Hillicon Valley: Lawmakers ask whether massive hack amounted to act of war | Microsoft says systems were exposed in massive SolarWinds hack | Senators push to keep tech liability shield out of UK trade agreement

Hillicon Valley: Lawmakers ask whether massive hack amounted to act of war | Microsoft says systems were exposed in massive SolarWinds hack | Senators push to keep tech liability shield out of UK trade agreement
© Getty Images

Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.

Welcome! Follow our cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@chrisismills) and Rebecca Klar (@rebeccaklar_), for more coverage.

ACT OF WAR?: Lawmakers are raising questions about whether the attack on the federal government widely attributed to Russia constitutes an act of war.


The hacking may represent the biggest cyberattack in U.S history, and officials are scrambling to respond.

The response is further complicated by the presidential transition — President TrumpDonald TrumpTrump State Department appointee arrested in connection with Capitol riot Intelligence community investigating links between lawmakers, Capitol rioters Michelle Obama slams 'partisan actions' to 'curtail access to ballot box' MORE has yet to comment publicly on the attack — and the fact that the U.S. has no clear cyber warfare strategy.

“We can’t be buddies with Vladimir PutinVladimir Vladimirovich PutinHow to think about Russia Do Biden's 'tough new sanctions' give Putin Nord Stream 2? Russia vows retaliation for new US sanctions: 'We do not intend to put up with this' MORE and have him at the same time making this kind of cyberattack on America,” Senate Minority Whip Dick DurbinDick DurbinWhat's worse, violence on the left or the right? It's a dangerous question Garland's AG nomination delayed by GOP roadblocks National Sheriffs' Association backs Biden pick for key DOJ role MORE (D-Ill.) said of the attack during an interview Wednesday on CNN. “This is virtually a declaration of war by Russia on the United States and we should take that seriously.”

Sen. Mitt RomneyWillard (Mitt) Mitt RomneyRon Johnson grinds Senate to halt, irritating many Romney's TRUST Act is a Trojan Horse to cut seniors' benefits Republicans, please save your party MORE (R-Utah) on Thursday compared the incident to Russian bombers "flying undetected over the entire country," and harshly criticized Trump for not doing enough to counter the attack. 

"Our national security is extraordinarily vulnerable," Romney said on SiriusXM's "The Big Picture with Olivier Knox." "In this setting, not to have the White House aggressively speaking out and protesting and taking punitive action is really, really quite extraordinary."

Hackers believed to be part of a nation state have had access to federal networks since March after exploiting a vulnerability in updates to IT group SolarWinds’s Orion software. The hack has compromised the Treasury, State and Homeland Security departments and branches of the Pentagon, though it is expected to get worse. SolarWinds counts many more federal agencies as customers, along with the majority of U.S. Fortune 500 companies. 

Read more here



MICROSOFT SYSTEMS EXPOSED: Microsoft’s systems were exposed as part of the suspected Russian cybersecurity hack that targeted SolarWinds and hit multiple government agencies, people familiar with the matter told Reuters.

The people told the newswire that Microsoft’s own products were used to further attacks on others. It’s unclear how many Microsoft users were affected.

CNBC noted that multiple government agencies use Office 365, including the Department of Defense.

Microsoft spokesperson Frank Shaw said in a statement posted to Twitter that the company had detected malicious SolarWind binaries, which it removed. It has not found evidence of “access to production services or customer data.”

“Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others.”

Dozens of federal agencies had been breached earlier this year as part of the cyberattack on SolarWinds. The Cybersecurity and Infrastructure Security Agency issued an alert detailing the attack on Thursday, in which it warned that it posed a “grave risk” to federal and state governments, as well as private sector organizations.

Read more here.


SENATORS SAY KEEP SECTION 230 OUT: Senators from both sides of the aisle sent a letter to the U.S. Trade Representative on Friday urging him to keep language that mimics a U.S. tech liability shield to be left out of any potential free trade agreement with the United Kingdom. 

