OVERNIGHT CYBERSECURITY: Hack victimizes 4 million fed workers

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry wrap their arms around cyberthreats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...


--HACK ATTACK: Roughly 4 million current and former federal employees have had their data exposed by a hack, the Obama administration said Thursday. The notification from the Office of Personnel Management (OPM) was short on details, but it appears troves of sensitive information had been pilfered and that every agency may have been affected. This is not the first time OPM has stumbled with protecting personnel data. The agency was also breached last year. It appears the most recent incident was unrelated to that intrusion, although Chinese hackers are suspected in both instances. To read our full piece, click here.

--RAMIFICATIONS? Within minutes of the story breaking, lawmakers were using the OPM breach to renew calls for the Senate to move on a stalled cybersecurity bill that would enhance the public-private exchange of information on hackers. The suspected involvement of China could also raise the pressure on President Obama to take a tougher stance on the Asian power about its cyber espionage campaigns.

--HUNTIN' HACKERS: The Obama administration has expanded its warrantless surveillance of Americans' overseas Internet browsing in an effort to find hackers, The New York Times reported Thursday. The DOJ told the spy agency it could only monitor Internet addresses and "cyber signatures" -- the patterns of digital intrusions -- it could link to foreign governments. According to the Times, the documents show the NSA overstepped its mandate, collecting data on hackers not clearly affiliated with foreign authorities. To read our full piece, click here.

--NO, YOU'RE OUT OF ORDER: Two members of the British Parliament are challenging in court a U.K. surveillance law that requires Internet companies like Facebook and Google to decrypt user data at the government's request. The outcome could have ramifications on a similar debate in the U.S. in which the Obama administration is looking to also guarantee some form of access to digital data. Lawmakers and technologists have protested the move, arguing it will weaken encryption and expose users to hackers. To read our full piece, click here.



--IT'S NOT GETTING CLEARER. The FBI isn't making its stance on encryption any easier to understand. An FBI official testified this week that law enforcement's challenge is working with tech companies "to build technological solutions to prevent encryption above all else."

The Washington Post breaks it down: "At first glance the comment … might appear to go further than FBI Director James B. Comey. Encryption, a technology widely used to secure digital information by scrambling data so only authorized users can decode it, is 'a good thing,' Comey has said, even if he wants the government to have the ability get around it. But Steinbach's testimony also suggests he meant that companies shouldn't put their customers' access to encryption ahead of national security concerns -- rather than saying the government's top priority should be preventing the use of the technology that secures basically everything people do online."


--LOOKING FOR FRIENDS? Check out this story from New York magazine: "I Handed Over My Facebook Password to an Indonesian Hacker. Now We're Friends."


Links from our blog, The Hill, and around the Web.

House lawmakers slipped a number of anti-spying provisions into a funding bill that went through the chamber Wednesday evening. (The Hill)

The House Intelligence Committee unanimously passed the fiscal 2016 Intelligence Authorization Act on Thursday, sending the policy bill to the chamber floor. (The Hill)

Microsoft gives details about its controversial disk encryption. (The Intercept)

South Korea's difficult path to becoming a middle power in international cyber politics. (Council on Foreign Relations)

GitHub, once the target of suspected Chinese cyberattacks, has opened an office in Japan, its first outside the U.S. (TechCrunch)

Op-ed: "David Cameron, the 'snooper's charter' will not make us safer." (The Guardian)

An FBI official testified Thursday that its challenge is working with tech companies "to build technological solutions to prevent encryption above all else." (The Washington Post)

Vice goes "Inside Washington's quest to bring down Edward Snowden." (Vice)

The war on terror is now the war on cyber. (Motherboard)


If you'd like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A