Hillicon Valley: DOJ indicts Chinese, Malaysian hackers accused of targeting over 100 organizations | GOP senators raise concerns over Oracle-TikTok deal | QAnon awareness jumps in new poll
Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.
Welcome! Follow our cyber reporter, Maggie Miller (@magmill95), and tech reporter, Chris Mills Rodrigo (@chrisismills), for more coverage.
HACKERS GONNA HACK: The Justice Department on Wednesday announced indictments against five Chinese and two Malaysian individuals for allegedly targeting and hacking more than 100 companies in the U.S. and around the world.
The five Chinese nationals, part of a hacking group known as “APT41,” were charged with targeting video game companies, telecommunications groups, social media platforms, computer hardware manufacturers, foreign governments, universities, think tanks and pro-democracy activists in Hong Kong, while two Malaysian nationals were taken into custody for conspiracy in some of the attacks.
In addition, the Justice Department announced that the U.S. Attorney’s Office for the District of Columbia had issued warrants to seize hundreds of accounts, servers and domain names used by the alleged hackers to conduct attacks. The agency noted that Microsoft assisted this effort by implementing measures to block the hackers from accessing networks, and that Facebook, Verizon and Google had also assisted in this effort.
“Today’s charges, the related arrests, seizures of malware and other infrastructure used to conduct intrusions, and coordinated private sector protective actions reveal yet again the department’s determination to use all of the tools at its disposal and to collaborate with the private sector and nations who support the rule of law in cyberspace,” Assistant Attorney General John Demers said in a statement. “This is the only way to neutralize malicious nation state cyber activity.”
While law enforcement officials did not directly attribute the attacks to the Chinese government, Michael Sherwin, the acting U.S. attorney for the District of Columbia, told reporters Wednesday that some of the Chinese nationals indicted carried out the attacks with the confidence that the Chinese government would not move against them.
“They were working for personal gain, but they also were proxies for the Chinese government,” Sherwin said.
HACKERS GONNA HACK PT. TWO: The Justice Department on Wednesday announced indictments against two Iranian nationals for allegedly targeting and stealing sensitive data from groups in the United States, Europe and the Middle East, in some cases with Iranian government support.
Hooman Heidarian and Mehdi Farhadin are accused of stealing hundreds of terabytes of data, in some cases at the direction of Tehran, beginning in 2013 from groups including American and foreign universities, a Washington, D.C.-based think tank, a defense contractor, an aerospace organization and other groups seen as adversarial to Iran.
Heidarian and Farhadi are alleged to have stolen data including communications on national security, foreign policy intelligence, nuclear information, human rights activism and financial information.
According to the Department of Justice, the targeting affiliated with the Iranian government included hacking computer systems connected to Iranian dissidents, human rights groups and opposition leaders.
The two are also accused of vandalizing websites through defacing them with pro-Iranian government messages and are alleged to have used multiple methods to gain access to networks, including developing a botnet to spread malware viruses and spam their targets.
GOP SENATORS PUSH BACK ON ORACLE-TIKOK: A group of Republican Senators led by Sen. Marco Rubio (Fla.) on Wednesday raised concerns about a proposed partnership between Oracle and TikTok.
In a letter to President Trump, the lawmakers warned that a partnership where Oracle simply assumes a management role of the social media platform would not resolve the national security risks outlined in the executive order that has compelled the app’s divestiture.
“The Executive order is a clear-eyed directive that highlights the data security, corporate espionage, and censorship hazards posed by TikTok, which is owned by the Chinese company ByteDance,” Rubio and GOP Sens. Thom Tillis (N.C.), Roger Wicker (Miss.), Rick Scott (Fla.), Dan Sullivan (Alaska) and John Cornyn (Texas) wrote.
“As this deal appears to fall short of a full acquisition, serious questions remain with regard to Oracle’s role in TikTok’s U.S. operations, the type of technology Oracle will be providing ByteDance, and the question of what will happen to the crucial algorithms, which make the application function.”
Oracle and TikTok submitted the proposed deal to the Treasury Department over the weekend.
Any deal involving the wildly popular short-form video app would require administration approval.
