Overnight Cybersecurity: GOP, FBI clash over FISA memo | Uber breach under Senate scrutiny | Upcoming House cyber diplomacy hearing

View in your browser       Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you … THE BIG STORIES: --GOP, FBI CLASH OVER CONTROVERSIAL FISA MEMO: In a rare public statement on Wednesday, the FBI said it has "grave concerns" about a Republican-crafted memo alleging corrosive abuse of United States surveillance powers by the Justice Department that is expected to be released in the coming days. "With regard to the House Intelligence Committee’s memorandum, the FBI was provided a limited opportunity to review this memo the day before the committee voted to release it," the bureau said. "As expressed during our initial review, we have grave concerns about material omissions of fact that fundamentally impact the memo’s accuracy." Intelligence committee Republicans, led by Chairman Devin Nunes (R-Calif.), voted to release the document over the strident objections of committee Democrats, who say it is a cherry-picked set of inaccurate accusations designed to kneecap special counsel Robert Mueller’s investigation into the Trump campaign. The decision to release the document now rests with President Trump, who has five days to decide whether or not to allow its publication. He is widely expected to overrule the concerns of senior Justice Department officials who have been lobbying him to keep it under wraps. --CAUGHT ON HOT MIC on Tuesday night, Trump promised Rep. Jeff Duncan (R-S.C.) that he would "100 percent" release the memo. The White House has insisted the document will go through a normal multi-agency review process to ensure its release will not jeopardize national security. Trump's chief of staff John Kelly on Wednesday indicated the White House plans to release the memo soon. “It will be released here pretty quick, I think, and then the whole world can see it,” Kelly said during an interview on Fox News Radio. “This president wants everything out so the American people can make up their own minds.” Wednesday's unusual statement from the FBI — one of the most media-averse institutions in Washington — is just the latest sign that the Nunes memo has inflamed tensions between Trump and his own Justice Department. Senior Justice Department officials, including Deputy Attorney General Rod Rosenstein and FBI Director Chris Wray, warned Kelly against making the document public in a last-ditch effort just before the Intelligence Committee vote to declassify it, The Washington Post reported on Tuesday. To read more of The Hill's coverage, click here and here. --NO CYBER DURING TRUMP SOTU ADDRESS: President Trump delivered his first State of the Union address Tueaday evening, but made no mention of cybersecurity or digital threats during his speech. Trump also did not mention Russian interference in the 2016 presidential election, an issue that has dogged his administration in its first year amid the special counsel investigation into whether his campaign colluded with Moscow. Unsurprisingly, Trump took some heat from Democrats who called him out for not mentioning Russia’s election meddling during the address, which focused heavily on domestic issues like job creation and infrastructure as well as immigration. “Waiting for the President to state that he will #ProtectOurDemocracy from future cyber threats,” tweeted former DNC interim chair Donna Brazile. “How can he not talk about the reality that Russia, through cyberwarfare, interfered in our election in 2016, is interfering in democratic elections all over the world, and according to his own CIA director will likely interfere in the 2018 midterm elections that we will be holding?” Sen. Bernie Sanders (I-Vt.) said during his own rebuttal. For more of The Hill's SOTU coverage, here are five takeaways from the president’s speech. A LEGISLATIVE UPDATE: SENATE PANEL CALLS HEARING ON UBER DATA BREACH: John Flynn, Uber’s chief information security officer, will appear before a Senate Commerce subcommittee on Tuesday. The hearing will focus on the breach and Uber’s reported payoff to the hacker responsible through its “bug bounty” program, which is meant to reward researchers for discovering vulnerabilities in the company’s infrastructures. "We have worked closely with the Senate Commerce Subcommittee on Consumer Protection, Product Safety, Innovation, & Data Security and look forward to participating in their hearing," an Uber spokesman said in a statement. In November of last year, Uber CEO Dara Khosrowshahi announced a breach had taken place before his arrival at the ride-hailing company as well as the number of users affected by it. Reuters and The New York Times later detailed how Uber had paid the hacker responsible for the breach $100,000 to destroy the stolen information. The Senate panel plans to grill Flynn on the incident and bug bounty programs in general. To read more from The Hill's piece, click here.   