Overnight Cybersecurity: Anonymous begins outing alleged KKK members

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...


--UNDER THE HOOD: The hacking group Anonymous is starting to leak names and information of alleged Ku Klux Klan members. The anarchist hacking collective warned last week that it was planning to eventually release personal details of 1,000 alleged Klan members as part of its cyber war against the white supremacist group. On Sunday and Monday, Anonymous gave a preview, releasing some initial data through the text-sharing site Pastebin. The details -- including several dozen emails and phone numbers -- have not been independently verified or confirmed by the KKK. Anonymous said Sunday it had also gone after KKK-affiliated websites ahead of a full day of protests it has dubbed "HoodsOff 2015." Separately, a hacker claiming no affiliation with Anonymous told TechCrunch that he pilfered his own KKK data that includes the emails of several mayors and senators. Representatives for several of these offices flatly denied the reports, with one office telling The Huffington Post the accusation was "baseless Internet garbage." To read about the start of the unmasking, click here. To get the full history of the Anonymous cyber war against the Klan, check out our longer piece here.

--YOU SHALL NOT PASS: The White House issued a sweeping new plan aimed at better defending the government's networks from the hackers that have infiltrated numerous agencies in the last year. The plan follows up on a 30-day "cyber sprint" the Obama administration ordered earlier this year in the wake of the mammoth hacks on the Office of Personnel Management (OPM), which exposed over 20 million federal workers' personal information. While the sprint aimed to quickly patch the most glaring vulnerabilities on the government's networks, this new plan will try to set out a longer-term strategy to bolster cyber defenses. The administration will issue a new protocol for responding to cyberattacks, the Department of Homeland Security will speed the rollout of its intrusion detection system and agencies will have to take stock of their cyber workforce and file reports on their findings. To read our full piece, click here.

--USE THE FORCE, LUKE: The Justice Department thinks that it is forging a new path for taking down terrorist hackers after the arrest of a Kosovo man for allegedly aiding Islamic extremists. The case against Ardit Ferizi is "groundbreaking," according to John Carlin, the head of the department's national security division. "It's the first of its kind," he said during a panel discussion at the Defense One summit on Monday, and "shows the complexity of the new threat that we face." According to federal charges, Ferizi was the leader of the hacking group that stole names, Social Security numbers and other personal data on thousands of Americans. From that, he gave extremists in the Islamic State in Iraq and Syria (ISIS) information about 1,000 U.S. federal employees and members of the military. "This is a case of cyber terrorism," Carlin said on Monday. "Someone who used cyber-enabled means to help a terrorist group." To read our full piece, click here.



--EVERYTHING'S UNDER CONTROL, SITUATION NORMAL. The U.S. and the U.K. this month will test how finance centers on either side of the Atlantic would respond in the event of a massive cyberattack.

"It is testing how we would react to 'x' scenario, how would our colleagues in the U.S. react to the same, how would we then coordinate communications with each other, to the sector and within the sector," a spokesman for the British cybersecurity agency CERT-UK said Monday.

Officials have yet to set exact parameters for the exercises, which President Obama and U.K. Prime Minister David Cameron agreed in January to conduct.

"There will be no testing of cash machines coming down, banks coming down or anything like that," the spokesman said. It has also not been decided which banks will participate.

The U.S. Treasury, Britain's finance ministry, the Bank of England and U.S. regulators will likely play a part, as will intelligence agencies.

To read our full piece, click here.






--GET OFF MY LAWN. New peer-reviewed research shows that "nearly 9 in 10 websites leak user data to parties of which the user is likely unaware" -- and those sites that are leaking data are likely forwarding user information to nine outside Web sites.

Google, Facebook and Wordpress are common recipients of data. Google is the worst offender, with its analytics software installed on a staggering 46 percent of sites on the Web, privacy researcher Tim Libert told Motherboard.

Moreover: "More than 6 in 10 websites spawn third-party cookies; and more than 8 in 10 websites load Javascript code from external parties onto users' computers."

Read on, here.



--JAPAN. The Japanese Cabinet recently approved the country's second formal cybersecurity strategy, which outlines Japan's approach to online security over the next three years. Writing on the Council of Foreign Relations blog, cyber policy director at Intel K.K. Mihoko Matsubara characterized the new strategy as a balanced approach that emphasized both innovation and governmental policy. Unlike the previous strategy, this new plan was approved by the Japanese cabinet, suggesting the issue is rising in prominence. Read on, here.




--The Senate Armed Services Committee will hold a hearing at 9:30 a.m. on the future of warfare. Former National Security Agency Director Keith Alexander will testify.

--Two subcommittees of the House Energy Commerce Committee will hold a joint hearing at 10 a.m. on U.S.-EU Safe Harbor negotiations.

--The House Judiciary Committee will hold a hearing at 1 p.m. on international data flows.


--A technology-focused subcommittee of the House Oversight Committee will hold a hearing at 2 p.m. on government technology acquisition.


--The Hill will host an event at 8 a.m. on securing future payment technologies. Sens. Gary Peters (D-Mich.) and Mike Rounds (R-S.D.) will speak, as will Rep. Ed Perlmutter (D-Colo.).

--The American Bar Association will host the first day of its national security conference. Government officials from the White House, intelligence agencies and Defense Department will speak.

--The U.S. Chamber of Commerce will host the first day of its conference on intellectual property. Sen. Thom Tillis (R-N.C.) will speak.

--The Council on Foreign Relations will host a cybersecurity conference. Homeland Security Secretary Jeh Johnson will speak.


--The American Bar Association will host the second day of its national security conference.

--The U.S. Chamber of Commerce will host the second day of its conference on intellectual property. Sen. Orrin HatchOrrin Grant HatchKey Republicans say Biden can break Washington gridlock Trump awards Medal of Freedom to racing industry icon Roger Penske Trump holds more Medal of Freedom ceremonies than predecessors but awards fewer medals MORE (R-Utah) will speak.



Links from our blog, The Hill, and around the Web.

On Thursday, The Hill will host a discussion on the future of payment technology, from encryption to tokenization. (The Hill)

Some firms are weighing moving their data to the EU after the European high court struck down a key data-flow agreement. (The Wall Street Journal)

British mobile service provider Vodafone said Saturday that hackers have accessed personal information for almost 2,000 customers. (The Hill)

A security firm that hunts for undiscovered software bugs announced Monday that it is paying out $1 million to a hacking group for breaking into Apple's mobile operating system. (The Hill)

The Supreme Court on Monday appeared divided as it considered people-search service Spokeo's bid to avoid a class action suit for including incorrect information in its database. (Reuters)

Security firm FireEye said Monday that information stolen in the massive Office of Personnel Management breach hasn't shown up on the black market, signaling that the culprit is a foreign government. (Reuters)

A password manager is one of the easiest ways that average computer users can keep their accounts secure -- but that security is moot if a computer is compromised. (Ars Technica)

The battle between Silicon Valley and the Obama administration is heating up over the export of dual-use technologies. (The New York Times)

Critics are concerned about the deep ties between many U.S. tech companies -- like IBM, Microsoft and Cisco Systems -- and Chinese companies. (The New York Times)

The TalkTalk hackers were able to steal more than 20,000 bank account numbers but can't use the stolen data to make any financial transactions. (Law360)


If you'd like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A