Daily Digest (12/21)

2 More US Agencies Hit in SolarWind Breach; US Internet Provider, Ariz. County Accessed in SolarWinds; Chinese Chip Manufacturers Blacklisted Over Alleged Military Ties; Facebook Disables Messaging Features in Europe; Google Antitrust Suit to Go to Trial in 3 Years.

2 More Federal Agencies Hit in SolarWind Breach

The networks of the U.S. Energy Department and National Nuclear Security Administration have been compromised by suspected Russian hackers, following a cyberespionage operation that has affected at least half a dozen federal agencies. 

DOE and NNSA officials coordinated the breach investigation with their oversight agencies last week after being briefed by Rocky Campione, DOE’s chief information officer, Politico reports. 

The agencies found suspicious activity in networks belonging to the Federal Energy Regulatory Commission (FERC), the Sandia and Los Alamos national laboratories in New Mexico and Washington, the NNSA Office of Secure Transportation and DOE’s Richland Field Office in Washington state.

Shaylyn Hynes, a DOE spokesperson, said that an investigation found that the perpetrators did not get into critical defense systems.

“At this point, the investigation has found that the malware has been isolated to business networks only and has not impacted the mission essential national security functions of the department, including the National Nuclear Security Administration,” Hynes told Politico in a statement. 

“When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network.”

Sources (all links external): 

US Internet Provider, Ariz. County Accessed in SolarWinds Attack

The systems of U.S. internet provider Cox Communications Inc. and a county government in Arizona were breached by suspected Russian hackers as part of the SolarWinds cyberespionage campaign.

The hack was one of the biggest uncovered and sent security teams around the world scrambling to contain the damage, Reuters reports. 

The intrusions into networks at Cox and of Pima County, Ariz., showed that the hackers also had targeted less-high-profile organizations.

A Cox spokesman said the company was working “around the clock” with the help of outside security experts to investigate any consequences of the SolarWinds compromise.

“The security of the services we provide is a top priority,” he said.

Pima County Chief Information Officer Dan Hunt told Reuters that his team had followed U.S. government advice to immediately take SolarWinds software offline after the hack was discovered.

He said investigators had found no evidence of a further breach.

Chinese Chip Manufacturers Blacklisted Over Alleged Military Ties

The Trump administration Friday blacklisted China’s largest maker of computing chips, limiting the company’s access to high-end technology, over its alleged links to the Chinese military.

Semiconductor Manufacturing International Corp. (SMIC) has been added, along with more than 60 other Chinese institutions, to the Commerce Department’s list of banned companies, The Wall Street Journal reports.

The designation restricted companies from exporting U.S.-origin technology to the listed firms without a license, with a provision that bars SMIC from acquiring technology to build chips with 10-nanometer circuits and smaller, according to the Journal.

The chip maker said Wednesday that it was looking into reports that one of its two co-chief executives had suddenly decided to step down, a disclosure that sent its shares tumbling.

Commerce Department officials said they applied the restriction to SMIC because of what they said was the company’s cooperation with Chinese military-linked entities.

“Entity List restrictions are a necessary measure to ensure that China, through its national champion SMIC, is not able to leverage U.S. technologies to enable indigenous advanced-technology levels to support its destabilizing military activities,” Commerce Secretary Wilbur Ross told the Journal in a statement. 

A SMIC representative did not immediately comment. 

Facebook Disables Messaging Features in Europe

Facebook on Thursday disabled several interactive options in Messenger and Instagram in the EU to make sure they comply with new privacy rules.

Messaging apps after Dec.31 will fall under EU rules known as the ePrivacy directive, BBC News reports. 

The directive has been designed to limit what companies can do with messages and the metadata attached to them.

It also prohibited the interception or surveillance of communications and metadata without explicit consent from those involved.

Facebook said it had not published a list of all the features it was suspending in Europe because it would be quickly reactivating ones that it was confident complied with the rules.

The core text-messaging and calling options on Instagram and Messenger will not be affected, the company said.

“We’re still determining the best way to bring these features back,” the company told BBC News in a statement. “It takes time to rebuild products in a way that work seamlessly for people and also comply with new regulation.”

Google Antitrust Lawsuit to Go to Trial in 3 Years 

The U.S. government’s antitrust lawsuit against Google won’t go to trial for nearly three years after a federal judge set a timetable Friday.

U.S. District Judge Amit Mehta in Washington set a tentative trial date of Sept. 12, 2023, for the case filed two months ago by the Justice Department, The Associated Press reports. 

“This dispels the notion that we would go to trial quickly,” Mehta said in a conference call with government and Google lawyers to establish parameters for exchanging confidential documents and questioning top Google executives.

He estimated that once the trial begins, it would last about six weeks.

Google has fiercely denied the government’s allegations that it has illegally struck deals to thwart competition in the search market to help give it a stranglehold on a digital advertising market. 

— By DPN Staff