Overnight Cybersecurity: DHS chief delivers warning to cyber attackers | Tech giants pledge not to help government cyberattacks | Justices toss DOJ case against Microsoft

Overnight Cybersecurity: DHS chief delivers warning to cyber attackers | Tech giants pledge not to help government cyberattacks | Justices toss DOJ case against Microsoft
© Getty

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

 

THE BIG STORIES:

--HOMELAND SECURITY CHIEF WARNS OF 'SEEN AND UNSEEN' CONSEQUENCES TO CYBERATTACKS: Homeland Security Secretary Kirstjen NielsenKirstjen Michele NielsenInvestigation into FEMA head referred to prosecutors: report Gowdy requests FEMA administrator’s travel records amid allegations The Hill's Morning Report — Sponsored by United Against Nuclear Iran — Kavanaugh confirmation in sudden turmoil MORE issued a stern warning to Russia and other countries looking to meddle in future U.S. elections, saying that the U.S. government will consider all options "seen and unseen" for responding to malicious attacks in cyberspace. "The United States, as you know, possesses a spectrum of response options both seen and unseen, and we will use them to call out malign behavior, punish it and deter future cyber hostility," Nielsen said in keynote remarks at the RSA cybersecurity conference in San Francisco on Tuesday. "Our cyber defenses help guard our very democracy and all we hold dear. To those who would try to attack our democracy to affect our elections, to affect the elections of our allies, to undermine our national sovereignty, I have a simple word of warning: Don't," Nielsen said.

The context: Homeland Security officials last year disclosed that Russia tried to hack into voting systems in 21 states before the 2016 presidential election, as part of a broader effort to interfere in the vote. Under Nielsen's leadership, the Department of Homeland Security is providing voluntary assistance to state and local officials administering elections to secure their voting infrastructure. 

ADVERTISEMENT

On Tuesday, Nielsen broadly laid out Homeland Security's priorities with respect to cyber, noting that the department is working to adopt a "more forward-leaning approach" to address evolving and compounding threats. "The threat picture is getting dimmer, not brighter," Nielsen acknowledged. She said the department is focused on evaluating "systemic risks" that could have a cascading effect on U.S. critical services, making sure that systems can quickly recover in the event of successful attacks, and determining how to deter adversaries from carrying out malicious cyber activity.

A key quote: "The threats are so severe that if we don't start identifying and punishing our assailants, they will overtake us and the cost of interconnectivity will start to outweigh the many benefits," Nielsen warned.

To read more from our piece, click here.

 

--TECH GIANTS SIGN MAJOR CYBER PLEDGE: More than 30 major technology firms, including Microsoft and Facebook, signed a pledge on Tuesday agreeing that they would not assist any government in launching cyberattacks, vowing to "protect all customers regardless of nationality, geography or attack motivation." In the new list of principles, titled the Cybersecurity Tech Accord, companies also committed to aiding nations that are the subject of such attacks, even when the motivations are geopolitical. "Protecting our online environment is in everyone's interest," the accord states. "Therefore we – as enterprises that create and operate online technologies – promise to defend and advance its benefits for society. Moreover, we commit to act responsibly, to protect and empower our users and customers, and thereby to improve the security, stability, and resilience of cyberspace."

Who didn't sign on: Notably absent from the accord's signees are big technology names including Google, Apple and Amazon.

In a blog post, Microsoft President Brad Smith wrote that "the success of this alliance is not just about signing a pledge, it's about execution."

"That's why today is just an initial step and tomorrow we start the important work of growing our alliance and take effective action together," Smith wrote. "Protecting our online environment is in everyone's interest. The companies that are part of the Cybersecurity Tech Accord promise to defend and advance technology's benefits for society. And we commit to act responsibly, to protect and empower our users and customers, and help create a safer and more secure online world."

One important note: The accord doesn't specify what steps specific companies will take to achieve the accord's aims, including whether they are planning to change any current policies.

To read more from our piece, click here.

 

A SCOTUS UPDATE: 

JUSTICES TOSS FEDS' DATA CASE AGAINST MICROSOFT: The Supreme Court on Tuesday tossed out a case the government had brought against Microsoft over whether law enforcement can search and seize data stored overseas.

In a three-page order, the court said the dispute is resolved now that Congress has passed legislation allowing investigators to obtain electronic data that technology companies store anywhere in the world.

After the Clarifying Lawful Overseas Use of Data, or CLOUD, Act was passed as part of the $1.3 trillion spending bill last month, the Department of Justice (DOJ) filed a motion asking the Supreme Court to vacate the lower court ruling and send the Microsoft case back down to the lower court with instructions to dismiss the case as moot.

In a reply, Microsoft said it was not objecting to the DOJ's request because the government has abandoned its pursuit of the original warrant and Congress passed the Cloud Act.

"The way this case has played out shows exactly why the Second Circuit was correct to hold that the Stored Communications Act did not yet reach communications stored in other countries: Only Congress could 'create nuanced rules' like those in the CLOUD Act that properly bring the SCA into the 21st century," said attorneys for Microsoft.

