Overnight Cybersecurity: Social media pressured to block ISIS

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...


--I HATE SNAKES: Pressure is building on social media companies to police terrorist content online amid rising fears about the spread of the Islamic State in Iraq and Syria (ISIS). The tech companies, and Twitter in particular, are facing growing calls from the White House and congressional Democrats to take a more aggressive role in battling ISIS propaganda following last week's shooting in San Bernardino, Calif. Sen. Dianne FeinsteinDianne Emiel FeinsteinCalifornia Democrat Christy Smith launches first TV ad in bid for Katie Hill's former House seat Biden wins endorsement of Sacramento mayor Roberts under pressure from both sides in witness fight MORE (D-Calif.) this week plans to reintroduce legislation that would force social media companies to notify federal authorities of terrorist activity on their networks. The Obama administration, meanwhile, is reaching out to Silicon Valley companies about ways that they could help U.S. officials combat the threat of "lone wolf" attacks. The drumbeat to tighten terrorist access to social media began last week after a married couple opened fire on a Christmas party at a health services facility in San Bernardino, Calif., killing 14. The FBI on Monday said the two alleged shooters, Tashfeen Malik and Syed Farook, had been radicalized for "quite some time." While ISIS did not claim responsibility for the shooting, it lauded the couple's actions. The group's first major foray into social media came last summer, when it posted a YouTube video of a member beheading the journalist James Foley. Since then, ISIS's online activity has grown significantly, with Twitter becoming a central part of its recruitment activity. "Twitter is the heart and soul of cyber jihad, and it has been for the past few years," said Steve Stalinsky, executive director of the Middle East Media Research Institute. To read our full piece, check back tomorrow.

--HERE'S LOOKING AT YOU, KID: All eyes are now on the House Homeland Security Committee in the ongoing discussions over the cybersecurity bill that would encourage businesses to share more data on hacking threats with the government. According to multiple people, Chairman Michael McCaul (R-Texas) and his staff are pushing back against a compromise text that brings together language from approved bills that originated in the Senate and House Intelligence committees. The problem? The text leaves out much of McCaul's bill, which also passed the House. The attempt to largely cut out the Homeland Security bill has angered digital rights advocates, who favored the privacy provisions in McCaul's offering. It's believed McCaul is also displeased with the text, but under intense pressure from House leadership to go along with it in the hopes of having a final bill to President Obama's desk by the year's end. If McCaul chooses to take a stand, observers believe Congress won't be able to reach an acceptable deal on a final bill until next year. To read about McCaul's looming decision, click here. To read about privacy advocates reaction to the compromise text, click here.

--WE HAVE TOP MEN WORKING ON IT RIGHT NOW ... TOP MEN: In addition to his cyber decision, McCaul is also pushing a new initiative to deal with the proliferation of encrypted devices that critics say allow terrorists to communicate without detection. The effort by the chairman will not force concessions on tech companies, he said Monday. Instead, it would create "a national commission on security and technology challenges in the digital age," which McCaul promised would be tasked with providing specific recommendations for dealing with an issue that has become a priority for law enforcement officials. "A legislative knee-jerk reaction could weaken Internet protections and privacy for everyday Americans, while doing nothing puts American lives at risk and makes it easier for terrorists and criminals to escape justice," he said in remarks at the National Defense University in Washington, D.C. "It is time for Congress to act because the White House has failed to bring all parties together -- transparently -- to find solutions." McCaul is planning to introduce his bill in the coming days. The new commission would be composed of tech industry leaders, privacy advocates, academics and law enforcement officials. To read our full piece, click here.



--OH, MY FRIENDS! I'M SO PLEASED YOU'RE NOT DEAD! Rep. Jan Schakowsky is set to unveil on Tuesday her proposal to set nationwide data security standards.

The Illinois Democrat will become the latest in a long line of lawmakers to introduce a bill that would set guidelines for companies protecting sensitive data, as well as mandate they report any breaches to authorities and customers within a set time frame.

Under Schakowsky's bill, companies would have 30 days to notify affected customers and 10 days to notify law enforcement following a breach.

The legislation would also require companies to install security systems to both monitor for and repel digital intruders.

Meanwhile, one of the many competing data breach bills, introduced by Reps. Randy NeugebauerRobert (Randy) Randolph NeugebauerCordray announces he's leaving consumer bureau, promotes aide to deputy director GOP eager for Trump shake-up at consumer bureau Lobbying World MORE (R-Texas) and John Carney (D-Del.) is set for a House Financial Services Committee markup Tuesday.

The bill has come under fire from retailers.

"Haphazardly slapping rules that were written 15 years ago for the financial industry on retailers, restaurants and thousands of small businesses is not the kind of data security legislation that will safeguard our economy," 13 trade groups wrote in a Monday letter to the committee. "This is red tape masquerading as security."

To read our full piece, click here.



--PUNS IN PRINT. IBM is pulling a social media campaign that encouraged women to #HackAHairDryer over complaints that the initiative to get women involved in science was sexist.

Sexism in STEM is a serious issue, but we can still get behind the incredible puns from The Wall Street Journal coverage:

IBM "faced blowback" when the premise of the initiative "fell flat."

The company "pulled the plug" on the campaign when social media users "singed the company" with sexism complaints.

The headline: "IBM, Seared by Hair Dryer Hacks, Pulls Plug on Campaign."

Read on, here.



--BAD DATES. The security firm Symantec on Monday released research identifying two teams of Iran-based hackers that have been using custom-made malware to spy on specific targets in the Middle East.

The hackers have also conducted surveillance on airlines and telecom providers in the Middle East, "possibly in an attempt to monitor their targets' movements and communications," the company said in a blog post announcing its findings.

Read on, here.



--EU INTERNET FIRMS. European lawmakers and member states on Monday struck a deal that will require Internet companies to report serious data breaches or face sanctions, Reuters reports.

Web firms -- like Google and Amazon -- will face less stringent requirements than other sectors, such as airlines and oil pipeline operators.

Read on, here.




--The House Financial Services Committee is scheduled to mark up a data breach bill from Reps. Randy Neugebauer (R-Texas) and John Carney (D-Del.) at 2 p.m.


--The Senate Judiciary Committee will hold a hearing on FBI oversight at 10 a.m.

--The Atlantic Council will host a panel discussing trending threats going into the new year at 4 p.m.



Links from our blog, The Hill, and around the Web.

Sen. Dianne Feinstein (D-Calif.) could soon introduce legislation that would require social media platforms, including Facebook, Twitter and YouTube, to alert federal officials about online terrorist activity. (The Hill)

Rep. Jim Langevin (D-R.I.) is asking the White House to step in and help rework proposed export regulations that security researchers say would obstruct important digital defense work and further expose American networks to hackers. (The Hill)

A Florida man has been indicted for scheming to make illicit payments to an official at a credit union that prosecutors say facilitated an illegal bitcoin exchange owned by an Israeli linked to cyberattacks on companies including JPMorgan Chase. (Reuters)

An online marketplace for stolen credit cards has enacted a system to detect purchases from suspected law enforcement officials. (Krebs on Security)

The recent VTech hack that exposed 6 million kids illustrates the risks in connecting kids to the Internet. (Reuters)

One of the most prolific Russian malware groups is using a rare module to launch zero-day attacks in defense industry organizations, researchers say. (The Register)

If you'd like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A

 — Updated 7:55 p.m.