Hillicon Valley: Trump cyber strategy lets US go on offense | AT&T urges court to let Time Warner merger stand | Conservatives want wife of DOJ official to testify | Facebook, nonprofits team up to fight fake news | DC camera hacker pleads guilty

Hillicon Valley: Trump cyber strategy lets US go on offense | AT&T urges court to let Time Warner merger stand | Conservatives want wife of DOJ official to testify | Facebook, nonprofits team up to fight fake news | DC camera hacker pleads guilty
© Getty Images

Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley.

Welcome! Follow the cyber team, Olivia Beavers (@olivia_beavers) and Jacqueline Thomsen (@jacq_thomsen), and the tech team, Harper Neidig (@hneidig) and Ali Breland (@alibreland). And CLICK HERE to subscribe to our newsletter.

 

GOING ON OFFENSE: The Trump administration on Thursday announced that the U.S. will now officially act to deter and respond to cyberattacks with offensive actions against foreign adversaries.

The U.S.'s new cyber strategy, signed by President TrumpDonald John TrumpSecret Service members who helped organize Pence Arizona trip test positive for COVID-19: report Trump administration planning pandemic office at the State Department: report Iran releases photo of damaged nuclear fuel production site: report MORE and now in effect, marks the federal government officially taking a more aggressive approach to cyber threats presented from across the globe.

ADVERTISEMENT

National security adviser John Bolton said that the actions are part of an overall deterrence strategy: Launching cyberattacks against actors in, or sponsored by, other nations, he said, will prevent those adversaries from attacking the U.S. in the first place.

Bolton also confirmed that Trump had signed a measure a few weeks ago rescinding an Obama-era directive on how cyberattacks against other countries are carried out. That directive required several agencies to weigh in on the decision to launch attacks against those in other countries. The Wall Street Journal first reported on the new directive last month.

"We will respond offensively as well as defensively," Bolton said, adding that "it's important for people to understand that we're not just on defense."

He also suggested that work on offensive efforts has taken place in the weeks since Trump signed the directive rescinding the Obama-era laws.

And he added that not every response to a cyberattack would necessarily occur in cyberspace, opening the door for other kinds of retribution like sanctions or military actions.

When asked if the U.S. is "engaged in cyber war," Bolton disputed the characterization. However, he said that he believed that the U.S.'s adversaries should be aware of the possibility of offensive action, and that he hoped it would deter future attacks. 

Read more here.

 

AT&T FIRES BACK AT DOJ IN TIME WARNER CASE: AT&T asked an appeals court on Thursday to reject the Justice Department's challenge of a federal judge's decision approving its $85 billion merger with Time Warner.

The telecom giant, which closed the merger in June, responded to the Justice Department's appeal on Thursday, arguing that prosecutors failed to prove during trial that the deal would hurt competition and raise prices for consumers.

"In the crucible of litigation, DOJ's claims were exposed as both narrow and fragile," AT&T wrote in its filing on Thursday.

A spokesman for the Justice Department did not immediately respond when asked for comment.

"We were pleased to respond to the government's opening brief and look forward to oral argument," David McAtee, AT&T's general counsel, said in a statement.

U.S. District Judge Richard Leon approved the merger unconditionally in June following a six-week trial, during which the Justice Department urged the deal be blocked outright. Leon dismissed the government's argument that the deal would allow AT&T to extract higher prices from competitors for Time Warner's popular programming.

AT&T and Time Warner merged days after the decision, with the new company rebranded as Warner Media.

Read more here.

 

TO TESTIFY OHR NOT: Conservative House Republicans are calling on their colleagues to subpoena Nellie Ohr, the wife of Justice Department official Bruce Ohr, after a deal fell apart this week that would have led to her voluntary testimony.

"Now that Nellie Ohr is not coming in it is time to subpoena her and get her in as soon as possible," Rep. Jim JordanJames (Jim) Daniel JordanGOP-Trump fractures on masks open up Democrats start cracking down on masks for lawmakers Comer tapped to serve as top Republican on House Oversight MORE (R-Ohio) said in an interview with The Hill.

He called it "unfortunate" that Ohr would not come in as planned on Friday for a deposition.

A Republican House Judiciary Committee aide separately told The Hill that the committee will use its subpoena power to try to compel Nellie Ohr to testify if she does not agree to do so voluntarily.

It's unclear why the deal fell apart to have Ohr interviewed behind closed doors with the House Judiciary and House Oversight and Government reform committees.

"Last week, we thought Nellie Ohr was going to be in for a deposition tomorrow. We thought she was coming in this Friday. Turns out she isn't. That is unfortunate," Jordan said during a phone interview.

GOP lawmakers are also threatening to subpoena Jim Baker, former FBI general counsel, if he does not agree to testify voluntarily. Baker had initially planned to meet with the committee in late August.

