Hillicon Valley: Russian hacking group believed to be behind Kaseya attack goes offline | DHS funding package pours millions into migrant surveillance | Jen Easterly sworn in as director of DHS cyber agency
Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter by clicking HERE.
Welcome and Happy Tuesday! Follow our cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.
Websites used by the cyber criminal group known as REvil went dark Tuesday, just over a week after the group was linked by cybersecurity experts to the ransomware attack on software company Kaseya. While it is unknown why the websites went dark, President Biden last week urged Russian President Vladimir Putin to take further steps against hackers based in his country, and hinted to reporters that the U.S. had the option of disrupting the hackers’ servers.
Meanwhile on Capitol Hill, the House Appropriations Committee marked up the annual Department of Homeland Security appropriations bill, approving a proposal that included millions to pay for technologies that surveil immigrants.
SUSPICIOUS TIMING FOR A HOLIDAY: Websites on the dark web used by a criminal hacking group believed to be behind the recent massive ransomware attack on software company Kaseya went offline Tuesday.
The hacking group, REvil, is believed to be based in Russia, and has been linked by the FBI to the ransomware attack in May on JBS USA, the nation’s largest beef producer. The more recent attack on Kaseya impacted up to 1,500 companies, many of them small businesses.
According to The New York Times, the websites on the dark web used by REvil to negotiate payment with victims and lists of companies it had targeted went dark early on Tuesday morning.
John Hultquist, the vice president of Analysis at cybersecurity group FireEye’s Mandiant Threat Intelligence, confirmed the takedown, saying in a statement provided to The Hill Tuesday that “at the time of analysis all known websites associated with the REvil ransomware RaaS are offline or non-responsive.”
It is unclear what caused the hacking group to go dark. The developments come less than a week after President Biden called Russian President Vladimir Putin and strongly urged him to take further action against ransomware groups based in Russia.
Read more about the incident here.
ICE WILL BE WATCHING YOU: The House Appropriations Committee advanced a bill for Department of Homeland Security funding Tuesday that would allocate millions toward technologies for surveilling immigrants.
The proposal, passed through the Democratic-controlled committee on a 33-24 party-line vote, would allocate $475 million to Immigrations and Customs Enforcement (ICE) for the agency’s Alternatives To Detention (ATD) program, well above what the Biden administration requested in its 2022 budget.
The program has drawn criticism for expanding the number of immigrants under ICE’s supervision, with detractors saying it has caused them physical and emotional harm.
Individuals in the ATD are subject to unscheduled visits, tracked by ankle monitors and required to do check-ins with agents using voice or facial recognition systems, according to a recent report by the Just Futures Law Center and Mijente.
The funding bill also provides millions in cybersecurity funds, with the Cybersecurity and Infrastructure Security Agency set to get almost $400 million above its fiscal year 2020 funding.
Read more about the bill here.
IT’S OFFICIAL: Jen Easterly was sworn in Tuesday as director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), one day after the Senate unanimously approved her nomination.
Easterly, who now leads the agency responsible for securing the nation’s critical infrastructure against cyberattacks, said in a statement following her swearing-in that she is “incredibly honored and humbled to join the team at CISA.”
“I have admired the agency from afar as the organization has grown over the past several years, and seen firsthand how its guidance, insight and resources can benefit public and private sector partners as part of our collective defense to build a more resilient nation,” Easterly said. “I thank President Biden for putting his faith in me to lead this organization, and the Senate for confirming me for this role.”
Easterly takes over leading the agency from Brandon Wales, who had served as acting director since November, when former President Trump fired former CISA Director Christopher Krebs after CISA pushed back against election disinformation and misinformation.
FRT HEARING: Along with mis-identifying people of color, Black individuals are disproportionately represented in facial recognition databases, perpetuating racial disparities in the criminal justice system, Bertram Lee Jr., who serves as counsel for Media and Tech at The Leadership Conference, testified at a House Judiciary Committee hearing on Tuesday discussing facial recognition technology in the law enforcement.
Gretta Goodwin, director of homeland security and justice at the Government Accountability Office who also testified at the hearing, presented a new study, published this month, that found that 42 federal agencies employ law enforcement officers who use facial recognition technology. Fourteen of those agencies reported that they use the technology for criminal investigations, but only one had means to track the technology’s usage.
While many of the lawmakers and witnesses acknowledged the benefits of facial recognition technology, such as the identification of the Jan. 6 rioters, there was widespread agreement that the technology needs to be regulated. Some lawmakers proposed using facial recognition technology mainly for the investigation of crimes and not for making arrests.
Still, the technology has been largely unstudied, so it is hard to really understand the extent of its inaccuracy, said Barry Friedman, faculty director of The Policing Project.
-The Hill’s Abigail Goldberg-Zelizer
SACREBLEU: France’s competition authority fined Google more than $550 million Tuesday for not negotiating with French publishers in good faith.
The agency threatened to fine the company another $1 million per day if it does not come up with proposals for how it will compensate publishers within two months.
A Google spokesperson said that the fine “ignores the significant efforts” the company has made to comply with French law.
“We want to find a solution and reach definitive agreements but this fine is out of all proportion to the amount of money we make from news and we will be reviewing the decision in detail,” they added in a statement to The Hill.
Read more about the fine here.
TRANSPARENCY CAMPAIGN: Consumer Reports is launching a nationwide campaign aimed at improving transparency of the cost and quality of broadband service.
The initiative, dubbed Broadband Together, will seek to do that by collecting the internet bills of tens of thousands of consumers to analyze the price and speed of services offered in different communities.
“For too long, the true cost and quality of internet service has been hidden and obscured,” said Marta Tellado, president and chief executive officer of Consumer Reports. “We want to shine a light on what’s really happening, so every American can have the quality internet they need to succeed today and into the future.”
Read more about the campaign here.
TIKTOK MAKE IT STOP: Videos and audio tracks circulating on TikTok contribute to the viral spread of misinformation surrounding vaccines, according to researchers at a London-based firm that tracks disinformation.
According to a report from NBC News, researchers at the Institute for Strategic Dialogue (ISD) found that a function of TikTok’s app that enables users to share audio tracks to make their own videos has allowed misinformation about coronavirus vaccines to go viral.
A report from the organization showed that audio tracks containing coronavirus vaccine misinformation have gone viral as a chain message, a result of the app’s function that violates TikTok’s misinformation policy.
Read more about the report here.
What we’re watching this week:
-The Senate Homeland Security and Governmental Affairs Committee will consider multiple pieces of cyber-related legislation during a hearing Wednesday, including a bill to protect K-12 institutions against hackers.
-The Senate Commerce Committee will hold a hearing Thursday on supply chain resiliency featuring testimony from technology experts.
-The House Homeland Security Committee will hold a hearing Thursday on reforming the Department of Homeland Security to meet evolving threats, which will likely include discussions of recent cybersecurity incidents.
An op-ed to chew on: Congress must act now to pass a bipartisan federal privacy law
Lighter click: Completely factual
NOTABLE LINKS FROM AROUND THE WEB:
There’s Just One Problem With Biden’s Executive Order Spree (The American Prospect / Alexander Sammon)
Welcome to TikTok’s endless cycle of censorship and mistakes (MIT Tech Review / Abby Olheiser)
The ugly, geeky war for web privacy is playing out in the W3C (Protocol / Issie Lapowsky)
Researchers find big flaw in Schneider Electric ICS system popular in building systems, utilities (CyberScoop / Tonya Riley)
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed. Regular the hill posts