Hillicon Valley: Cyberattacks expose campaign security flaws | Google reveals bug that exposed 500,000 users | Facebook exec hosted Kavanaugh celebration | Apple denies China breach report

Hillicon Valley: Cyberattacks expose campaign security flaws | Google reveals bug that exposed 500,000 users | Facebook exec hosted Kavanaugh celebration | Apple denies China breach report
© Istock

Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley.

Welcome! Follow the cyber team, Olivia Beavers (@olivia_beavers) and Jacqueline Thomsen (@jacq_thomsen), and the tech team, Harper Neidig (@hneidig) and Ali Breland (@alibreland). And if you don't receive it, CLICK HERE to subscribe to our newsletter.


CAMPAIGNS BEWARE: The spotlight on cyber vulnerabilities of political campaigns has grown brighter after three Democratic campaigns in California were hacked during the state's primary elections.

The campaigns of Bryan Caforio, Hans Keirstead and David Min all fell victim to cyber intrusions this year, underscoring a shortcoming that applies to political operations of various sizes: insufficient protections to guard against cyberattacks.

The problem is particularly acute for smaller-scale campaigns, which often have fewer resources to ensure their technology and communications are secure, while incumbents can draw from bigger campaign accounts.

But having more cash on hand doesn't always mean it'll be used to beef up protections. A recent McClatchy analysis of Federal Election Commission filings found that only six candidates running for seats in the House and Senate this election cycle have spent more than $1,000 on cybersecurity measures.


Patrick Sullivan, head of the security team at cloud services provider Akamai Technologies, estimated that basic cybersecurity measures for a political campaign would cost around $2,000 a month.

"Depending on the level they want, those things can be pretty affordable to at least do the basic things like protect your website from defacement and distributed denial of service [DDoS] attacks," Sullivan told The Hill. "You can purchase that as a utility over just a short period of time."

Read all about it, right here.


GOOGLE PLUS GETS MINUSED: Google on Monday revealed that a software bug exposed data on as many as 500,000 users of Google Plus, the company's social network program.

In a blog post, Vice President of Engineering Ben Smith said that the company discovered in March that a glitch was giving third-party developers access to private information like names, email addresses and occupations in some user profiles.

"We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused," Smith wrote.

The company said it would be shutting down Google Plus.

The company said as many as 438 developers had access to the information.

The Wall Street Journal, which first reported the incident, said part of the reason Google decided not to reveal the incident when it was initially discovered was because it would attract unwanted attention from regulators at a time when Facebook was facing criticism from Washington over the Cambridge Analytica scandal.

According to Smith, the Google Plus breach was not damaging enough to warrant notifying the public. 

Read more here.


HOW A GOP OPERATIVE TRIED TO GET HILLARY'S EMAILS: Longtime Republican operative Peter Smith raised at least $100,000 to obtain what he thought were emails stolen from Hillary Clinton in the run-up to the 2016 presidential election, according to a report from The Wall Street Journal on Sunday.

The Journal last year reported Smith's attempts to obtain Clinton's deleted emails from hackers in the weeks running up to the 2016 election.

The paper reported Sunday that Smith gained $100,000 from at least four backers and contributed $50,000 of his own money toward the effort.

The donations were made in the name of a Washington scholarship fund for Russian students, according to the Journal. The newspaper could not determine whether the scholarship fund existed.

However, the donations were referenced in an email titled "Wire Instructions--Clinton Email Reconnaissance Initiative" that the Journal reviewed in an account used by Smith. Read more here.


FACEBOOK EXEC HOSTED KAVANAUGH CELEBRATION: Facebook's vice president of public policy, Joel Kaplan, hosted a gathering on Saturday night in Washington, D.C., to celebrate Brett Kavanaugh's controversial nomination to the Supreme Court.

About 25 attendees showed up to Kaplan and Laura Cox Kaplan's celebration, including Brett and Ashley Kavanaugh, as first reported by Politico.

