Welcome to Codebook. One Democratic candidate said "cybersecurity" once during two nights of debates, so I guess we're cool.
Tips? Comments? Feel free to reply to this email.
We'll be Codebooking from the Black Hat and DEF CON conferences next week.
Illustration: Rebecca Zisser/Axios
Democrats in Iowa and Nevada want to boost participation in their 2020 caucuses by opening them up to telephone voting. Hacking-spooked Democrats have worked to protect the process from interference, but some experts still see notable risks.
Why it matters: Security concerns have long troubled digital voting systems. Many of the same problems with online voting carry over to telephone voting.
The big picture: Caucuses are a complex process that typically require hours of participation on the part of voters. That’s prohibitive for many, especially those in places like Las Vegas, with a tourism-based economy forcing many to work nonstandard hours.
The Democratic Party in each state is taking steps to limit the phone vulnerabilities. Though the process has not been finalized in either case, both states will require in-person signup to receive individualized credentials for the phone caucus.
Threat level: No system is without risk. Even paper ballots can be tampered with. The question is whether the risk is low enough to confidently manage.
The bottom line: Doubt in the caucus process wielded by an angry runner-up could be as dangerous to public confidence as actual vote tampering.
Illustration: Rebecca Zisser/Axios
The DEF CON hacker conference's Voting Village event has become a testing ground for our national debate over voting security, referenced by Senate reports, several congressmen and even a presidential candidate (albeit incorrectly, see below). This year's version, happening next week, comes with some upgrades.
The big picture: Now in its third year, the event is traditionally one of the only places where many security researchers get a chance to audit the security of election systems.
Background: Voting Village burst onto the scene in 2017, when it took hackers only a matter of minutes to discover serious problems with voting machines.
This year, Voting Village has expanded its range of equipment, including election software that researchers have not had a chance to audit and the first test of equipment designed specifically for security and public testing.
What they're adding: While in previous years state election officials bristled at even well-meaning hackers intruding on their turf, this year Voting Village will launch the "Unhack the Ballot" initiative, pairing state officials with researchers who can offer nuts and bolts advice.
For the kids: In last year's DEF CON, Voting Village helped with the conference's program for kids, developing faux election registration websites with errors that were previously seen on real sites for children to learn to hack.
Voting Village is working with kids again, although this year it's trying to be clearer about what the kids are actually doing.
The Equifax settlement was designed to offer the 150 million people affected by the breach a choice between $125 or free credit reporting. It just wasn't designed for the number of people who took them up on the offer.
The bottom line: You aren't getting $125.
Driving the news: Dozens of sites (including us, sorry) published instructions on how to file a claim. But that led to more people than expected filing for claims and more of those people than expected asking for the cash option.
Cisco has settled for $8.6 million in a False Claims Act case over selling video surveillance cameras to government groups while misrepresenting how secure they are.
Details: While much of the lawyering was handled by the government, the case was originally brought by James Glenn, a former employee of a European Cisco distributor.
Glenn will receive 20% of the settlement, with states receiving 70%.
A newly detailed group called Hexane is targeting oil and gas companies in the Middle East and telecommunications companies throughout the Middle East, Central Asia and Africa, according to a report from Dragos.
Why it matters: In the past, most of the hacking groups targeting industrial control systems have specialized in a single industry. Hexane is the second recent example of a group that has a primary industry target and an interest in a second sector.
To be clear: There's a good chance that the second sector, in this case telecom, is being used to better position hackers to enter their primary targets. Hexane, Dragos believes, is likely using access to telecom networks to sneak into the oil and gas firms.
CapitalOne breach (Axios): Data from 100 million credit card applications was stolen from CapitalOne. A suspect has been arrested.
WannaCry savior gets no additional jail time (Twitter): Marcus Hutchins announced via Twitter he won't serve an additional sentence in his widely watched malware sales trial.
Wind River plugs 11 holes in IoT operating system (Armis): Wind River, which makes the popular VxWorks operating system for connected devices, issued a patch for 11 critical security flaws identified by the cybersecurity firm Armis.
Phishing campaigns target financial sector (Akamai): A new Akamai report shows that out of nearly 200,000 phishing web domains launched between December and May, more than half of the unique companies being mimicked were financial firms. Two-thirds of the domains targeted consumers. Of those, half of the total sites were fake financial firms.
Financial malware attacks nearly doubled (Kaspersky): A Kaspersky report shows a 93% rise in financial malware in the first half of 2019 over the same period last year.