Welcome to Codebook, the cybersecurity newsletter that will continue celebrating Halloween until someone stops it.
If you have any story ideas, please reply to this email.
Chinese Flag. Photo: Castaneda Luis/AGF/UIG via Getty Images
This week the United States made 2 big moves against China in response to Beijing's alleged government-orchestrated theft of intellectual property. Experts believe there will be more U.S. measures to come.
Why it matters: This is a sea change in how Washington deals with China. China is thought to have stolen billions of dollars in intellectual property from U.S. firms over more than a decade through hacking and human sources. The U.S. has never gone all-in on retaliation.
What they're saying: "China is surprised. They never thought we would wake up and push back," said James Lewis, who formerly led the Commerce Department's effort to fight Chinese espionage in the tech industry.
The 2 big U.S. moves:
These aren't isolated actions.
The big picture: U.S. experts charge that China has hacked into U.S. companies to steal anything and everything that could build up its tech industry without having to spend money on research and development.
"Preventing more theft has to be an all-in strategy. For the past 15 years, our strategy has been to ask 'pretty please.' It's time to try something else," said Dmitri Alperovitch, co-founder of CrowdStrike, a security firm that companies often bring in to keep China out.
The prognosis: Alperovitch, who has seen the ebbs and flows of Chinese hacking after past attempts to curtail it, does not think that the U.S. moves, even combined with the broader trade war, will be enough to throw Beijing off balance.
The White House isn't out from under ZTE's shadow, even with these actions.
A new report by Freedom House assessing global internet freedom finds that U.S. politicization of the term "fake news" is being co-opted by authoritarian governments to crack down on free speech.
What they're saying: "Generally speaking, [President] Trump has emboldened totalitarian governments," said Adrian Shahbaz, Freedom House research director for technology and democracy and the principal author of the Freedom on the Net report.
Freedom on the Net is primarily a metric-based global ranking of internet freedom, ranging from Iceland and Estonia, the leaders in internet freedom, to China, which ranks last.
Photo: Drew Angerer/Getty Images
Cybersecurity is a growing problem in the United States, both as a domestic and international issue — but it's not one that brings people to the ballot box.
The big picture: Candidates who want to make cybersecurity a priority worry that the public may not adequately appreciate an important problem.
The stakes are high:
Here's how two House candidates with backgrounds in the cybersecurity field, one Democrat and one Republican, are handling the issue.
“How do you think we’re going to be attacked next?” asks Tracy Mitrano, Democratic candidate for New York's 23rd Congressional District.
Mitrano, a former director of information technology policy at in-district Cornell University, says that national cybersecurity is one of the key reasons she’s running in 2016.
Though, it just can’t be a key campaign issue. That's because, by Mitrano’s stats, only 4% of her mostly rural district view cybersecurity as a top issue.
In San Antonio, a hub for the burgeoning cybersecurity industry, Rep. Will Hurd (R-Texas) says that he’s asked once or twice at each town hall about cybersecurity.
Hurd is known for his work in cybersecurity and federal IT issues. He is a rare lawmaker with a cybersecurity background, having been a senior adviser to the security firm FusionX.
The bottom line: Both Hurd and Mitrano believe Congress lacks cybersecurity expertise. Neither think it's an issue someone can run on.
Typosquatting — where troublemakers use similar-looking web addresses to trick victims who are looking for other sites — is being bolstered by new top level domain (TLD) names, according to a new report.
TLD? Top level domains are the things like .com and .net that come at the end of website names. Recent introductions to the TLD pantheon include ".democrat," ".gop" and ".republican."
Details: According to the firm Anomali, despite more than 7,000 registered .democrat, .gop and .republican sites, "very few candidates have actually registered domains on the appropriate party TLD."
Codebook will return on Tuesday.