Hillicon Valley: Experts worry North Korea will retaliate with hacks over summit | FBI works to disrupt Russian botnet | Trump officials look to quell anger over ZTE | Obama makes case for tighter regs on tech

Hillicon Valley: Experts worry North Korea will retaliate with hacks over summit | FBI works to disrupt Russian botnet | Trump officials look to quell anger over ZTE | Obama makes case for tighter regs on tech
© Getty

The Cyber and Tech Overnights are joining forces to give you Hillicon Valley, The Hill's new comprehensive newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley.

Welcome! Follow the cyber team, Morgan Chalfant (@mchalfant16) and Olivia Beavers (@olivia_beavers), and the tech team, Ali Breland (@alibreland) and Harper Neidig (@hneidig), on Twitter. Contact us with Scoops, tips, comments and even your funniest jokes.

Today's big story was President TrumpDonald John TrumpTrump threatens ex-intel official's clearance, citing comments on CNN Protesters topple Confederate monument on UNC campus Man wanted for threatening to shoot Trump spotted in Maryland MORE cancelling his planned summit with North Korea. We've got more on what that means for cybersecurity below. But first...

 

FBI VS. THE BOTS: The FBI is working to disrupt a massive, sophisticated Russia-linked hacking campaign that officials and security researchers say has infected hundreds of thousands of network devices across the globe.

The Justice Department late Wednesday announced an effort to disrupt a botnet known as "VPNFilter" that compromised an estimated 500,000 home and office (SOHO) routers and other network devices. Officials explicitly linked the botnet to the cyber espionage group known as APT 28, or Sofacy, believed to be connected to the Russian government.

Officials said that the U.S. attorney's office for the western district of Pennsylvania has obtained court orders allowing the FBI to seize a domain that is part of the malware's command-and-control infrastructure. This will allow officials to redirect attempts by the malware to reinfect devices to an FBI-controlled server, thereby protecting devices from being infected again after rebooting.

Assistant Attorney General for National Security John C. Demers in a statement described the effort as the "first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities."

The backstory: Cybersecurity researchers first began warning of the destructive, sophisticated malware threat on Wednesday. Cisco's Talos threat intelligence group said in a blog post Wednesday that VPNFilter had infected at least 500,000 devices in 54 or more countries.

Why it's important: The malware is the latest sign of the growing cyber threat from Russia.

We have more on the hacking fight here.

 

DAMAGE CONTROL ON ZTE: Top administration officials are trying to quell the backlash on Capitol Hill over a floated deal with Chinese telecommunications giant ZTE.

How? Treasury Secretary Steve Mnuchin and Commerce Secretary Wilbur RossWilbur Louis RossJuan Williams: Trump weaves web of corruption An even bigger China shock Judge says California lawsuit challenging census question can proceed MORE met on Wednesday evening with a group of GOP senators.

The lawmakers in the closed-door powwow included members of Senate GOP leadership and Sen. Marco RubioMarco Antonio RubioGOP lawmakers raise concerns over research grants to colleges with Confucius Institutes Paid family leave could give new parents a much-needed lifeline GOP looks to injure Nelson over Russia comments MORE (R-Fla.), who has been an outspoken critic of a potential agreement.

The meeting, according to Republican senators, was a chance for the administration to brief lawmakers on its feelings toward ZTE and China amid widespread skepticism.

"I think they did a good job explaining why they took the actions they took, and explaining what actions they are now planning to take," said GOP Sen. Bob CorkerRobert (Bob) Phillips CorkerForeign Relations senators push back on WH aid cut Schumer blasts Trump over security clearances: This happens in dictatorships Senate GOP targets musicians Ben Folds, Jason Isbell as 'unhinged left' ahead of rally for Dem candidate MORE (R-Tenn.), who took part in the meeting. "We had no knowledge. Now I have knowledge."  

GOP Sen. John CornynJohn Cornyn15 senators miss votes despite McConnell's criticism of absentees Sen. Warner to introduce amendment limiting Trump’s ability to revoke security clearances Sentencing reform deal heats up, pitting Trump against reliable allies MORE (R-Texas) added that, before the meeting, a "big concern was whether ZTE was being treated as a national security matter or just strictly as a trade issue that was kind of fungible in these trade agreements. ... They assured us that the lanes were separate."

We've got more on the White House damage control here.

