Lance Bellers - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Senate bill would quash unlimited Rule 41 government hacks

Rule 41 changes face bipartisan opposition in Senate with the Wyden-Paul bill to rein in the expansion of authority to let the government hack unlimited numbers of devices with a single warrant.

Sens. Ron Wyden (D-Ore.) and Rand Paul (R-Ky.) introduced the Stopping Mass Hacking Act to prevent the controversial expansion of the scope of Rule 41 of the Federal Rules of Criminal Procedure.

The Rule 41 changes, which were requested by the Department of Justice last year and approved by the Supreme Court in April, make it easier for investigators to obtain warrants for remote electronic searches of devices involved in investigations.

If the changes go into effect, federal magistrate judges will gain the authority to issue warrants for remote searches of computers located anywhere in the world, including situations where law enforcement doesn't know the location of the devices. The magistrates would also be allowed to authorize the search of any number of computers with a single warrant. Since Rule 41's expansion would allow law enforcement agents to gain unauthorized access and control over users' systems, critics of the rule argue it is tantamount to legalizing government hacks, with no oversight or control.

"This is a dramatic expansion of the government's hacking and surveillance authority. Such a substantive change with an enormous impact on Americans' constitutional rights should be debated by Congress, not maneuvered through an obscure bureaucratic process," Wyden said. "Unless Congress acts before Dec. 1, Americans' security and privacy will be thrown out the window and hacking victims will find themselves hacked again -- this time, by their own government."

The Electronic Frontier Foundation has been critical of the changes to Rule 41, noting that while the rules are intended to define procedures, the changes create "new avenues for government hacking that were never approved by Congress."

The changes to Rule 41 will go into effect on Dec. 1, 2016, unless Congress acts to stop them. Other co-sponsors of the bill include Sens. Tammy Baldwin (D-Wis.), Steve Daines (R-Mont.) and Jon Tester (D-Mont.).

House passes cybersecurity bill

Meanwhile, H.R. 4743, also known as the National Cybersecurity Preparedness Consortium Act, passed in Congress by a vote of 394-3. The legislation, introduced by Rep. Joaquin Castro (D-Tex.), "allows nonprofit entities, including universities, to work more closely with the Department of Homeland Security to address cybersecurity risks and incidents at the state and local level."

"Increased collaboration will strengthen our defenses and keep us one step ahead of cyberattackers. I'm hopeful the Senate will follow the House's lead, pass this bill and protect the American people from a growing threat to their safety," Castro said.

In other news:

  • A hacker is offering 117 million hacked LinkedIn account credentials, including account names and plaintext passwords, taken from LinkedIn's 2012 breach, according to Motherboard. Although LinkedIn had not previously stated how many accounts were compromised in 2012, they did admit they "became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012." LinkedIn wrote they "are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach." The breached database included 167 million encrypted accounts, and the 117 million accounts were being offered for five bitcoins -- approximately $2,200 -- on the dark Web marketplace, The Real Deal. The hackers were able to crack the encrypted account information because LinkedIn had not used a hashing salt.
  • Check Point's April 2016 Threat Index revealed "Conficker was the most prominent malware family, accounting for 17% of recognized attacks." The Conficker worm, first detected in 2008, allows malware to be downloaded, after which the infected computer is controlled by a botnet. Check Point identified 2,000 unique malware families during April, which was more than a 50% increase over the previous month.
  • A new study released by the National Telecommunications and Information Administration (NTIA) of the U.S. Commerce Department claimed some Americans are reducing their Internet usage because of security and privacy concerns. "Nineteen percent of Internet-using households -- representing nearly 19 million households -- reported that they had been affected by an online security breach, identity theft or similar malicious activity during the 12 months prior to the July 2015 survey," according to the study. "Americans are increasingly concerned about online security and privacy at a time when data breaches, cybersecurity incidents and controversies over the privacy of online services have become more prominent. These concerns are prompting some Americans to limit their online activity, according to data collected for NTIA in July 2015 by the U.S. Census Bureau." More than 41,000 households with at least one Internet user were surveyed.
  • More information about the actively exploited Flash zero-day vulnerability has emerged. Genwei Jiang, senior research engineer at FireEye Inc., based in Milpitas, Calif., wrote about the attack, which exploited a previously unknown vulnerability in Adobe Flash Player (CVE-2016-4117). Adobe patched the vulnerability (in APSB16-15) four days later. According to Jiang: "Attackers had embedded the Flash exploit inside a Microsoft Office document, which they then hosted on their Web server, and used a Dynamic DNS domain to reference the document and payload. With this configuration, the attackers could disseminate their exploit via URL or email attachment. Although this vulnerability resides within Adobe Flash Player, threat actors designed this particular attack for a target running Windows and Microsoft Office."
  • The tables were turned, as the hacker forum Nulled.IO got hacked. Risk Based Security Inc., a Richmond, Va., security intelligence firm, found a comprehensive data dump of the forum and wrote that the breach revealed Nulled.IO usernames, email addresses, encrypted passwords, registration dates and IP address used to register for 536,064 user accounts. Also compromised were 800,593 user personal messages, 5,582 purchase records and 12,600 invoices. "Since it is a full dump of the forums, also included are 2.2 million posts and all of the other site-related content, which means that private content, links and other information from the VIP forums is now public," the company wrote.

Next Steps

Find out what Bruce Schneier had to say about government mass surveillance.

Read about Microsoft's fight to notify users of FBI surveillance.

Learn why Harvard cast doubt on the FBI's going-dark claims.

Dig Deeper on Information security laws, investigations and ethics