Welcome back to the new Axios Codebook! I’m Zach Dorfman, senior staff writer at the Aspen Institute, and every Wednesday I’ll be in your inbox exploring the intersection of cybersecurity, espionage and technology.
A little bit about me: I’m a national security journalist who has written for Politico, The Atlantic, Foreign Policy and other publications. My work has focused on challenges that nation-states like China, Russia, North Korea and Iran pose to the U.S. and its Western allies; the inner workings of the $60 billion-a-year world of U.S. spy agencies; and the ways in which technology is changing what intelligence is and how it’s gathered.
I’m excited to dig into all things cybersecurity-related — which is, broadly speaking, the most important story of our time. You can always send feedback by replying to this email.
Today's newsletter is 1,353 words, a 5-minute read.
Illustration: Aïda Amer/Axios
A wave of cyber spying around COVID-19 medical research is once more demonstrating the perils of treating cybersecurity as a separate, walled-off realm.
Driving the news: U.S. officials recently announced an uptick in Chinese-government affiliated hackers targeting medical research and other facilities in the United States for data on a potential COVID-19 cure or effective treatments to combat the virus. Additionally, “more than a dozen countries have redeployed military and intelligence hackers to glean whatever they can about other nations’ virus responses,” reports the New York Times.
The big picture: For years, policymakers and media outlets have stowed cybersecurity threats and conflicts away in their own specialized silo. But the world of cyber espionage isn’t really separate at all: It’s just another means for countries to pursue their tactical and strategic objectives.
Of course the world’s spies are trying to purloin vaccine research: Nothing is more valuable right now anywhere on the planet. The country that’s first with a vaccine will, in theory, benefit immensely. Elections may be won or lost because of it. Industries and entire economies hang in the balance. Social stability may depend on vaccine access.
There are also subtler benefits of a vaccine: the soft power accrued to whoever develops and shares it internationally, as well as the potential profits from what should be a global, compulsory, vaccination campaign — and one that may be required at regular intervals, like a flu shot.
Between the lines: The pandemic took an already accelerating trend toward the virtualization of our work and private lives and kicked it into overdrive.
Why it matters: We won’t be able to understand or predict where the next threats will emerge unless we get better at integrating the stuff we call “cyber” with all the other ways we think about the world.
President Trump and his allies have made a lot of noise about purported Obama administration wrongdoing via the “unmasking” of then-incoming national security adviser Michael Flynn’s identity in reports of intercepted conversations between Flynn and Russian Ambassador Sergey Kislyak during the 2016–17 presidential transition.
This is, at bottom, a manufactured controversy. Neither the interception of Kislyak’s calls nor the requests by senior U.S. officials to know whom he was speaking with about sanctions relief were unusual in and of themselves, though the context — the Russian election interference scheme in 2016 — certainly was.
Yes, but: What is unusual is the declassification of this request log by former acting director of national intelligence Richard Grenell.
How it works: Unmasking is a routine operation in the U.S. security bureaucracy.
There were more than 10,000 such requests in 2019.
Our thought bubble: These conversations involved U.S. sanctions relief and the larger policies of the incoming Trump administration toward Russia — policies about which there was great concern, as Russia had just executed a successful influence campaign to help elect Donald Trump president. It would have been a scandal if U.S. counterintelligence officials weren’t alarmed.
Illustration: Rebecca Zisser/Axios
The Justice Department's arrest of Simon Saw-Teong Ang, an engineering professor at the University of Arkansas, for wire fraud earlier this month ratcheted up a long-running confrontation with China over a controversial scholarship program.
What’s happening: Ang’s indictment was related to his failure to disclose the extent of his ties to China’s 1000 Talents Program, an initiative of the Chinese government to encourage U.S. scientists and researchers to share technical know-how and innovations with Chinese universities and businesses.
The big picture: Ang’s arrest was the latest in a crackdown by DOJ officials over the 1000 Talents Programs, which has ensnared the chair of Harvard’s chemistry program, a former Emory University neuroscientist, a Coca-Cola engineer and others.
The bottom line: The U.S. is walking a tightrope between aggressively pursuing intellectual property theft cases and creating a chilling effect through overbroad and/or racially tinged prosecutions.
Untapped, a popular beer-rating app, can easily be manipulated to identify and track military and intelligence personnel, according to a report in the investigative open-source journalism and research outlet Bellingcat.
In one case, Bellingcat located an individual who “checked in” multiple times from Camp Peary, commonly known as “The Farm” — a highly restricted Virginia military base where CIA operations officers are trained in spycraft.
The bottom line: Digital trails make surveillance of individuals much easier than in the past. For government officials, using even harmless-seeming apps — like ones that rate beer! — can provide foreign intelligence services with massive troves of information useful in tracking top-tier espionage targets.
Between the lines: The trend is gradually rendering it impossible to conduct the traditional kind of human spying, say intelligence officials. Now, spies have to “hide in plain sight,” accept that their identities may be known and rely on superior tradecraft to keep their work secret.