 

MEANWHILE IN THE HOUSE, lawmakers approved annual defense policy legislation known as the National Defense Authorization Act (NDAA) Thursday morning, which includes a measure than would ban federal agencies from buying technology made by ZTE, Bloomberg reports. Check out our coverage of the NDAA vote here, from The Hill's defense team.

 

TRUMP CANCELS SUMMIT WITH NORTH KOREA: President Trump on Thursday canceled his nuclear summit with North Korean leader Kim Jong Un, citing Kim's "tremendous anger and open hostility" toward the United States.  

"I feel it is inappropriate, at this time, to have this long-planned meeting," Trump wrote in a letter to Kim that was released by the White House.

Speaking later at the White House, Trump said his "maximum pressure campaign" against North Korea would continue and threatened a military response if Kim resumes nuclear activity. But he also left the door open for the talks to take place if Kim takes "constructive" steps toward peace.

What will this mean in cyberspace? Priscilla Moriuchi of cyber threat intelligence firm Recorded Future surmised that the cancellation of the summit will provoke "some type of cyber-retaliation" from Pyongyang, "most likely denial-of-service or other disruptive attacks against U.S. government departments or military networks, defense contractors, and large American multinationals."

"This will be viewed by North Korean leadership as a slight against the Kim family which will raise the demand for response," Moriuchi, former head of the NSA's East Asia and Pacific cyber threats office, said in a statement. "Given the high degree of perceived offense against the Kim family, this response will likely occur in the coming weeks and months."

 

THE 'MOST DANGEROUS' THREAT: Threat intelligence firm Dragos on Thursday released new details about a hacker group known as "Xenotime" that is targeting industrial safety instrumented systems used to power critical infrastructure, calling it "easily the most dangerous threat activity" known to industrial control systems.

The research shows that the hacking group, which was behind an attack on a critical infrastructure organization in the Middle East disclosed late last year, has expanded its list of targets to other locations and begun to target new industrial safety systems--likely positioning itself to conduct future disruptive operations.

"The new info is that the team is active in multiple locations and has moved beyond just targeting one vendor's safety systems," Dragos CEO Robert M. Lee wrote on Twitter. "That 'is active' and 'beyond one vendor' language should bother everyone. It means the adversary is, predictably, continuing to evolve and target safety systems outside just the Middle East and if you have any safety system you should consider the risk."

Xenotime was behind an attack on a critical infrastructure organization in the Middle East that caused operations to shut down last year. The malware used in the attack, known as "Triton" or "Trisis," targets Triconex safety instrumented systems manufactured by Schneider Electric.

Dragos said Thursday that the threat actor "remains active" and is targeting organizations "far outside" of the Middle East, and that its activity is not limited to facilities powered by Triconex safety systems. The researchers also suspect that the hacking group is trying to position itself to wage destructive attacks on critical services.

"Dragos assesses with moderate confidence that XENOTIME intends to establish required access and capability to cause a potential, future disruptive--or even destructive--event," Dragos said in a blog post.

 

BITCOIN CRIMINAL PROBE: The Department of Justice (DOJ) has opened a criminal investigation into whether traders in some cryptocurrency markets are using illegal tactics to manipulate the price of digital currencies like bitcoin, Bloomberg News reported Thursday.

The investigation will examine whether traders are seeking to influence the value of digital currencies by engaging in illegal practices that could prompt others into buying or selling from their online wallet, four sources familiar with the matter told the news outlet.

As part of the probe, sources told Bloomberg that the DOJ is teaming up with the Commodity Futures Trading Commission (CFTC), an agency that oversees derivatives markets.

We've got more here.

 

DO WE HAVE A SCOOP FOR YOU: House Republicans set up three FBI interviews in Clinton probe, which will take place after lawmakers get back from recess.

 

FACEBOOK AD CHANGE: Facebook on Thursday rolled out a new change aimed at increasing the transparency of political ads on its platform.

The change requires both election and socially focused issue-based ads displayed on Facebook and Instagram to show a "paid for by" label explaining who or what group purchased the advertisement.

The label will link to more information about who purchased the ad and the ad itself, including details like the campaign budget associated with an individual ad and how many people viewed it as well as their demographic information, like age, location and gender.

Why this is important: The changes come in response to the scrutiny that Facebook and other technology companies faced after their platforms were used by Russian trolls interfering in the 2016 presidential election.

