The SolarWinds Body Count Now Includes NASA and the FAA

Some blasts from the past surfaced this week, including revelations that a Russia-linked hacking group has repeatedly targeted the US electrical grid, along with oil and gas utilities and other industrial firms. Notably, the group has ties to the notorious industrial-control GRU hacking group Sandworm. Meanwhile, researchers revealed evidence this week that an elite NSA hacking tool for Microsoft Windows, known as EpMe, fell into the hands of Chinese hackers in 2014, years before that same tool then leaked in the notorious Shadow Brokers dump of NSA tools.

WIRED got an inside look at how the video game hacker Empress has become so powerful and skilled at cracking the digital rights management software that lets video game makers, ebook publishers, and others control the content you buy from them. And the increasingly popular, but still invite-only, audio-based social media platform Clubhouse continues to struggle with security and privacy missteps.

If you want something relaxing to take your mind off all of this complicated and concerning news, though, check out the new generation of Opte, an art piece that depicts the evolution and growth of the internet from 1997 to today.

And there’s more. Each week we round up all the news we didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there.

In addition to infiltrating the unclassified networks of seven other US government agencies, the suspected Russian hackers who compromised the IT services firm SolarWinds as a jumping off point also penetrated NASA and the Federal Aviation Administration. Researchers and officials testified before the Senate Intelligence Committee on Tuesday about the scope and scale of the attack. The Washington Post reported ahead of the hearing that the Biden administration is preparing sanction against Russia related to the SolarWinds espionage operation and other recent incidents of aggression. The seven other breached agencies are the Departments of Commerce, Homeland Security, Energy, and State, the US Treasury, the National Institutes of Health, and the Justice Department. The White House said earlier this month that hackers also compromised 100 companies in the spree….


Hillicon Valley: Second SolarWinds hack hearing | TikTok to settle privacy lawsuit

Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter by clicking HERE.

a close up of a flag: Hillicon Valley: Second SolarWinds hack hearing | TikTok to settle privacy lawsuit | Facebook apologizes for removing lawmaker post

© The Hill
Hillicon Valley: Second SolarWinds hack hearing | TikTok to settle privacy lawsuit | Facebook apologizes for removing lawmaker post

Follow our cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@chrisismills) and Rebecca Klar (@rebeccaklar_), for more coverage.

Two House committees held the second major hearing this week on the Russian cyber espionage attack that has become known as the SolarWinds hack, and lawmakers are pushing for breach notification legislation. TikTok agreed to pay millions in a settlement over allegations it collected users’ private data, and Facebook apologized to a lawmaker for accidentally labeling and removing a post as “hate speech.” Here’s a behind the scenes draft of early versions of Hillicon Valley.

INTO THE BREACH, PART TWO: House lawmakers on both sides of the aisle lined up behind potential legislation Friday to put in place national breach notification requirements in the wake of a massive foreign cyber espionage attack.

Debate over the legislation took place during the second Capitol Hill hearing this week on what has become known as the SolarWinds breach. The House Homeland Security and House Oversight and Reform panels will hold several hearings on the breach as part of their joint investigation into the incident.

Bipartisan leaders of both committees expressed strong interest in examining breach notification laws as part of an effort to ensure the federal government has visibility into successful cyberattacks on the private sector, and two key lawmakers already have legislation in the pipeline to tackle this.

Read more about the push for legislation here.

At the top of the hearing, lawmakers highlighted concerns over the cybersecurity stance of the federal government, blaming the SolarWinds incident on a “collective failure” to prioritize cybersecurity as a national security imperative.

Read more about their concerns here.

TIKTOK SETTLES: TikTok has agreed to pay $92…


Microsoft president criticizes Amazon and Google’s public response to SolarWinds hack

Microsoft president Brad Smith criticized Amazon and Google‘s public response to the hack of SolarWinds computer network management software that compromised federal and corporate networks. 

Mr. Smith testified about Microsoft’s knowledge regarding the hack roiling federal networks at a series of congressional hearings this week including before the Senate Select Committee on Intelligence on Tuesday and a joint hearing of the House Committees on Oversight and Reform and Homeland Security on Friday. 

“Earlier this week, you told the Senate Intelligence Committee that it took courage for FireEye and SolarWinds to reveal this hack to authorities. What did you mean by that?” said Rep. Katie Porter, California Democrat, to Mr. Smith. 

“What I mean is, you have three companies here today because we have chosen to share information,” replied Mr. Smith at Friday’s hearing. “At Microsoft, we have published 32 blogs about what we observed and what we have seen. If I take my colleagues at Google and Amazon and put them together, they have published one blog. They didn’t get an invitation here as a result.”

Likely Russian hackers leveraged SolarWinds computer network management software to compromise…


After SolarWinds hack, Israel reexamines its cybersecurity

 A series of recent mega hacks against the US reveal how much the risk of cyber attacks has also escalated for Israel. 

The hacks may provide useful examples of what needs to be done in Israel to protect its own vital resources, including its water supply. Risks have also spiked that a hack of a private company could lead to the infiltration of a wide number of government and security agencies.

On December 13, it was announced that Texas-based software firm SolarWinds Corp. was the victim of a Russian hacking campaign. Top US cyber officials said earlier this month that nine federal agencies and 100 private-sector companies had been affected by the hack. The repercussion of the hack was severe: the vast majority of US government institutions, including many in the defense and cyber establishment, had been hacked by Russia and their data had been harvested for months.

Then on February 5 it was announced that the water supply of the small 15,000-person town of Oldsmar, Florida (near Tampa Bay) had been hacked and that absent the intervention of one human monitor, the water could have been poisoned – leading to a mass death incident.

Israel is no stranger to these dangers.

In the spring of 2020, a series of Israeli officials indicated, off-the-record and with clear public hints, that Iran had hacked part of the country’s water supply.

While Israel was able to block the attack from spiraling past some initial success to avoid the loss of life, Israel National Cyber Directorate Chief Yigal Unna said it was a major turning point in cyber history and that “cyber winter is coming, and it is faster and stronger than the worst estimates.”

Since then, there were three other less high profile attempts to hack Israel’s water supply, including as recently as December.

In addition, insurance giant Shirbit was hacked, Israel Aerospace Industries was hacked and hundreds of other…