QANON AWARENESS GROWS: Awareness of the QAnon conspiracy theory among American adults has doubled since March, according to a new poll released by the Pew Research Center Wednesday.
Forty-seven percent of respondents said they had heard or read about QAnon in the poll conducted between Aug. 31 and Sept. 7, up from 23 percent in a Pew survey from March.
However, 38 percent of respondents said they had only been exposed to the theory “a little.”
Additionally, nearly three-quarters of those who had heard or read about it said QAnon is net bad for the country.
Democrats reported awareness at a higher rate than Republicans, 55 to 39 percent, and overwhelmingly said it is a “very bad” thing for the country.
On the other hand, 41 percent of Republicans who had heard or read about the theory said it is a good thing for the U.S.
Followers of QAnon believe, without evidence, that a secret cabal of Democrats and Hollywood elites are engaged in large-scale child trafficking and pedophilia.
They also also believe that President Trump is working with the military to expose and execute that shadowy network.
The community behind the theory has grown massively over the last year.
ELECTION SECURITY BILL MOVES FORWARD: The House on Wednesday unanimously passed bipartisan legislation intended to boost research into the security of election infrastructure.
The Election Technology Research Act would establish and fund a Center of Excellence in Election Systems at the National Institute of Standards and Technology (NIST) to test the security and accessibility of voting equipment, along with authorizing NIST and the National Science Foundation to carry out research on further securing voting technology.
The bill is primarily sponsored by Reps. Mikie Sherrill (D-N.J.) and Anthony Gonzalez (R-Ohio) along with House Science, Space and Technology Committee Chair Eddie Bernice Johnson (D-Texas), ranking member Frank Lucas (R-Okla.), and almost a dozen other bipartisan sponsors.
Sherrill said on the House floor Wednesday that it was “incumbent” on Congress to pass legislation enhancing election security given the increasing concerns around election interference efforts.
“Amidst a global pandemic, targeted attacks on our democracy by our adversaries and political unrest, Americans deserve to know that our elections are secure,” Sherrill said.
The Science, Space and Technology Committee approved the bill last year. Both Johnson and Lucas spoke in the bill’s favor on the House floor, with Johnson arguing it is necessary “to help modernize and secure our election systems and ensure they are accessible to all.”
NEW COMMITTEE? Senate Minority Leader Charles Schumer (D-N.Y.) and Sen. Bernie Sanders (I-Vt.) on Wednesday called for the establishment of a bipartisan Senate committee to examine election security and integrity ahead of the November election.
In a letter to Senate Majority Leader Mitch McConnell (R-Ky.), Schumer and Sanders advocated for such a committee to be composed of “equal representation from both parties” to examine issues including the safety and security of mail-in voting and post-election scenarios.
“As you know, there is a great deal of concern about possible confusion and chaos in the upcoming November 3rd election,” the senators wrote. “Sadly, there are some who are systematically undermining public confidence in the voting process, and irresponsibly fanning suspicions and conspiracy theories about the legitimacy of election results.”
“At this historic moment we believe Democrats and Republicans in the Senate must come together to guarantee the integrity of our election process,” they added.
They advocated for a bipartisan panel to hold hearings to examine processes in place to ensure the November election would take place securely and safely, with the hearings including testimony from state and local election officials such as secretaries of state.
Topics for the committee to consider include ensuring U.S. voters are aware that vote tallies may take longer this year due to a surge in mail-in ballots in order to avoid disinformation around the election process and to prepare for post-election scenarios that could involve violence.
MISTAKES WERE MADE: The Department of the Interior’s Office of Inspector General (OIG) said Wednesday that it has been “highly successful” at accessing the agency’s networks as part of a security audit due to cybersecurity shortcomings.
As part of a security audit, OIG employees conducted penetration testing on the Interior Department’s networks, and were successfully able to break into networks and access sensitive information, including intercepting and decrypting network traffic, accessing internal networks at two Interior Department bureaus, and stealing the credentials of an agency IT employee.
The OIG accessed the networks through simulating previous attacks by malicious hackers to target federal agencies, including using portable testing units concealed in backpacks and operated by smartphones to test the networks while the OIG employees were positioned in publicly accessible areas of Interior Department buildings.
