Welcome to Codebook, the cybersecurity newsletter that sincerely regrets not headlining this article "Newsletter security misses DMARC."
Situational awareness: Intelligence leaders are meeting this morning with the Senate Intel Committee to discuss worldwide threats, including emerging cyber threats in Russia and China.
Acting US Attorney General Matthew Whitaker announces a 13-count indictment of financial fraud charges against Huawei, Jan. 28. Photo: Saul Loeb/AFP/Getty Images
The allegations behind the Department of Justice's two new sets of charges against Chinese tech giant Huawei, announced Monday, had been discussed for years. But the U.S. made its move against Huawei at a critical moment for the Trump administration's high-stakes trade negotiations, as a Chinese delegation arrives in the U.S. for talks that begin tomorrow.
Why it matters: The trade talks are surrounded by a tightening knot of scandals for the world's largest telecommunications equipment provider. Even before yesterday's announcement, a growing number of countries had announced bans on Huawei's 5G wares due to allegations they were sabotaged for use in Chinese espionage.
What they're saying: "There’s no way to separate the charges from the trade issue," said Thomas Duesterberg, Hudson Institute fellow and former assistant secretary for international economic policy at the Commerce Department. "The negotiations are in some ways meant to correct the advantages China got through activities that led to the charges."
An easy inference to make is that the two sets of arrests were intended to influence the trade negotiations with China scheduled for Wednesday and Thursday.
The bottom line: While the administration largely believes a new trade agreement can stop China from skirting trade rules and reverse some of the long-term damage to U.S. interests, the DOJ penalties are more than just a bargaining chip in the trade negotiations.
Sen. Tom Cotton (R-Ark.) said lawmakers should "impose the death penalty on Huawei, which is precisely what it deserves for violating our sanctions."
Sen. Mark Warner (D-Va.) said, "This is also a reminder that we need to take seriously the risks of doing business with companies like Huawei and allowing them access to our markets, and I will continue to strongly urge our ally Canada to reconsider Huawei’s inclusion in any aspect of its 5G infrastructure."
Sens. Angus King (I-Maine) and Jim Risch (R-Idaho) reintroduced the Securing Energy Infrastructure Act earlier this month, a bill designed to increase the amount of analog technology in the energy grid to bolster cybersecurity.
It's hard to hack an analog valve. "My issue is that merely patching the grid's vulnerabilities might not be a total solution to cybersecurity," King told Codebook.
Details: The bill directs the Idaho National Lab to investigate using analog technology to bolster grid security.
King said the idea for the bill came after one of Russia's attacks on Ukraine's power grid, where a power outage was reportedly minimized by using analog controls after utility workers lost control of the digital ones.
Background: The bill almost passed once before. "Had the House stayed in session one more day last year, it would have passed," laments King. The bill had passed the Senate and was slated for a voice vote in the House at the end of the session, but the clock ran out.
Iranians attend a rally in Tehran. Photo: Rouzbeh Fouladi/NurPhoto via Getty Images
A newly detailed espionage group is breaching the telecom and travel industries in a likely attempt to surveil individuals, according to a new report by FireEye.
Why it matters: FireEye believes the group is Iranian and has dubbed it APT39. This would be the first Iranian hacker group to focus on personal information. Others have conducted destructive attacks on industry, along with general espionage or influence campaigns.
APT39 has been active since at least 2014 and primarily targets Middle Eastern victims, though the U.S., Europe and Australia have seen some activity as well.
The bottom line: FireEye has "moderate confidence" the group is Iranian, based on the infrastructure and timing of the attacks, the choice of victims and similarities to another Iranian group, APT34.
On Tuesday, Google and its altruism-focused corporate sibling, Jigsaw, announced it would extend free protections against a costly type of cyberattack to European candidates and campaigns in the 2019 EU Parliament elections.
The big picture: The program, dubbed Project Shield, blocks distributed denial of service (DDoS) attacks — attacks that generate so much traffic to a target server that the server collapses. Those attacks can only be blocked through dedicated internet infrastructure, which many campaigns don't know or can't afford to invest in.
Project Shield already covers global charitable groups and U.S. elections. But Scott Carpenter, Jigsaw’s managing director of international policy, said legal complications make offering a free service to campaigns a complicated endeavor.
Despite the availability of free services like Project Shield, not everyone who can be protected is protected.
"In an ideal world, you would not read any stories where an important electoral institution would go down from DDoS," said Carpenter. "There’s no reason if we offer a free service to go unprotected."
Europol announced Monday it shared data with worldwide law enforcement agencies about the customers of a DDoS-for-hire website law enforcement shuttered in April.
Why it matters: DDoS-as-a-service sites, in this case WebStresser.org, are a low-effort way for bad guys to knock victim websites offline. And they are popular: Europol lists WebStresser as having 151,000 registered users.
We'll be back on Thursday. It can't be stopped.