Welcome to Codebook, the cybersecurity newsletter with the most allergies.
Situational awareness: Cisco announced this morning it plans to acquire Duo Security, a vendor that offers cloud-based multi-factor authentication and other security features.
Illustration: Axios Visuals
When Facebook announced Tuesday it had discovered a new coordinated influence campaign, thoughts quickly turned to its potential impact on the 2020 election. But thinking about this campaign in relation to elections may be missing the point.
The big picture: Russia's designs in 2016 went far beyond getting its preferred candidate into the White House. Some of its goals, including the apparent goals of the most recently discovered groups, do not appear to be primarily related to candidates.
We don't yet know if the new campaign was led by Russia's Internet Research Agency; Facebook did not attribute the operation. But we do know that the 2016 Russian campaign's goals went further than influencing the election.
The pages Facebook identified presented the groundwork for building four fake liberal groups — importantly, including one designing a counter-protest against an alt-right protest.
The timing of social media campaigns shows that this isn't an election-by-election operation. Troll tweets spiked in summer of 2017, well above the levels of the 2016 election, per a FiveThirtyEight report.
Threat level: It's easy t0 interpret the new campaigns in terms of elections. The public first became aware of the modern Russian disinformation efforts in the context of broader 2016 election efforts — they manipulate political allegiances, and the messages are often framed in terms of political outcomes, like getting President Trump to resign. And Russian hacking efforts certainly appear to have been intended to help ensure Trump's election.
Meanwhile, no one knows what to do: Lawmakers are not moving in the same direction to get anything done — nor do they fully understand exactly how disinformation campaigns work — as Axios's David McCabe and Haley Britzky noted from yesterday's Senate Intelligence Committee hearing on social media.
Lawmakers of both parties agreed that online influence campaigns are an urgent problem. But they are far from reaching consensus of how to tackle it.
The Department of Justice announced Wednesday the indictment of members of the notorious Ukrainian cybercrime group Carbanak — Dmytro Fedorov, Fedir Hladyr and Andrii Kopakov. Carbanak, also known as Fin7, is a well-organized, almost businesslike criminal outfit that stole credit card information using custom malware.
What they're saying: "It’s very good progress that we’re starting to see some indictments," said Adam Myers, VP of Intelligence at CrowdStrike.
Why it matters: The U.S. indictment charges the group with attacks on over 100 victims in 47 states. Myers notes that the group, which CrowdStrike tracks back five years, had a substantial international reach as well.
The details: The group recruited hackers using a front company called "Combi Security," according to the indictment. Combi claimed to have offices in Israel and the Ukraine.
The case is being tried in the Western District of Washington. The Department of Justice credits help from a handful of U.S. and international law enforcement groups as well as private security companies and banks including Visa and Mastercard.
Hackers broke into Reddit in June, the site announced, garnering access decade-old posts and recent email digests.
Are you safe? Probably. The only things that hackers could see were:
What happened? The best practice in industry is to use two factor authentication: a system where to log in, someone needs both a password and another thing, like a fingerprint scan or a physical key.
Photo: Emilija Manevska/Getty Images
Officials in Matanuska-Susitna, Alaska, have conducted business on typewriters since July 24, when BitPaymer ransomware attack took out more than 600 workstations and servers.
Why it matters: Shrewd cybersecurity investment play — invest in typewriters.
Amnesty International reports that several Saudi Arabian human rights workers — including one of its employees — was targeted with the Pegasus malware.
Why it matters: Pegasus, a product of Israeli's NSO group, is only sold to governments. It's a commercial mobile spyware product that's supposed to be used by law enforcement or espionage agencies. Taking Amnesty's word for what happened, this appears to be a governmental attempt to squelch human rights workers.
The background: The targeted activists recieved a message with an alert about a protest that linked to the malware. The lure message sent over WhatsApp read:
"Can you please cover [the protest] for your brothers detained in Saudi Arabia in front of the Saudi embassy in Washington. My brother is detained in Ramadan and I am on a scholarship here so please do not link me to this."
Codebook will return next week from the Black Hat and DEF CON conferernces in Las Vegas.
Codebook always bets on black.