The letter, signed by two Democrats and two Republicans, urges Trade Representative Robert LighthizerBob LighthizerWhiskey, workers and friends caught in the trade dispute crossfire GOP senator warns quick vote on new NAFTA would be 'huge mistake' Pelosi casts doubt on USMCA deal in 2019 MORE to refrain from including language that is modeled on section 230 of the Communications Decency Act in a trade agreement with the U.K.

The senators note the ongoing debate regarding Section 230, which grants tech companies liability protection for content posted by third parties. 

“Including a safe harbor clause in any future trade agreements will further allocate more power to companies at the expense of individuals,” Sens. Mark WarnerMark Robert WarnerHillicon Valley: YouTube to restore Trump's account | House-passed election bill takes aim at foreign interference | Senators introduce legislation to create international tech partnerships On The Money: Senate votes to take up COVID-19 relief bill | Stocks sink after Powell fails to appease jittery traders | February jobs report to provide first measure of Biden economy Senators introduce bill creating technology partnerships to compete with China MORE (D-Va.), Rob PortmanRobert (Rob) Jones PortmanMandel gets Club for Growth nod in Ohio Senate primary Rick Scott caught in middle of opposing GOP factions Five takeaways from dramatic Capitol security hearing MORE (R-Ohio), Richard Blumenthal (D-Conn.) and Chuck GrassleyChuck GrassleyGarland's AG nomination delayed by GOP roadblocks National Sheriffs' Association backs Biden pick for key DOJ role Bipartisan group of senators introduces bill to rein in Biden's war powers MORE (R-Iowa) wrote. 

“Congress can and should debate about Section 230 and how it has enabled platforms to turn a blind eye as their platforms are used to facilitate discrimination, cyber-stalking, terrorism, online frauds, and more. We urge USTR to refrain from including this provision in this and future free trade agreements until that debate has concluded,” they added. 


A spokesperson for the Office of the United States Trade Representative was not immediately available for comment. 

Read more here


TWITTER TARGETS TOXIC TWEETS: Twitter said Thursday it is increasing its efforts to combat negativity on the platform by testing a feature that will show users prompts indicating mutual interests shared by them and people to whom they respond on the platform.

In an emailed statement to Mashable, the company confirmed it began testing the feature among roughly 10 percent of Android users who use English as their primary language on the platform.

The prompts will show users topics and mutual followers when then go to respond to individual people on the platform; a screenshot of the test in practice showed a user seeing topics such a "dogs," "rap," and "soccer" among the mutual topics listed under a banner that reads "you have things in common."

"It's human nature to feel wary when replying to someone you don't know," Christine Su, senior product manager for conversations at Twitter, told the news outlet. "In the heat of the moment, people can forget there's another human behind a Twitter account. By showing what we have in common, we hope to remind people of what connects us as a starting point."


Read more here


HAPPY HOLIDAYS FROM ZOOM: Zoom is lifting its 40-minute cap on free meetings for users during certain days this holiday season, the company announced this week. 

Zoom is allowing users unlimited meeting times during days spanning the end of Hanukkah, Christmas, New Year's Eve and New Year's Day, and the last days of Kwanzaa, as a “token of appreciation to our users during an extraordinary time,” the company said in a blog post

The dates and times for the unlimited meetings are: 10 a.m. on Dec. 17 to 6 a.m. on Dec. 19, 10 a.m. on Dec. 23 to 6 a.m. on Dec. 26, and 10 a.m. on Dec. 30 to 6 a.m. on Jan. 2. 

The time limit will be automatically lifted during the designated times, and users will not need to do anything to remove the limit, Zoom said. 

Read more here


Lighter click: Extreme ice fetching champ

An op-ed to chew on: The US government just reduced its IoT attack surface; private sector should step up


We need to learn how to talk to (and about) accidental conspiracists (Nieman Lab / Ben Collins)

QAnon is still spreading on Facebook, despite a ban. (The New York Times / Sheera Frenkel)  

The Activist Translating Climate Crisis Information Across the Globe (Motherboard / Samir Ferdowsi)