Sep 16, 2020

Axios Codebook


Hello, and welcome to this week’s Codebook. These days, we’re thinking about all our compatriots on the West Coast and the terrible fires there.

Today's newsletter is 1,287 words, a 6-minute read.

1 big thing: Foreign, domestic disinfo deepens U.S. fissures

Illustration: Sarah Grillo/Axios

American democracy faces what could be its greatest test in a lifetime as signs mount that Russia is working to interfere in the 2020 U.S. presidential election, while the Trump administration and its allies systematically minimize those efforts, in the process becoming an accessory to them.

Why it matters: It's becoming ever more difficult to find any boundary between foreign meddling and domestic disinformation.

The big picture: As journalist David Halberstam once observed of the McCarthyist convulsions of the 1950s, "If the center did not fold, it did not exactly hold, either." As the president and his proxies invent monsters to destroy, while declaring that real monsters are imaginary, the center of the American polity faces unprecedented strain from within and without.

Driving the news: Just last week...

Microsoft announced that hackers linked to Russia as well as China and Iran were attempting to infiltrate political organizations including both the Trump and Biden campaigns.

  • It's unclear whether these campaigns are "mere" spying attempts or preludes to a 2016-style hack-and-dump campaign seeking to alter the American political dynamic.

A whistleblower told House lawmakers that, while working as the top intelligence official in the Department of Homeland Security, acting agency chief Chad Wolf told him "to cease providing intelligence assessments on the threat of Russian interference in the United States, and instead start reporting on interference activities by China and Iran."

  • Wolf, according to the whistleblower, was working on orders from national security adviser Robert O’Brien.

The Treasury Department sanctioned Andrii Derkach, a Ukrainian parliamentarian and active Russian agent.

  • The move was a belated official acknowledgment that Derkach’s campaign to smear Joe Biden is in essence a Russia-backed disinformation operation.
  • Not mentioned by Treasury: Trump lawyer and confidante Rudy Giuliani pushed material from Derkach.
  • The Derkach operation has also received the imprimatur of legitimacy from Senate Homeland Security Committee Chair Ron Johnson (R-Wis.), whose investigation into Biden is built in part around Derkach-provided material.

Microsoft’s disclosures make clear that Chinese and Iranian cyber spies are also targeting U.S. politicians and political operatives.

  • Top U.S. intelligence officials have said that both Beijing and Tehran are seeking to influence the 2020 election, and they prefer that former Vice President Biden is victorious in November.

Yes, but: Only Russia has a demonstrated record of taking the momentous step beyond cyber spying to actually using pilfered political data in service of covert action: hacking, then leaking material strategically to sow chaos in the U.S. and tip the scales toward its preferred candidate.

And unlike in 2016, the levers of federal power are being used to stamp out public disclosures on the subject.

  • As willing, powerful U.S. political figures circulate material from interference campaigns while also downplaying the threat they pose, the line between foreign and domestic disinformation is blurring, and perhaps eroding entirely.
  • There is no intelligence or national security solution to what has become, in essence, an acute domestic political crisis.

Be smart: Leaders in Moscow can watch CNN or read the Washington Post and interpret the administration’s timorous response to Russian active measures clearly as tacit encouragement — or at least implicit tolerance.

What's next: A close election in November will likely be contested, and ballot counting could drag on for weeks; legal challenges, for months.

  • Foreign intelligence services may rush into the void, seeking to exacerbate political tensions and weaken the United States.
  • Domestic politicians, including the president himself, will likely sow fear, uncertainty and doubt about the results, perhaps amplifying disinformation created by foreign actors. Other levers of state power can be used for the same ends.
  • Massive street protests, and other forms of nonviolent and even violent extra-parliamentary politics, may become widespread.

The bottom line: America is in a vulnerable place, and we simply don’t know what might push the wobbling center toward collapse.

2. Oracle-TikTok deal only raises more questions

Photo: Chesnot/Getty Images

The Trump administration is reviewing a proposed deal between Oracle and ByteDance, TikTok’s Chinese parent company, aimed at letting the popular social video app remain in the U.S., but the partnership raises as many questions as it answers.

Why it matters: The threat to ban TikTok came over fears that Beijing could force it to hand over user data. Yet it’s unclear if the new arrangement, which will see Oracle serve as TikTok’s “trusted technology partner” in the U.S., will address those fears.

