Hillicon Valley — Presented by AT&T — NRCC exposes security flaws 2 years after Russia hacks | Google Plus to shut down early | Scathing House report scolds Equifax for breach | McCarthy knocks Google ahead of CEO's hearing

Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley.

Welcome! Follow the cyber team, Olivia Beavers (@olivia_beavers) and Jacqueline Thomsen (@jacq_thomsen), and the tech team, Harper Neidig (@hneidig). And CLICK HERE to subscribe to our newsletter.


NRCC BREACH UNDERSCORES NEED FOR MORE ELECTION SECURITY: Democrats are seizing on recent revelations that the House GOP's campaign arm was hacked earlier this year to spotlight that both parties are vulnerable to cyberattacks.

The FBI is investigating a cyber breach at the National Republican Congressional Committee (NRCC) that felt like déjà vu to many in Washington -- hackers targeting political campaign groups. This time, however, the perpetrators aimed their digital tools at the GOP instead of Democrats.

"It creates more of a sense of how critical it is that we protect our infrastructure," Sen. Roy BluntRoy Dean BluntGOP group's ad calls on Graham to push for election security: 'Are you still trying?' Exclusive: Kushner tells GOP it needs to unify behind immigration plan The Hill's Morning Report - Can Trump save GOP in North Carolina special election? MORE (R-Mo.) told The Hill this week. "The federal government has certainly had plenty of hacks of their own, so we can't say with any certainty, 'Do this like we do it you won't have a problem,' because we've had plenty of problems."

Four top aides at the NRCC -- which was notified in April about the breach -- learned that their emails had been surveilled for months, according to Politico, which first reported the intrusion.

Ian Prior, a public relations professional hired by the NRCC to oversee its response to the breach, confirmed the cyber intrusion.

"The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity," said Prior, a former Justice Department official, in an email to The Hill. "The cybersecurity of the Committee's data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter."

Hackers likely breached a hosted email environment as a result of a password compromise, according to a source familiar with the matter.

The big picture: The attack serves as a stark reminder that the targets of a cyberattack are fluid and changing. But it also has Democrats waving their fingers at Republicans for not heeding their warnings after the intelligence community concluded that Russia interfered in the 2016 presidential race. Back then Democrats told their GOP counterparts: It's us this time, but you could be next.

"In their age-old routine of choosing party over country, Republicans swept the issue aside," Rep. Bennie ThompsonBennie Gordon ThompsonTop Democrat demands answers from CBP on security of biometric data Hillicon Valley: 8chan owner defends platform before Congress | Facebook launches dating feature | New York City sues T-Mobile | Top NSA cyber official names ransomware as 2020 threat | Blue Dog Dems urge action on election security 8chan owner defends platform in testimony before Congress MORE (Miss.), the top Democrat on the Homeland Security Committee, said in a statement after the NRCC hack was revealed.

"Now news of this hack -- which was not released for months -- makes it clear Republicans ignored election security at their own peril," he said. "Democrats led on election security the entire 115th Congress and Republicans should have joined us."

Nevertheless, Thompson and other top Democrats expected to lead key House committees next year say they will examine the matter during the 116th Congress.

"This is an issue that transcends party," Rep. Jerrold Nadler (N.Y.), the top Democrat expected to lead the Judiciary panel, wrote on Twitter. "I hope more of my @HouseGOP colleagues will be willing to say so in the new Congress when House Judiciary and others take a close look at this systemic problem."

Democrats are also resurfacing comments President TrumpDonald John TrumpTed Cruz knocks New York Times for 'stunning' correction on Kavanaugh report US service member killed in Afghanistan Pro-Trump website edited British reality star's picture to show him wearing Trump hat MORE made earlier this year in which he asserted that Republicans have better cybersecurity after a series of damaging attacks against Democrats, including the ones on the Democratic National Committee (DNC) and John Podesta, who was campaign manager for former Secretary of State Hillary ClintonHillary Diane Rodham ClintonTrump's economic approval takes hit in battleground states: poll This is how Democrats will ensure Trump's re-election The Hill's Morning Report - Trump takes 2020 roadshow to New Mexico MORE's presidential bid.

"The DNC should be ashamed of themselves for allowing themselves to be hacked. They had bad defenses and they were able to be hacked," Trump told CBS News earlier this year. "I heard they were trying to hack the Republicans too, but -- and this may be wrong -- but they had much stronger defenses."


We break down the fallout here.





NONPLUSSED: Google on Monday revealed that it had discovered a new software bug that briefly exposed nonpublic information for more than 50 million users of its Google Plus network.

The discovery has prompted the internet giant to expedite the closure of its little-used social media platform, a decision Google announced in October when it revealed an earlier vulnerability affecting a half-million people.

