Today is Thursday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: digital-release.thehill.com/newsletter-signup.
Follow The Hill’s cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.
DIGITAL INFRASTRUCTURE
Beyond Broadband: Building A More Connected World—Tuesday, Oct. 26 at 2:00PM ET/11:00AM PT
Digital infrastructure is now seen to be just as vital as more traditional infrastructure investments like roads and bridges. But are we thinking about the whole picture when we talk about digital infrastructure? As part of The Hill’s A More Perfect Union festival, join us for a discussion on how we define and approach our nation’s digital infrastructure needs with Rep. Cathy McMorris Rodgers (R-Wa.), Brookings’ Dr. Nicol Turner Lee, National Digital Inclusion Alliance’s Angela Siefer, and the Joint Center’s Dr. Dominique Harrison.
The fallout from the leaked Facebook documents continued Thursday, with the Facebook Oversight Board accusing the tech giant of failing to provide the board with information about the cross-check system that reportedly kept certain VIP users shielded from content moderation policies.
Meanwhile, a well-known hacking group has been discovered masquerading as a fake cybersecurity company in order to recruit workers to help carry out ransomware attacks, and the U.S. and other nations reportedly carried out an operation that knocked the REvil ransomware group offline.
Let’s jump in.
Facebook withheld information about its VIP program, Oversight Board says
Facebook failed to provide its Oversight Board with information about its cross-check system that reportedly kept certain VIP users — including former President Trump — from facing the platform’s content moderation policies, the board said Thursday.
Not enough information: The board said Facebook “has not been fully forthcoming on cross-check,” accusing the company of failing to provide “relevant information” or providing information that was “incomplete.”
The board highlighted concerns about Facebook’s apparent withholding of information about the system when sending the board the case related to the suspension of Trump’s account.
“Given that the referral included a specific policy question about account-level enforcement for political leaders, many of whom the Board believes were covered by cross-check, this omission is not acceptable,” the board wrote in a blog post published alongside its quarterly transparency report.
“Facebook only mentioned cross-check to the Board when we asked whether Mr. Trump’s page or account had been subject to ordinary content moderation processes.”
A MESSAGE FROM XEROX
There are better jobs out there, we promise
A hacking group linked to the ransomware attack on Colonial Pipeline earlier this year is posing as a fake company to recruit individuals to help carry out further attacks, according to a report published Thursday.
Bad recruiters: According to a report from cybersecurity group Recorded Future’s Gemini Advisory, prolific cybercriminal group FIN7 is running a fake company known as “Bastion Secure” aimed at recruiting more talent to carry out ransomware attacks.
The Wall Street Journal first reported the findings Thursday, citing both the report from Recorded Future and a presentation given by Microsoft officials at a conference earlier this month. The FIN7 group allegedly wrote the software used to carry out an attack on Colonial Pipeline in May, causing temporary gas shortages in multiple states.
First-hand experience: The findings came after an employee for Gemini Advisory was contacted and offered a job as an IT specialist for the Bastion Secure group, and was given tools to work with during the interview process that are commonly used to carry out ransomware attacks.
Bastion Secure reportedly employed a legitimate website to masquerade as a real company, but Gemini analysts determined it was a copy of a real cybersecurity group’s website that was hosted by a Russian domain registrar. Based on language used on the website, the analysts determined those behind it were likely Russian speakers.
HACKERS CAN RUN, BUT THEY CAN’T HIDE
The United States and other nations earlier this week in a joint operation hacked and forced offline the REvil cyber criminal group, which has been linked to several major ransomware attacks this year.
Reuters reported Thursday citing multiple officials and private sector experts that the FBI, U.S. Cyber Command, the Secret Service, and the governments of other unnamed nations had breached servers used by REvil to carry out attacks in an effort to disrupt their operations.
The Hill reached out to the FBI, U.S. Cyber Command, and the Cybersecurity and Infrastructure Security Agency (CISA) for comment.
REvil was linked by the FBI in July to the ransomware attack against IT group Kaseya, which impacted up to 1,500 companies, and earlier in the year to the ransomware attack on meat producer JBS USA.
A MESSAGE FROM XEROX
NEW AI BILL
A new bipartisan Senate bill introduced Thursday is aiming to secure data collected by artificial intelligence technologies, such as facial recognition technologies, as these types of technologies continue to grow in use.
The GOOD AI Act would require the Office of Management and Budget to establish and consult with an AI working group in ensuring that all federal contractors are taking adequate steps to secure data obtained through AI, and that the data is being used to protect national security while not compromising privacy.
The AI working group would be made up of experts from across the federal government, and ensure that the data collected by federal contractors is not abused or sold in any way.
The legislation has strong bipartisan backing, being sponsored by Senate Homeland Security and Governmental Affairs Committee Chairman Gary Peters (D-Mich.) and ranking member Rob Portman (R-Ohio).
GOOGLE CUTTING FEES
Google is planning to lower fees it charges subscription services on its app store amid criticism from developers and lawmakers, Bloomberg News reported.
The company announced Thursday that starting Jan. 1, its Play Store will charge third-party app developers a 15 percent commission.
Apps that aren’t subscription based will still have to share 30 percent of their revenue, but it will drop to 15 percent for the first $1 million in revenue.
Google previously charged subscription apps a 30 percent commission for the first year, then 15 percent afterward.
The update comes as critics argue Google’s and fellow competitor Apple’s app stores have grown too powerful, causing developers to abide by the restrictive rules.
Facebook’s French deal
Facebook agreed to compensate French news publishers for content shared on the social media platform, the company announced Thursday.
Facebook said the deal with Alliance de la presse d’Information générale, which represents papers across France, will allow users to “continue to freely share news within their communities, while ensuring the protections of neighboring rights of our publishing partners.”
The company said it had been working with the Alliance since October 2019, when France introduced a copyright law known as “neighbouring rights” that aimed to allow publishers to be compensated for use of their content by tech giants.
BITS AND PIECES
An op-ed to chew on: How government and industry are failing in battle against ransomware attacks
Lighter click: The essential questions in life
Notable links from around the web:
Transparency can help fix social media — if anyone can define it (Protocol / Ben Brody)
Internet providers fail to inform Americans about how they use sensitive data for advertising (CyberScoop / Tonya Riley)
Pranksters have already defaced Trump’s new social network (The Washington Post / Drew Harwell)
Death of a TikTok Cosplay Star (Rolling Stone / EJ Dickson)
Sam Altman’s Worldcoin wants to scan eyeballs in exchange for crypto (TechCrunch / Lucas Matney)
One last thing: ICYMI, Trump to launch ‘Truth Social’
Former President Trump on Wednesday announced the upcoming launch of his own social media network called “Truth Social.”
“I created TRUTH Social and TMTG to stand up to the tyranny of Big Tech. We live in a world where the Taliban has a huge presence on Twitter, yet your favorite American President has been silenced. This is unacceptable,” Trump said in a release.
“I am excited to send out my first TRUTH on TRUTH Social very soon. TMTG was founded with a mission to give a voice to all. I’m excited to soon begin sharing my thoughts on TRUTH Social and to fight back against Big Tech. Everyone asks me why doesn’t someone stand up to Big Tech? Well, we will be soon!” he added.
Trump was largely banned from major social media networks, including Facebook and his favored Twitter, at the beginning of the year after the deadly Jan. 6 Capitol riot. After leaving office, he operated a blog similar in style to Twitter before shutting it down about a month after it was started.
That’s it for today, thanks for reading. Check out The Hill’s technology and cybersecurity pages for the latest news and coverage. We’ll see you Friday.