Overnight Cybersecurity: Why discovering hackers can take months

Why discovering hackers can take months March 2, 2015 By Cory Bennett and Elise Viebeck Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry wrap their arms around cyberthreats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ... THE BIG STORIES: --HACKERS' INVISIBILITY POSES THREAT: Hackers can spend weeks or months inside corporate computer networks before they are detected. Most of the time, they've already gained user credentials, harvested sensitive data and found new places to hide before the hack is discovered. So why does it take IT departments so long to spot malicious activity? The answer lies in companies' slow abandonment of old anti-virus systems that track known "signatures" to root out hackers. To read our full piece, click here. --OBAMA GOES STRAIGHT TO THE TOP: President Obama said Monday he had called Chinese President Xi Jinping directly to express his concerns about upcoming Chinese cybersecurity rules that would require foreign tech firms to submit code for inspection. And Obama delivered somewhat of an ultimatum. "We have made it very clear to them that this is something they are going to have to change if they are to do business with the United States," the president told Reuters in an interview. It's a firm stance for Obama to take. Cyber talks between the two leaders have been infrequent and vague since the official cyber dialogue ended after the U.S. indicted five members of the Chinese military for hacking last May. To read our full piece, click here. --CLAPPER CLAIMS 'MODEST' CYBER GOALS: The goals of the government's new cybersecurity agency are "pretty modest," insisted Director of National Intelligence James Clapper during a Monday chat at the Council on Foreign Relations. Authorized last week, the much-touted Cyber Threat Intelligence Integration Center (CTIIC) will pull together cyber data from across the intelligence community to hopefully create "the ultimate word" on cyber threats, Clapper said. Many have wondered how the administration will staff the 50-person agency, while others have questioned the efficacy of an additional cyber bureaucracy. In true jargon, Clapper said CTIIC "can make some value-added contributions." To read our full story, click here. -THERE WERE SOME LAUGHS: Clapper did drop a few dryly humorous tidbits about his recent trip to North Korea to secure the release of two American prisoners. "Coincidentally the [Sony] attack occurred ... about a week or two after I was there," Clapper said. "So I probably won't be going back," he added with a laugh. "The best kimchi I've ever eaten in my life was in North Korea," the director continued. "Unfortunately it wasn't very enjoyable. Conversation was pretty intense -- a lot of arguing, pointing at each other's chests and that sort of thing." UPDATE ON CYBER POLICY: --THE HOUSE IS ALL THINGS CYBER THIS WEEK. From Tuesday to Thursday, four different House committees will hold hearings on cyber threats and cybersecurity information-sharing. Many corporate giants, including Microsoft, Lockheed Martin and Bank of America have made cyber info-sharing a top lobbying priority and are using the rash of hearings to press lawmakers with a letter on the issue. Notably absent from the letter: Apple, Facebook, Google and other Silicon Valley stalwarts. --WHERE'S THE BILL? The Senate Intelligence Committee was expected to release its version of a cyber info-sharing bill last week, but the measure remains in draft form. The committee's ranking member, Sen. Dianne Feinstein (D-Calif.), told The Hill the panel is still hoping to mark up its cyber bill this week, but opposition is slowly mounting. A large coalition of privacy and civil liberties advocates on Monday sent committee members a letter Monday listing detailed objections. The White House may also not support the measure, according to Senate Homeland Security and Governmental Affairs Chairman Ron Johnson (R-Wis.). LIGHTER CLICKS: --HOW 'FRIENDS' IS HELPING NORTH KOREA OPEN UP: Digital contraband is streaming into North Korea at unprecedented rates thanks to defector groups and activists, according to a new piece in Wired. USB thumb drives containing episodes of "Friends" -- and even copies of "The Interview" -- are becoming part of a campaign to liberalize the North Korean culture from within. "When North Koreans watch Desperate Housewives, they see that Americans aren't all war-loving imperialists," a leading data smuggler told the magazine. "They're just people having affairs or whatever. They see the leisure, the freedom. They realize that this isn't the enemy; it's what they want for themselves. It cancels out everything they've been told. And when that happens, it starts a revolution in their mind." To read the full piece, click here. --THINGS YOU DIDN'T KNOW COULD BE HACKED: Talking dolls, your smart TV, even your pacemaker ... Hackers can break into almost any device with a wireless signal and use it to collect data or inflict damage. Did we mention sex toys are vulnerable, too? To read the full story, click here. A LOOK AHEAD: --TUESDAY: The House Energy and Commerce Committee will hold a hearing on modern cyber threats at 2 p.m. --WEDNESDAY: The House Homeland Security Committee will hold its second hearing in as many weeks on President Obama's cybersecurity information sharing proposal at 2 p.m. --WEDNESDAY: The House Armed Services Committee will hold a hearing on cyber operations at 3:30 p.m. Tune in for testimony from NSA head Michael Rogers. --THURSDAY: The House Oversight Committee will hold a hearing on cybersecurity at 9 a.m. --THURSDAY: The International Association of Privacy Professionals will hold its 2015 Global Privacy Summit with remarks by journalist Glenn Greenwald as well as FTC Chairwoman Edith Ramirez, two White House aides and several congressional staffers. --FRIDAY: Senate Homeland Security Committee Chairman Ron Johnson (R-Wis.) and White House aide Ari Schwartz, who works on cybersecurity privacy and civil liberties issues, will talk cyber at a USTelecom conference beginning at 9 a.m. IN CASE YOU MISSED IT: Links from our blog, The Hill, and around the Web. Do crypto currencies such as bitcoin have a future? (Wall Street Journal) Data security is becoming the sparkle in bitcoin. (New York Times) What happens after the bitcoin gold rush? (New Republic) The democratization of cyberattacks -- choosing security over surveillance. (Schneier on Security) Wall Street regulators net more than $5 billion in bank settlements. (City & State) The Natural Grocers grocery chain is investigating a potential card breach. (Krebs On Security) Iran's government is increasing monitoring of social media networks within the country. (Al Arabiya) ICYMI: Online tax fraud is on the rise, and it's catching attention on Capitol Hill. (The Hill) ICYMI: Apple CEO Tim Cook says terrorism fight shouldn't compromise privacy. (The Telegraph) We’ll be working to stay on top of these and other stories throughout the week, so check The Hill’s cybersecurity page early and often for the latest. And send any comments, complaints or cyber news tips our way, viacbennett@thehill.com or eviebeck@thehill.com. And follow us at@cory_bennett and @eliseviebeck. If you'd like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A