A master lock with ones and zeroes instead of the regular numbers.
Aug 2, 2018

Axios Codebook

Welcome to Codebook, the cybersecurity newsletter with the most allergies.

Situational awareness: Cisco announced this morning it plans to acquire Duo Security, a vendor that offers cloud-based multi-factor authentication and other security features.

1 big thing: Disinformation campaigns aren't just about elections

Illustration: Axios Visuals

When Facebook announced Tuesday it had discovered a new coordinated influence campaign, thoughts quickly turned to its potential impact on the 2020 election. But thinking about this campaign in relation to elections may be missing the point.

The big picture: Russia's designs in 2016 went far beyond getting its preferred candidate into the White House. Some of its goals, including the apparent goals of the most recently discovered groups, do not appear to be primarily related to candidates.

We don't yet know if the new campaign was led by Russia's Internet Research Agency; Facebook did not attribute the operation. But we do know that the 2016 Russian campaign's goals went further than influencing the election.

  • As the joint assessment on the 2016 election put it: "In trying to influence the U.S. election, we assess the Kremlin sought to advance its longstanding desire to undermine the U.S.-led liberal democratic order."

The pages Facebook identified presented the groundwork for building four fake liberal groups — importantly, including one designing a counter-protest against an alt-right protest.

  • Jonathan Nichols, an expert in psychological operations, told Codebook that a loud, even violent, confrontation between white nationalists and counter-protesters would play into Russia's broader narrative of the United States as a hopelessly fractured mess.

The timing of social media campaigns shows that this isn't an election-by-election operation. Troll tweets spiked in summer of 2017, well above the levels of the 2016 election, per a FiveThirtyEight report.

Threat level: It's easy t0 interpret the new campaigns in terms of elections. The public first became aware of the modern Russian disinformation efforts in the context of broader 2016 election efforts — they manipulate political allegiances, and the messages are often framed in terms of political outcomes, like getting President Trump to resign. And Russian hacking efforts certainly appear to have been intended to help ensure Trump's election.

  • But there's a danger in conflating the actual purpose of the attacks with how it affects us. You'll end up monitoring and protecting the wrong things.

Meanwhile, no one knows what to do: Lawmakers are not moving in the same direction to get anything done — nor do they fully understand exactly how disinformation campaigns work — as Axios's David McCabe and Haley Britzky noted from yesterday's Senate Intelligence Committee hearing on social media.

Lawmakers of both parties agreed that online influence campaigns are an urgent problem. But they are far from reaching consensus of how to tackle it.

2. U.S. indicts three in Carbanak credit card scheme

The Department of Justice announced Wednesday the indictment of members of the notorious Ukrainian cybercrime group Carbanak — Dmytro Fedorov, Fedir Hladyr and Andrii Kopakov. Carbanak, also known as Fin7, is a well-organized, almost businesslike criminal outfit that stole credit card information using custom malware.

What they're saying: "It’s very good progress that we’re starting to see some indictments," said Adam Myers, VP of Intelligence at CrowdStrike.

Why it matters: The U.S. indictment charges the group with attacks on over 100 victims in 47 states. Myers notes that the group, which CrowdStrike tracks back five years, had a substantial international reach as well.

  • Carbanak is one of the most aggressive criminal actors of its kind, using sophisticated social engineering techniques to lure victims — they would go as far as to call victims before sending a phishing email to set up the con.

The details: The group recruited hackers using a front company called "Combi Security," according to the indictment. Combi claimed to have offices in Israel and the Ukraine.

The case is being tried in the Western District of Washington. The Department of Justice credits help from a handful of U.S. and international law enforcement groups as well as private security companies and banks including Visa and Mastercard.

3. Hackers hit Reddit for old posts, recent digest emails

Hackers broke into Reddit in June, the site announced, garnering access decade-old posts and recent email digests.

Are you safe? Probably. The only things that hackers could see were:

  • Data from 2005 until 2007. That includes usernames, encrypted passwords, posts and direct messages. If you've been using Reddit for more than a decade - or just want some piece of mind - it couldn't hurt to change your password.
  • Email digests sent this June. If you turned off email digests, you're safe.

What happened? The best practice in industry is to use two factor authentication: a system where to log in, someone needs both a password and another thing, like a fingerprint scan or a physical key.

  • Reddit employees used text messages as a second factor. The system sent a user trying to log in a text message to verify that it was the person with the phone who was trying to log in.
  • But, text messages aren't perfectly secure. Hackers in this case gained access to the text messages, and leveraged them to log in.
4. An Alaskan city resorts to typewriters after ransomware attack

Photo: Emilija Manevska/Getty Images

Officials in Matanuska-Susitna, Alaska, have conducted business on typewriters since July 24, when BitPaymer ransomware attack took out more than 600 workstations and servers.

Why it matters: Shrewd cybersecurity investment play — invest in typewriters.

5. Amnesty International worker targeted by government spyware

Amnesty International reports that several Saudi Arabian human rights workers — including one of its employees — was targeted with the Pegasus malware.

Why it matters: Pegasus, a product of Israeli's NSO group, is only sold to governments. It's a commercial mobile spyware product that's supposed to be used by law enforcement or espionage agencies. Taking Amnesty's word for what happened, this appears to be a governmental attempt to squelch human rights workers.

The background: The targeted activists recieved a message with an alert about a protest that linked to the malware. The lure message sent over WhatsApp read:

"Can you please cover [the protest] for your brothers detained in Saudi Arabia in front of the Saudi embassy in Washington. My brother is detained in Ramadan and I am on a scholarship here so please do not link me to this."
6. Odds and ends

Codebook will return next week from the Black Hat and DEF CON conferernces in Las Vegas.

Codebook always bets on black.