Jul 17, 2018

Axios Codebook

Axios

Welcome to Axios Codebook, the cybersecurity newsletter with a heart of gold and kidneys of silicon.

Tips? Please reply to this email.

1 big thing: Trump is blind to Russian cyber threat

Photo by Chris McGrath/Getty Images

If there was any hope that this presidential administration might ever take Russian cyber threats seriously, President Trump's meeting Monday with Vladimir Putin in Helsinki laid it to rest.

Axios' Jonathan Swan reports that Trump advisers are increasingly certain that the president is not capable of understanding the difference between collusion and a cyberattack.

That's a real problem. Russia can't compete militarily, economically, culturally or almost any other way with the U.S. Its only active threat is in cyber and information operations. To ignore the very real damage from those campaigns is to ignore what Russia is as an international actor today.

Helsinki in brief: Nonetheless, that kind of denial permeated Trump's trip — at least, the parts in front of the cameras.

  • Trump backed Putin's disavowals of any kind of hacking campaign in the United States, despite the Department of Justice's thorough indictment of 12 Russian agents for doing just that. "I don't see any reason why it would be [Russia]," he said, later adding, "President Putin was extremely strong in his denial."
  • Putin provided that reason — and, in doing that, shot down a year of House Republicans' claims the Russian president didn't back his U.S. counterpart. Putin said he did in fact want Donald Trump to win the election: "Yes I did [prefer Trump]. Because he talked about bringing the US-Russia relationship back to normal."
  • The president went on a rambling tirade encompassing his electoral college win and the right-wing trope that the FBI did not have access to the Democratic National Committee servers during its hacking investigation.

Trump kept asking "Where is the [DNC] server?" We debunked that issue here. In short: It's common for organizations not to hand their servers over to the FBI during hacking investigations. The practice limits the potential for the FBI to damage something, or for sensitive information to leak.

  • It's clear from the indictment that the FBI has plenty of evidence that did not require the DNC servers. Nearly all of the indictment came from evidence that had to be collected from other systems, using human intelligence, or through warrants and subpoenas.

Don't take my word for it: Sean Joyce, former deputy director of the FBI and current leader of PwC's U.S. cybersecurity and privacy practice, emailed Axios: "When the victim of a cybersecurity breach interacts with law enforcement (local, state, federal), it is not uncommon for the victim to only provide either targeted information (i.e. specific logs, images, or investigation details), or not provide any of this information, but rather just provide a finalized investigative report from the incident."

What now? After the Helsinki press conference, Republican lawmakers once again expressed discontent with the president for not standing up to Putin or behind the intelligence community. But it's unclear whether GOP leaders are prepared to take more resolute actions.

Russia attacked the United States. National security, and cybersecurity, should warrant taking that seriously.

2. ZTE ban ends, but its impact is still being felt

Photo: Johannes EIsele/AFP via Getty Images

The United States' company-freezing penalties against ZTE came to an end on Friday, but Reuters reports they may have longstanding effects on international sales of the products.

The background: ZTE was twice caught selling banned technology to North Korea and Iran, triggering a ban on the Chinese telecom manufacturer using U.S. technology.

  • ZTE needs U.S. tech, especially microprocessors, to survive.
  • A bargain with the Trump administration allowed the company to start using U.S. tech again.
  • Meanwhile, some U.S. lawmakers are trying to reinstate the penalty on ZTE that they feel is well warranted, especially in light of accusations ZTE has sabotaged its products to allow for Chinese espionage.

The fallout: Reuters reports the brief stoppage in ZTE's manufacturing caused ZTE to lose contracts, including:

  • a $1.2 billion contract with Italian mobile operator Wind Tre
  • a deal with Spanish telecom Telefonica
  • another deal with lead emerging markets mobile operator Veon to broaden its supply chain
3. Key security officials depart
  • Russia hawk Richard Hooker is out at the National Security Council, although there are competing theories as to why. (Just Security)
  • Jeff Tricoli, an 18-year veteran of the FBI, left a leadership post at the Bureau's election security task force for a private-sector role at Charles Schwab. The timing is interesting, with the November elections only months away. (Wall Street Journal)
4. Mega users may have been breached

A list of account information on more than 15,000 users of file-sharing site Mega has surfaced, raising the possibility that the site and its users' accounts have been breached.

Why it matters: Particularly concerning was that, beyond email addresses and passwords, the list included the file names users had uploaded. That means whoever compiled the list would need to have entered the accounts to have scraped that data.

The details: Patrick Wardle, co-founder of Digita Security, found the list uploaded to malware research site VirusTotal — an antivirus aggregator that shares new samples with its component security firms.

Mega what? If you've heard of Mega, that's probably because of its colorful, trollish former owner Kim Dotcom, a New Zealand conspiracy theorist known for legal jousting with the U.S.

5. Election software maker admits it allowed some remote access

Vendor Election Systems and Software (EE&S) admitted to installing remote access software on election management systems sold to “a small number of customers between 2000 and 2006.” The admission came in a letter to Sen. Ron Wyden (D-Ore.) detailed by Kim Zetter in Motherboard.

Why it matters: Those systems, which among other tasks tabulate votes from voting machines, could hypothetically be manipulated by a hacker. EE&S claims the software was configured not to allow incoming connections, which significantly reduces the risk of an attack but does not outright eliminate it.

The intrigue: Zetter wrote an earlier story for the New York Times on the use of remote access software in voting machines, in which EE&S denied installing the software.

6. Odds and ends
Axios

Codebook will be back on Thursday.