Overnight Cybersecurity: Trump standing by wiretapping claim | Cyber gets boost in Trump budget | Bad bots on the rise | McDonald's Twitter hack

Overnight Cybersecurity: Trump standing by wiretapping claim | Cyber gets boost in Trump budget | Bad bots on the rise | McDonald's Twitter hack
© Greg Nash

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



-- BUDGET DAY: President TrumpDonald John TrumpKey takeaways from the Arizona Senate debate Major Hollywood talent firm considering rejecting Saudi investment money: report Mattis says he thought 'nothing at all' about Trump saying he may leave administration MORE released his 2018 budget blueprint, and cybersecurity makes a few appearances. The proposal twice uses cites "effectiveness, efficiency, cybersecurity, and accountability" as a goal.

--...ONE BILLION DOLLARS TO DHS CYBER PROGRAMS: President Trump's first federal budget blueprint proposes $1.5 billion for the Department of Homeland Security (DHS) to protect federal networks and critical infrastructure from cyberattacks. The budget request, which bolsters DHS funding by 6.8 percent while making deep cuts to other agencies and departments, also calls for heightened cooperation between the government and the private sector on cybersecurity.  The proposed budget "safeguards cyberspace with $1.5 billion for DHS activities that protect federal networks and critical infrastructure from an attack," according to the blueprint, which was publicly released Thursday morning.

To read the rest of our piece, click here.

--...CALLS FOR TREASURY, PENTAGON AND NASA TO BOOST INTERNAL CYBERSECURITY: Cybersecurity is included as one of the  "pressing shortfalls" in U.S. Armed Forces' infrastructure. The blueprint also funds IT initiatives in NASA and the Treasury.


--...AND AN INTERESTING NOTE ABOUT JUSTICE. In its section on the Department of Justice, the blueprint calls for "The FBI [to] devote $61 million more to fight terrorism and combat foreign intelligence and cyber threats and address public safety and national security risks that result from malicious actors' use of encrypted products and services." Overnight Cybersecurity spoke to a few policy experts, none of which were certain what "address public safety and national security risks that result from malicious actors' use of encrypted products and services" exactly meant. The line is an obvious reference to what FBI Director James Comey has described as the problem of "going dark" - that bad guys both criminal and terrorist can use encryption to evade surveillance. Comey has advocated for laws requiring manufacturers to develop special access systems to allow law enforcement to defeat otherwise undefeatable encryption - something Trump supported during the campaign. But Trump's budget blueprint seems to suggest he has moved away from that stance. Lawmakers, including a bipartisan study group, and encryption researchers say Comey's call for encryption backdoors would make all products vulnerable to new attacks. It's unclear what the budget blueprint wants the FBI to do. In theory, the FBI could develop hacking techniques or purchase them from contractors and hackers. The figure allocated, $61 million, strikes experts as a low number to accomplish that, especially when divided u up between "fighting terrorism and combating foreign intelligence and cyberthreats."



--JUST WHEN WE'RE ALL ON THE SAME PAGE...: On Wednesday, House Intelligence Chairman Devin Nunes reiterated that there is no evidence that then-President Obama wiretapped then-nominee Donald Trump's phones. On Thursday, Paul RyanPaul Davis RyanElection Countdown: Cruz, O'Rourke fight at pivotal point | Ryan hitting the trail for vulnerable Republicans | Poll shows Biden leading Dem 2020 field | Arizona Senate debate tonight Paul Ryan to campaign for 25 vulnerable House Republicans GOP super PAC pushes back on report it skipped ad buys for California's Rohrabacher, Walters MORE joined in. "The intelligence committees, in their continuing, widening, ongoing investigations of all things Russia, got to the bottom -- at least so far with respect to our intelligence community -- that no such wiretap existed," Ryan said during a news conference." He was soon followed by a joint statement from the Senate Intelligence Commiteee leadership. "Based on the information available to us, we see no indications that Trump Tower was the subject of surveillance by any element of the United States government either before or after Election Day 2016," wrote Sens. Richard BurrRichard Mauze BurrCollusion judgment looms for key Senate panel The National Trails System is celebrating 50 years today — but what about the next 50 years? Key conservation fund for parks set to expire MORE (R-N.C.) and Mark WarnerMark Robert WarnerIs there difference between good and bad online election targeting? Collusion judgment looms for key Senate panel Hillicon Valley: Facebook reveals 30 million users affected by hack | Grassley presses Google to explain data practices | Senators warn Canada against using Chinese telecom firm | FCC responds to net neutrality lawsuits MORE (D-Va.). Also Thursday, Rep. Adam SchiffAdam Bennett SchiffThe Hill's Morning Report — Presented by the Coalition for Affordable Prescription Drugs — Trump travels to hurricane-ravaged Florida, Georgia Dems eye ambitious agenda if House flips Schiff: There is legal precedent for impeaching sitting officials over prior criminal conduct MORE (D-Calif.) confirmed he expected FBI Director James Comey to debunk the wiretap claims during their hearing Monday.

To read more, click here for a story on Ryan, here for one on Senate Intelligence and here for Schiff.

