Overnight Technology

Hillicon Valley: ‘QAnon’ conspiracy theory jumps to primetime | Senate Intel broadens look into social media manipulation | Senate rejects push for more election security funds | Reddit reveals hack

Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley.

Welcome! Follow the cyber team, Morgan Chalfant (@mchalfant16) and Olivia Beavers (@olivia_beavers), and the tech team, Harper Neidig (@hneidig) and Ali Breland (@alibreland).

 

SENATE INTEL BROADENS SOCIAL MEDIA FOCUS: A group of bipartisan lawmakers said Wednesday that they want to broaden the focus of their look at social media interference against the U.S. beyond just election manipulation efforts.

During a Senate Intelligence Committee hearing, lawmakers said the issue of foreign governments using internet platforms to interfere in U.S. affairs extends beyond any single election.

“We know it was far broader than we originally thought. We know that no single entity … by itself can effectively stop foreign influence operations on social media,” said Sen. Martin Heinrich (D-N.M.)

{mosads}

Sen. Mark Warner (D-Va.), the committee’s top Democrat, cautioned that political interference would be “small compared to the overall threats.”

Warner, along with Republicans like Sen. John Cornyn (R-Texas), pointed to the potential for other countries to try to manipulate U.S. energy and financial markets.

The legislators expressed concern that hackers could take advantage of the rapid pace at which information moves on social media in order to spread misinformation.

Race issues: Experts in the hearing called attention to how a significant amount of misinformation is directed at stoking racial tensions.

Market manipulation: Experts and lawmakers also noted the dangers in the manipulation of energy and financial markets via misinformation.

There’s not a solution yet, though: For all their concern, lawmakers still don’t have a lot of good ways to handle the problem. They say they’re getting closer but no legislation has been pitched beyond the Honest Ads Act which aims to increase transparency in digital political ads.

Experts and lawmakers themselves acknowledged that a single solution wouldn’t cut it either and that some type of coordination between the government and tech platform companies will be needed.

 

DATE SET FOR NEXT HEARING WITH SOCIAL MEDIA EXECS: The Senate Intelligence Committee announced Wednesday it will question executives from Facebook and other social media companies on Sept. 5 in the wake of Facebook’s revelation of a new disinformation campaign aimed at the midterm elections.

Sen. Mark Warner (D-Va.) said the hearing, the date for which was not previously known, would feature testimony from executives at Facebook, Twitter and Google.

The Hill previously reported that Twitter CEO Jack Dorsey and Facebook COO Sheryl Sandberg had confirmed they would attend the next hearing.

Google, which has been invited, did not immediately confirm if it had accepted the invitation.

The hearing will serve as a follow-up to one convened last November in which senators questioned social media executives over how their platforms were used by Russian trolls to influence the 2016 presidential election.

Why this is significant: The hearing next month is likely to focus partly on the threat of ongoing influence operations. On Tuesday, Facebook disclosed that it had shut down several accounts and pages linked to a coordinated influence campaign aimed at amplifying divisive issues ahead of the November elections. While the social media company has not attributed the operation to an individual or nation-state, some lawmakers suspect Russia in the effort.

Read more here.

 

CONSPIRACY THEORY JUMPS TO PRIMETIME: At President Trump’s rally in Tampa on Tuesday night, a conspiracy theorist who has slowly gained popularity under Trump’s presidency leaped into prime time — the anonymous “Q.”

Some attendees wore shirts with Q logos, while others held up posters promoting the theory: TV cameras even caught one person holding a sign reading “We are Q” as Trump stood in the background.

What is QAnon? A wide-ranging and vague theory, “QAnon” touches on a number of popular conspiracy theories: Democrats and prominent Hollywood figures are orchestrating underground pedophile rings; special counsel Robert Mueller’s probe is a front for investigating Hillary Clinton and Barack Obama for their ties to said rings; and hundreds of sealed indictments may have already been handed down in the Clinton case.

The theories are proliferating online, fanned by cryptic messages posted by a person or persons going by the initial “Q.” The persona first posted on 4chan last year, claiming to be a high-ranking security official in the Trump administration.

Among other things, Q alleges that Trump was persuaded to run for president by military leaders, and that together they are planning mass arrests of deep-state actors and perpetrators and will send them to be detained in Guantanamo Bay.

Why it matters: The theory has begun to shift from solely existing online: Q’s followers held a parade in Washington, D.C., earlier this year, with some calling for him to reveal his identity. Billboards referencing the theory have sprouted up in different parts of the country. And the Q supporters at Trump’s Tuesday night rally marked the community’s most high-profile appearance yet.

The Hill’s Jacqueline Thomsen takes a closer look here.

 

SENATE REJECTS PUSH FOR MORE ELECTION SECURITY FUNDING: Senators on Wednesday rejected an a Democratic proposal to provide states with more election security funding ahead of the 2018 midterm elections.

Senators voted 50-47 against adding an amendment from Sen. Patrick Leahy (D-Vt.) that would have provided the funding. Sixty votes were needed to include the proposal in the appropriations legislation under Senate rules.

Sen. Bob Corker (R-Tenn.) was the only GOP senator who voted in support of the amendment.

