Overnight Cybersecurity: Israeli firm helping FBI hack shooter's iPhone

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you...

THE BIG STORIES:

--SWELL PARTY, WHERE'S THE WHISKEY?: The Israeli mobile forensics firm Cellebrite is helping the FBI hack into the iPhone of San Bernardino shooter Syed Rizwan Farook, according to the Yedioth Ahronoth newspaper. If the company succeeds, the agency will no longer need Apple's help to break into the phone, the paper reported, citing unnamed sources close to the investigation. Cellebrite has not responded to the claim. Apple is currently opposing a court order demanding that it help investigators break into the phone by disabling a key security feature. But on Monday, the FBI called off the first hearing in the case, saying that a "non-governmental third party" had found a possible method to break into the device without Apple's help. The agency said that it was "cautiously optimistic" that it would work. "We must first test this method to ensure that it doesn't destroy the data on the phone," a Justice Department spokesperson said. "That is why we asked the court to give us some time to explore this option." The development could bring an unexpectedly abrupt end to the tense legal battle over Farook's phone. To read our full piece, click here.

ADVERTISEMENT
--FATHER, SHOOT HIM AT ONCE. HE IMPUGNED MY HONOR: A Chinese national pleaded guilty on Wednesday to participating in a years-long conspiracy to hack into the computer networks of major U.S. defense contractors, steal sensitive military information and send the stolen data to China. Su Bin, a China-based businessman who worked in aviation and aerospace, stole data relating to the C-17 strategic transport aircraft and certain military fighter jets, according to a Justice Department release. "Su Bin admitted to playing an important role in a conspiracy, originating in China, to illegally access sensitive military data, including data relating to military aircraft that are indispensable in keeping our military personnel safe," said Assistant Attorney General John Carlin. As part of the conspiracy, Su would email hackers with instructions regarding what individuals, companies and technologies to target. One of the co-conspirators would then email Su folders showing the data he or she was able to access and Su would identify which files the hacker should try to steal. Su would then translate the stolen data from English to Chinese, as well as produce reports about the value of the data. The guilty plea comes as officials are grappling with whether a September anti-hacking pledge between the U.S. and China has done anything to prevent intellectual property theft. To read our full piece, click here.

--IF WE HAD ANY MORAL CHARACTER, WE WOULDN'T BE STANDING HERE DRINKING WHEN WE SHOULD BE WASHING: The Obama administration is expected to publicly blame Iranian hackers for the 2013 cyberattack on a New York dam as early as Thursday, Reuters reports. Indictments related to unlawful access to computers and other alleged crimes are expected to be announced at a news conference in Washington, anonymous sources familiar with the matter told the news outlet. The charges are expected to tie the hacking campaign directly to the Iranian government. The incident in question, revealed to the public in December, occurred amid a wave of Iranian hacks on U.S. banks and just three years after a computer worm believed to be built by the U.S. and Israel damaged nuclear infrastructure in Iran. Investigators said the hackers didn't take control of the dam's system but were probing its defenses. The White House was alerted when officials initially believed the intrusion occurred at a much larger facility in Oregon. The breach was still classified as of December, but it fits a pattern openly described by U.S. officials who warn that hackers from Russia, Iran and China are testing U.S. critical infrastructure networks for vulnerabilities. The forthcoming indictments will also show that the hack of the Bowman Avenue Dam in Rye Brook, New York was only part of a much broader hacking campaign that has not yet been reported, the sources said. To read our full piece, click here.

 

UPDATE ON CYBER POLICY:

--DON'T SAY IT'S A FINE MORNING OR I'LL SHOOT YA. Democratic presidential frontrunner Hillary ClintonHillary Diane Rodham ClintonNevada Senate passes bill that would give Electoral College votes to winner of national popular vote 2020 Dems break political taboos by endorsing litmus tests Iowa Democrats brace for caucus turnout surge MORE on Wednesday appeared to lend her support to a bipartisan proposal that would create a national commission to study encryption.

"There may be no quick or magic fix," Clinton said in a policy speech on her strategy to defeat the Islamic State in Iraq and Syria (ISIS).

"A National Commission on Encryption, like Senator Mark WarnerMark Robert WarnerSenate passes bill to undo tax increase on Gold Star military families Dem senator introduces bill requiring campaigns to report foreign contacts Overnight Defense: Congressional leaders receive classified briefing on Iran | Trump on war: 'I hope not' | Key Republican calls threats credible | Warren plan targets corporate influence at Pentagon MORE and Congressman Mike McCaul are proposing, could help" the tech community and the government work together to find a solution to the so-called "going dark" problem, she said.

Clinton noted that although the FBI may have found a work-around in its bid to force Apple to unlock the iPhone of San Bernardino shooter Syed Rizwan Farook, "there will be future cases with different facts and different challenges."

To read our full piece, click here.

 

LIGHTER CLICK:

--I'VE GOT A TOUCH OF A HANGOVER, BUREAUCRAT. DON'T PUSH ME. A pine cone-throwing man in a tree has been in a tense standoff with police since Tuesday morning. He eventually climbed down, but not before mooning the police.

Read on at The Huffington Post, here.

 

A HACK IN FOCUS:

--SUCH VULGARITY... SOMEONE SHOULD DO SOMETHING. Julie Brill, a commissioner at the Federal Trade Commission known for her strong stance on privacy, really wants to spread the word about how she fell for an email phishing scam.

"I was busy, I saw an email from this person, I opened it, tried to interface with it," said Brill. "And I pretty soon realized this was a false email from [someone] who was trying to get my data."

Brill is leaving the agency for the private sector -- for reasons unrelated to this incident -- but she's taking the opportunity to advocate for the use of two-factor authentication.

Read on at The Washington Post, here.

 

WHO'S IN THE SPOTLIGHT:

--APPLE. (STILL.) Security experts aren't surprised that the undisclosed "third party" who is helping the FBI hack into Farook's iPhone didn't go to Apple first -- because the company doesn't offer a so-called "bug bounty" to researchers who uncover and privately disclose flaws.

Worse for the company, onlookers say, is that the FBI's disclosure highlights that there is a vulnerability in Apple's vaunted encryption.

"This suggests that the very thing that Apple feared already exists in some form and it exists outside of the walls of Cupertino," Edward McAndrew, a partner at law firm Ballard Spahr and a former federal prosecutor in Virginia, told The Wall Street Journal.

Read about bug bounties at The New York Times, here.

Read about the security flaw at The Wall Street Journal, here.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

It's unclear whether the bombers who killed more than 30 people in Brussels on Tuesday used encrypted devices or apps to plan their attack, the chairman of the House Intelligence Committee said on Wednesday. (The Hill)

The Web portal used by millions to purchase health insurance under the Affordable Care Act logged 316 cybersecurity incidents during an 18-month period, a government report revealed on Wednesday. (The Hill)

The Obama administration will temporarily pause sanctions on China's ZTE, one of the country's top telecommunications equipment manufacturers. (The Hill)

Judge Sheri Pym said the government's court order against Apple "is not in a stage that it could be enforced at this point." (Motherboard)

A Silicon Valley billionaire says that Apple should shift its stance in response to the attacks on Brussels because "national security is more important than privacy." (Vanity Fair)

Discover Financial Services has disclosed a breach but says it's "difficult to know" what data might have been stolen. (SC Magazine)

John McAfee is arguing that the U.S. should subcontract its cybersecurity to China. (Business Insider)

Wireless mice leave billions vulnerable to hackers, a security firm warns. (Reuters)

 

If you'd like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A