--...WE'RE STILL NOT ALL ON THE SAME PAGE: White House press secretary Sean Spicer, though, again argued at his Thursday press briefing that the president did not mean wiretapping when he tweeted four times that former President Barack ObamaBarack Hussein ObamaChance the Rapper works as Lyft driver to raise money for Chicago schools Americans are safer from terrorism, but new threats are arising Donald Trump Jr. emerges as GOP fundraising force MORE had ordered the wiretapping of Trump Towers. In two tweets, Trump had put the phrase in quotes: "Terrible! Just found out that Obama had my 'wires tapped' in Trump Tower just before the victory. Nothing found. This is McCarthyism!" and "Is it legal for a sitting President to be 'wire tapping' a race for president prior to an election? Turned down by court earlier. A NEW LOW!" But Spicer said that indicated the president meant any kind of surveillance, not just wiretapping. He then recited a list of news articles that said Trump officials might have been caught in the surveillance of foreign targets. Nunes made a similar point during his press conference, that Trump was only inaccurate if his tweets are taken literally and that he may have been making a broader point. This explanation does not completely explain the tweets. So-called incidental surveillance can not legally be targeted at U.S. persons, like Trump, and is never directed by the president. It is solely in the hands of the intelligence community. Incidental surveillance may explain why wiretapping was in quotes, but not why Obama is explicitly being blamed.

--HOUSE COULD DEMAND DOCUMENTS: Rep. Mike Quigley (D-Ill.), a member of the House Intelligence Committee, introduced a special resolution of inquiry on Thursday requesting that Trump and Attorney General Jeff SessionsJefferson (Jeff) Beauregard SessionsFBI investigated whether McCabe leaked info about Flynn and Trump to media Ex-Senate Intel staffer pleads guilty to lying to feds over contacts with journalists House Judiciary chairman threatens to subpoena Rosenstein MORE give Congress any evidence to explain Trump's claim that his predecessor illegally ordered the wiretapping of Trump Tower ahead of the presidential election. Such evidence would include "copies of any document, record, memo, correspondence, or other communication in their possessions, or any portion of any such communication" that relates to Trump's claims." As a member of the Intelligence Committee, I have seen absolutely no evidence that supports the president's claims," Quigley said on the House floor Thursday. "President Trump and the Department of Justice have a responsibility to completely clarify the President's statements on Twitter."

To read the rest of our piece, click here.



UK'S MEME ARSENAL LAGGING: UK's National Cyber Security Centre tried and failed to RickRoll someone on Twitter.



NOW WE'VE GOT BAD BOTS: "Bad bots" – automated crawlers of the World Wide Web designed to perform malicious tasks – made up nearly 20 percent of the web's traffic in 2016, according a research from a firm that sells bot blocking solutions.

Distil Networks released its fourth annual bot report Thursday, providing internally determined statistics.

Bots serve multiple functions on the internet. Search engines, RSS feeds and other web staples are legitimate uses of technology – Distil classifies them as "good bots." Bad bots include programs to illicitly scrape content off of websites, rapidly corner markets on resalable products like tickets and automate certain types of password attacks.

While good bot use relative to total internet traffic has been on the decline – comprising 36 percent of traffic in 2014, 22 percent in 2015, and just under 19 percent last year – bad bot traffic has steadily been around 20 percent of online traffic. 2016 is the first year in Distil's records when bad bot traffic outdid good bot traffic.

Distil looked at different sized sites – the 10,000 largest sites ("large"), the next 40,000 ("medium"), the next 100,000 ("small") and all other sites. The company calculates that bad bots make up more than one in five visits to the largest sites on the internet, and no less than one in seven visits for sites. "Small" had the smallest proportion of bad bot traffic at slightly under 15 percent.

The report also notes that much of the bad bot campaigns take advantage of cloud computing services as base centers. More bad bots originated at Amazon's cloud services than anywhere else.



MCDONALD'S: McDonald's on Thursday said its corporate Twitter account had been hacked, after a tweet went out mocking President Trump on Thursday.

The fast food empire's corporate account sent out a tweet reading "@realDonaldTrump You are actually a disgusting excuse of a President and we would love to have @BarackObama back, also you have tiny hands."

It was soon deleted.

"Twitter notified us that our account was compromised. We deleted the tweet, secured our account and are now investigating this," McDonald's wrote on Twitter, roughly an hour after the original tweet was sent.

McDonald's later said they believed the account was "hacked by an external source."

To read the rest of our piece, click here.



Links from our blog, The Hill, and around the Web

Did President Trump accidentally reveal classified information during last night's Tucker Carlson interview? (The Hill)

Experts tell House that the U.S. needs to improve its anti-propaganda efforts. (The Hill)

Dems. look to boost rural access to broadband. (The Hill)

President Trump will meet with Bill Gates. (The Hill)

Intel launched a bug bounty program. (HackerOne)

Canada's Privacy Commissioner is investigating phone seizures at the U.S. border. (National Post)

Today's best headline: Tim Shields Wants You to Save Tortoises by Piloting Laser Robots With Your Phone. (Motherboard)

The USB Kill Stick - a USB stick that physically destroys computers - now does a more thorough job. (ZDNet).


If you'd like to receive our newsletter in your inbox, please sign up here.