Hillicon Valley — Presented by Ericsson — Oversight says 'small lapses' led to hacks

Today is Tuesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.

Follow The Hill’s cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.

The House Oversight and Reform Committee on Tuesday took a deep dive into recent ransomware attacks, releasing a report that found that “small lapses” in security were to blame for the successful attacks on Colonial Pipeline and JBS USA. 

Meanwhile, advocates are raising concerns that online misogyny may dissuade women from running for office, and recent attacks on multiple European governments were attributed to Belarus. 

Let’s jump into the news.

Turning molehills into mountains

Colonial Pipeline company in Baltimore

A series of “small lapses” in cybersecurity led to several recent successful ransomware attacks, the House Oversight and Reform Committee concluded in a staff memo released Tuesday.

The memo was the result of a panel investigation into ransomware attacks against Colonial Pipeline, meat producer JBS USA and insurance group CNA Financial Corporation, all of which involved the victims paying the ransoms demanded in order to ensure critical systems could be quickly brought back online. 

“Ransomware attackers took advantage of relatively minor security lapses, such as a single user account controlled by a weak password, to launch enormously costly attacks,” the memo reads. “Even large organizations with seemingly robust security systems fell victim to simple initial attacks, highlighting the need to increase security education and take other security measures prior to an attack.”

The details: CNA, which paid a ransom of more than $40 million, was successfully attacked after an employee accepted a fake browser update, while JBS, which paid attackers around $11 million in Bitcoin, saw its systems compromised when the hackers gained access to an old account with a weak password that hadn’t been deactivated. 

Colonial Pipeline was compromised due to a single stolen password linked to a profile. The attack led to gas shortages in several states in May after the company was forced to shut down the pipeline, and eventually paid the attackers around $4.4 million in Bitcoin, the majority of which was later recovered by the Justice Department. 

Hearing: The memo was published ahead of a hearing on ransomware attacks held by the Oversight and Reform panel on Tuesday, which featured National Cyber Director Chris Inglis and top officials from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) giving testimony.

Read more here.


The cost of online misogyny  

Advocates are worried that rising online misogyny will leave more women unwilling to run for office, a concern highlighted by a video posted by Rep. Paul GosarPaul Anthony GosarWith extreme gerrymanders locking in, Biden needs to make democracy preservation job one Greene: McCarthy 'doesn't have the full support to be Speaker' Omar calls out Boebert over anti-Muslim remarks, denies Capitol incident took place MORE (R-Ariz.) showing him killing Rep. Alexandria Ocasio-CortezAlexandria Ocasio-CortezGreene: McCarthy 'doesn't have the full support to be Speaker' Omar calls out Boebert over anti-Muslim remarks, denies Capitol incident took place Five reasons for Biden, GOP to be thankful this season MORE (D-N.Y.). 

Spotlighting the issue: Although Gosar’s video, which used an edited clip from the anime show “Attack on Titan,” targeted a member of Congress, critics warn the amplification of such content via mainstream social media can dissuade women from participating in politics at all levels.

“There’s a silencing impact,” said Bridget Todd, director of communications at the feminist group UltraViolet. “I think it really does trickle down where everybody — whether you’re a public figure or just someone who’s interested in getting involved in your kids school board in your town — I think that everybody can see the way that these platforms have tolerated this abuse, how they’re treating it like it’s not a big deal.”

“And why would anybody want to speak up and be a full participant in their democracy when that’s the case?” Todd added.  

Capitol Hill concerns: Rep. Jackie Speier (D-Calif.), who introduced a resolution along with 60 Democratic colleagues to censure Gosar, said “without a doubt” content like Gosar’s video deters women from seeking office. 

“This idea of violence against women, gender disinformation, repels women from either speaking out, so they silenced the women, or they have the effect of discouraging support for these women, members or candidates,” Speier told The Hill. 

Read more here



Hacking and disinformation groups believed to be behind attacks on governmental agencies in countries including Germany in recent months were linked by cybersecurity researchers on Tuesday to the Belarusian government.

Researchers for cybersecurity company Mandiant made the attribution as part of a new report, assessing with “high confidence” that the activity of what has been labeled the “Ghostwriter” information campaign was “aligned with Belarusian government interests.”

A cyber espionage group, which Mandiant labeled “UNC1151,” was also linked to the Belarusian government. Mandiant in April had reported that UNC1151 was helping conduct Ghostwriter influence operations. 

Targets of UNC1151 have included government and private sector groups in Lithuania, Latvia, Poland, Ukraine and Germany, with UNC1151 going after Belarusian journalists, dissidents and media entities with a focus on stealing confidential information. Mandiant noted that while UNC1151 has targeted former Soviet nations, it had not gone after any state entities in either Russia or Belarus. 

Read more here.


Tinder, Match and other online dating services are calling on their users to ask their senators to pass the Violence Against Women Act as the House-approved bill to reauthorize the statute continues to languish in the upper chamber.

