Welcome to Codebook. As always, send tips, comments and popcorn hacks by replying to this email.
Situational awareness: Tom Bossert, the White House homeland security advisor who frequently took front stage in the administration's public response to cyber attacks, is resigning from the White House. The move comes a day after new national security advisor John Bolton took office.
One big fear about President Trump's tariff fight with China is that Beijing would retaliate by resurrecting its campaign of stealing patents, manufacturing processes and other trade secrets from U.S. companies. The Obama administration mostly shut that down in 2015.
But Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike, says China didn’t wait for the latest controversy to revive its intellectual-property hacking program: It has been ramping up efforts ever since Trump took office.
“We’ve seen China expand its hacking for IP throughout 2017,” Alperovitch said.
The big picture: Until 2015 China’s state-sanctioned U.S. hacking operations regularly stole trade secrets to benefit its businesses.
“It never went entirely away, but the reductions were significant,” said Alperovitch. The current uptick, he added, appears to target tech companies, law firms and medical manufacturers.
The numbers (then): FireEye, a competitor of CrowdStrike, saw a continuous decline in attacks throughout the Obama effort. Before the indictments in 2014, the company saw around 60 attacks a month targeting IP from China. After the indictments, that number dropped to under 40. With the threat of sanctions, it dropped to under 10 a month.
The bottom line: Trump's tariffs are meant, in part, to counter intellectual property theft, but Alperovitch thinks the best response would be targeted sanctions. “What Xi really feared from Obama was sanctioning the companies that benefitted from the theft,” he said. “That’s still an option.”
Health care is the first industry in which insiders caused the majority of annual data breaches since Verizon began tracking those statistics.
In its 11th annual data breach investigation report, Verizon finds that 56 percent of breaches in the healthcare sector are the result of insider threats. That’s never happened in any industry before.
Why it matters: External threats are real, but so are the less talked about internal ones that companies and organizations don't always pursue as doggedly.
Worth considering: When people hear “insider threat,” they tend to think Edward Snowden. But not all insider threats are from discontented or malicious employees. As many as 13% of the healthcare breaches were “driven by fun or curiosity" — motives like looking up information on a celebrity staying on hospital grounds, for example.
China has forced much of its Muslim Uighur population to install software it claims searches for illegal files. A new analysis suggests the program is much more toxic: While it performs government surveillance, it also exposes users' information.
The big picture: Last year, the heavily Uighur residents of Urumqi, the capital of Xinjiang, were told to install the monitoring software or face imprisonment. The Open Technology Fund Monday released a security audit of that app, known as JingWang (CleanInternet), on Monday.
The danger: JingWang operates by uploading phone information — as well as all file names (not just the ones it flags as illegal), and a short numeric descriptor of the file known as a hash — to government servers. But it does so with no encryption, meaning that data can be viewed in transit.
Mark Zuckerberg arives in Washington to meet with lawmakers. Photo by Bill Clark/CQ Roll Call via Getty
A bevy of high profile non profits have wrangled an agreement with Facebook to share user data to investigate the site's impact on elections.
Why it matters: For all the Cambridge Analytica and Russian meddling questions Mark Zuckerberg will be asked on Capitol Hill today, we still know very little about the actual effect social media campaigns — legal and otherwise — have on the election.
The details: The William and Flora Hewlett Foundation, the Alfred P. Sloan Foundation, Charles Koch Foundation, Democracy Fund, the John S. and James L. Knight Foundation, Laura and John Arnold Foundation and Omidyar Network are teaming on the initiative.
The big picture: Facebook and other social media sites have historically been stingy about allowing researchers to access data, leading some to resort to Cambridge Analytica-type techniques to access data that the companies could freely provide. At a time when research is critical to understanding the news — and a time when Cambridge Analytica could have motivated Facebook to restrict rather than expand access to data — this is a victory for the non-profits and academic-minded.
See you Thursday!