Welcome to Codebook, the only cybersecurity newsletter with a 5-star Uber rating.
Situational awareness: Facebook just took down a network of inauthentic pages run by an Israeli firm.
Illustration: Aïda Amer/Axios
Cybersecurity outfits are itching to offer political campaigns free or cut-rate products to protect them from being hacked. But the campaigns, spooked by legal and technical concerns, keep turning them down.
Why it matters: Here's an abridged list of campaign-related hacking targets during the last two presidencies: The Obama, McCain and Lindsey Graham campaigns; John Podesta's and Sara Palin's private emails; the Democratic and Republican National Committees; and the Democratic Congressional Campaign Committee. Cybersecurity for campaign operations might be a good idea.
The big picture: Security companies of all sizes have mulled offering free or discounted cybersecurity products to campaigns for a mix of altruistic and marketing reasons.
But offering the same services to campaigns gets complicated, because of campaign finance regulations and lack of expertise.
Driving the news: The FEC is currently determining whether to offer an exemption to Defending Digital Campaigns, a nonprofit started by campaign advisers to Mitt Romney and Hillary Clinton that aims to offer a host of discounted or free cybersecurity services.
What happens next: If the FEC decides to grant the exemption for the nonprofit, that opens the doors for other firms to make similar offerings, said Daniel Weiner, senior counsel of the democracy program at NYU's Brennan Center for Justice.
The expertise shortage is as much an issue as the campaign finance rules. Microsoft obtained an exemption similar to the one Defending Digital Campaigns is seeking and offered discounted security tools to 2018 campaigns — but it still struggled to get campaigns to accept the tools.
But expertise might affect adoption of other technologies differently. Even though there are already a ton of free and low-cost tools for government election officials, officials have complained they have no way to separate useful tools from snake oil. Political campaigns aren't likely to have any easier a time.
There were two big news stories for Huawei yesterday.
Between the lines: Don't ignore the second one. It's under the radar, but devastating.
Details: The executive order declared a national emergency in threats to the U.S. telecommunications sector, and it gives the Department of Commerce 150 days to name a list of companies whose products are national security threats.
But restrictions on Huawei exports to the U.S. are also likely to bite the company hard.
Why did Trump spare ZTE and not Huawei? On its surface, the behind-closed-doors arguments to shut down ZTE was that it violated sanctions, whereas Huawei is accused of violating sanctions, stealing intellectual property and being a tool for Chinese espionage.
The difference may be dependent on trade negotiations.
The Department of Justice announced Thursday morning it had indicted 10 people involved in a transnational banking malware scheme as part of an international effort to break up the crime ring.
The big picture: The group allegedly used the GozNym banking malware to steal credentials to online banking accounts that they then attempted to rob for more than $100 million.
Details: The alleged criminals hail from Russia, Georgia, Ukraine, Moldova and Bulgaria.
It's been an uncommonly busy week for high-profile companies patching critical security vulnerabilities.
Cisco shipped a patch for an extremely dangerous bug in hardware designed to verify the integrity of the firmware in a wide assortment of its products. The vulnerability, named 😾😾😾 (pronounced "Thangrycat") was discovered by the security firm Red Balloon.
Microsoft patched a severe vulnerability in Windows operating systems that could create self-propagating malware à la WannaCry. The vulnerability was so worrisome that Microsoft issued patches for Windows 2003 and Windows XP, which it no longer supports.
Intel released a patch for yet another bug in the same vein as Meltdown and Spectre. This one, discovered by a team of academics, is known as ZombieLoad.
Google doesn't have a patch for a vulnerability in its Bluetooth security fobs used for two-factor identification. Instead, if you own one, Google will replace it. USB fobs are not affected.
Kaspersky Lab's new report on the North Korea-linked group ScarCruft contains an interesting tidbit on the group's latest attacks: It has added Bluetooth to its bag of tricks.
Details: Kaspersky identified malware that retrieves information on nearby Bluetooth devices.
We know what you're saying: "All that news is great, but what is Sen. Ron Wyden (D-Ore.) up to?"
Introducing voting legislation: Wyden and a bevy of other Senate Democrats introduced the Protecting American Votes and Elections Act, an expanded version of an earlier Wyden bill. It would require paper ballots and risk-limiting audits of votes, and it would ban any form of internet connectivity from voting machines.
Nudging the FCC: The FCC is set to auction off portions of the radio spectrum that NASA, NOAA and the American Meteorological Society believe will interfere with our ability to monitor and predict the weather. Wyden and Sen. Maria Cantwell (D-Wash.) co-signed a letter sent Monday asking FCC chair Ajit Pai to consider the implications of the auction.
Illustration: Sarah Grillo/Axios
Codebook will return on Thursday.