What are other tech companies doing?: Twitter and Google, which have also dealt with congressional scrutiny over their platforms being manipulated by Russian trolls, have also been rolling out their own political ad transparency efforts.

The companies are working under the threat of increased regulation by lawmakers who have introduced legislation to introduce their own requirements on digital political ad disclosures. 

We break it down here.

 

BLACK CAUCUS HITS AMAZON OVER FACIAL RECOGNITION SOFTWARE: The Congressional Black Caucus (CBC) on Thursday expressed concern over Amazon's facial recognition software, Rekognition, which the company has been marketing and selling to law enforcement agencies.

In a letter to Amazon obtained by The Hill, CBC Chairman Cedric Richmond (D-La.) pushed the company to be more careful in its development and deployment of facial recognition technology and artificial intelligence-assisted surveillance, which the ACLU brought to light in a report on Wednesday.

Richmond noted his concern that the technology could have an especially negative impact on communities of color. 

We look into the controversy here.

 

OBAMA CALLS FOR TIGHTER REGULATIONS ON SILICON VALLEY: Former President Obama now thinks there need to be tougher regulations on the tech industry in the wake of data scandals like the Facebook-Cambridge Analytica controversy.

"There's been a data breach, people are outraged, they feel they don't know that their data was used in a particular way, so then people [in the Valley and Washington] scramble to catch up to the headlines," Obama said at a conference in Las Vegas.

 

DEM WANTS HEARING ON LOCATION DATA LEAKS: Rep. Frank Pallone Jr.Frank Joseph PalloneHillicon Valley: Trump goes after Twitter, Facebook | House Dems call for Sinclair probe | Apple removes China gambling apps | Cryptocurrencies form self-regulatory group House Dem wants probe of White House call to FCC chair over Sinclair-Tribune merger Dem: Trump ‘placing politics over our national security’ by revoking Brennan’s clearance MORE (D-N.J.), the top Democrat on the House Commerce Committee, wants the panel to hold a hearing on reports of location data leaks at LocationSmart and Securus.

"A hearing on how this information was made available is necessary to better understand whether the privacy protections in the Communications Act were violated and whether Congress needs to take action to ensure users' data are protected," Pallone wrote in a letter to Rep. Greg WaldenGregory (Greg) Paul WaldenOvernight Health Care: Azar defends approach on drug rebates | Trump presses Senate to act quickly on opioid crisis | Kentucky governor's Medicaid lawsuit tossed Three scenarios for how leadership races could play out in the House House committee considering subpoena for Twitter CEO: report MORE (R-Ore.). "The issues raised by this incident mirrors the Facebook/Cambridge Analytica scandal and similarly must be closely scrutinized."

 

MORE TROUBLE FOR ELON MUSK: The United Auto Workers (UAW) is urging the federal labor board to investigate Tesla for a tweet written by its founder Elon Musk regarding his employees' attempts to unionize.

UAW charged that Tesla violated the National Labor Relations Act when Musk threatened to take away employee stock options if employees unionized, according to the complaint.

"Nothing stopping Tesla team at our car plant from voting union. Could do so tmrw if they wanted. But why pay union dues & give up stock options for nothing?" read Musk's tweet that the UAW complaint is based on. 

We've got the story here.

 

DRIVERLESS UBER DIDN'T RECOGNIZE PEDESTRIAN IN FATAL CRASH: The National Transportation Safety Board found that Uber's driverless car that hit and killed a pedestrian earlier this year misidentified the woman crossing the road.

The safety agency on Thursday said the vehicle's software detected the pedestrian six seconds before the collision, but initially believed the woman to be "an unknown object," then a vehicle and finally a bike.

 

A LIGHTER TWITTER CLICK: OKAY, who was it?

 

NOTABLE LINKS FROM AROUND THE WEB:

A court case in California alleges that Facebook conducts 'mass surveillance' through its apps. (The Guardian)

A Portland woman says her Amazon Alexa recorded a private conversation and sent it to a random contact. (KIRO)

Roger Stone sought damaging information on Clinton from WikiLeaks' Assange. (The Wall Street Journal)

Britain's attorney general suggests country could retaliate against destructive cyberattacks with missiles. (The Telegraph)

Elon Musk thinks you can crowdsource truth, but that's not how the internet works (The Verge)