The proposal, spearheaded by Leahy, would have provided $250 million for state election security grants. Republicans argue more funding isn’t needed and that states haven’t yet spent the $380 million previously approved by Congress.

GOP Sen. James Lankford (Okla.) said that it was “far too early” for the Senate to sign off on more money.

Leahy fired back that the “lights are blinking red” and Congress should approve more money before the election.

“The president is not going to act. The duty has fallen to us. Let’s not after an election find out that this country was defenseless against attacks from Russia and say oh, gosh, we should have done something,” Leahy said.

Read more

 

MAJOR CYBER CRIME BUST: Federal prosecutors on Wednesday announced the arrest of three high-ranking members of a criminal hacking gang known as Carbanak.

Prosecutors in Seattle unveiled the indictments against Ukrainian nationals Dmytro Fedorov, Fedir Hladyr and Andrii Kopakov.

What they’re accused of: The individuals allegedly orchestrated a sophisticated hacking campaign targeting over 100 U.S. companies, breaking into computers at more than 3,600 business organizations across the United States.

The Ukrainians are accused of using phishing attacks and malware to harvest information on over 15 million payment cards from thousands of business locations across the U.S., which they then sold for profit.

The Ukrainians each face 26 felony counts of conspiracy, wire fraud, computer hacking, access device fraud, and aggravated identity theft.

The individuals were apprehended as a result of a long-term investigation led by an FBI cyber task force in Seattle. Federal officials collaborated with officials in Poland, Spain and Germany in order to secure the individuals’ arrests.

“Because hackers are committed to finding new ways to harm the American public and our economy, the Department of Justice remains steadfast in its commitment to working with our law enforcement partners to identify, interdict, and prosecute those responsible for these threats,” said Assistant Attorney General Brian Benczkowski, who oversees the Department of Justice’s criminal division.

The victims: The businesses targeted were primarily in the hospitality, restaurant and gaming industries. Some of the companies targeted in the attack include Chipotle, Arby’s, Sonic, Red Robin, and Jason’s Deli.

Read more here.

 

Meanwhile, FireEye released more information on the cyber crime operation, known as Carbanak or FIN7. Read THAT blog post here.  

 

SENATE PASSES MASSIVE DEFENSE POLICY BILL: The Senate on Wednesday easily passed the $717 billion annual defense policy bill despite some angst about its lack of a provision to block President Trump’s deal with Chinese telecommunications giant ZTE.

The Senate approved the compromise fiscal 2019 National Defense Authorization Act (NDAA) in a 87-10 vote, sending it to Trump’s desk for his expected signature and keeping it on track to become law before the start of the fiscal year for the first time since the fiscal 1997 bill.

The bill includes a number of cyber provisions, including language that sets the first-ever U.S. policy for cyber warfare, which was borrowed and amended from the Senate Armed Services Committee’s original version of the bill. The bill also includes a provision offered by Sen. Ben Sasse (R-Neb.) that would set up a “Cyberspace Solarium Commission” to develop a strategic approach to protecting U.S. assets in cyberspace. More from our colleagues covering defense here.

 

THIS WEEK’S DATA LEAK: A hacker broke into Reddit’s employee computer network in June, gaining access to some of its user data, the company announced Wednesday.

Reddit, the news aggregation and discussion website, said the hacker tapped into “current email addresses and a 2007 database backup containing old salted and hashed passwords” between June 14 and June 18, according to a blog post. The company learned about the attack on June 19.

The company in part blamed a failed two-step authentication process, which is supposed to add an extra security layer when a user logs into an account by requiring the user to enter a passcode sent to their phones when they try to log onto their employee accounts.

“[W]e learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept,” the post reads in part.

Reddit noted that the hacker only gained “read-only” access instead of “write access” in their company systems, meaning the backup data, source code as well as other logs were not accessed.

The attacker gained access to early Reddit data going back to the period of the site’s launch in 2005 to May 2007, the blog post says. In the early years, the company says it had fewer features and thus the “most significant data contained in this backup are account credentials, email addresses, and all content from way back then.”

The hackers may have also gained access to the email addresses linked to the Reddit users who subscribed to the company’s email digests — emails that contained suggested Reddit posts — between June 3 and June 17, 2018.

Read more here.

 

A LIGHTER TWITTER CLICK: Forget IOT, it is now IOD. The Internet of Dogs.

 

TIP OF THE DAY: If you don’t like dogs, get a shark.

 

A FEW OP-EDS TO CHEW ON: Cyber hacking the energy grid: Putting threats in context.

Uber set an example for new digital companies — the wrong example

 

NOTABLE LINKS FROM AROUND THE WEB:

Motherboard obtained documents that give insight into how Cyber Command prepares for offensive hacking operations.

A power outage took Homeland Security’s vulnerability scanning program offline. (CyberScoop)

Kavanaugh says privately that he thinks Mueller’s appointment is appropriate. (CNN)

Russian hackers are targeting a Swiss laboratory. (Defense One)

The man behind the ‘Dossier Center‘ leaking data on Russians. (Associated Press)

France has banned smartphones in schools. (AFP)

Sen. Mark Warner (D-Va.) writes in USA Today that it’s time for Congress to ‘adapt our laws to the internet age.’