Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley.
Welcome! Follow the cyber team, Olivia Beavers (@olivia_beavers) and Jacqueline Thomsen (@jacq_thomsen), and the tech team, Harper Neidig (@hneidig). And CLICK HERE to subscribe to our newsletter.
Programming note: Hillicon Valley is signing off early for Thanksgiving, but we’ll be back on Monday. Surely there will be no news between now and then.
A RUSSIAN RED ALERT: Researchers have attributed new malware activity targeting governments in several countries to a Russian hacking group.
Researchers at Palo Alto Network’s Unit 42 found that hackers with APT28, sometimes known as “Sofacy” or “Fancy Bear,” are targeting government groups in the U.S., the European Union and former Soviet governments with weaponized documents containing malware.
{mosads}The hacking group is allegedly behind the 2016 hack of the Democratic National Committee. Special counsel Robert Mueller earlier this year indicted 12 Russian military officers in the hack.
The researchers say the hackers are using the malware to conduct cyber espionage against the government agencies.
The hackers also attempted to use a current event in the name of at least one of the documents, referring to the Lion Air crash earlier this month that killed the 189 passengers on board, according to Unit 42.
One of the corrupted samples obtained by the research team also included a new tool that uses email systems to carry out its work.
“This is not a new tactic but may be more effective at evasion as the activity is encrypted and the external hosts involved are a legitimate service provider,” the Unit 42 researchers wrote.
AND… A RUSSIAN HACKER UNVEILED: A security firm on Tuesday revealed the alleged identity of a renowned hacker who sought to sell high-profile corporate databases online in 2016.
Recorded Future in a blog post claimed their findings “strongly suggest” that a Russian hacker known as Maksim Donakov is behind the alias “tessa88.” The allegation challenges the previously common-held belief that the individual is a woman.
The hacker garnered attention for trying to sell databases for companies such as Myspace, Dropbox, LinkedIn, Twitter and others starting in early 2016.
The firm’s findings say Donakov, who operated under multiple different monikers on the dark web, could have also tapped an accomplice to help maintain and monitor the tessa88 account, who continues to remain anonymous. But either way, their research indicates he is involved.
“In either scenario, we firmly believe that Donakov Maksim has directly benefited from the sales of compromised databases and should be viewed as the main actor,” the firm wrote in a blog post.
Recorded Future says tessa88 emerged in early 2016, offering to sell the databases from a list of companies. The account, however, went dark within a short time period after it got banned from a series of black market web communities.
“Within several months of incredibly active public engagement, the hacker’s personas were banned from almost every dark web community for various reasons, and by May of 2016, tessa88 entirely ceased all communications with the media and public alike,” according to the report, citing allegations of fraudulent activities on these forums.
EMAIL PROBE…DEJA VU? Democrats on the House Oversight and Government Reform Committee are planning to look into Ivanka Trump’s use of a personal email account to determine whether she violated federal law.
A Democratic aide told The Hill on Tuesday that the committee is planning “to continue our investigation of the presidential records act and federal records act, and we want to know if Ivanka complied with the law.”
Background: The Washington Post reported Monday that the president’s daughter and White House aide had used her personal account last year to correspond with White House staffers, her assistants and Cabinet officials, in potential violation of federal records law.
A spokesperson for Trump’s lawyer told the Post that while she was transitioning into a government position, she “sometimes used her personal account, almost always for logistics and scheduling concerning her family.”
He said that the emails have since been forwarded to her official government account in order to comply with the federal records law.
Trump’s husband, White House adviser Jared Kushner, also came under scrutiny last year after Politico reported that he used a private email account to conduct official White House business after the election. The Post report stated that Trump had used an email account from a domain that she shares with Kushner.
The House Oversight Committee had also requested information from the White House last year about Kushner’s use of a personal email account. The White House declined to provide further details at the time, citing an internal review that was underway.
The Democratic aide also noted on Tuesday that the committee had started a bipartisan investigation last year on whether White House officials were in compliance with the Presidential Records Act under then-committee Chairman Jason Chaffetz (R-Utah), who has since retired from Congress. That probe has since been dropped.
TRUMP DEFENDS IVANKA: President Trump on Tuesday dismissed as “fake news” reports that his daughter and senior adviser Ivanka Trump may have violated federal law by using a personal email account to conduct government business.
In his first comments on the story, President Trump rejected parallels to his 2016 Democratic opponent Hillary Clinton’s private email setup because he said his daughter’s emails did not contain classified information and she did not use an extensive home server.
“She wasn’t doing anything to hide her emails,” Trump said of his daughter while speaking to reporters at the White House.
“There was no deleting like Hillary Clinton did,” the president continued. “There was no server in the basement like Hillary Clinton had. You were talking about a whole different, you’re talking about fake news.”
