July 08, 2020
Welcome to this week's Codebook, where we're thinking about a saying from senior NSA official Rob Joyce that, when it comes to long term threats, Russia may be a hurricane, but China is climate change. Well — as we've seen since 2016 — a hurricane can still do lots of damage.
Today's newsletter is 1,505 words, a 6-minute read.
1 big thing: The tangled web of Russia's Taliban support
The alleged Russian campaign to pay the Taliban bounty for U.S. troops' lives represents "a huge escalation" of Russian activities in Afghanistan, but suspected Russian support of the Taliban goes all the way back to the Obama administration, former U.S. intelligence officials told Axios.
The big picture: The bounty scheme, spearheaded by the Russian military intelligence agency commonly known as the GRU, is laid out in information gathered by U.S. intelligence agencies — including intercepts of banking transfer data — and reported in a series of exclusives by the New York Times.
Details: One former official told Axios there was a "robust discussion" at the CIA during the second Obama administration over "finished intelligence" pointing to support by the GRU for the Taliban, including the GRU's provision of weapons and funds to insurgents.
- Some CIA officials believed that the GRU was "incentivizing killing NATO troops" through these activities, though there was no evidence of actual bounty payments, says this person.
- CIA officials disagreed internally about the strength of this evidence, says this former official, and U.S. intelligence officials began to dig more into Russia-Taliban connections as a result.
- Other former intelligence officials say the evidence was more opaque. There was "nebulous reporting" about Russian support for the Taliban during this time, says a second former intelligence official, but nothing nearly as concerning as the consistent support provided by Pakistani intelligence to the Taliban, recalls this person. (By 2018, however, senior U.S. military officials were publicly accusing Russia of providing the Taliban with weapons.)
Yes, but: While there were indeed "rumblings" of GRU support for the Taliban toward the end of the Obama years, says a third former official, it was very different than "specific threat information."
- Threat information, such as bounties, is considered so important that it is shared more widely even when not fully verified due to the potential harm to human life, say former officials.
- During the last few years of the Obama administration, no reporting on potential GRU bounties in Afghanistan appeared in the President's Daily Brief, a written document provided every day to the president and select senior U.S. officials that summarizes key intelligence and analysis from U.S. spy agencies, recalls a former U.S. national security official. This points to a lack of such knowledge within the U.S. intelligence community at the time, says this person — especially because of the lowered bar for disseminating threat data.
- According to the Associated Press, by 2019, however, some U.S. intelligence officials had concluded that Russia had transitioned from merely providing support to the Taliban to actually paying them to kill U.S. soldiers.
Between the lines: U.S. officials believe that the bounties were organized by members of GRU's Unit 29155, according to the Times. This notoriously aggressive Russian group is considered responsible for:
- the poisoning, via a powerful nerve gas, of a Russian defector and his daughter in England in 2018;
- an attempted coup in Montenegro in 2019;
- and other actions aimed at destabilizing Europe.
How it works: In Afghanistan, GRU operatives worked through criminals, soldiers of fortune, and other underworld figures to pay Taliban insurgents to kill U.S. soldiers, U.S. officials told the Times. One figure Russian intelligence operatives offered up to $100,000 per U.S. or allied soldier killed in Afghanistan, Afghan officials said to the Times.
The intrigue: Intelligence reporting on the bounties on U.S. troops was discussed at a high-level National Security Council meeting in March, sources told the Times, but no action was taken by the White House for months.
- President Trump has sought to publicly downplay U.S. intelligence agencies' assessment on the bounties, and a recent memo produced by the National Intelligence Council has emphasized gaps in what U.S. officials know about the alleged bounty operation, raising questions about politicization.
- Assessments about the strength of the intelligence do vary between U.S. spy agencies, with the National Security Agency, which focuses on electronic intercepts and other signals intelligence, less confident about some parts of the reporting than the CIA, according to the Wall Street Journal.
2. Hong Kong's plight shows why strong encryption matters
Hong Kong's new national security law, enacted by officials in Beijing, has rapidly constricted freedom of expression in the formerly semi-autonomous Chinese territory and driven residents to seek new ways to protect their communications.
Why it matters: The new law has created a difficult conundrum for U.S. and other tech giants: they can agree to provide Hong Kong authorities with evidence of their users committing potential political crimes, or they can themselves face sanction, and even criminal penalties, for refusing to cooperate.
Details: The new, vaguely worded law, passed in response to recent anti-Beijing protests:
- criminalizes broad categories of speech;
- subverts the independence of local judicial and law enforcement bodies;
- and compels private companies, on the threat of prosecution, to assist law enforcement in censoring banned speech and to provide evidence of political crimes.
