Axios Codebook

A master lock with ones and zeroes instead of the regular numbers.

October 30, 2018

Welcome to Codebook, cybersecurity newsletter and enemy of the people.

Hey! Do you like surveys? Well, boy howdy, do I have something for you. Axios is asking newsletter readers take a brief reader survey. Sincere thanks in advance for participating. Here's the link.

If you've got story ideas, feel free to reply to this email.

1 big thing: Russian efforts to sow discord

President Donald Trump and Russia's President Vladimir sitting next to each other at a press conference

Photo: Brendan Smialowski/AFP/Getty Images

There are two competing ways to look at the Kremlin's social media activities during the 2016 U.S. election campaign: Either the Russian propaganda campaign was aimed to elect Donald Trump or it intended to manipulate both left and right into country-crippling division. A new study suggests both views may be right.

Why it matters: Experts tend to believe that Russia's social media propaganda campaign is a year-in, year-out assault to sow division. That's been tough for more casual observers to square with other Russian efforts in 2016, like hacking the Democratic National Campaign or propaganda on its TV station RT.

To be clear, the amount of Russian social media propaganda actually increased after the election.

  • What's new in the study is an explanation for how that meshed with a secondary goal — foiling Hilary Clinton.

The study, now under review for publication, was conducted by Darren Linvill and Patrick Warren of Clemson University, Brandon Boatwright of University of Tennessee-Knoxville, and Will Grant of Australia National University.

Details: Analyzing a random sampling of propaganda tweets, researchers broke the messages into several categories.

  • The majority (52.6%) were "camouflage" tweets that created the appearance of a normal Twitter account.
  • 19% of tweets shilled for a right-wing worldview, 12.8% for the left, 7% attacked public institutions and 2% attacked the media.

But, but, but: The way the Russian trolls approached supporting the left and right were extremely different.

  • Accounts trolling on behalf of the right discussed candidates 78% of the time. Accounts trolling on behalf of the left only discussed candidates 35% of the time — less than half as often.
  • Right-wing accounts were 15 times more likely to praise Trump than criticize him. Left-wing accounts were only 1.3 times more likely to praise Hillary Clinton than criticize her.
  • The researchers categorized left- and right-wing trolls separately from two other types of Russian accounts — newsfeeds, which appeared to be apolitical news sources, and "hashtag gamers," who mostly told jokes.

That could mean that even as the Russian influence campaign tried to divide Americans from one another, it was also showing a political preference.

  • The Russians were anti-Clinton, as suggested by their release of emails stolen from the Democratic National Committee and Clinton's campaign chairman, John Podesta. "Clearly, they didn't like Clinton," said Linvill.
  • But it could also mean that attacking Clinton better suited their goal of polarization. "The tweets were designed to tear people away from the center, and Clinton was the centrist candidate," said Warren.

Remember, the hacking campaign appears to have been run by the Russian intelligence agency, the GRU. Social media campaigns are run by a different group, the Internet Research Agency. The two could have had different goals.

  • The social media campaign, noted Linvill and Warren, didn't just widen political rifts. "They loved to talk to anti-science groups, too, like anti-vaxers," said Warren, "Once you start distrusting science, you'll distrust the media and the government."
  • "A small fraction of people share fake news," added Linvill, "and they tend to believe in conspiracies."

2. Feds bar exports to Chinese DRAM maker

The U.S. has thrown its latest punch in the Chinese supply chain slugfest that has already black-eyed ZTE and Huawei.

Details: The Department of Commerce announced Monday it would add DRAM maker Jinhua to its Export Administration Regulation list, requiring often-impossible-to-get licensing to ship exports (including intellectual property) to the firm.

What they're saying: "Jinhua is nearing completion of substantial production capacity for dynamic random access memory (DRAM) integrated circuits. The additional production, in light of the likely U.S.-origin technology, threatens the long term economic viability of U.S. suppliers of these essential components of U.S. military systems," reads the department's statement on adding Jinhua to the list.

The big picture: Of course, it's only a national security problem for a Chinese maker to dominate the market for a componant if that supplier itself is a perceived risk to national security. The worry here is that these chips could be sabotaged to allow for easy Chinese spying of U.S. systems.

China regularly denies U.S. claims that it puts backdoors into its products.

3. Researchers release information on the Kraken

A joint report by Recorded Future and McAfee published Tuesday dissects a recently discovered Windows ransomware strain known as "Kraken."

Kraken is relatively new and gaining ground. It's one of a number of "ransomware as a service" products, where affiliates sign up to earn commissions by extorting ransom from other computers, as Bleeping Computer reported earlier this month.

New in the deep dive: The criminals who distributed the malware, who call themselves "ThisWasKraken," do not allow computers in the former Soviet bloc to be infected. Newer samples also bar infections in Syria, Brazil and Iran, leading the researchers to believe that the programmer or programmers have ties to some of those regions.

  • Each affiliate earns 80% of any ransom.
  • Ransoms have ranged between .075–1.25 bitcoin, or at current rates, $500–$7,800.

ThisWasKraken appears to be the sales arm of the operation, with programmers elsewhere.

  • They refer all technical issues to a webmail customer support email address using the secure Protonmail service.

4. Fewer than 1% of cyber crimes result in an arrest

High Angle View Of Handcuffs Against White Background

Photo: Classen Rafael/EyeEm/Getty Images

According to a new report from Third Way, only 3 in every 1,000 cyber crimes reported in the U.S. result in an arrest.

Why it matters: It clearly matters to the 997 people in 1,000 who don't see their attackers caught.

By the numbers: The Third Way report notes that the FBI clears around 46% of its violent crime cases.

5. 5.5% of Amazon cloud is public by accident

According to McAfee statistics released Monday, 5.5% of "AWS buckets," the storage containers in Amazon cloud storage accounts, are left public by accident.

Why it matters: Periodically, researchers will announce discovering data like military intellectual property or voter records left exposed to the public by accident. While finding particularly damaging information is finding a needle in a haystack, that's still a frightening amount of information left open to the public.

6. Odds and ends

We'll be back on Thursday.