More from The Hill’s Jordan Fabian here.
FACEBOOK UNDER FIRE: A group that supports breaking up Facebook is calling on the company’s employees to come forward as whistleblowers following media reports of internal strife and questions about the social network’s leadership.
Freedom From Facebook, a coalition of nonprofit groups concerned about Facebook’s market power, announced Tuesday that it would be launching an ad buy on the platform promoting a link to a secure, confidential website where Facebook employees can detail their concerns about the company’s workplace.
“Are you worried about what’s happening inside Facebook? Share your concerns confidentially and anonymously,” the ad will read, with a link to its “safe space for whistleblowers.”
The new campaign comes after a New York Times report that alleged Facebook executives were reluctant to confront the issue of Russian disinformation efforts on their platforms during the 2016 presidential race and detailed how a firm hired by the company conducted a smear campaign against Facebook’s critics, linking some of them to the billionaire liberal donor George Soros in ways that are seen by some as anti-Semitic.
Subsequent media reports paint Zuckerberg as taking an increasingly aggressive stance, saying in one question-and-answer session with employees that Facebook would retaliate against workers who leak to the media.
Facebook, which didn’t respond to a request for comment, has pushed back on the Times report, and Zuckerberg has defended his leadership team.
AND: Former U.S. Secretary of Labor Robert Reich is calling for the federal government to break up Facebook and other big tech companies in an op-ed in the Guardian.
NOT TO MENTION: Facebook allowed a family in South Sudan to auction off a 16-year-old girl as a child bride last month, according to multiple reports.
The tech giant, which prohibits human trafficking on its platform, did not delete a post requesting payment for marriage to the girl until she was already married, CNN reported. The post reportedly went up on Oct. 25 and was taken down two weeks later. More on that here.
OPTICS DON’T LOOK GREAT, BUT THE VIEW DOES: At least two Amazon employees reportedly purchased condos in a New York City neighborhood before news emerged that the area had been picked to host the company’s second headquarters.
The employees decided to buy units in a new 11-story condo building in the Long Island City neighborhood of Queens just before the first reports of Amazon’s HQ2 location were released this month, The Wall Street Journal reported Tuesday.
‘TIS THE SEASON: Security firms are warning consumers about an uptick in holiday cyber threats, cautioning online shoppers to watch which sites and links they click on during the upcoming holiday season.
While cybercrime normally spikes during the holidays, particularly as more Americans choose to buy from online retailers, researchers from several prominent security firms are flagging new tactics that could come up this season.
This includes hackers using malicious code that can steal customers’ payment information as they make their purchases.
Kimberly Goody, the manager of cybercrime analysis at FireEye, said consumers should be wary of deals that appear in their inboxes.
This week, the security firm detected the malware threat known as Emotet, which has been seen downloading second-hand bank data — including Thanksgiving-themed emails sent out on Monday.
“Cybercriminals are opportunists who are aware that the potential cost to an organization of not paying a ransom is higher during these days and we expect them to attempt to capitalize on this,” Goody said in an email to The Hill. “They will also exploit individuals’ desire to seek out sales and coupons over the holiday shopping season by crafting email lures advertising sales or masquerading as popular brands.”
TEAMING UP: Threat detection firm Dragos is partnering with General Electric to help detect threats to U.S. utilities.
The two companies announced the new collaboration in a release Tuesday, saying they will combine Dragos’s threat detection technology with GE’s experience in industrial operations to help companies detect and combat cyber threats.
Robert M. Lee, the founder and CEO of Dragos, said in a statement that the two companies “can help provide the right technology and expertise on dealing with the threats that target our industrial environments.”
And Nick Ritter, vice president of product cybersecurity at GE, called cyber threats in industrial control systems (ICS) “broad, ever changing and generally under-represented.”
“GE’s extensive industrial and engineering experience coupled with Dragos’ highly regarded portfolio will provide ICS owners and operators with greater visibility, understanding, and knowledge of targeted controls to enhance security postures,” he said.
AN OP-ED TO CHEW ON: Two cybersecurity policies, one clear new objective.
A LIGHTER CLICK: Happy Thanksgiving!
NOTABLE LINKS FROM AROUND THE WEB:
Bitcoin hits a low this year. (CNBC)
U.S. warns countries not to ‘manipulate the extradition process’ for cybercriminals, (CyberScoop)
Customs and Border Protection’s facial biometrics program has caught 26 alleged imposters. (Nextgov)
Facebook ends test of suggested responses on livestreams. (NBC News)
Cryptocurrency scams are thriving on Twitter eight months after it said it was working to eliminate them (BuzzFeed News)