Welcome to Codebook, coming to you from the Aspen Security Forum. We're the first cybersecurity newsletter with altitude sickness.
Tips? Feel free to reply to this email.
FBI director Christopher Wray. Photo: Mandel Ngan/AFP/Getty Images
Wednesday afternoon, the White House said it was considering a Russian offer for U.S. investigators to observe Russian officers question other Russians recently indicted for hacking several Democratic groups. Americans could sit in on those interrogations in exchange for letting Russia interrogate Americans, including former U.S. ambassador Michael McFaul.
Wednesday evening, here at the Aspen Security Forum, this idea was raised in an interview with FBI director Christopher Wray — and a wave of laughter rolled through the audience.
Why it matters: The roster of speakers at the Aspen Security Forum includes appearances by director of national intelligence Dan Coats, secretary of homeland security Kristjen Nielsen and deputy attorney general Rod Rosenstein. The room is full of government insiders, industry execs, independent experts, and specialist journalists.
This is the audience laughing at the idea of the Trump-Putin interrogation quid pro quo — and yet it is an idea that the president appears to be seriously entertaining, or at least not forthrightly rejecting.
McFaul's name didn't come up in the Wray interview, but allowing foreign agents to interrogate a U.S. ambassador would break key norms that protect diplomats. A Daily Beast headline put it: "U.S. Officials ‘at a F---ing Loss’ Over Latest Russia Sell Out."
What they're saying: In Aspen, Wray referred all questions on the Mueller probe, which brought the indictments against the Russians, to Mueller himself. But asked in the abstract whether he'd allow Russia to interrogate suspects in the FBI's place, he answered: "I don't want to say never about anything, but it's certainly not high on our list of investigatory techniques."
Would he allow Russians to interrogate Americans? "That's probably even lower on our list," Wray answered.
The FBI director's appearance contained several other interesting tidbits.
Michal Fludra/NurPhoto via Getty Images
According to a Shape Security report, depending on a variety of factors, between 80% and 90% of web traffic to online retailers comes from automated programs trying to breach accounts.
Huh? The criminals that go into your Amazon account and buy stuff are typically not the guys who stole your password. They're at the end of a long chain of bad guys.
We knew this is how the system worked. What we didn't know was how much of the commercial internet was taken up by this kind of traffic. Shape estimates that nearly all traffic to retail sites , 60% to airline sales sites, 40% to hotels and 40% to commercial banking come from credential stuffing.
The New York Times reports that when intelligence chiefs briefed then-president-elect Donald Trump about the Russia investigation in January, 2017, they showed him texts and emails from Russian operatives confirming the attack as well as reports from Putin confidants.
Why it matters: Trump has never fully embraced the intelligence community's assessment that Russia was behind hacks at the Democratic National Committee and other targets. As recently as Tuesday, he claimed other countries may have been responsible for the attack, while walking back similar comments from Monday.
We don't know what Trump believes in his heart. But the Times article shows just how much mental gymnastics it would take these past 19 months to legitimately believe there are still questions about Russian involvement.
Cloudflare tells Axios that most of the election-related attacks it has monitored appear to be non-partisan.
"The vast majority of the volume of those attacks target the infrastructure of democracy rather than supporting a candidate," said Matthew Prince, the firm's co-founder and CEO.
Why it matters: Cloudflare is involved in the election space in two ways. The company specializes in protection services for distributed denial of service (DD0S) attacks — low-tech attacks that flood servers with so much traffic they crash.
Prince said the state elections take the brunt of the damage. He wouldn't speculate on relative percentages.
Athenian is now in contact with officials in 72 different districts, in 27 states, including state officials in 19 states, according to statistics it released Thursday, alongside new informational products to promote campaign security.
According to a new BuzzFeed News report, the Macedonian site that pioneered the fake-news model, monetizing tricking conservatives with spurious clickbait articles, was actually intended as a quasi-legitimate news source for the conspiracy-bound wing of the Republican party.
Why it matters: While the media and Congress often focus on Russian misinformation campaigns, much of 2016's fake news ecosystem came from apolitical Macedonians wanting to do little more than feast off the ad revenue from clicks. What this article suggests is that whole Macedonian industry rose from something more politically motivated — and tied to Americans.
Codebook will return Tuesday, from sea level.