Overnight Cybersecurity: ACLU heads to court for answers on FBI malware

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you...


--FBI BUGS EMAIL USERS: The ACLU filed a motion in a federal court in Maryland for information on why the FBI seemingly indiscriminately infected users of a free email service with malware. Lawyers from the civil liberties group are seeking to unseal the docket sheets connected with a warrant to use the malware on users of TorMail, a service that was only accessible on the Tor anonymous web browsing network. The unsealed docket sheets would explain general procedural information about issuing the warrant, including the judge's identity, which is still not public. "We don't know how a warrant that affected thousands of people, including innocent people, activists and journalists, were caught up in this warrant," said ACLU staff attorney Brett Max Kaufman, one of the attorneys who filed the motion last week to unseal the docket sheets. TorMail was one of many sites hosted by the Freedom Hosting Network, a service that housed a variety of websites only visible on the Tor network. Some of the sites hosted by Freedom were intended to distribute child pornography. TorMail, notes the ACLU filing, was not one of those sites. In July 2013, the FBI seized Freedom's servers. On July 22, it was issued a warrant to use malware to track movement on a child pornography site – though the identity of the site is currently secret.


But TorMail users also noticed that the website attempted to install similar malware on computers - something the ACLU worries might have been justified by the warrant for child pornography. To read our full piece, click here.

--JUST A FRIENDLY REMINDER: House Science Committee Chairman Lamar Smith (R-Texas) on Tuesday pressed several technology vendors tied to Hillary ClintonHillary Diane Rodham ClintonOvernight Defense: Trump declares border emergency | .6B in military construction funds to be used for wall | Trump believes Obama would have started war with North Korea | Pentagon delivers aid for Venezuelan migrants Sarah Sanders says she was interviewed by Mueller's office Trump: I believe Obama would have gone to war with North Korea MORE's private email server to comply with subpoenas issued as part of a committee investigation. Revelations in a report released Friday by the FBI detailing the results of the agency's probe into Clinton's server "reinforce the importance of the materials the Committee subpoenaed from the three companies that provided software and services to Secretary Clinton," Smith said in a statement. Smith, along with Senate Homeland Security and Governmental Affairs Chairman Ron JohnsonRonald (Ron) Harold JohnsonGOP braces for Trump's emergency declaration GOP wants to pit Ocasio-Cortez against Democrats in the Senate USCIS child marriage report: Laws that do not value girls are baked into our system MORE (R-Wis.), issued the demands last month, seeking to answer questions about the structure and security of the email system. The three tech firms have failed to comply with repeated requests for information on Clinton's email setup, arguing they did not have Clinton's consent. "The documents that Secretary Clinton has refused to allow the three companies to provide the Committee will help answer questions about the structure and security of the email system and the cybersecurity standards and measures used to protect information stored on Secretary Clinton's private server," Smith said Tuesday. In his summary of the results of the FBI's investigation into Clinton's use of the server -- which did not result in criminal charges -- FBI Director James Comey said it was "possible" her email was hacked by foreign adversaries. To read our full piece, click here.



--PROTECTIONISM COULD BE LIKE A BULL IN CHINA'S IT SHOPS. A U.S. Chamber of Commerce study released Friday shows that China's emerging national security regime, which decreases access to the technology market, could have a drastic impact on its economy.

The business advocacy group's report warns other countries, including the United States, European Union and Russia, that they risk similar outcomes from such policies.

"China is a test case for exploring the welfare costs of a digital divorce: regardless of the motivations or even the feasibility, policymakers and citizens in China and elsewhere would benefit from understanding the price tag," reads a more detailed economic analysis document released alongside the report.

The study, "Preventing Deglobalization," argues that China shortchange its gross domestic product between 1.77 percent and 3.44 percent a year -- worth over $200 billion a year. By 2025, that could grow to a low-end estimate of $3 trillion.

To read our full piece, click here.



--THIS IS NOT A TEST. Free french fries tomorrow on Capitol Hill.



