Today is Wednesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: digital-release.thehill.com/newsletter-signup.
The Commerce Department took a major step in cracking down on the use of hacking tools for surveillance by issuing a rule creating further controls on the export and transfer of some cybersecurity items. The move comes after the intensifying use of spyware by foreign governments to track and surveill individuals.
Meanwhile, Facebook CEO Mark Zuckerberg found himself in multiple hotseats, with the tech official asked to testify on the issue of childrens’ safety on Facebook before the Senate, and he was added to a lawsuit stemming from the Cambridge Analytica scandal. The House also took action, passing multiple bills to shore up security of the telecommunications sector.
Follow The Hill’s cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.
Let’s jump in.
The less surveillance the better
The Commerce Department on Wednesday took steps to crack down on the sale of certain hacking products used by foreign governments and other groups to surveil and repress individuals.
The agency’s Bureau of Industry and Security issued an interim final rule that establishes controls on the export, reexport or transfer of certain cybersecurity items, requiring a license to ship these products to any countries posing a national security or weapons of mass destruction risk, such as China and Russia.
Some governments banned: Users restricted from using these products, which include surveillance tools, would include governments posing a threat or subject to arms embargoes, and users who intend to use the products in a way that would compromise information systems without the owner’s permission.
“These items warrant controls because these tools could be used for surveillance, espionage, or other actions that disrupt, deny or degrade the network or devices on it,” the rule reads.
Commerce Secretary Gina Raimondo said Wednesday that the rule was intended to protect human rights.
Some background: The rule was issued following growing concerns about the use of hacking tools by foreign governments for surveillance purposes.
Apple last month released emergency updates for many of its products following the discovery of a vulnerability that allowed Israeli company NSO Group to infect Apple products with spyware. The vulnerability was discovered when Citizen Lab was investigating a phone used by a Saudi Arabian activist that had been infected with NSO Group spyware.
A MESSAGE FROM XEROX
Paging Zuckerberg
Sen. Richard Blumenthal (D-Conn.) is asking Facebook CEO Mark Zuckerberg to testify at a hearing about the company’s policies regarding kids’ safety online following the release of internal documents by a company whistleblower.
Blumenthal, chair of the Senate Commerce consumer protection subcommittee, asked the tech CEO Wednesday to appear before the panel himself or send Instagram head Adam Mosseri. Blumenthal underscored his request by doubling down on accusations that the company has been withholding information about the impact of its products on young users in a way that has misled Congress and the public.
“Parents across America are deeply disturbed by ongoing reports that Facebook knows that Instagram can cause destructive and lasting harms to many teens and children, especially to their mental health and wellbeing. Those parents, and the twenty million teens that use your app, have a right to know the truth about the safety of Instagram,” Blumenthal wrote in a letter.
A spokesperson for Facebook confirmed the company had received the letter, but did not comment further.
Read more about the request here.
He’s not alone: Executives from YouTube, TikTok and Snapchat will be in the hot seat next week at a Senate Commerce Committee hearing about the influence of social media on children, lawmakers announced Tuesday.
“Recent revelations about harm to kids online show that Big Tech is facing its Big Tobacco moment—a moment of reckoning,” subcommittee chairman Richard Blumenthal (D-Conn.) said in a statement. “We need to understand the impact of popular platforms like Snapchat, TikTok, and YouTube on children and what companies can do better to keep them safe.”
Read more about next week’s hearing here.
MORE LEGAL WOES
Washington, D.C., Attorney General Karl Racine (D) on Wednesday added Facebook CEO Mark Zuckerberg to an existing lawsuit alleging the social media giant failed to protect user data during the 2016 election.
This is the first time that Zuckerberg has been named in a complaint by an American regulator, according to Racine’s office.
The lawsuit, initially filed in 2018, focuses on the Cambridge Analytica scandal, when a data firm harvested information from as many as 87 million people without their knowledge.
“Based on the evidence we gathered in this case over the past two years and the District’s investigation more generally, it’s clear Mr. Zuckerberg knowingly and actively participated in each decision that led to Cambridge Analytica’s mass collection of Facebook user data, and Facebook’s misrepresentations to users about how secure their data was,” Racine said in a statement.
A MESSAGE FROM XEROX
A FACELIFT?
Facebook is planning to change the name of the company next week to something related to the “metaverse,” The Verge reported Tuesday.
The switch would reportedly see the classic Facebook app as one product alongside Instagram, WhatsApp and more under a yet-to-be-named parent company, a shift similar to the one Google did in 2015 when it created Alphabet.
A Facebook spokesperson declined to comment on The Verge’s report.
The social media giant has been pouring more resources into its metaverse project, which CEO Mark Zuckerberg has described as an “embodied internet,” announcing plans earlier this week to hire 10,000 workers dedicated to it in Europe over the next five years.
House passes telecom bills
The House on Wednesday approved multiple bipartisan bills aimed at securing U.S. telecommunications systems against foreign interference, in particular against threats from China.
