Hillicon Valley: FBI investigating NRCC cyber breach | AOL parent fined $5M over children's privacy concerns | Quora joins Marriott in latest data leaks | NYPD reveals new drone fleet | IRS warns of 'surge' in tax phishing scams

Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley.

Welcome! Follow the cyber team, Olivia Beavers (@olivia_beavers) and Jacqueline Thomsen (@jacq_thomsen), and the tech team, Harper Neidig (@hneidig). And CLICK HERE to subscribe to our newsletter.


WE'VE GOT A LIVE ONE: The FBI is investigating a cyber breach that hit the House Republican campaign arm earlier this year, a spokesperson for the group said Tuesday.

The National Republican Congressional Committee (NRCC) was alerted to the breach in April, according to Politico, which first reported the intrusion. At that point, four committee aides had been surveilled for months, according to the news outlet.

Ian Prior, a vice president at the public relations firm hired by the NRCC to oversee its response to the breach, confirmed the intrusion in an email to The Hill.


"The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity," said Prior, a former Justice Department official. "The cybersecurity of the Committee's data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter."

"To protect the integrity of that investigation, the NRCC will offer no further comment on the incident." 

Read more here.


IS IT BREACH WEEK?: Hackers may have stolen the personal data of around 100 million users of the question-and-answer website Quora, the company announced on Monday evening.

Quora said it discovered on Friday that hackers may have compromised account information such as email addresses, passwords and private direct messages, as well as questions and answers posted on the platform by users, the company wrote on its site.

"The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious," the firm wrote, while noting that posts written anonymously were not affected by the breach.

Quora, which is investigating the hack, said it has retained "a leading digital forensics and security firm to assist" as it seeks to assess the damage and impact of the attack. 

Read more here.


OFF LIMITS: Oath, the Verizon-owned media company that encompasses the former Yahoo and AOL brands, has agreed to pay $4.95 million to settle charges that it violated children's online privacy by improperly tracking them and auctioning off their data to advertisers.

The settlement, reached with the New York attorney general's office, is the largest-ever enforcement action under the 1998 Children's Online Privacy Protection Act (COPPA).

"COPPA is meant to protect young children from being tracked and targeted by advertisers online. AOL flagrantly violated the law -- and children's privacy -- and will now pay the largest-ever penalty under COPPA," state Attorney General Barbara Underwood (D) said in a statement. "My office remains committed to protecting children online and will continue to hold accountable those who violate the law."

According to Underwood's office, AOL's ad-placing business had not been COPPA-compliant until last year and the company had knowingly been disclosing data collected on children under 13 to third parties in violation of the law. 

Read more here.


GOOGLE THIS: Google CEO Sundar Pichai's appearance before the House Judiciary Committee has been rescheduled for December 11 after lawmakers halted business on the Hill this week to honor former President George H.W. Bush.

Pichai's highly anticipated testimony was originally scheduled for Wednesday, December 5.

The executive agreed to testify earlier this year after House Republicans assailed Google and other tech giants with accusations of anti-conservative bias. 

Read more here.


IT'S FLY TIME: The New York Police Department (NYPD), the largest police force in the U.S., on Tuesday revealed its fleet of 14 drones, saying they will be used to aid policing efforts across the city.

"Whether it's a search and rescue mission, an inaccessible crime scene, a hostage situation, or a hazardous material incident, this technology will undoubtedly help keep New Yorkers and officers safe," the NYPD said in a statement.

Civil liberties groups raised concerns about the use of drones in a city with a history of surveilling its residents, particularly Muslims and other minority groups.

The NYPD said officers will not use the unmanned aerial vehicles to unlawfully spy on New York residents. Instead, it said the drones will aid police during large events, hostage situations and hazardous waste spills. 

Read more here.


WHAT'S GOING ON HERE: Rep. Jamie RaskinJamin (Jamie) Ben RaskinCongress must enact a plan to keep government workers safe Five takeaways from Fauci's testimony GOP lawmakers comply with Pelosi's mask mandate for House floor MORE (D-Md.), whose district is home to Marriott International, says the company is still struggling to understand the massive data breach that may have affected 500 million customers.

"Marriott seems to be still be in the dark about a lot of what happened," Raskin told The Hill on Monday. "My sense is that Marriott has tried to be as transparent as it can be but they don't have a clear idea as how it happened."