David Tucker, Google's vice president of product management for its business apps, wrote in a blog post on Monday that the bug was mistakenly created by a software patch that the company implemented last month and shut down within a week.

"No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way," Tucker wrote.

The announcement comes on the eve of Google CEO Sundar Pichai's appearance before the House Judiciary Committee, where he'll be expected to be grilled on the company's handling of user data.

Read more here.


ADDING TO GOOGLE'S WORRIES: House Majority Leader Kevin McCarthyKevin Owen McCarthyTrump touts Washington Post story on GOP support Pence extends olive branch to Cummings after Trump's Baltimore attacks Marijuana industry donations to lawmakers surge in 2019: analysis MORE (R-Calif.) is raising a series of concerns about Google a day before its CEO is slated to testify before Congress.

"The Free World depends on a free Internet," McCarthy wrote in a tweet on Monday. "We need to know that Google is on the side of the Free World (in particular, America) and will provide its valuable services free of political bias and censorship."

The tweet included a clip of an interview McCarthy gave on Fox News's "Sunday Morning Futures," in which he also blasted Google over its handling of user privacy, antitrust concerns and its efforts to break into the Chinese market by developing a search engine that abides by the country's censorship rules.

Read more here.


EQUIFAX HANDLING OF BREACH KNOCKED IN SCATHING REPORT: The Equifax data breach, one of the largest in U.S. history, was "entirely preventable," according to a new House committee investigation.

The House Oversight and Government Reform Committee, following a 14-month probe, released a scathing report Monday saying the consumer credit reporting agency aggressively collected data on millions of consumers and businesses while failing to take key steps to secure such information.

The breach is estimated to have harmed 148 million consumers.

"In 2005, former Equifax Chief Executive Officer (CEO) Richard Smith embarked on an aggressive growth strategy, leading to the acquisition of multiple companies, information technology (IT) systems, and data," according to the 96-page report authored by Republicans. "Equifax, however, failed to implement an adequate security program to protect this sensitive data. As a result, Equifax allowed one of the largest data breaches in U.S. history. Such a breach was entirely preventable."

The report blames the breach on a series of failures on the part of the company, including a culture of complacency, the lack of a clear IT management operations structure, outdated technology systems and a lack of preparedness to support affected consumers.

"A culture of cybersecurity complacency at Equifax led to the successful exfiltration of the personal information of approximately 148 million individuals," the committee staff wrote. "Equifax's failure to patch a known critical vulnerability left its systems at risk for 145 days. The company's failure to implement basic security protocols, including file integrity monitoring and network segmentation, allowed the attackers to access and remove large amounts of data."

The Oversight staff found that the company not only lacked a clear management structure within its IT operations, which hindered it from addressing security matters in a timely manner, but it also was unprepared to identify and notify consumers affected by the breach.

"When Equifax informed the public of the breach on September 7, the company was unprepared to support the large number of affected consumers," the report said. "The dedicated breach website and call centers were immediately overwhelmed, and consumers were not able to obtain timely information about whether they were affected and how they could obtain identity protection services."

The initial breach took place in May 2017, when hackers exploited the Apache Struts vulnerability, gaining entry into Equifax's system that allowed customers to dispute incorrect information on their credit file, according to the committee report. That system, however, was several decades old -- having first been built in the 1970s.

The report said the company could have detected the activity but did not have "file integrity monitoring enabled" on this system, known as ACIS, at the time of the attack.

More on the report here.


ANOTHER DAY, ANOTHER LAWSUIT: Conservative author and conspiracy theorist Jerome Corsi on Sunday filed a lawsuit against special counsel Robert MuellerRobert (Bob) Swan MuellerFox's Cavuto roasts Trump over criticism of network Mueller report fades from political conversation Trump calls for probe of Obama book deal MORE, alleging that Mueller illegally surveilled him as part of the investigation.

Corsi, in the document filed in the District Court for the District of Columbia, also claims that Mueller's office leaked confidential information surrounding Corsi's testimony before the special counsel's grand jury.

"Defendant Mueller and his prosecutorial and media staff, acting in their official capacity and personally, also illegally released grand jury information to harm Plaintiff Corsi by attempting to destroy his reputation and personal and professional well-being and livelihood, thus also attempting to drive him into bankruptcy," the document reads in part.

The special counsel's office declined to comment to The Hill. The lawsuit is also filed against the Department of Justice, the FBI, the National Security Agency (NSA) and the CIA.

Larry Klayman, Corsi's attorney and the founder of conservative watchdogs Judicial Watch and Freedom Watch, claimed in a statement that Mueller and his team "are allegedly themselves acting in a criminal manner to further their attempted 'legal coup d'etat' to remove the president from office by any illegal means."

Read more here.