"The Committee continues to seek the testimony of Nellie Ohr and Jim Baker and will compel their testimony if necessary," the Republican House Judiciary Committee aide told The Hill. 

Read more here.

 

FIGHT LOOMS OVER PRIVACY LEGISLATION: The tech industry and consumer groups are gearing up for a fight as lawmakers begin considering whether to draft a national privacy law.

The push to get Congress to enact federal privacy standards is gaining new urgency after California passed what is seen as the nation's toughest privacy law this June. The measure forces businesses to be more transparent about what they do with consumer data and gives users unprecedented control over their personal information.

But the California law has sparked worries within the tech industry, which fears having to comply with a patchwork of varying state regulations.

Now industry groups are pushing Congress to pass a national privacy bill that would block states from implementing their own standards.

Privacy advocates are skeptical of the industry proposals and concerned that internet giants will co-opt the process in order to get protections that are weaker than the California standard implemented across the country.

"They do not want effective oversight. They do not want regulation of their business practices, which is really urgently needed," Jeff Chester, the executive director of the Center for Digital Democracy (CDD), told The Hill. "They're going to work behind the scenes to shape legislation that will not protect Americans from having all of their information regularly gathered and used by these digital giants."

Read more here.

 

DC POLICE HACKER PLEADS GUILTY: A Romanian woman pled guilty on Thursday for her involvement in hacking a series of computers linked to the D.C. Metropolitan Police Department's surveillance cameras in early 2017.

Eveline Cismaru along with her Romanian co-defendent, Mihai Alexandru Isvanca, illegally gained access to approximately 126 computers used by MPD. They then tried to use those systems to spread additional ransomware, as well as demand a ransom that would've totaled an estimated $60,800, according to authorities.

"While executing a ransomware attack, the conspirators converted a few of the computers into proxies and used those computers to disseminate additional ransomware and malware attacks," according to a joint press release from U.S. Attorney Jessie Liu for D.C., and U.S. Secret Service special agent Brian Ebert.

Cismaru, who is facing a maximum sentence of 25 years, is charged with two counts -- conspiracy to commit wire fraud and conspiracy to commit computer fraud.

Authorities say Cismaru and Isvanca disabled nearly two-thirds of the outdoor surveillance cameras operated by MPD in their cyberattack that started in early January 2017.

The cyberattack came shortly before the inauguration of President Trump, making the case a priority for investigators.

"This case was of the highest priority due to its impact on the Secret Service's protective mission and its potential effect on the security plan for the 2017 Presidential Inauguration," the press release says.

Read more here.

 

ANOTHER DAY, ANOTHER CYBER ATTACK ON A CALIFORNIA DEM: The campaign website of a Democratic congressional candidate in California was taken down by cyberattacks several times during the primary election season, according to cybersecurity experts.

Rolling Stone reported on Thursday that cybersecurity experts who reviewed forensic server data and emails concluded that the website for Bryan Caforio, who finished third in the June primary, was hit with distributed denial of service (DDoS) attacks while he was campaigning.

The attacks, which amount to artificially heavy website traffic that forces hosting companies to shut down or slow website services, were not advanced enough to access any data on the campaign site, but they succeeded in blocking access to bryancaforio.com four times before the primary, including during a crucial debate and in the week before the election.

Caforio's campaign didn't blame his loss on the attacks, but noted that he failed to advance to a runoff against Rep. Steve Knight (R-Calif.) by coming up 1,497 votes short in his loss against fellow Democrat Katie Hill.

The campaign tried several tactics to deter malicious actors, including upgrading the website's hosting service and adding specific DDoS protections, which in the end failed to deter the attacks.

"As I saw firsthand, dealing with cyberattacks is the new normal when running for office, forcing candidates to spend time fending off those attacks when they should be out talking to voters," Caforio told the magazine.

Keep in mind – This isn't the first time a Democratic candidate in California has been reported to be the victim of a cyberattack: Two others, who also lost their primary bids, were revealed to have been the targets of cyberattacks. But those don't appear to be targeted attacks, but rather the result of poor cybersecurity habits.

 

END OF SESSIONS?: President Trump has offered his most scathing attack on his attorney general to date, a move that could undermine Jeff SessionsJefferson (Jeff) Beauregard SessionsJustice Dept. considering replacing outgoing US attorney in Brooklyn with Barr deputy: report Tuberville campaign bus catches fire in Alabama Doug Jones cuts pro-mask campaign ad: 'Our health depends on each other' MORE's authority and accelerate his departure from the administration.

Trump delivered a forceful criticism of Sessions during an Oval Office interview with Hill.TV on Tuesday, saying that he doesn't "have an attorney general."

And while the president has attacked Sessions in the past, Republicans say these latest remarks solidify the belief that Sessions's days in the top law enforcement job are numbered.

"You can't be very effective if you don't have the confidence of the president, and clearly he lost the confidence of the president a long time ago," a former Trump transition official told The Hill.

