Hillicon Valley: Lawmakers ask whether massive hack amounted to act of war | Microsoft says systems were exposed in massive SolarWinds hack | Senators push to keep tech liability shield out of UK trade agreement

Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.

Welcome! Follow our cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@chrisismills) and Rebecca Klar (@rebeccaklar_), for more coverage.

ACT OF WAR?: Lawmakers are raising questions about whether the attack on the federal government widely attributed to Russia constitutes an act of war.

The hacking may represent the biggest cyberattack in U.S history, and officials are scrambling to respond.

The response is further complicated by the presidential transition — President Trump has yet to comment publicly on the attack — and the fact that the U.S. has no clear cyber warfare strategy.

“We can’t be buddies with Vladimir Putin and have him at the same time making this kind of cyberattack on America,” Senate Minority Whip Dick Durbin (D-Ill.) said of the attack during an interview Wednesday on CNN. “This is virtually a declaration of war by Russia on the United States and we should take that seriously.”

Sen. Mitt Romney (R-Utah) on Thursday compared the incident to Russian bombers “flying undetected over the entire country,” and harshly criticized Trump for not doing enough to counter the attack. 

“Our national security is extraordinarily vulnerable,” Romney said on SiriusXM’s “The Big Picture with Olivier Knox.” “In this setting, not to have the White House aggressively speaking out and protesting and taking punitive action is really, really quite extraordinary.”

Hackers believed to be part of a nation state have had access to federal networks since March after exploiting a vulnerability in updates to IT group SolarWinds’s Orion software. The hack has compromised the Treasury, State and Homeland Security departments and branches of the Pentagon, though it is expected to get worse. SolarWinds counts many more federal agencies as customers, along with the majority of U.S. Fortune 500 companies. 

Read more here. 

 

MICROSOFT SYSTEMS EXPOSED: Microsoft’s systems were exposed as part of the suspected Russian cybersecurity hack that targeted SolarWinds and hit multiple government agencies, people familiar with the matter told Reuters.

The people told the newswire that Microsoft’s own products were used to further attacks on others. It’s unclear how many Microsoft users were affected.

CNBC noted that multiple government agencies use Office 365, including the Department of Defense.

Microsoft spokesperson Frank Shaw said in a statement posted to Twitter that the company had detected malicious SolarWind binaries, which it removed. It has not found evidence of “access to production services or customer data.”

“Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others.”

Dozens of federal agencies had been breached earlier this year as part of the cyberattack on SolarWinds. The Cybersecurity and Infrastructure Security Agency issued an alert detailing the attack on Thursday, in which it warned that it posed a “grave risk” to federal and state governments, as well as private sector organizations.

Read more here.

 

SENATORS SAY KEEP SECTION 230 OUT: Senators from both sides of the aisle sent a letter to the U.S. Trade Representative on Friday urging him to keep language that mimics a U.S. tech liability shield to be left out of any potential free trade agreement with the United Kingdom. 

The letter, signed by two Democrats and two Republicans, urges Trade Representative Robert Lighthizer to refrain from including language that is modeled on section 230 of the Communications Decency Act in a trade agreement with the U.K.

The senators note the ongoing debate regarding Section 230, which grants tech companies liability protection for content posted by third parties. 

“Including a safe harbor clause in any future trade agreements will further allocate more power to companies at the expense of individuals,” Sens. Mark Warner (D-Va.), Rob Portman (R-Ohio), Richard Blumenthal (D-Conn.) and Chuck Grassley (R-Iowa) wrote. 

“Congress can and should debate about Section 230 and how it has enabled platforms to turn a blind eye as their platforms are used to facilitate discrimination, cyber-stalking, terrorism, online frauds, and more. We urge USTR to refrain from including this provision in this and future free trade agreements until that debate has concluded,” they added. 

A spokesperson for the Office of the United States Trade Representative was not immediately available for comment. 

Read more here. 

 

TWITTER TARGETS TOXIC TWEETS: Twitter said Thursday it is increasing its efforts to combat negativity on the platform by testing a feature that will show users prompts indicating mutual interests shared by them and people to whom they respond on the platform.

In an emailed statement to Mashable, the company confirmed it began testing the feature among roughly 10 percent of Android users who use English as their primary language on the platform.

The prompts will show users topics and mutual followers when then go to respond to individual people on the platform; a screenshot of the test in practice showed a user seeing topics such a “dogs,” “rap,” and “soccer” among the mutual topics listed under a banner that reads “you have things in common.”

“It’s human nature to feel wary when replying to someone you don’t know,” Christine Su, senior product manager for conversations at Twitter, told the news outlet. “In the heat of the moment, people can forget there’s another human behind a Twitter account. By showing what we have in common, we hope to remind people of what connects us as a starting point.”

Read more here. 

 

HAPPY HOLIDAYS FROM ZOOM: Zoom is lifting its 40-minute cap on free meetings for users during certain days this holiday season, the company announced this week. 

Zoom is allowing users unlimited meeting times during days spanning the end of Hanukkah, Christmas, New Year’s Eve and New Year’s Day, and the last days of Kwanzaa, as a “token of appreciation to our users during an extraordinary time,” the company said in a blog post. 

The dates and times for the unlimited meetings are: 10 a.m. on Dec. 17 to 6 a.m. on Dec. 19, 10 a.m. on Dec. 23 to 6 a.m. on Dec. 26, and 10 a.m. on Dec. 30 to 6 a.m. on Jan. 2. 

The time limit will be automatically lifted during the designated times, and users will not need to do anything to remove the limit, Zoom said. 

Read more here. 

Lighter click: Extreme ice fetching champ

An op-ed to chew on: The US government just reduced its IoT attack surface; private sector should step up

NOTABLE LINKS FROM AROUND THE WEB:

We need to learn how to talk to (and about) accidental conspiracists (Nieman Lab / Ben Collins)

QAnon is still spreading on Facebook, despite a ban. (The New York Times / Sheera Frenkel)  

The Activist Translating Climate Crisis Information Across the Globe (Motherboard / Samir Ferdowsi)