Overnight Hillicon Valley — Ex-US intel operatives pay to settle hacking charges

Overnight Hillicon Valley — Ex-US intel operatives pay to settle hacking charges

Today is Tuesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.

Three former U.S. intelligence and military personnel members settled with the Justice Department by agreeing to a massive sum due to allegations that they worked as mercenary hackers for the government of the United Arab Emirates. 

Meanwhile, a top official at the FBI said publicly that there had been “no indication” that the Russian government has taken steps to stem the tide of ransomware attacks from hacking groups suspected of operating within the country’s borders, while a South Korean antitrust regulator hit Google with a massive fine.

Follow The Hill’s cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.

Let’s jump in.

American mercenaries face charges over UAE work

Three former U.S. intelligence and military personnel agreed to pay more than $1.68 million to settle federal charges over their alleged work as mercenary hackers for the United Arab Emirates (UAE). 

A case filed Tuesday in the U.S. District Court for the District of Columbia brought two counts each against Marc Baier, Ryan Adams and Daniel Gericke, including conspiracy to commit device fraud and computer hacking and conspiracy to violate arms export control regulations. 

The defendants are accused of “knowingly and willfully” engaging in these activities, and entered into a deferred prosecution agreement to resolve the charges. 

Consequences: The three men, all of whom previously worked as employees of U.S. intelligence or military agencies, have three years to pay off the agreed-upon sums. They also must relinquish any security clearances, and agree to full cooperation with the FBI and any other relevant departments on the case.  

Reuters first reported on the charges Tuesday, noting the three individuals were part of an operation uncovered by Reuters in 2019 known as “Project Raven” that assisted the UAE in spying on targets. 

Shady operations: According to the court documents, the defendants worked for a UAE-based company from 2016 through 2019 that carried out hacking operations on behalf of the UAE government, including participating in “zero-click” operations in which a target’s device could be compromised without them taking any action.

Read more about the case here.


Crickets in Russia

FBI Deputy Director Paul Abbate said Tuesday there has been “no indication” that the Russian government has taken steps to stop the activities of cyber criminals engaging in ransomware attacks against U.S. organizations, despite outreach efforts by the Biden administration.

“Based on what we’ve seen, I would say there is no indication that the Russian government has taken action to crack down on ransomware actors that are operating in the permissive environment that they have created there,” Abbate said during a panel at the Intelligence and National Security Summit. 

“We’ve asked for help and cooperation with those who we know are in Russia who we have indictments against, and we’ve seen no action, so I would say that nothing’s changed in that regard,” he said. 

Context: Abbate’s comments came months after President BidenJoe BidenSunday shows preview: Coronavirus dominates as country struggles with delta variant Did President Biden institute a vaccine mandate for only half the nation's teachers? Democrats lean into vaccine mandates ahead of midterms MORE met with Russian President Vladimir PutinVladimir Vladimirovich PutinClinton lawyer's indictment reveals 'bag of tricks' Hillicon Valley — Facebook 'too late' curbing climate falsities France pulls ambassadors to US, Australia in protest of submarine deal MORE at an in-person summit in Geneva to discuss issues including a spate of ransomware attacks against critical U.S. organizations linked to Russian-based cyber criminal groups.

Read more here.


A South Korean antitrust regulator on Tuesday issued a $176.64 million fine against Google, accusing the American tech company of abusing its market dominance.

The Korea Fair Trade Commission (KFTC) issued the fine against Google on Tuesday, arguing that its contract terms with device makers was abuse of its market dominance, The Associated Press reported. The KFTC said this fine may be the ninth-largest it has ever issued.

KFTC Chairwoman Joh Sung-wook said Google has tamped down competition for the past decade by forcing electronic partners to sign “anti-fragmentation” agreements that prevent them from installing modified versions of Google's operating system.

Read more here



A group of Senate Democrats unveiled new voting rights legislation on Tuesday in another attempt by the party to pass sweeping changes to federal elections in the face of a GOP filibuster. 

The new bill, called the Freedom to Vote Act, was released by Sen. Amy KlobucharAmy KlobucharHarris, CBC put weight behind activist-led National Black Voter Day Seven takeaways from California's recall election Live coverage: California voters to decide Newsom's fate MORE (D-Minn.) and several co-sponsors, builds on a framework proposed earlier this year by Sen. Joe ManchinJoe ManchinBriahna Joy Gray: Push toward major social spending amid pandemic was 'short-lived' Overnight Energy & Environment — Presented by Climate Power — Emissions heading toward pre-pandemic levels Biden discusses agenda with Schumer, Pelosi ahead of pivotal week MORE (D-W.Va.) and the sweeping For the People Act, which Senate Republicans blocked in June. 