The Secure Equipment Act, sponsored by House Minority Whip Steve Scalise (R-La.) and Rep. Anna Eshoo (D-Calif.), was approved by the House by a vote of 420-4, and would require the Federal Communications Commission (FCC) to take steps to block authorization of products from companies on the agency’s “covered list.”
Companies on this list include Chinese telecom giants Huawei and ZTE, which both Congress and the Trump administration took steps to block from the U.S. due to national security and espionage concerns.
The House on Wednesday also passed the Communications Security Advisory Act, which would require the FCC to permanently establish a council to help make recommendations on ways to increase the security and reliability of telecommunications networks.
Read more about the bills here.
House also passed a bill to strengthen IT supply chain: The House on Wednesday approved legislation to strengthen software and information technology supply chains at the Department of Homeland Security (DHS), and help protect against attacks similar to last year’s SolarWinds hack.
The DHS Software Supply Chain Risk Management Act, sponsored by Rep. Ritchie Torres (D-N.Y.) passed the lower chamber overwhelmingly in a vote of by a vote of 412-2.
The legislation would require DHS to issue department-wide guidance that all contractors submit lists of their software materials and the origins of each item to DHS for review. This would allow the agency to have greater insight into potential software vulnerabilities.
Senate blocks voting bill
Senate Republicans on Wednesday blocked Democrats from advancing a revised bill to overhaul federal elections, marking the latest blow to hopes of getting voting legislation to President Biden.
The Senate voted 49-51 to end debate on whether to bring up the bill, known as the Freedom to Vote Act, falling short of the 60 needed.
The bill would make Election Day a national holiday, set national minimum standards for early voting and voting by mail and include standards for states requiring voter identification. It also has new requirements on disclosing who is behind online ads and aims to stop partisan gerrymandering.
The legislation also includes provisions to secure elections, including requiring states to use voting systems with paper ballots and providing around $3 billion in grants to states to buy voting machines and upgrade cybersecurity.
NOT THE GOOD KIND OF COOKIES
Google on Wednesday reported it has tracked and disrupted an email phishing campaign tied to Russian-speaking hackers that has targeted YouTube users since 2019 as part of a cryptocurrency scam effort.
In a blog post published Wednesday, Google’s Threat Analysis Group (TAG) detailed how the hackers had used “cookie theft malware” to compromise the YouTube accounts in order to hijack the channels, sell them or use them for broadcasting cryptocurrency scams.
The hackers, who Google said were recruited from a Russian-speaking “hack-for-hire” forum, used emails proposing faked collaboration opportunities with the YouTube channels to send malware or phishing email links to the users.
TAKING CANDY FROM THE MASSES
Ferrara, the U.S. candy manufacturer behind some of America’s most popular candies, has been hit by a ransomware hack that encrypted its systems at the most inopportune time for a candy-maker: right before Halloween.
The company has its headquarters in Chicago and is the creator of Everlasting Gobstoppers, Lemonheads, Now and Later, Nerds, SweeTarts, Laffy Taffy, Red Hots, Pixy Stix, Atomic Fireballs, Boston Baked Beans and other popular candy brands. They also make Keebler brand treats and Famous Amos cookies.
Ferrara said in an email to The Hill that the company has only been able to resume production “in select manufacturing facilities” but is shipping “near to capacity” and from “all our distribution centers across the country.”
BITS AND PIECES
An op-ed to chew on: Stop putting Band-Aids on telecom shortfalls — jump ahead to 5G
Lighter click: The Simple Selfie
Notable links from around the web:
He took a job with his college buddy’s sister, Elizabeth Holmes. Now he’s a witness in her trial (CNN / Sara O’Brien)
The tech billionaire aiding the Facebook whistleblower (Politico / Emily Birnbaum)
The true cost of upgrading your phone (The New York Times / Brian Chen)
One last thing: The culprit for Sinclair attack emerges
A well-known Russian hacking group previously sanctioned by the United States is behind the crippling ransomware attack on Sinclair Broadcast Group that is continuing to impact news stations across the country, according to a new report.
Bloomberg News cited multiple people “familiar with the attack” in reporting that a group known as Evil Corp. was behind the ransomware attack, which occurred late last week and was disclosed by Sinclair both to the Securities and Exchange Commission and to the public on Monday.
According to Bloomberg, the hackers used a malware virus known as Macaw to attack Sinclair. The company confirmed that data had been stolen in the attack, but that it was still working to determine exactly what data was stolen.
The Hill reached out to Sinclair for comment.
Evil Corp. was the target of a multiagency effort in 2019 after it was accused of using its Dridex malware to steal more than $100 million from hundreds of banks and financial entities in more than 40 countries.
That’s it for today, thanks for reading. Check out The Hill’s technology and cybersecurity pages for the latest news and coverage. We’ll see you Thursday.
{mosads}