The OIG noted that the penetration testing went “undetected” by both IT personnel and security guards.
“We used the same tools, techniques, and practices that malicious actors use to eavesdrop on communications and gain unauthorized access,” the OIG wrote in a report detailing the security audit results. “Many of the attacks we conducted were previously used by Russian intelligence agents around the world.”
FTC (MAYBE) CONSIDERS FACEBOOK CASE: The Federal Trade Commission (FTC) is considering filing an antitrust lawsuit against Facebook by the end of the year, The Wall Street Journal reported Tuesday night.
The case would be the culmination of a more than yearlong investigation by the regulator body into concerns that the social media platform has been stifling competition.
People familiar with the matter told the Journal that no final decision has been made over whether to file a suit.
Spokespeople for the FTC and Facebook declined to comment on the Journal’s report.
Mark Zuckerberg reportedly testified before the FTC in August, signaling that the investigation may be reaching its final stages.
The FTC has already conducted one probe into Facebook, which ended in a $5 billion settlement.
That investigation was launched in March 2018 after reports that data from tens of millions of Facebook users was shared with Cambridge Analytica. The probe had focused on whether the social media giant violated a 2011 consent agreement with the FTC requiring greater privacy protections and transparency for users.
QUANTUM BUDS: The Trump administration announced Wednesday that Boeing, Google and IBM will be among the organizations to lead efforts to research and push forward quantum computing development.
The companies will be part of the steering committee for the Quantum Economic Development Consortium (QED-C), a group that aims to identify standards, cybersecurity protocols and other needs to assist in pushing forward the quantum information science and technology industry.
The White House Office of Science and Technology Policy (OSTP) and the Department of Commerce’s National Institute of Science and Technology (NIST) announced the members of the steering committee on Wednesday, with NIST, ColdQuanta, QC Ware and Zapata Computing also selected to sit on it.
The QED-C was established by the National Quantum Initiative Act, signed into law by President Trump in 2018, with the full consortium made up of over 180 industry, academic and federal organizations.
According to OSTP, the steering committee will take the lead on helping to develop the supply chain to support quantum’s growth in industry, and is part of the Trump administration’s recent efforts to promote quantum computing.
“Through the establishment of the QED-C steering committee, the Administration has reached yet another milestone delivering on the National Quantum Initiative and strengthening American leadership in quantum information science,” U.S. Chief Technology Officer Michael Kratsios said in a statement. “We look forward to the continued work of the QED-C and applaud this private-public model for advancing QIS research and innovation.”
AMAZON HUBS: Amazon is seeking to boost its delivery network by installing 1,000 small delivery hubs in cities and suburbs around the U.S. in an effort to provide same-day delivery services, Bloomberg reported Wednesday.
People familiar with the plans told Bloomberg that the facilities will make online shopping almost as quick as a trip to the store. The move will also help Amazon compete with companies like Walmart and Target, which have already started offering same-day delivery of online orders.
The proposed expansion, which will eventually see a total of about 1,500 Amazon facilities, comes after Amazon faced challenges fulfilling its two-day delivery pledge earlier this year when customers flooded the company with orders amid COVID-19 lockdowns.
Bloomberg reported that while Amazon had previously avoided competing with Walmart and other suburban chain companies, CEO Jeff Bezos is investing billions of dollars in rapid delivery services as the busy holiday season approaches.
Lighter click: Nice to have some consistency 🙂
An op-ed to chew on: Student Privacy Pledge delivers neither privacy nor enforcement
NOTABLE LINKS FROM AROUND THE WEB:
Oracle pushed Section 230 reform to spite Amazon and Google. Then came its deal with TikTok. (Protocol / Emily Birnbaum)
As schools spend big on temperature check tech, experts warn: They won’t work (NBC News / April Glaser and Olivia Solon)
Google says it doesn’t monopolize digital ad market. Senators don’t buy it (NPR / Shannon Bond)
Spotify CEO defends keeping transphobic Joe Rogan podcasts online (Motherboard / Joseph Cox and Emanuel Maiberg)
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed. Regular the hill posts
Testing Video
ASR RAW Boys Lacrosse: Coronado 8, Poway 6
