Hillicon Valley: DOJ indicts Chinese hackers accused of targeting COVID-19 research | House votes to ban TikTok on government devices

Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.

Welcome! Follow our cyber reporter, Maggie Miller (@magmill95), and tech reporter, Chris Mills Rodrigo (@chrisismills), for more coverage.

NEW CHINESE INDICTMENT: The Department of Justice (DOJ) on Tuesday rolled out an 11-count indictment against two Chinese hackers allegedly involved in targeting “hundreds” of companies around the world, including most recently U.S. groups researching COVID-19 vaccines and treatments.

The indictment alleges that Chinese nationals Li Xiaoyu and Dong Jiazhi stole terabytes of data over 10 years from companies in nations including the U.S., Sweden, the Netherlands, Spain, the United Kingdom and Australia. 

The defendants, who currently work for the Guangdong Province International Affairs Research Center in China, targeted companies in the fields of high-tech manufacturing, medical device and industrial engineering, education, gaming software, solar energy, defense and pharmaceuticals, the DOJ said. 

Most recently, the defendants are alleged to have targeted the networks of U.S. companies involved in coronavirus research, including those developing vaccines and treatments.

The indictment noted that while the defendants often targeted the companies for their own gain, they also worked at the behest of the Chinese Ministry of State Security (MSS) or other Chinese government agencies. The defendants are alleged to have given the MSS email passwords belonging to Chinese dissidents, allowing the targeting of a Hong Kong community organizer, a Christian church in China and a former Tiananmen Square protester, among others. 

Assistant Attorney General John Demers said during a press conference Tuesday that the actions of the defendants and of the Chinese government in protecting them ran “afoul of norms of acceptable state behavior in cyberspace, which the international community must address.”

“China has now taken its place, alongside Russia, Iran, and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist Party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” Demers said.

Read more about the indictments here.

 

SANCTIONS ON HACKERS: House Minority Leader Kevin McCarthy (R-Calif.) on Tuesday introduced legislation to sanction foreign hackers involved in attempts to target and steal research on COVID-19 vaccines and treatments.

The Defend COVID Research from Hackers Act would allow the president to impose sanctions on foreign individuals engaging in hacking activity that compromises economic and national security or public health and freeze any American assets of these individuals.

The bill also requires the secretary of State, in consultation with the director of national intelligence, to submit a report to Congress within 180 days of the bill’s passage on “the extent of known cyber-enabled activities or attempted cyber-enabled activities” around COVID-19. 

McCarthy said in a statement that Congress should take steps to protect American researchers working on a “Victory Vaccine” to combat COVID-19, vowing that the U.S. would share any vaccine it developed with the world.

“We have seen that other nations – like China – use this virus to exploit other countries for political advantages,” McCarthy said. “We refuse to allow our innovation to be exploited by China, Russia, or any other hackers. We are going to protect the cure from falling into the wrong hands so that no one can use it as leverage for their own malicious ends.”

He emphasized that “the stakes are too high for these significant cyber crimes to go unpunished. My legislation will hold these criminals accountable.”

Rep. Mark Green (R-Tenn.) proposed the addition of the bill to the National Defense Authorization Act (NDAA) on Tuesday before the House was scheduled to vote on the overall legislation, arguing that foreign efforts to target COVID-19 research, particularly from Chinese actors, should not go unpunished.

“Americans are dying, China is hacking and we in Congress must act,” Green said. “Hacking American intellectual property will not be tolerated, especially when it jeopardizes the lives of Americans. If we can’t agree on punishing those who hack the heroes fighting for a cure for COVID, I don’t know what we can agree on.”

This attempt failed, with the House voting the bill down by a vote of 219-201, mostly along party lines. 

Read more about the legislation here.

 

BYE BYE TIKTOK: An amendment banning the use of TikTok on government devices was successfully attached to the annual defense policy approved by the House Tuesday.

The proposal, brought by Rep. Ken Buck (D-Colo.), would bar federal employees from downloading the short-form video app onto government-issued devices.

The successful amendment comes amid rising scrutiny of TikTok as a national security threat because of its ties to China. TikTok’s parent company, ByteDance, is based in and operates out of Beijing.

The Hill has reached out to TikTok for comment on the amendment. The company has maintained that it does not transfer data to the Chinese government.

The Trump administration has suggested it will ban TikTok outright because of its ties to the Chinese Communist Party, although no specific timeline or mechanism has been provided.

Now that the House approved the House National Defense Authorization Act (NDAA) by a 295 to 125 margin, the Senate will likely pass its own version of the bill, then the two chambers will come together on compromise legislation.

Buck’s amendment mirrors a bill introduced in the Senate by Sens. Josh Hawley (R-Mo.) and Rick Scott (R-Fla.), making it likely that a TikTok ban will at least be considered.

Read more about the measure here.

 

CYBER CZAR INCOMING: The House version of the National Defense Authorization Act (NDAA) passed Tuesday included a provision establishing a national cyber director at the White House, a role that would help coordinate federal cybersecurity efforts.

