Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.
Welcome! Follow the cyber team, Maggie Miller (@magmill95), and the tech team, Harper Neidig (@hneidig) and Emily Birnbaum (@birnbaum_e).
MICROSOFT REVEALS IRANIAN HACKING EFFORT: An Iranian-linked threat group attempted to identify and attack various email accounts belonging to Microsoft customers over a 30-day period, including those linked to an unnamed U.S. presidential campaign as well as current and former U.S. officials, the company announced Friday.
In a blog post, Microsoft detailed how a group known as “Phosphorous,” which the company believes may be linked to the Iranian government, made around 2,700 attempts to target customer email accounts, and then attacked 241 of these accounts between August and September of this year.
In addition to U.S. officials and the unnamed campaign, the threat group also targeted accounts belonging to journalists covering global politics and to Iranians living outside of Iran, according to the company.
Microsoft said that four of the attacks successfully compromised email accounts, though none of them were related to the U.S. presidential campaign or the government officials.
Microsoft has notified the customers whose accounts were compromised by the threat group.
“While the attacks we’re disclosing today were not technically sophisticated, they attempted to use a significant amount of personal information both to identify the accounts belonging to their intended targets and in a few cases to attempt attacks,” Tom Burt, corporate vice president of Customer Security and Trust at Microsoft, wrote in the blog post.
“This effort suggests Phosphorous is highly motivated and willing to invest significant time and resources engaging in research and other means of information gathering.”
In targeting the email accounts, Phosphorous used research gathered on the individuals to try to take over the accounts through “gaming” the password reset process, including by accessing the user’s secondary email account to gain access to any verification emails sent from the Microsoft account.
MORE PRESSURE ON ZUCKERBERG: The House Financial Services Committee is turning up the heat as lawmakers push Facebook CEO Mark Zuckerberg to testify publicly about the company’s plans to launch a new digital currency this year.
The committee has told Facebook that it is not enough for the company’s chief operating officer Sheryl Sandberg – Facebook’s No. 2 in command – to testify on Oct. 29. Lawmakers, led by House Financial Services Chairwoman Maxine Waters (D-Calif.), are insisting the committee will not confirm Sandberg’s October hearing until Zuckerberg agrees to testify before January 2019, a congressional source told The Hill.
“The October hearing with Sandberg is not confirmed until Zuckerberg confirms that he will appear before the committee,” the source said. “The chairwoman has called for him to testify by January.”
Zuckerberg will be asked to testify about the digital coin Libra as well as other issues the committee has jurisdiction over, including data privacy and whether the platform’s online advertising system enables housing, employment or credit discrimination.
Facebook and a committee spokeswoman declined to comment.
For months, Waters has said publicly that she is planning to haul Zuckerberg before the committee to testify about his company’s new digital currency project Libra. The project has sent shockwaves throughout the financial world as regulators and policymakers grapple with how the current system can deal with the rise of a digital currency from a powerhouse like Facebook, which has over 2 billion users worldwide.
“We’ll have hearings, we’re going to continue to have investigations, we’re going to get Zuckerberg here,” Waters told The Hill in July, shortly after Facebook sent top Libra executive David Marcus to testify on the project in a pair of testy Capitol Hill hearings.
ENCRYPTION FIGHT HEATS UP: The Trump administration on Friday escalated its attacks on Silicon Valley’s use of encrypted messaging, with the FBI director calling Facebook’s plans to implement the technology a “dream come true for predators and child pornographers.”
FBI Director Christopher Wray said in a speech that Facebook’s effort to become a more privacy-focused platform threatens to upend the company’s status as one of law enforcement’s top allies in rooting out child sexual abuse online.
“Facebook would transform from the main provider of child exploitation tips to a dream come true for predators and child pornographers, a platform that allows them to find and connect with kids and like-minded criminals with little fear of consequences, a lawless space created not by the American people, or their elected officials, but by the owners of one big company,” Wray said.
His comments came at a summit hosted by the Department of Justice, where law enforcement officials warned of what they see as the danger posed by “warrant-proof” encrypted services. The technology allows users to send and receive messages shielded from surveillance, and the contents are inaccessible by the host companies, meaning authorities can’t compel access to them even when equipped with court orders.