--ONLY THE OFFLINE HAVE SEEN THE END OF THE OLYMPICS. The organization behind a hack of the World Anti Doping Agency (WADA) during this year's Olympics in Brazil has announced it will resume attacks on the organization.

On Monday morning, the group identifying itself as "Anonymous Poland" tweeted its intentions to resume attacks first to a reporter at The Hill, then to reporters at Vocative, Softpedia and databreaches.net.

"@JoeUchill within a few days will be new attack on the WADA/Olimpic," read the tweet directed to The Hill.

WADA oversees drug testing for the Olympics.

The original attacks took place on Aug. 11. Though the group's Twitter profile identifies the hackers as an Anonymous affiliate in Poland, the choice of target immediately drew suspicion on Russia.

After Russian track and field athlete Yuliya Stepanova came forward with allegations of state-sponsored doping, WADA called for a ban on all Russian competitors at the Olympic games. The International Olympic Committee eventually softened the punishment, but left a large portion of the Russian delegation barred from competition. Stepanova was the only athlete whose account was illicitly accessed.

To read our full piece, click here.



--PRESIDENT OBAMA. The president said the United States's offensive cyber "capacities" are greater than any other nation at a press conference following the G-20 summit in China.

"[W]e are moving into a new area where a number of countries have significant capacities. And frankly we have more capacity than any other country, both offensively and defensively," he said Monday.

Obama's claim is a tough one to verify, and not only because of the secrecy behind the U.S. cyber armament. There is no single accepted measure of which nation has the most "capacity" to hack other states because there is no accepted measure of which techniques would count as part of that measure. 

A recent Columbia University project to estimate the U.S. stockpiles of "zero days" -- unpatched security flaws in hardware and software that would allow a hacker to breach a network -- determined that the country kept far fewer on hand than many thought, despite being known for its research and acquisition budget.

By executive order, U.S. agencies are required to justify keeping any zero day to a White House review board. Agencies must inform companies of other security vulnerabilities to allow them to be patched.

With little openness around the world, it is unclear how any estimate compares to other nations.

Making matters even muddier, zero days are not the only form of attack. Most hacking does not rely on them. Other attacks include simply tricking users into giving up login credentials, using extreme amounts of online traffic to crash networks, monitoring unsecured communications like email and simply exploiting well-worn vulnerabilities a target never got around to patching.

To read our full piece, click here.




--The FTC's Fall Technology Series turns its eye to ransomware, with FTC representatives joined by private sector officials from Symantec, Cisco, F-Secure and more, at 1 p.m.

--Oversight Chairman Jason ChaffetzJason ChaffetzTop Utah paper knocks Chaffetz as he mulls run for governor: ‘His political career should be over’ Boehner working on memoir: report Former GOP lawmaker on death of 7-year-old migrant girl: Message should be ‘don't make this journey, it will kill you' MORE (R-Utah) will give remarks on lessons learned from the Office of Personnel Management data breach, at 8:35 a.m., at an AEI forum.


--The House Homeland Security Counterterrorism and Intelligence Subcommittee will hold a hearing on gaps with federal, state and local information sharing, at 10 a.m.

--Election Assistance Commissioners will discuss election security at a public meeting at 1 p.m.



Links from our blog, The Hill, and around the Web.

Hackers toyed with Variety Magazine's email list. (The Hill)

Trump talks cyber: "A short number of years ago wasn't even a word and now the cyber is so big." (The Hill)

"Spain Squad" is using a security glitch to bring banned usernames back from the dead. (Naked Security)

A Russian email service had login information on 100 million accounts stolen in 2012. (Security Week)

A heady hacker hacked hackers hoping to hack him. (The Register).

Germany cracked down on its domestic bulk espionage last year, says a newly leaked report. (Ars Technica)

The popular Seattle-based encrypted email and VPN service RiseUp is running low on funds and is asking for donations. (Softpedia)


If you'd like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A