Aug 21, 2018

Axios Codebook

Joe Uchill

Welcome to Codebook, the best cybersecurity newsletter in a three block radius.

Situational Awareness: The Treasury Department announced new cybersecurity-related sanctions against two Russian individuals, a Russian firm and a Slovakian firm, Reuters reports.

Tips? Reply to this email.

1 big thing: Russia denies targeting conservative groups

Microsoft's Russian headquarters, as seen at night. Photo: Mikhail Tereshchenko/TASS via Getty Images

Microsoft last week seized six potential phishing domains associated with the Kremlin-backed hackers Fancy Bear, who tampered with the 2016 election and likely intended to target two conservative groups and the U.S. Senate. It appears Microsoft shut down the domains before they were ever actively used. Microsoft announced the move in a blog post early Tuesday morning.

Moscow denied Microsoft's allegations through the Russian Interfax news agency.

Why it matters: Spies have infiltrated legislative bodies and political groups from time immemorial, usually for boring reasons, like getting an edge in trade negotiations. But Russia's mass public dumping of stolen documents in 2016 broke the norms of espionage. Whatever the motivation for Russian attempts to hack influential political figures' emails in 2018, the current climate will lead people to assume the worst.

Microsoft targeted six domains Fancy Bear registered to use in phishing attacks:

  •, meant to look like International Republican Institute, a pro-democracy group with multiple sitting and former Republican officials on its board
  •, which was meant to look like the conservative Hudson Institute think tank's Sharepoint document storage system
  • Three domains targeting the Senate, including its email servers, and one targeting users of Office 365

This undercuts a narrative: Prior to the 2016 elections, Russia hacked both Democrats and Republicans, yet only released files that harmed Democrats. Microsoft's moves suggest that Russia continues to hack both sides of the aisle.

Be smart: "Russians are hacking the GOP" doesn't necessarily equal "Russians are hacking Trump." Both Hudson and IRI are well known conservative groups. Neither is closely identified with Trump administration policies.

Microsoft has waged a years-long battle with Fancy Bear over phishing sites that appear to be legitimate Microsoft sites. The company uses civil courts to take control of the look-alike website names the Russians have registered.

  • At the Aspen Security Forum in July, Microsoft announced it had dismantled a similar site targeting a senatorial candidate — later discovered to be Sen. Claire McCaskill (D-Missouri).

Microsoft made this announcement as it launches a new security program for campaigns, NGOs and other groups involved in elections.

Go deeper with the full story.

2. Fake news getting savvier

Illustration: Rebecca Zisser/Axios

Industrial-scale creators of fake news are becoming increasingly savvy in their efforts to avoid new web platform rules, defensive AI and readers on guard for propaganda, Axios' Sara Fischer reports in this story from her Media Trends newsletter.

Why it matters: The tactics used by bad actors during the last election cycle have been modified to avoid more sophisticated detection and to take advantage of new technologies, making some of them harder to identify and stop in real time.

Between the lines: Bad actors are looking to mimic more normal communications, instead of spewing sharp commentary that could get them flagged for spreading hate or violence.

  • "The days of Twitter rage are gone," says Padraic Ryan, senior journalist, at Storyful, a social media intelligence company. "Language and behaviors are becoming a lot more sophisticated and human-like to avoid detection."


  • Fake accounts and botnets remain widely used to spread false news and information.
  • But now that platforms are prioritizing the removal of millions of fake accounts, bad actors are looking to hijack real accounts to avoid detection.
  • Much of the nefarious activity today focuses on avoiding looking like a bot or fake account. The basic premise behind this tactic is to operate more like an influence operation as opposed to an automated operation, says Renée DiResta, director of research at New Knowledge and policy lead at Data for Democracy.

Malware attacks on everyday social media users are increasing as bad actors look to hijack real identities to avoid detection.

More sophisticated bot tools: New tools are being created to manipulate information at the blog or comment level on everyday websites, says Mike Marriott, researcher at Digital Shadows, a digital security firm.

Read Sara's full story.

3. Breach fatigue setting in, says Commerce survey

U.S. Census data, released by the Commerce Department's policy arm, finds that Americans are less concerned about privacy and security issues than they were two years earlier, Axios' Kim Hart reports.

The numbers: Between July 2015 and November 2017, the number of households reporting privacy and security concerns about their data decreased from 84% to 73%.

The lingo: Security folks might say that's because of "breach fatigue" — people being so overwhelmed by reports of breaches on the evening news that they've more or less given up on the idea of privacy or security.

But, but, but: The shift could also reflect a trend of late adopters finally joining social media networks and becoming more familiar with online shopping. In other words, some reduced concern may be the result of demystification rather than apathy.

Read Kim's full story.

4. Booz Allen scores $1 billion DHS contract

The Department of Homeland Security awarded Booz Allen Hamilton a $1.03 billion contract to improve federal CDM services at six federal agencies.

What it is: Continuous diagnostics and mitigation (CDM) sets up sensors across federal networks to detect security shortcomings and helps administrators rank and track the flaws they fix.

Read the full story from Axios' Shannon Vavra.

5. Odds and ends
Joe Uchill

Codebook will return on Thursday, before taking a week off.