NYT STORY ON LOCATION TRACKING: The New York Times today published an in-depth investigation into the location-tracking ecosystem that has proved to be a major cash cow for app developers. The story detailed how closely mobile users are tracked and how companies are able to monetize the datasets of their whereabouts.

The story comes the day before Google CEO Sundar Pichai heads to the Hill to testify before the House Judiciary Committee, where he can expect angry lawmakers to grill him about his company's handling of user data.

The Times story made waves among lawmakers on Monday.

"Jaw-dropping evidence that Americans are being kept in the dark about the personal data companies are collecting, what's being done with it, and how much that data is worth," Sen. Mark WarnerMark Robert WarnerTop Democrat demands answers from CBP on security of biometric data 2020 Democrats raise alarm about China's intellectual property theft State probes of Google, Facebook to test century-old antitrust laws MORE (D-Va.) said on Twitter. "Consumers are paying with their data, but have no way to find out if they're getting a fair deal."

"We must give people power over their data & make sure companies use plain language to explain how they are using the personal information of their users," added Sen. Amy KlobucharAmy Jean KlobucharFive top 2020 Democrats haven't committed to MSNBC climate forum Abrams helps launch initiative to train women activists, organizers The Hill's Morning Report - Trump takes 2020 roadshow to New Mexico MORE (D-Minn.). "Congress should pass my bipartisan privacy legislation that helps hold tech companies accountable."

To wash it all down, check out the Times' companion piece on preventing apps from tracking your location.


MORE LIKE AMA-GONE: Amazon has fired several employees suspected of providing independent merchants with inside information as the company tries to crack down on seller scams, The Wall Street Journal reports.

Amazon let go of several workers in the U.S. and India who allegedly inappropriately accessed company data that disreputable merchants had misused, people familiar with the company's effort told the Journal.

The dismissals came after Amazon began investigating suspected data leaks and bribes of its employees, which the Journal reported in September.

Amazon is focusing its internal bribery investigation on India, a person familiar with the effort told the paper.

Read more here.


DOES THAT MAKE IT A NOPRO?: GoPro on Monday announced that it is moving production of its U.S.-bound cameras out of China, citing the ongoing tariff feud between Washington and Beijing.

The company will continue to manufacture cameras for Chinese and international markets in China, but it will move the production of units to be sold in the U.S. to another location by next summer, it said.

"We're proactively addressing tariff concerns by moving most of our US-bound camera production out of China," GoPro's executive vice president and chief financial officer, Brian McGee, said in a statement. "We believe this diversified approach to production can benefit our business regardless of tariff implications."

Read more here.


NOT SO PROUD: Far-right activist Gavin McInnes has been kicked off YouTube, the latest social media platform to cut ties with him or his group, the Proud Boys.

The Daily Beast reported Monday that YouTube has banned McGinnes, who had more than 220,000 subscribers before the ban.

A statement on McInnes's YouTube page says that the channel has been terminated after "multiple third-party claims of copyright infringement."

"When a copyright holder notifies us of a video that infringes on their copyright, we act quickly to remove content as is required of us by law," a YouTube spokesperson told The Hill. "We terminate the accounts of repeat offenders."

Read more here.


CAN'T HEAR YOU NOW: Verizon on Monday announced that it had approved voluntary buyouts for roughly 10,400 employees, or about 7 percent of its total workforce.

The company said in a statement that the buyouts were available to up to 44,000 employees in total, and were offered as part of a company-restructuring plan.

"These changes are well-planned and anticipated, and they will be seamless to our customers," said Verizon CEO Hans Vestberg said in a statement.

Read more here.


ICYMI OVER THE WEEKEND: Former FBI Director James ComeyJames Brien ComeyHouse Democrats seeking Sessions's testimony in impeachment probe Justice OIG completes probe on FBI surveillance of ex-Trump campaign aide Aggrieved Trump rips Dems for 'sad' impeachment effort MORE revealed to Congress that the counterintelligence investigation into possible links between Russia and the Trump campaign began by examining four Americans. More on Comey's interview here.

Twitter CEO under fire for tweeting about Myanmar trip without mentioning human rights abuses

China summons US ambassador, lodges 'strong protest' over Huawei arrest

Elon Musk rips SEC: 'I do not respect them'


AN OP-ED TO CHEW ON: New Congress, new tech, new approach.


A LIGHTER CLICK: Helpful friends.



Uber testing 'Uber Eats Pool' in some locations. (TechCrunch)

CREW sues FBI for allegedly leaking to Giuliani. (The Hill)

Intel Community worried about China's progress on quantum computing. (Yahoo News)

Blackwater Beef anyone? Private security company's founder now sells a different kind of muscle (Yahoo News)

Google CEO faces hotseat in Washington. (The Wall Street Journal)