Catch up quick: The White House is reviewing the deal this week, which comes with a commitment to stand up a global TikTok headquarters in the U.S. and hire 20,000 people in the country.

  • Signs indicate top administration officials are viewing the deal favorably. CNBC reported Tuesday that the White House is nearing approval, and Jared Kushner looked upon that prospect “hopefully,” he said.

Yes, but: The arrangement appears to fall well short of the full acquisition that Microsoft unsuccessfully pursued. Oracle doesn’t appear to be getting control of TikTok’s U.S. operations or the algorithms that power the app. Wresting those from Chinese hands was a major reason for the Trump administration’s coercive actions in the matter.

  • This was rooted in worries over Chinese laws that mandate that China-based companies share data with Beijing’s intelligence services on request.
  • The fact that TikTok says it already stores its user data in Singapore has not placated U.S. intelligence agencies.

The bottom line: If ByteDance, as expected, retains majority ownership with control over TikTok’s underlying source code and can also still shift data between Oracle-administered servers and others, the fears of the Trump administration and U.S. intelligence community may not be allayed.

3. Chinese hackers use open-source tools against U.S. networks

Hackers affiliated with Beijing’s main civilian intelligence service are using common open-source tools to penetrate U.S. government networks, the Cybersecurity and Infrastructure Security Agency (CISA) disclosed Monday.

Why it matters: Even sophisticated state-backed cyber operators can exploit simple, widely available tools to target adversaries.


  • The hackers, affiliated with China’s Ministry of State Security (MSS), are using tools like Shodan, a publicly available specialized search engine that can identify outward-facing unpatched or vulnerable devices on the internet, says CISA.
  • They’re also using open-source tools to identify vulnerable virtual private networks (VPNs), which are increasingly ubiquitous as more people work from home.
  • Chinese hackers have also used the Tor browser to support infrastructure ultimately used to compromise “Internet-facing Federal Government agency systems,” says CISA.

In one case, CISA observed a “Federal Government IP address” beaconing to an MSS-controlled command-and-control server.

The hackers seize on public announcements of vulnerabilities to identify potential targets, says CISA.

  • “CISA analysts have observed a correlation between the public release of a vulnerability and targeted scanning of systems identified as being vulnerable,” including by Chinese hackers, says the announcement.
  • Those maintaining government systems should constantly keep them patched to guard against danger, CISA recommends.
4. Bipartisan Internet of Things security bill passes House

A bipartisan bill mandating minimum security standards for all Internet of Things (IoT) devices used by the federal government passed the House Monday.

Why it matters: IoT devices — internet-connected household controls, industrial monitors and other physical-world gadgets — are expected to become ubiquitous in the coming years, particularly as wireless carriers light up 5G networks. If improperly secured, they could represent a massive new cybersecurity risk.

Details: The bill, led by Reps. Will Hurd (R-Texas) and Robin Kelly (D-Ill.), empowers the National Institute of Standards and Technology (NIST) to “publish standards and guidelines on the use and management of IoT devices by the federal government, including minimum information security requirements,” per its authors.

  • Devices that don’t meet these standards will be banned from use unless agencies apply for specific waivers on national security grounds.
  • The bill also directs the Office of Management and Budget, which oversees federal procurement, to coordinate with NIST on minimum standards for IoT devices.
  • And the bill requires that companies providing IoT devices to the federal government set up a process to alert U.S. agencies about potential cybersecurity threats to their devices.

What’s next: The IoT bill now goes to the Senate, where Sens. Mark Warner (D-Va.) and Cory Gardner (R-Colo.), the co-chairs of the Senate Cybersecurity Caucus, have previously introduced a companion measure.

5. Odds and ends
  • The Justice Department has opened a criminal investigation into the alleged publication of classified information in John Bolton’s book. (New York Times)
  • Facebook has ignored overwhelming evidence that the platform has been used to sow disinformation and undermine democracy worldwide, says a whistleblower ex-employee. (BuzzFeed)
  • The children of 9/11 will be voting for the first time in the 2020 elections. (Politico)
  • The former head of the CIA’s Osama bin Laden unit has become a proponent of unhinged and often violent conspiracy theories. (The Daily Beast)
  • Ransomware attacks are becoming the driver of an increasingly large percentage of cyber insurance claims. (CyberScoop)