May 10, 2018

Axios Codebook


Welcome to Codebook, the cybersecurity newsletter that doesn't understand all the settings on its iron. Tips? Comments? Please reply to this email.

1 big thing: What 3519 Russian Facebook ads tell us

Democrats on the House Intelligence Committee Thursday released a redacted set of all the Facebook ads placed by Russia's Internet Research Agency before and after the 2016 election.

What the ads show: The ads — all 3519 of them — appear to be aimed at polarizing the American public. Often, that means taking both sides of the same issue.

  • The ads aimed to split the Black Lives Matter crowd further from the All Lives Matter crowd, Muslims from bigots, Bernie Sanders supporters from Hillary Clinton supporters, Trump supporters from Hillary Clinton supporters, and so on.
  • Most of the ads were designed to look like grassroots attempts to make viral memes, not slick marketing, and they often aim to inflame both sides of an issue. For instance, the ad urging you to taunt "homophobic bastard[s]" is illustrated with a picture of two men kissing — so it would enrage those who share its perspective and those who don't.

Be smart: We still don't know whether the Facebook campaign actually succeeded in achieving any of Russia's goals.

  • The intelligence community, lawmakers and other experts generally agree that Russia's election antics intended to accomplish some mix of electing Donald Trump, undermining the U.S. system of democracy, and sharpening the discord between red and blue Americans. All of that happened.
  • Most people with intelligence or psychological warfare experience who've spoken to Codebook don't think the social media campaign substantially moved the needle in a significant way toward any of those goals. They do believe leaks of hacked Democratic emails had more of an effect on the election.

Whether or not it was successful, the social media campaign probably represented an adversarial government spending a fortune to break federal laws in order to try to toy with the American public. And that alone is more than a little alarming.

2. Report: White House mulls nixing top cyber post

National security advisor John Bolton. Photo: Mark Wilson/Getty Images

Politico's Eric Geller reports new national security advisor John Bolton wants to eliminate the White House's top cybersecurity post, currently held by Rob Joyce (who resigned just after Bolton took office).

Why it matters: For a White House facing unprecedented cybersecurity threats, The Trump administration sure seems eager to cut back on cybersecurity personnel and devalue expertise on the issue.

  • When former secretary of state Rex Tillerson was restructuring the State Department, he eliminated a cybersecurity post that reported directly to him. The country's top cyber diplomat resigned.
  • lists about a third of agencies as lacking a permanent chief information officer.
  • Tom Bossert, the White House homeland security advisor with a penchant for cybersecurity, also bolted after Bolton.

Morale in natsec low: Geller describes morale at the National Security Council as low as Bolton shifts priorities on cyber and other issues.

What are we even doing here? It's probably no surprise that a cybersecurity newsletter is in the "Hey, maybe this is a thing" camp on this story. Still: This White House took office during a hacking scandal and has been on duty while a single act of cyberwarfare cost global companies more than $1 billion. That makes demoting cybersecurity a move that's hard to fathom.

3. Signal's self-destructing messages linger on Macs

Signal Messenger's self-destructing messages are saved by the Mac operating system's notification feature.

Why it matters: The end-to-end encrypted Signal is as close to a gold standard in secure chat as you will find among privacy-conscious users. But that was in part because the messages weren't stored beyond pre-designated time limits. Now, every old message is fair game for hackers again, provided it was sent to someone using a Mac version of Signal.

The details: The Mac notification system doesn't automatically delete old messages. Signal isn't coded to delete its own notifications, either. So even after it has deleted messages in its application, the system keeps a record of the notification of the message — even for users who have notifications turned off.

  • The bug was initially noted by Alec Muffett, with Digita's Patrick Wardle drilling down to the reasons the messages didn't delete.
4. Court curtails border agents' cellphone searches

A federal appeals court ruled that border agents cannot do automated forensic search of cellphones without reason to assume their owners committed a crime — and possibly, not without a warrant.

Why it matters: Border agents have extremely broad authority to detain and search people coming into the country — so much so that agents have more or less taken free rein to search devices of anybody they choose.

  • In U.S. v. Kolsuz, the Fourth Circuit became one of the first courts to take on the issue of border searches of electronic devices since a landmark 2014 case limited the police's right to search devices without a warrant. A Fifth Circuit case also supported a standard of at least reasonable suspicion.
  • Special counsel Robert Mueller has used this tactic when he wants to search a Russian oligarch's phone at an airport.

The details: Though the court’s ruling limits government authority, the government won the case at hand.

  • Hamza Kolsuz, who was arrested trying to traffic a weapon out of the country through Dulles Airport, is a Turkish national who had been caught trying to transport weapons out of the country twice before.
  • The court ruled that the border agents had enough reason for suspicion to meet the standards of the prior cases, which was enough to rule against Kolsuz.
5. Iran may launch cyber response to Trump's deal exit

If you've missed our coverage so far:

  • President Trump's withdrawal from his predecessor's Iran nuclear deal has led several cybersecurity experts to fear retaliation from the Middle Eastern nation that's recently established itself as a sophisticated cyber threat.
  • Iran's cyberwarfare strategy uses hastily recruited combatants for quick strikes, which may not bode well for the country's ability to control operations in progress.

But, but, but: Though Iran has responded to U.S. actions with cyber attacks in the past, it may have some strategic reasons not to do that this time.

6. Odds and ends

Codebook will return Tuesday. And why wouldn't it?