Overnight Cybersecurity: Orlando shooter likely used Android phone

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...


--APPLE-FBI 2.0? PROBS NOT: FBI Director James B. Comey on Monday declined to tell reporters whether the Orlando shooter's communications were encrypted, but reports indicate that he likely used an Android device -- not an iPhone. Since very few Android devices boast stiff encryption, should those reports be confirmed, investigators would likely be able to access the contents of gunman Omar Mateen's device without technical assistance from the manufacturer. Comey said Monday that investigators know the make of the phone, but that he could not reveal it. A series of selfies taken by the shooter show him using a Samsung device. CBS News reported Monday that he used a Samsung. Samsung devices almost exclusively run the Android operating system. Google, which makes Android, has publicly supported strong encryption. But it has yet to make it the default on the thousands of different devices -- made by hundreds of manufacturers -- that run Android. Experts estimate that of the 1.4 billion phones running Android, fewer than 10 percent are encrypted, according to The Wall Street Journal. By comparison, 95 percent of iPhones are. To read our full piece, click here.

--THIS ISN'T FUNNY, GUYS!: When last we were concerned with a North Korean hack of an American interest, it was when attackers plundered Sony Pictures' servers. This time, it's 40,000 documents from the servers of South Korean conglomerates, including the (not classified) wing designs of the F-15 jet fighter, according to Seoul officials. South Korean police said that the wave of hacking began in 2014 and would have been the groundwork for a more substantial cyberattack had they not been discovered and cut off. South Korea has been a target of serious cyberattacks from their northern neighbors in the past and recent, unrelated and unconfirmed reports claim that Seoul has seen government agencies struck with malware from Pyongyang. The attacks were attributed to North Korea through an IP address used to control the malware that Kim Jong Un's agents had used in the past. To read our full piece, click here.

--KEEPING AN EYE ON THINGS: Lawmakers in the coming week will review the impact of the landmark Cybersecurity Act of 2015, as federal agencies scramble to meet its requirements. On Wednesday, The House Homeland Security Committee will hold a hearing with testimony from industry representatives on how the bill is working. Representatives from the Chamber of Commerce, the United States Telecom Association and security firms are expected to testify. The hearing also comes as federal agencies face a number of deadlines to update Congress on implementing key cyber policies. The House and Senate Intelligence Committees were slated to receive reports last week from the Department of Homeland Security, the Department of Justice, the Office of the Director of National Intelligence and the Office of Management and Budget. OMB and ODNI are expected to report on ways attackers might leverage unclassified systems to gain access to classified information. Homeland Security and the DOJ are expected to finalize frameworks to protect privacy rights while promoting cyber threat sharing. DHS released an interim guidance in February. To read our full piece, click here.


OPPOSITE OF A LIGHTER CLICK: Here's where you can donate blood for the Orlando shooting victims in D.C.


ACTUALLY A LIGHTER CLICK FOR A MONDAY THAT SORELY NEEDS A LIGHTER CLICK: A cowboy on horseback lassoed a bike thief trying to make a getaway on Friday.  America is still filled with wonderful things.




--The House Energy and Commerce Committee will hold a hearing on the FCC's proposed privacy rules, at 10:15 a.m.


--The House Homeland Security Committee will hear industry perspectives on the implementation of the Cybersecurity Act of 2015, at 10 a.m.



--SAFE HARBOR. (AGAIN.) (SORRY.) The United States is looking to intervene in a legal dispute between Ireland and Facebook.

Government lawyers lobbied the Irish High Court to be allowed to present information supporting Facebook in a case concerning data privacy rights, The Register reports.

The U.S. Chamber of Commerce and industry groups have also announced plans to do the same. All parties have two weeks to submit a formal motion to enter the case.

The Facebook case dates to an action by privacy activist Max Schrems challenging U.S. companies' data practices.

Schrems argued an agreement that allowed companies to shuttle data between the European Union (EU) and the U.S. didn't do enough to protect privacy rights after the revelations of National Security Agency surveillance techniques. Schrems argued that Facebook was unable to keep data on servers located in the U.S. safe.

Last year, the so-called Safe Harbor agreement was struck down by a European court, which agreed with his claims.

While the U.S. and EU are working to replace the agreement, Schrems argued that Facebook was still transferring data and brought a new suit.

To read our full piece, click here.



--FROM THE GUYS THAT BROUGHT YOU JUNIPER... (TOO SOON?) Recently released National Security Agency (NSA) emails show that the top digital spying group uses Word macros, widely considered a security risk.

Word macros, programmable shortcuts in Microsoft Word, have been used in recent years to distribute ransomware, to launch attacks on credit card systems and even to black out the power grid of Ukraine.

Emails released by a Freedom of Information Act request by Vice show that as recently as 2012, the NSA was using Word macros.

Attacks using Word macros have gone in and out of vogue since the 1990s. In March, Microsoft released a feature for Word to block certain high-risk macros. It came at the end of a massive upswing in macro malware between 2014 and 2015. Intel estimated year-over-year growth of such attacks at 350 percent.

While attacks on Word macros were not as common in 2012 as they are today, dangerous vulnerabilities were still being announced around that time.

To read our full piece, click here.



Links from our blog, The Hill, and around the Web.

Both Attorney General Loretta Lynch and Homeland Security Secretary Jeh Johnson are pulling out of ministerial-level cybersecurity talks with China scheduled in Beijing this week in response to the mass shooting in Orlando, Fla., on Sunday. (The Hill)

A cybersecurity services company reports that the group behind the $81-million Bangladesh Bank cyberheist targeted at least one U.S. firm. (The Hill)

Software security company Symantec is acquiring internet security firm Blue Coat for $4.65 billion, bolstering its mobile and cloud security portfolio. (ABC News)

If Britain leaves the EU, trade and travel across the English Channel may get trickier and there are also concerns that Brexit might disrupt the sensitive data traffic that is an integral part of international businesses. (Reuters)

Cloud computing giant Salesforce.com said prominent hacking expert Trey Ford will join the company's Heroku unit as its head of trust, starting on Monday. (Reuters)

If you'd like to receive our newsletter in your inbox, please sign up here.