Bipartisan legislation establishing this position was originally introduced last month, and was added to the NDAA as part of a larger cybersecurity package on Monday. The national cyber director would serve as the president’s principal advisor on cybersecurity and emerging technology issues, and serve as a coordinating force for federal cyber action. 

The national cyber director would replace the previous White House cybersecurity coordinator role, which was eliminated by former national security advisor John Bolton in 2018 in an effort to decrease bureaucracy.

Bipartisan support for reestablishing the position with further authorities has increased in recent months as cyberattacks targeted as hospitals, COVID-19 research, and other sectors have skyrocketed.

The House passed the overall 2021 NDAA by a vote of 295-125 Tuesday afternoon.

The Senate has not yet voted on its version of the NDAA, but the version that cleared the Senate Armed Services Committee included a clause requiring an “assessment” of the “feasibility” of establishing the position, throwing into question whether the position will be established. 

The measure creating the provision was included in the NDAA as part of a slate of legislation designed to boost federal cybersecurity. Many of the measures included were based on recommendations from the Cyberspace Solarium Commission (CSC), a group established by Congress to recommend ways to defend the United States in cyberspace. 

Read more about NDAA cyber provisions here.

 

QUANTUM COMPUTING GETS A BOOST: The White House Office of Science and Technology Policy and the National Science Foundation (NSF) announced Tuesday the establishment of three quantum computing centers across the nation, involving an investment of $75 million.

The new Quantum Leap Challenge Institutes will each receive $25 million to address research and development in the quantum computing space, along with helping to develop curriculum for students in the quantum computing field to help expand the workforce in this area. 

The center set to be established at the University of California Berkeley will address present and future quantum computing, while the center at the University of Illinois will focus on hybrid quantum architecture and networks. The third institute, at the University of Colorado, will look into the development of quantum sensors to help with more precise measurements across a variety of fields.

U.S. Chief Technology Officer Michael Kratsios said in a statement that the new centers would boost “cutting-edge industries of tomorrow.”

“With the announcement of three new quantum institutes, the Trump Administration is making a bold statement that the United States will remain the global home for QIS research,” Kratsios said. “Our new Quantum Leap Challenge Institutes will advance America’s long history of breakthrough discoveries and generate critical advancements for years to come.”

The establishment of the centers stems from a provision in the National Quantum Initiative Act, which President Trump signed into law in 2018. The law requires the director of the NSF to award funding to universities to help establish between two to five “multidisciplinary centers for quantum research and education.”

NSF Director Sethuraman Panchanathan said in a statement Tuesday that “within five years, we are confident these institutes can make tangible advances to help carry us into a true quantum revolution.”

Read more about the new centers here.

 

NEW LABELS: Facebook on Tuesday followed through with a new policy of adding additional voting information to posts from politicians related to elections, appending a link to a post from President Trump.

The post in question claims, baselessly, that mail-in voting will “lead to the most CORRUPT ELECTION in our Nation’s History!” The hashtag #RIGGEDELECTION is also included.

Facebook last week began attaching labels to posts by federal elected officials and candidates leading users to usa.gov/voting, which contains basic info about elections and voting.

Former Vice President Joe Biden, the presumptive Democratic presidential nominee, has had the label added to some of his posts as well, including ones simply asking supporters to vote out Trump in the fall.

Bill Russo, a Biden campaign spokesperson, called out Facebook for applying the same label to Trump and Biden’s posts.

For posts, like the one by Trump, that mention mail-in voting, the link will take users to a section with state-by-state instructions on how to register to vote by mail.

The link does nothing to dispute the misinformation in Trump’s post.

The new election labels come after months of intense pressure on Mark Zuckerberg to tackle false or hateful information on his platform.

Read more about the policy here.

 

YOU KNOW THINGS ARE BAD WHEN…: Professional networking site LinkedIn will be cutting 960 jobs, or 6 percent of its employee base, because of the coronavirus pandemic, CEO Ryan Roslansky said Monday. 

“LinkedIn is not immune to the effects of the global pandemic. Our Talent Solutions business continues to be impacted as fewer companies, including ours, need to hire at the same volume they did previously,” Rolansky said in a message posted to the platform. 

The job cuts will be made across global sales and talent acquisition organizations, he said.

Employees affected by the cuts were expected to be notified within 24 hours. Employees who are let go within North America will stay with the company through Aug. 21. 

Read more about the job cuts here.

Lighter click: Such a common experience

An op-ed to chew on: Deepfakes threaten the 2020 election

 

NOTABLE LINKS FROM AROUND THE WEB: 

ByteDance Investors Discuss TikTok Purchase (The Information / Juro Osawa and Tom Dotan)

Major security flaws found in South Korea quarantine app (The New York Times / Choe Sang-Hun, Aaron Krolik, Raymond Zhong and Natasha Singer) 

Control issues: How Twitter is forcing companies to rethink security and access (Protocol / Tom Krazit) 

How feds used a YouTube livestream to arrest a Portland protester (Recode / Sara Morrison)