Though narrower than previous iterations, the 592-page bill would still enact major reforms to America’s voting systems, including efforts to make it easier to register to vote and set a 15-day minimum early voting window that states must meet. It would also make Election Day a federal holiday. 

It also includes language to shore up election security, including requiring states to use voting systems with paper ballots, providing around $3 billion in grants to states to buy voting machines and upgrade cybersecurity, and putting in place election vendor cybersecurity requirements. 

Read more about the bill here.



Gen. Paul Nakasone, the head of U.S. Cyber Command and director of the National Security Agency (NSA), is working to “surge” efforts to respond to the mounting ransomware attacks on critical U.S. organizations. 

“Even six months ago, we probably would have said, ‘Ransomware, that’s criminal activity,’ ” Nakasone said as part of an interview with The Associated Press (AP) published Tuesday. “But if it has an impact on a nation, like we’ve seen, then it becomes a national security issue. If it’s a national security issue, then certainly we’re going to surge toward it.”

Nakasone told the AP that there was “an intense focus” on the part of government specialists to tackle cybersecurity threats and to “impose costs when necessary,” including through publicly calling out countries behind major cyberattacks. 

Read more here.


T-Mobile under the microscope 

Massachusetts Attorney General Maura Healey (D) on Tuesday announced that her office is undertaking an investigation into the recent data breach of T-Mobile that affected more than 50 million individuals. 

The investigation is aimed at understanding if T-Mobile took the proper steps to secure customer data and whether the company has done enough following the breach to respond and notify customers. 

“My office is extremely concerned about how this data breach may have put the personal information of Massachusetts consumers at risk,” Healey said in a statement Tuesday. “As we investigate to understand the full extent of what’s happened, we urge impacted consumers to take the necessary precautions to ensure their information is safe, and to prevent identity theft and fraud.”

The investigation comes a month after T-Mobile disclosed that the records of at least 40 million prospective and former customers and the data of more than 13 million current customers had been compromised through the use of “brute force” by an unknown malicious actor in July. 

Read more here.



Amazon is boosting its hourly average starting pay to $18 and plans to hire 125,000 new workers across the U.S., the company announced Tuesday. 

The Seattle-based tech giant said in “select locations” sign-on bonuses of up to $3,000 are available.  

The roles are in fulfillment and transportation, and hiring is already underway, according to the announcement. News of the wage increase follows the company's previous announcement of 40,000 new corporate and technology jobs. 

Read more here.



An op-ed to chew on: US must not only lead in artificial intelligence, but also in its ethical application

Lighter click: Great first day

Notable links from around the web:

The D’Amelio kids are not alright (Vox / Rebecca Jennings)

Facebook Knows Instagram Is Toxic for Teen Girls, Company Documents Show (Wall Street Journal / Georgia Wells, Jeff Horwitz and Deepa Seetharaman)

​​Under G.O.P. Pressure, Tech Giants Are Empowered by Election Agency (New York Times / Shane Goldmacher and Kate Conger)


One last thing: Apple won, what’s next? 

A federal court ruling last week in a case involving allegations of anticompetitive conduct against Apple opened the door for more lawsuits against the tech giant, while also adding to momentum on Capitol Hill to revamp antitrust laws.

Apple survived the lawsuit against its App Store rules brought by major developer Epic Games, with Judge Yvonne Gonzalez Rogers ruling the Fortnite game maker did not prove Apple is a monopolist. But in her decision, Gonzalez Rogers did not absolve Apple of having engaged in anticompetitive conduct, and her ruling may provide guidance for future cases against the company, according to legal experts.

“She was especially cautious because she wanted her ruling to have less rather than more impact, and sounds like she’s indicating, ‘Well, maybe somebody else will prove it. I don’t want to stand in their way of trying, but Epic didn’t prove it here,’” said Eleanor Fox, a professor at the New York University School of Law.

Read more here

That’s it for today, thanks for reading. Check out The Hill’s technology and cybersecurity pages for the latest news and coverage. We’ll see you Wednesday.