The case centered on a federal warrant for the emails of a customer that Microsoft had stored in Dublin, Ireland. Microsoft had argued that under the Stored Communications Act (SCA), warrants have territorial limits.

During arguments in February, however, Justice Sonia Sotomayor asked why the justices shouldn't just wait for Congress to resolve the issue, given the pending legislation.

The takeaway: As it turns out, they didn't wait long.  The Supreme Court said in its opinion Tuesday that both DOJ and Microsoft agree that a new warrant has replaced the original warrant and that this case, therefore, has become moot.

To read more from our piece, click here.  

 

A REPORT IN FOCUS: 

THE HUMAN FACTOR: Cyber criminals have found exploiting people online more lucrative than exploiting software flaws, according to a new report released Tuesday.

By turning to people, the thieves can steal money and information for financial gain, conduct espionage, as well as embed themselves in network systems for future attacks, cyber firm Proofpoint's 2018 Human Factor report found.

"Threat actors continue to find new ways to exploit our natural curiosity, desire to be helpful, love of a good bargain, and even our time constraints to convince us to click," Kevin Epstein, vice president of Threat Operations for Proofpoint, said in a statement.

Careful what you click: Proofpoint, which reviewed over 6,000 worldwide enterprise customers throughout 2017, found that emails continue to be a preferred attack vector for hackers. That's because they largely prove successful with 52 percent of clicks on malicious emails taking place within just one hour.

Emails also distributed malicious software across the globe, particularly affecting Japan.

Japan is not alone: "More than 80% of malicious emails distributed ransomware and banking Trojans, making them the most widely distributed malware families. Banking Trojans appeared in more than 30% of malicious emails in Europe, Japan, and Australia. Japan also saw the highest regional level of downloader activity in email," the report found.

A majority -- roughly 80 percent -- of organizations they analyzed had faced email fraud attacks, according to the report.

"The number of email fraud emails using language related to legal advice or practices in their subject lines increased by 1,850% year-over-year," the firm found.

"Our research clearly shows that it's imperative to stop threats before they reach users over email, cloud applications, and social networks. Reducing initial exposure minimizes the chances that an organization will experience a confidential data breach, business disruption, or direct financial loss," Epstein continued.

 

A LIGHTER NOTE: 

Outgoing NSA Director Adm. Mike RogersMichael (Mike) Dennis RogersHillicon Valley: Trump signs off on sanctions for election meddlers | Russian hacker pleads guilty over botnet | Reddit bans QAnon forum | FCC delays review of T-Mobile, Sprint merger | EU approves controversial copyright law Former NSA chief refutes report claiming Trump asked him to publicly deny Russia collusion Michigan college Dems sue state over voting laws, claim they discriminate against young people MORE on Tuesday won the award for excellence in the field of public policy at the RSA cybersecurity conference in San Francisco. More here.

 

WHAT'S IN THE SPOTLIGHT:

IT'S TAX DAY ... and the IRS online filing system is experiencing technical difficulties. The electronic system, which many people use to file their taxes online, had a partial failure on Tuesday.

The issue could make it harder for millions of Americans trying to file before Tuesday's midnight deadline.

"On my way over here this morning, I was told a number of systems are unavailable at the moment," IRS Acting Commissioner David Kautter told the House Oversight and Government Reform Committee on Tuesday. "We are working to resolve the issue and taxpayers should continue to file their returns as they normally would."

A congressional official told The Washington Post that the IRS will attempt a "hard reboot" of its system that they hope will fix the issue.

The IRS has said that, at this point, all indications are that the problems are due to a hardware issue.

Kautter noted that even though the deadline for Americans to file their taxes is Tuesday, they can still request a six-month extension on the IRS's website.

He also said that people would not be penalized if their returns arrive late because of the system glitches, according to the Los Angeles Times.

"If we can't solve it today, we'll figure out a solution," Kautter said. "Taxpayers would not be penalized because of a technical problem the IRS is having."

On the last day of last year's tax filing season, the IRS received five million returns.

How it's playing on Capitol Hill: Some lawmakers have said that the IRS should provide a grace period so that Americans who have issues filing their taxes because of the systems failures are not penalized.

To read more from our piece, click here.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

New York AG launches inquiry into bitcoin exchanges. (The Hill)

Kudlow: Haley 'got ahead of the curve' on Russia sanctions. (The Hill)

Clinton allies seethe with rage at Comey. (The Hill)

OP-ED: Russian cyber attack should be met by counter-strikes. (The Hill)

Pew surveys tech, health experts on impact digital life will have on individuals' overall well-being. (Pew Research Center)

Bangladesh might settle a suit over a 2015 cyber heist. (Reuters)

Australia joins U.S., U.K. in blaming Russia for cyberattacks on internet devices. (The Guardian)

Now you can buy a short electric skateboard for under $800. (The Verge)

Judge says Facebook must face class action lawsuit over use of facial recognition. (Reuters)