The online dating services — including Match, Tinder, OkCupid, BLK, Chispa and Plenty of Fish, all of which are part of the company Match Group — have prompted their users to send an email to their senators “with one click,” urging them to support the reauthorization of the Violence Against Women Act.

“Violence against women is a major public health issue and violation of human rights that needs to be acknowledged and must be urgently addressed if we truly want a more equitable society,” the groups wrote in a statement.

“So today, we are asking you to join us and make your voice heard by contacting your Senator to urge them to reauthorize the Violence Against Women Act,” they added.

The pre-written email provided to users to send to their senators says the legislation is needed to supply resources for survivors of violence and to aid in their recovery.

Read more here


Cut it out

Advocacy groups are calling for Facebook to end all surveillance advertising to young users on the platform, while accusing the company of misleading the public about its policies. 

A coalition of 46 groups sent a letter to Facebook on Tuesday calling for the end of such ad targeting tactics for children and teens and urging Facebook to reveal “full detail” as to how teens receive targeted ads. 

The letter centers on a report released Tuesday by the groups Reset Australia, Fairplay and Global Action Plan, three of the letter signatories, that found Facebook collected data from three accounts set up under 18-years-old. 

In July Facebook said it would stop allowing advertisers to target ads to teens across the flagship platform and Instagram based on users’ activity on other apps and websites. During a Senate hearing in September Facebook’s global head of safety Antigone Davis doubled down on the comments, telling lawmakers “We have very limited advertising to young people. You can only actually now target a young person based on their gender, age, or location.”

“It now seems Facebook’s statements were misleading, to both the public and the Senate,” the letter states. 

Joe Osborne, a spokesperson for Facebook’s parent company Meta, pushed back on the report saying “it’s wrong to say that because we show data in our transparency tools it’s automatically used for ads.”

“We don’t use data from our advertisers' and partners' websites and apps to personalize ads to people under 18. The reason this information shows up in our transparency tools is because teens visit sites or apps that use our business tools. We want to provide transparency into the data we receive, even if it's not used for ads personalization,” the spokesperson said in the statement. 



A new study from Pew Research Center found that 25 percent of U.S. adult Twitter users are responsible for 97 percent of posts in the country.

The 25 percent of Americans with the most tweets tend to have more political profiles and are more likely to say Twitter has helped them be more politically engaged in the past year. One in 5 high-volume tweeters say they check the app too many times to count in a day. 

High-volume tweeters are less likely to believe the civility of discussions on the app is a major problem and are twice as likely than less-active tweeters to experience abusive behavior, according to the study published Monday. 

The study found overall in the U.S. 25 percent of people polled now use Twitter, with a majority of American users saying misinformation is a major issue on the site.

Read more about the study.



Ohio Attorney General Dave Yost (R) filed a lawsuit against Facebook parent company Meta alleging it violated federal securities law by intentionally misleading investors.

The lawsuit, filed on behalf of the Ohio Public Employees Retirement System in California last week, leans on documents provided to the press and lawmakers by whistleblower Frances Haugen.

It argues that Facebook executives misled the public about the effects of its products on the health of young users and its efforts to protect the public.

Read more here. 



An op-ed to chew on: Is artificial intelligence more formidable than nuclear weapons? 

Lighter click: YOU

Notable links from around the web:

South Korea is Selling Millions of Photos To Facial Recognition Researchers (Motherboard / Ella Fassler)

Facebook struggled with disinformation targeted at Latinos, leaked documents show (LA Times / Brian Contreras, Maloy Moore)

FBI left out of the loop in cyberattack reporting bill (Politico / Eric Geller)

TikTok scammers tried hacking 125 targets that followed famous accounts, researchers find (CyberScoop / AJ Vicens)  

Unfriended: Frances Haugen on Her Facebook Testimony and What Comes Next (Vogue / Noreen Malone)


One last thing: Facebook takes action

Facebook on Tuesday said it had taken steps to disrupt a group of hackers based in Pakistan that had been using the platform to target former members of the Afghan government and others based in Afghanistan amid the government collapse earlier this year.

In a blog post, Facebook officials noted that the company had disabled accounts and blocked domains linked to a Pakistani hacking group known as “SideCopy” that was found to have been targeting Afghan individuals, particularly those linked to the former government and to military and law enforcement in Kabul. The attackers posed as fake young women online in an attempt to trick targets into clicking on malicious links or downloads. 

Facebook, which recently rebranded as Meta, blocked the group in August amid the emergency American pullout from Afghanistan as the Taliban advanced on Kabul, with Facebook also rolling out security measures at the time to help protect the accounts of Afghan users. 

Additionally, Facebook on Tuesday also announced it had blocked three hacking groups linked to the Syrian government and specifically Syria’s Air Force Intelligence. The groups were found to be targeting human rights activists, journalists, and others who opposed the Syrian government, along with those who had joined opposition military forces and minority groups.

Read more here.

That’s it for today, thanks for reading. Check out The Hill’s technology and cybersecurity pages for the latest news and coverage. We’ll see you Wednesday.