Driving the news: On Monday, Google, Twitter, and Facebook announced they temporarily paused all cooperation with law enforcement in Hong Kong on potential criminal investigations due to the new law. It is unclear when, if ever, these companies will resume working with Hong Kong investigators.
- TikTok, a Chinese-owned app unavailable within mainland China itself, announced that it was suspending all access to users within Hong Kong for an undetermined period, and making new downloads of it impossible there, as Axios' Ina Fried reported.
Importantly, Facebook announced that this suspension of cooperation with Hong Kong law enforcement extends to WhatsApp, a popular encrypted chat service owned by the company.
- Telegram, another popular encrypted chat app, also announced it would not cooperate with the new law.
- Droves of Hong Kong residents have started downloading Signal, another encrypted messaging app, in anticipation of the coming crackdown on speech.
My thought bubble: The rush by Hong Kong residents to access encrypted apps shows the importance of safe and secure communications in repressive environments.
- Indeed, these platforms may soon be the only places where Hong Kongers can freely interact on political topics. And this has lessons and repercussions for U.S. officials, in a world of rising authoritarianism.
- "It is time for governmental authorities — including law enforcement — to embrace encryption because it is one of the few mechanisms that the United States and its allies can use to more effectively protect themselves from existential cybersecurity threats, particularly from China," wrote former FBI General Counsel Jim Baker in late 2019.
Be smart: These encrypted platforms don't merely protect Americans from compromise by Chinese and other authoritarian governments. They also help keep freedom of expression alive — if on life support — in places where it is threatened.
- That's something American policymakers should keep in mind as they weigh the future of strong encryption here.
3. UAE extradites Nigerian cyber-scammer to U.S.
A Nigerian cybercriminal who masterminded a scheme to defraud U.S. companies out of tens of million of dollars was extradited last month from the United Arab Emirates, where he was a resident, to Chicago, to be arraigned on federal criminal charges last Friday, according to the Department of Justice.
How it worked: The 29-year-old man, Olalekan Jacob Ponle, worked with other associates to compromise the business emails of institutions associated with the companies he targeted.
- Then Ponle sent very realistic looking requests for payment from these email addresses, asking for large wire transfers to accounts set up by his associates.
- One Chicago-based company was defrauded out of over $15 million this way, say prosecutors. The scammers then converted the funds into Bitcoin, writes AP.
Why it matters: Ponle's case — unusual because of the cybercrime related extradition from the UAE to the U.S. — shows the increasing reach of cyber scammers and the growing damage they are causing to U.S.-based businesses and individuals.
- In 2019, cybercriminals, engaging in business email compromises and other scams, caused over $3.5 billion in losses, according to the FBI, which received over 467,000 complaints last year to its Internet Crime Complaints Center.
- Business email compromises, like the type allegedly perpetrated by Ponle, were responsible for over $1.7 billion of these losses, says the bureau, which fielded 23,775 reports of such fraud last year.
4. U.K.-China tension heats up over Huawei
The U.K. may further restrict technology from Huawei, the Chinese telecommunications giant, on its 5G networks, due to security concerns, the Washington Post reports.
The big picture: The move is seen as a diplomatic victory for the U.S., which has sought to prevent Huawei technologies from being employed in communication networks across the world. China, meanwhile, accuses the U.S. of using security rationales to squeeze Huawei from international markets because it is hostile to economic competition.
- The reported move by the U.K., which might ban new Huawei equipment from being used in U.K. networks by the end of the year, follows a gradual toughening of restrictions on Huawei there, though U.K. officials have generally taken a more conciliatory position toward the company than their U.S. counterparts.
- Unlike the U.S., Australia, and New Zealand, for instance, the U.K. set up a special center, paid for by Huawei but overseen by members of GCHQ, the U.K.'s signals intelligence agency. The facility gives British intelligence officials access to Huawei software and hardware to inspect any unintended — or purposeful — vulnerabilities that might allow China to snoop digitally on other countries' networks.
- In January, British officials banned Huawei technology from being used in its "core" communications networks, as well as those close to the military, intelligence, and nuclear sites.
- The new reported restrictions further squeeze Huawei's ability to operate in the country — and are likely tantamount to a total ban.
5. Odds and ends
- An anti-Iran propaganda campaign placed around 90 articles by nonexistent writers in 40 different publications, including Newsmax and the Washington Examiner. (The Daily Beast)
- The FBI is opening a new China-related counterintelligence investigation every 10 hours, said FBI Director Chris Wray. (Axios, Hudson Institute)
- The widespread use of NDAs is suppressing conversations about racism in the tech industry. (Protocol)
- Why platforms need to regulate malicious speech. (Wired)
- Microsoft disrupted a fraud ring operating in 62 countries. (Bloomberg)