Officials are singling out Facebook for its plans to incorporate encryption for all of its various platforms that are used by more than 2 billion people around the world.
Skills today for tomorrow’s Amazon jobs
“There is a huge need for software developers, and not just at Amazon. This program helps fill that gap that exists in industry right now.” Read more.
CHILDREN’S PRIVACY DEBATE UNFOLDS: A bipartisan group of senators on Friday sent a letter urging the Federal Trade Commission (FTC) to avoid weakening the country’s children online privacy rules as the agency works to update them.
The senators, including leading voices on children’s privacy such as Sen. Ed Markey (D-Mass.), urged the FTC to prioritize the interests of children as the agency updates the rules to enforce the Children’s Online Privacy Protection Act (COPPA).
The FTC is asking for public comment as the consumer protection agency reviews the “effectiveness” of the rule and whether it requires “additional changes” to keep up with the rapidly advancing technology sector.
“We write to strongly caution you against undertaking a process that ultimately weakens children’s privacy instead of improving it,” the senators wrote on Friday.
Just last month, Google settled with the FTC for $170 million over charges that it has made millions of dollars from violating COPPA. Though it was a record fine under the 1998 law, some lawmakers on Capitol Hill slammed the FTC for failing to impose a harsher penalty on a company with a revenue of $136.8 billion in 2018 alone.
MIGHT ALMOST BE TIME TO WORRY: A new study published Friday finds that cyberattacks on the operational technology (OT) involved in running critical utilities are increasing and says these attacks have the potential to cause “severe” damage.
The report, compiled by the manufacturing company Siemens and the Ponemon Institute, is based on survey responses from 1,700 utility professionals worldwide and focuses on cyber risks to electric utilities with gas, solar, or wind assets, as well as water utilities.
“The survey results show that risk is worsening, with potential for severe financial, environmental and infrastructure damage,” Siemens and the Ponemon Institute wrote in the report, also noting further down that “the risk that cyber attacks pose to the OT environment is increasing in frequency and potency as malicious actors’ ability to accurately target critical infrastructure assets improves.”
The OT involved in utilities refers to machines, networks and systems that are involved in transmitting or distributing power, as opposed to the information technology involved, which refers to the computers and mobile devices that enable business operations.
The report was released in conjunction with an event on the “state of OT security in the utilities industry” hosted by the Atlantic Council on Friday.
Former Homeland Security Secretary Michael Chertoff spoke at the event, sounding the alarm on what he described as a “real national security issue.”
DATA ACROSS THE POND: The United States and United Kingdom on Thursday signed an agreement allowing British law enforcement authorities to quickly access data held by U.S. tech giants during criminal investigations.
The first-of-its-kind agreement is expected to reinvigorate a long-simmering debate over what kind of access police around the world should have to the reams of personal information stored by the Silicon Valley giants.
The deal announced by the Department of Justice on Thursday night will allow law enforcement agencies in the U.S. and U.K. to demand electronic data from tech giants based in each others’ country “without legal barriers,” speeding up a process that previously took up to two years.
The agreement will also allow British and American law enforcement officials to demand data pertaining to criminal investigations directly from tech companies like Facebook and Twitter rather than going through the government.
Law enforcement previously relied on mutual legal assistance agreements.
“This agreement will enhance the ability of the United States and the United Kingdom to fight serious crime — including terrorism, transnational organized crime, and child exploitation — by allowing more efficient and effective access to data needed for quick-moving investigations,” Attorney General William Barr said in a statement.
Watch a new Amazon warehouse as it’s built
Rare video footage provides a bird’s-eye-view of the construction of a building in Canada that’s the size of 60 NHL-sized rinks. View here.
A LIGHTER CLICK: Making the best of every situation.
AN OP-ED TO CHEW ON: DOJ doesn’t go far enough to limit searches of consumer DNA services.
NOTABLE LINKS FROM AROUND THE WEB:
Google is investigating why it trained facial recognition on “dark-skinned” homeless people. (Motherboard)
Apple sued by app developer for alleged patent infringement, antitrust violation. (The Washington Post)
Attackers exploit 0-day vulnerability that gives full control of Android phones. (Ars Technica)