"Their relationship is so openly toxic that it is hard for him to be effective, and I think it is hard for [Capitol Hill] to take him seriously knowing or believing that his days are numbers and his influence in the administration is so limited," the official continued.

Republican strategists told The Hill that despite Trump's recent fiery attacks, Sessions is likely safe until after the midterm elections. The firing of Sessions, or his resignation, would simply add to a sense of turmoil ahead of the midterms, something unlikely to help the GOP. 

Read more here.

 

HACKERS VS. VOTING MACHINES: Cybersecurity expert Dena Graziano on Thursday said foreign hackers are a legitimate concern for U.S. ballot machines.  

"I think anything is a justified and legitimate concern," Graziano told Hill.TV's Krystal Ball and Buck Sexton on "Rising," when asked whether a foreign government changing vote tallies in an election is a valid concern.

"We're looking at nation-state actors, who are very well resourced, very well motivated, and I think we have to look at all aspects of security and how we're securing all of that sensitive data whether it be your [personally identifiable information] or your vote," she continued.

Your grain of salt: Experts have largely said it would be extremely difficult for hackers to change any vote tallies -- it would likely require the hacker to be in person and have access to the machine which, in most cases, probably isn't going to happen.

Graziano also warned of an uptick in fake websites used to try and get users' information after the 2016 cyber hack of the Democratic National Committee.

"We decided that looking at the DNC hack, looking at the DNC red teaming issue that occurred a couple of months ago that we are going to see an uptick in fake websites," Graziano, senior government affairs director at Symantec, said.

"I think it's a really important option for website owners to be able to check those websites to make sure they are legitimate before people enter their information," she continued. 

Read more and watch here.

 

STEPPING UP THE SECURITY GAME: States have successfully increased cybersecurity surrounding their voter registration databases but still struggle with adopting some security measures, according to a new report released Thursday.

The Center for Election Innovation and Research (CEIR) found in a survey of 26 states between June and July of this year that the states had largely stepped up their cybersecurity efforts since the 2016 elections, including adopting tools to try to block some attacks.

The report found that most of the states were regularly auditing their systems and had trained staffers accessing the voter registration database about spear-phishing attacks. The attacks, which were utilized during the 2016 elections, attempt to trick users into giving their login credentials to hackers.

Still, the report highlighted several areas of improvement still needed. Multi-factor authentication, which requires users to verify that they are attempting to access their accounts, is only being used by 13 of the 26 responding states.

And the report found that the states could improve their password requirements for users, with five not imposing conditions like using three or more different kinds of characters or not utilizing common passwords. 

Read more here.

 

EQUIFAX TAKES A POUNDING: A British regulator hit the U.K. branch of Equifax with a fine of £500,000, or about $662,000, for failing to protect the personal information of people in the country during a cyberattack last year.

The fine from the Information Commissioner's Office was levied against Equifax Ltd, the British arm of American Equifax Inc., which experienced the massive data breach last year. It was the largest fine possible under a 1988 law, according to the regulator.

The office said in a statement Thursday that up to 15 million British citizens may have had their personal information exposed in the breach.

The regulator found that the division was responsible for making sure that the U.S. company was properly protecting the personal information of British people. 

Read more here.

 

GOOGLE TELLS CONGRESS 'YEAH WE'RE STILL DOING THAT': Google said in a letter to senators that it still allows app developers to scan and share data from users' Gmail accounts.

The letter, which was sent in July in response to questions posed by top Senate Republicans about potential misuse of information in user emails, said that while Google stopped scanning emails for ad targeting, developers still have access to accounts. Google released the email to the public on Thursday.

Susan Molinari, Google's vice president for public policy and government affairs for the Americas, explained that access is restricted.

Read more here.

 

FACEBOOK TEAMING WITH NONPROFITS OVER FAKE NEWS: Facebook said Wednesday that it's teaming with two U.S. nonprofits to fight the spread of disinformation that could impact elections.

The social media giant will work with the International Republican Institute and the National Democratic Institute to help Facebook understand integrity risks on its platform ahead of international elections, company executives said on a call Wednesday with reporters.

The institutes will help Facebook understand "the risks that people may face and what we might be able to do to mitigate those" around elections, Facebook executive Katie Harbath said on the call.

Read more here.

 

A LIGHTER TWITTER CLICK: We all need a reminder sometimes.

 

AN OP-ED TO CHEW ON: States are leading the way on data privacy.

 

NOTABLE LINKS FROM AROUND THE WEB:

The plot to subvert an election: Unraveling the Russia story so far (The New York Times)

They got 'everything': Inside a demo of NSO Group's powerful iPhone Mmalware (Motherboard)

NY court overturns $115 million patent judgment against Samsung (Reuters)

Amazon's new microwave: 'Alexa, please defrost my chicken' (The Wall Street Journal)