Welcome to Codebook, the cybersecurity newsletter taking suggestions for a Halloween costume. If you have a tip or story idea for the newsletter, just hit reply.
Situational awareness: FireEye says it has found multiple pieces of evidence independently tying the core Triton malware used to hack industrial control systems in 2017 to the Russian government lab, Central Scientific Research Institute of Chemistry and Mechanics.
Image: iStock/Getty Images Plus
Australia’s new encryption legislation has red flags beyond the usual encryption debate, Eric Wenger, Cisco's director of cybersecurity and privacy for government affairs, tells Codebook.
Wenger recently testified in front of lawmakers Down Under about the bill, which is facing a vote in parliament within weeks, per Reuters.
Why it matters: Think of Australia as the first domino in a global move toward encryption legislation. Its bill — which would give law enforcement access to encrypted data without the consent of the owner — would likely be a model for the U.S. and others.
The Australian bill is the next link in a chain of legislation dating back to 1994, when the U.S. passed the Communications Assistance for Law Enforcement Act (CALEA), Wenger says.
There are safeguards written into the bill, but Wenger says Cisco sees ways they might fall short:
Even if all these issues are addressed, there may be unintended consequences. The easiest way to add a surveillance system may be through a tainted system update. But that might lead users to abstain from updating systems, causing catastrophic security problems.
The bill explicitly permits the government to hack systems for surveillance. While the U.S. has a process for determining if the benefit of hoarding hacking techniques outweighs the risks of not allowing manufacturers to patch vulnerable products, many governments — including Australia — do not. Wenger thinks such a process should precede any hacking by a government.
The bottom line: These concerns are above and beyond all the traditional, familiar arguments about the dangers of circumventing encryption — and suggest just how big a fight the coming encryption debate could become.
Logo used by German Amazon strikers in 2014. Photo: Uwe Zucchi/picture alliance via Getty Images
Two major tech companies have joined Apple in calling for Bloomberg to retract its controversial story claiming Super Micro shipped servers implanted with Chinese government spy chips.
Driving the news: On Monday, Andy Jassy, who heads the Amazon Web Services division said to have been aware of the chips, said Bloomberg should retract their story. Super Micro CEO Charles Liang followed suit shortly after. Apple CEO Tim Cook had called for a retraction last week, via BuzzFeed.
What they're saying:
We've covered the controversy in the past. It's worth noting that the Department of Homeland Security, a key NSA official, lawmakers, the British federal cybersecurity service and a boatload of security experts all contest the truth of the original story.
Super Micro is investigating the claims, the company wrote in a Monday letter to customers trying to dispel fears stemming from the story, separate from its call to retract.
Bloomberg reiterated an earlier statement to Codebook when asked for comment, saying it stands by its story, "the result of more than a year of reporting, during which we conducted more than 100 interviews."
The New York Times’ Julian Barnes reports that U.S. Cyber Command is warning individual Russian disinformation operatives that America is on to them and watching their every move.
The big picture: The Times is clear that these aren’t threats, though adds that anyone working in propaganda would likely know the Russians could be sanctioned or even indicted for this kind of work.
On Friday, the Department of Justice announced it had filed charges against a Russian citizen who was the accountant for the Russian misinformation campaign most famous for meddling in the 2016 elections and that continues today.
Details: You've probably already heard several key facts from that complaint, but just in case...
One more thing: It didn't get mentioned a lot, but the budgeting for Russian misinformation appears to have stayed constant even after the 2016 election and to have nearly doubled between last February ($1 million) and this February ($1.7 million).
National Security Adviser John Bolton told a Russian radio station Monday that the multi-level Russian scheme to impact the 2016 election didn't have any effect, but nonetheless made relationships between Washington and Moscow more difficult. He's currently in the region to meet with his Russian counterparts.
"The point I made to Russian colleagues today was that I didn't think, whatever they had done in terms of meddling in the 2016 election, that they had any effect on it, but what they have had an effect in the United States is to sow enormous distrust of Russia."— John Bolton to radio station Ekho Moskvy
My thought bubble: This — in line with the administration's general unprovable position that hacking the DNC and spewing propaganda over RT and social media had no effect — strikes some people as insincere.
Codebook will be back on Thursday. Just try to stop it.