Overnight Cybersecurity

Overnight Cybersecurity: Lawmakers conduct postmortem on massive web attack

Getty Images

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

 

THE BIG STORY:

–INTERNET-CONNECTED DEVICES: A pair of House Energy and Commerce subcommittees conducted a post-mortem on October’s major internet attack that briefly downed prominent sites like Twitter and The New York Times. The attack used a network of hijacked internet-connected device to flood a crucial internet junction with traffic. The attack raised, so far, unanswered questions about how to regulate – or at least incentivize – improving the security of smart devices.

To read our full coverage of the hearing, click here. 

{mosads}–…DO WE NEED A NEW AGENCY? Bruce Schneier, a security expert and Harvard fellow, testified at the hearing. He said a new agency may be needed to coordinate security regulations. “I’m not a regulatory fan,” said Schneier at the hearing. “But this is a world of dangerous things. We regulate dangerous things.”

–…ANOTHER OPTION: Some experts have different ideas. “Perhaps a better approach to this, instead of regulation, would be to create a national accreditation laboratory that would be able to certify a wide range of software and devices for having strong security in place,” wrote Casaba Security cofounder Chris Weber via email. Underwriters Laboratories, an independent safety company, and Peiter Zatko, an ex-DARPA and Google researcher better known as Mudge, have both advanced this kind of approach to improving device security.

–…AND BECAUSE WE ALL AGREE WE NEED SOMETHING. The top Republican at the hearing opened the door to regulation of some kind, but also cautioned that new rules alone wouldn’t address all security concerns.

“While I’m not taking certain level of regulation off the table, the question is whether we need a more holistic approach,” said Rep. Greg Walden (R-Ore.), chairman of the communications and technology subcommittee, at the hearing. “The United States cannot regulate the world. Standards applied to American-designed, American-manufactured or American-sold devices won’t necessarily capture the millions of devices purchased by the billions of people around the world.”

 

A REPORT IN FOCUS:

–A FIVE DOLLAR HACK: A security researcher says he’s created a $5 device that can hack locked Apple and Windows computers.

Samy Kamkar says his device, which he is calling “PoisonTap,” is no more expensive than the $5 Raspberry Pi mini-computer it runs on.

The tool mimics a hardwired network, which Mac and Windows computers are designed to trust even when a computer is locked.

The fake network gives it the ability to tamper with many aspects of web browsing and web browsers. That includes installing backdoors in web browsers and stealing data websites stored on a computer — called cookies — that would give an attacker access to sites the user visits. 

To read the rest of our piece, click here.

 

WHO’S IN THE SPOTLIGHT: 

–THE FCC. The Federal Communications Committee deleted all items from their agenda for a Thursday meeting. The move came after letters from Republican lawmakers to FCC Chairman Tom Wheeler, pressing him not to take action on “controversial items” during the presidential transition.

The move, though, provoked the ire of Sen. Edward J. Markey (D-Mass.), who noted that the agenda included some relatively apolitical issues like expanding video-described audio programming for the blind and hard of sight.

“Republican lawmakers should stop their obstruction and support Commission action on those pro-consumer, pro-accessibility measures without delay,” he said.

On Tuesday, Sen. John Thune (R-S.D.) wrote to Wheeler: “I strongly urge the FCC to avoid directing its attention and resources in the coming months to complex, partisan, or otherwise controversial items that the new Congress and new Administration will have an interest in reviewing.”  

“Any action taken by the FCC following November 8, 2016, will receive particular scrutiny,” the GOP lawmaker added.

In a joint letter, House Energy and Commerce Committee Chairman Fred Upton (R-Mich.) and Communications and Technology Subcommittee Chairman Greg Walden (R-Ore.) similarly wrote that any actions on contentious items “would be counterproductive.”

 

A LIGHTER CLICK: 

–ONLY FIVE MORE DAYS. Study shows the most believable time to call in sick is Tuesday at 6:38 a.m.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Is it ethical for Facebook to purchase breached data lists so they can warn vulnerable users? (CSO)

The U.S. leads the world in top supercomputers, edging out China. (HPC Wire)

SPECIAL ICYMI BONUS SECTION: IN CASE YOU MISSED RUSSIA

NSA chief Admiral Michael Rogers says the DNC hacks were “a conscious effort by a nation-state.” (The Hill)

On Halloween, the White House sent a secret, “hotline” message to Russia over a channel set up for nuclear deterrence to warn against any further hacking of the U.S. election process. (Washington Post) 

Lindsey Graham wants Congress to investigate Russia’s role in the attacks on the DNC. (Los Angeles Times) 

Tags John Thune Lindsey Graham
See all Hill.TV See all Video

Most Popular

Load more

Video

See all Video