A Lighter CLICK: Check out Amazon’s Super Bowl ad for Alexa. (Tech Crunch)   A REPORT IN FOCUS: “ZOMBIE” MALWARE GROWING MORE POWERFUL: Security firms are tracking a malicious software that can seize control of devices that are internet-connected and effectively turn them into an army of “zombies,” in which hackers can remotely control the devices all at once, according to a new report Those who created the malware, called Satori, appear to be making the malware more sophisticated — advancing it from being able to impact only handful of devices to a much more devastating effect, Technology Review reported Wednesday. Researchers have been tracking the zombie software since December. It is able to produce a massive slew of e-mail spam, disable corporate websites, or even affect the wider internet, according to the report. Some of Satori’s source code appears to be linked to the 2016 Mirai distributed denial-of-service (DDoS) attack in which it flood the servers of some key U.S. internet infrastructure with an overwhelming level of data traffic, the report found. This attack leveraged scores of vulnerable connected devices including routers, security cameras, and DVRs to bring down a number of prominent sites for companies like Twitter, The New York Times and Airbnb. WHAT’S IN THE SPOTLIGHT: HOUSE PANEL TO HOST CYBER DIPLOMACY HEARING: A key House panel has scheduled a hearing to explore the U.S. government’s cyber diplomacy efforts after the State Department shuttered a standalone office responsible for engaging with other nations on cybersecurity policy. House Foreign Affairs Committee Chair Ed Royce (R-Calif.) on Wednesday announced the hearing for next week to “explore foreign threats to the internet and the important role diplomacy plays in addressing them.” Secretary of State Rex Tillerson’s decision to close the Office of Cybersecurity Coordinator has been met with broad criticism in Congress. Tillerson notified Congress last August that he would shuffle the office’s responsibilities under a bureau focused on economic and business affairs. Tillerson’s move resulted in the elimination of the cybersecurity coordinator position, which was held by Chris Painter for more than six years. Painter led the federal government’s efforts promoting U.S. cybersecurity interests abroad. Painter, who left his position at the end of July, will appear at the Foreign Affairs hearing next week, alongside other non-government experts. “Authoritarian regimes and foreign actors are working overtime to impose more control online, including through censorship,” Royce said in a statement Wednesday. Earlier this month, House lawmakers passed legislation sponsored by Royce that would restore an office at State to handle cyber diplomacy efforts that would be led by an official with the rank of ambassador. To read the rest of The Hill's piece, click here. IN CASE YOU MISSED IT: Links from our blog, The Hill, and around the Web. Trump officials take heat for declining Russia sanctions. (The Hill) Trey Gowdy, chairman of the powerful House Oversight Committee, says he will not seek reelection. (The Hill) Lawmakers worry digital currency is helping human traffickers avoid detection. (The Hill) OP-ED: Digital privacy shouldn't be optional on the US border. (The Hill) OP-ED: To regulate or not to regulate? Cryptocurrencies beg question. (The Hill) Utah’s government hit by as many as 900 million cyberattacks daily. (The Salt Lake Tribune) The U.S. government is turning terrorists’ phones against them. (USA Today) Trump is expected to pick the head of Army cyber command as his NSA chief. (Politico) Experts at the Heritage Foundation make the case for private companies to engage in "active cyber defense." (Heritage) Strava’s heat map PR nightmare shows why users can’t rely on fitness apps to protect privacy. (Technology Review) CIA director Mike Pompeo is said to have met with Russian spies. (CNN) States are partnering with a research institute to get girls interested in cybersecurity careers. (Government Technology) If you'd like to receive our newsletter in your inbox, please sign up here.           Did a friend forward you this email? Sign up for Cybersecurity Newsletters     Forward Cybersecurity Newsletters       Privacy Policy  |  Manage Subscriptions  |  Unsubscribe  |  Email to a friend  |  Sign Up for Other Newsletters   The Hill 1625 K Street, NW 9th Floor, Washington DC 20006 ©2016 Capitol Hill Publishing Corp., a subsidiary of News Communications, Inc.