paul, who vowed to oppose Pompeo's nomination over his support for the Iraq War and his past position on torture, sits on the committee.


Can Pompeo get any Dems? If the committee's 10 Democrats join him in voting against Pompeo, it would be an 11-10 vote against his confirmation. No Democrats on the panel have so far offered their support. Sen. Tom UdallThomas (Tom) Stewart UdallEPA deputy says he's not interested in Pruitt’s job Latina Leaders to Watch 2018 Overnight Energy: Spending bill targets Pruitt | Ryan not paying 'close attention' to Pruitt controversies | Yellowstone park chief learned of dismissal through press release MORE (D-N.M.) has already announced that he will oppose the nomination and at least two other Democratic committee members who supported his confirmation as CIA director -- Sens. Jeanne ShaheenCynthia (Jeanne) Jeanne ShaheenErnst: Intelligence agencies should question Trump’s interpreter, not Congress Overnight Defense: More Trump drama over Russia | Appeals court rules against Trump on transgender ban | Boeing wins Air Force One contract | Military parade to reportedly cost M Top Dem lawmaker pushing committee for closed-door debrief with Trump’s interpreter MORE (N.H.) and Tim KaineTimothy (Tim) Michael KaineAudience bursts out laughing after GOP Senate candidate says Trump is ‘standing up’ to Russia Graham would consider US-Russia military coordination in Syria Dem infighting erupts over Supreme Court pick MORE (Va.) -- have expressed concerns.

To read more from our piece, click here.



Next week, cybersecurity professionals will descend on San Francisco for the annual RSA Conference. Among the speakers will be Homeland Security Secretary Kirstjen NielsenKirstjen Michele NielsenTrump: Obama didn't warn about Russia before election because 'it is all a big hoax' Ex-ICE director responds to Michelle Wolf video comparing agency to ISIS Top Ethics Dem calls for Nielsen to resign MORE, who is expected to discuss the department's cybersecurity priorities as well as current threats facing the United States in a keynote address Tuesday afternoon. The highly anticipated information security conference takes place April 16 to 20.



What does pet-cloning mean for human-cloning? And no, this isn't about Barbra Streisand. (Technology Review)



DEFENSE CONTRACTORS: Cybersecurity experts say defense contractors are facing more aggressive attacks as nation states and other hacking groups increasingly use malicious software to block information or manipulate data.

The companies that provide U.S. military and intelligence agencies with products and services have long faced espionage-motivated attacks.

They are now, however, also confronting outside attacks that aim to thwart, or even sabotage, their operations.

"To put it bluntly, these are attacks that don't try to steal secrets -- but either try to block information or change information," Peter Singer, a fellow at New America, told The Hill in an interview.

The rise of ransomware attacks against defense contractors coincides with a rise in the use of ransomware in general. Attacks can spread even after the original target has been hit, hurting unintended victims.

"It is the fastest growing area of cyber crime," Singer said.

One recent victim is Boeing, which was hit by the WannaCry virus late last month. The U.S. and U.K. have blamed North Korea for the attack, which only took a week to rapidly infect hundreds of thousands of Windows devices in 150 countries last spring.

Varun Badhwar, the head of cybersecurity firm RedLock, said hackers actively search for doors that are already cracked open as they seek to infiltrate such systems.

"[P]eople are looking for low-hanging fruit in terms of misconfigured systems as was in Boeing's case," Badhwar told The Hill, adding that the incident could've been easily avoided.

"The Microsoft patch was available for close to a year now," he said.

Linda Mills, the vice president of Boeing's commercial airlines communications, said in a statement that the attack was quickly mitigated after their "cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems."

To read the rest of our piece, click here.



All eyes were on Facebook CEO Mark ZuckerbergMark Elliot ZuckerbergZuckerberg’s sister: Banning Holocaust deniers won’t ‘make them go away' Hillicon Valley: Officials pressed on Russian interference at security forum | FCC accuses Sinclair of deception | Microsoft reveals Russia tried to hack three 2018 candidates | Trump backs Google in fight with EU | Comcast gives up on Fox bid Facebook's Zuckerberg congratulated Trump after 2016 election: report MORE, who weathered tough questions about data privacy and his company's policies during 10 hours of congressional testimony over Tuesday and Wednesday.

Facebook wasn't the only company on the hot seat. Uber agreed to extend a 2016 privacy agreement with the Federal Trade Commission in light of their massive data breach.



The White House calls former FBI director Comey a 'disgraced partisan hack' ahead of book release. (The Hill)

Backpage.com pleads guilty to human trafficking. (The Hill)

Inspector general releases long-awaited report on former FBI deputy Andrew McCabe. (The Hill)

Democratic lawmakers are accusing the ex-CEO of Cambridge Analytica of giving deceiving testimony before Congress. (BuzzFeed)

A cyber expert at the Center for Strategic and International Studies argues that a 'monopoly' is not the issue with Facebook. (CSIS)

The former HHS cybersecurity chief nabs a job at a voting technology company. (FedScoop)

Homeland Security releases a recap of its 'Cyber Storm' exercise. (DHS)

Police across the U.S. have purchased tools to unlock encrypted devices. (Motherboard)

Pennsylvania's secretary of state is mandating voting machines that leave a paper trail. (PennLive)