Laura Cox Kaplan, lobbyist Ginger Loper and several other women who supported Kavanaugh organized the event.

Facebook stressed that it doesn't have rules on what its employees do in their private lives outside of work.

That hasn't stopped its employees from being outraged that a high-level employee backed a Supreme Court nominee who faced multiple sexual misconduct allegations.

Several outlets, including The New York Times, detailed internal backlash at Facebook over Joel Kaplan sitting behind Kavanaugh as he testified about Christine Blasey Ford's allegation that he sexually assaulted her in high school.

Read more here.


APPLE SAYS CHINA DIDN'T GET TO ITS CORE: Apple's top security employee told Congress on Monday that it has not found anything to suggest that its systems were compromised through a sophisticated breach of its supply chain.

George Stathakopoulos, the company's vice president of information security, wrote in a letter to the Senate Commerce and House Energy and Commerce committees that Apple had conducted multiple investigations and not found evidence of the cybersecurity breaches detailed in a story published by Bloomberg Businessweek last week.

"We are eager to share the facts in this matter because, were this story true, it would rightly raise grave concerns," Stathakopoulos wrote in his letter.

The article reported that chips manufactured by Super Micro had been compromised by the Chinese government, which installed small chips, slightly larger than a grain of rice, onto motherboards which were sold to other companies including those with U.S. government contracts and Apple and Amazon.

Amazon has also denied the veracity of Bloomberg Businessweek's report.

Apple said that it had conducted internal investigations on the claims in the Bloomberg report, but said that the most important points of the story were false.

"In the end, our internal investigations directly contradict every consequential assertion made in the article," Stathakopoulos wrote. 

Read more here.

It's not the first rebuttal: The Department of Homeland Security (DHS) said over the weekend that it has "no reason" to doubt multiple companies that said their equipment was unaffected in a Chinese hacking scheme reported on by Bloomberg.

"The Department of Homeland Security is aware of the media reports of a technology supply chain compromise. Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story," DHS press secretary Tyler Houlton said in a statement late Saturday.


HAPPY COLUMBUS DAY: The foreign language–learning app Duolingo has introduced courses in two indigenous languages to mark Columbus Day, which is celebrated as Indigenous Peoples Day in some cities.

The app, which has more than 300 million users, launched programs in Hawaiian and Navajo, according to ABC News.

Myra Awodey, the app's lead community specialist, told ABC News that adding indigenous languages to Duolingo can help preserve the languages for future generations.

"When we lose a language, we lose access to an entire history of a kind of culture," Awodey said.

Awodey said that Navajo is the most popular indigenous language in North America, with more than 332,000 Americans claiming Navajo ancestry. 

Read more here.


FACEBOOK WANTS TO PUT A CAMERA IN YOUR HOME: Facebook announced on Monday that it is producing a new voice-activated device called Facebook Portal that will come with a screen, video camera and a microphone.

The new smart home device also includes an always-listening Amazon Alexa-voice assistant, and is likely to bring new scrutiny to a company already dealing with the fallout of several data privacy controversies.

Facebook will offer the new device in two different display sizes. It will let users video chat with one another through its connection to Facebook Messenger, use A.I. assistant Alexa and watch and listen to music and TV shows.

Facebook, anticipating questions about security, noted several safeguards in its Portal press release and created an entire separate page touting its security.

Read more here.


A LIGHTER TWITTER CLICK: Times are a-changin'. And if you're listening, please send snacks.


AN OP-ED TO CHEW ON: If China isn't exploiting our electronics supply chain, it will.



Second Skripal attack suspect identified as Russian military doctor in report. (The Hill)

Are wireless voting machines vulnerable? Florida, other states say they're safe enough (McClatchy)

Tech workers now want to know: What are we building this for? (The New York Times

How algorithms are dubiously kicking people off food stamps. (The Intercept)

Facebook's move into Uganda. (The Wall Street Journal)