The Maryland Democrat said he called and spoke at length to the company's CEO on Friday, the day the breach was disclosed.

"I was very troubled about it when I heard it," Raskin said of the news. "I thought it was a typo when I read that it affected 500 million people." 

Read more here.


A DIFFERENT KIND OF TAX FRAUD: The IRS said Tuesday that it's seen a "surge" in reports of tax-related email phishing scams, warning taxpayers to be on the lookout so that their information and refunds are not stolen by identity thieves.

The agency said that it received reports of more than 2,000 tax-related scam incidents from January through October, while it received about 1,200 reports of incidents in 2017. The recent increase in reports of phishing scams follows several years of declines in reported incidents, the IRS said.

The phishing attacks involve scammers using emails or websites to get taxpayers to provide them with their personal, tax and financial information. Scammers will often pose in their emails as people that the recipients think they can trust, the IRS said. 

Read more here.


FCC'S NEXT TEST: Nexstar Media Group's deal to buy Tribune Media Company for $4.1 billion is the latest merger to test Trump administration regulators tasked with overseeing a rapidly consolidating media industry.

If approved, the deal will make Irving, Texas-based Nexstar the largest local TV broadcaster in the country, with 216 stations in 118 different markets reaching at least 39 percent of the nation's television-viewing households.

The two came together to explore a merger after Sinclair Broadcast Group's $3.9 billion deal to buy Tribune fell apart after running into opposition from regulators at the Department of Justice and the Federal Communications Commission (FCC).

The FCC was concerned about a handful of side deals proposed by Sinclair to sell off certain stations from the combined company in order to bring it within the regulatory limits on media ownership. Some of the sales had proposed prices that were well below market value and the buyers were entities that were closely aligned with, or effectively controlled by, Sinclair.

The Sinclair deal also encountered popular opposition over the right-leaning broadcaster's "must-run" editorial packages. Those segments included conservative and pro-Trump messages that Sinclair required its local stations to run. 

Nexstar doesn't have the same political baggage as Sinclair, but critics are just as concerned about its proposal to consolidate so many local news outlets across the country under one umbrella.

Read more here.


WE CAN'T MAKE THIS UP: The founder of a new dating app for supporters of President TrumpDonald John TrumpUPS, FedEx shut down calls to handle mail-in ballots, warn of 'significant' problems: report Controversial GOP Georgia candidate attempts to distance from QAnon Trump orders TikTok parent company to sell US assets within 90 days MORE says the company will sue liberals who try to join.

Christy Edwards Lawton, founder of the app Righter, told The Daily Beast in a story published Tuesday that her legal team is prepared to file lawsuits against leftists who try to infiltrate the platform after it launches later this month.

"I have a very nice legal team that will be handling that," Lawton said. "This is zero tolerance."

She acknowledged that it might be difficult to figure out the political leanings of a user but said deploying a legal team against Trump critics wouldn't be detrimental to the dating site.

"Bring it on," Lawton said. "This is ridiculous. They're sitting here suing our president." 

Read more here.


NO PLACE FOR HATE: Apple CEO Tim Cook on Monday said he believes it is "right" and "moral" for technology companies to block hate speech and violent conspiracy theories from their platforms.

"At Apple, we believe that technology needs to have a clear point of view on this challenge," Cook said at an Anti-Defamation League (ADL) conference on Monday afternoon.

At the conference, Cook accepted the ADL's first "Courage Against Hate" award, geared towards private sector leaders "dedicated" to fighting bigotry. He was also the conference's keynote speaker.

"That's why we only have one message for those who seek to push hate, division and violence: You have no place on our platforms," Cook said during his keynote address. "You have no home here." 

Read more here.


AN OP-ED TO CHEW ON: The coming cyberwar: China may already be monitoring your electronic communications.


A LIGHTER CLICK: Our kind of hack back.



Bolton calls for tougher stance on intellectual property theft. (The Wall Street Journal)

Russian hackers allegedly attacked Germany and the U.S. on the same day. (Nextgov)

Apple security expert moves to ACLU as `public interest tech' builds. (Reuters)

Study: Google personalizes users' search results even when logged out of accounts. (The Verge)