Apr 10, 2018

Axios Codebook

Joe Uchill

Welcome to Codebook. As always, send tips, comments and popcorn hacks by replying to this email.

Situational awareness: Tom Bossert, the White House homeland security advisor who frequently took front stage in the administration's public response to cyber attacks, is resigning from the White House. The move comes a day after new national security advisor John Bolton took office.

1. China broke hacking pact before new tariff tiff
Expand chart
Illustration: Lazaro Gamio/Axios

One big fear about President Trump's tariff fight with China is that Beijing would retaliate by resurrecting its campaign of stealing patents, manufacturing processes and other trade secrets from U.S. companies. The Obama administration mostly shut that down in 2015.

But Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike, says China didn’t wait for the latest controversy to revive its intellectual-property hacking program: It has been ramping up efforts ever since Trump took office.

“We’ve seen China expand its hacking for IP throughout 2017,” Alperovitch said.

The big picture: Until 2015 China’s state-sanctioned U.S. hacking operations regularly stole trade secrets to benefit its businesses.

  • At that time, tech IP theft cost the U.S. economy $300 billion annually — with China responsible for 80%, according to testimony from Michelle Van Cleave of the U.S.-China Economic and Security Review Commission.
  • The Obama administration countered the threat by indicting the Chinese military hackers leading the charge in 2014 and threatening sanctions in 2015. Finally, in September 2015, China formally agreed to stop hacking the U.S. for economic espionage.

“It never went entirely away, but the reductions were significant,” said Alperovitch. The current uptick, he added, appears to target tech companies, law firms and medical manufacturers.

The numbers (then): FireEye, a competitor of CrowdStrike, saw a continuous decline in attacks throughout the Obama effort. Before the indictments in 2014, the company saw around 60 attacks a month targeting IP from China. After the indictments, that number dropped to under 40. With the threat of sanctions, it dropped to under 10 a month.

  • But, said Alperovitch, Obama may have benefited from a reorganization in China underway at the time. China was physically relocating its hackers to centralize them, and also cracking down on government corruption — which may have given officials additional incentives to promote the hacking.

The bottom line: Trump's tariffs are meant, in part, to counter intellectual property theft, but Alperovitch thinks the best response would be targeted sanctions. “What Xi really feared from Obama was sanctioning the companies that benefitted from the theft,” he said. “That’s still an option.”

2. The call is coming from inside the hospital

Health care is the first industry in which insiders caused the majority of annual data breaches since Verizon began tracking those statistics.

In its 11th annual data breach investigation report, Verizon finds that 56 percent of breaches in the healthcare sector are the result of insider threats. That’s never happened in any industry before.

Why it matters: External threats are real, but so are the less talked about internal ones that companies and organizations don't always pursue as doggedly.

Worth considering: When people hear “insider threat,” they tend to think Edward Snowden. But not all insider threats are from discontented or malicious employees. As many as 13% of the healthcare breaches were “driven by fun or curiosity" — motives like looking up information on a celebrity staying on hospital grounds, for example.

3. China broadcasts every file on Muslims' phones with unsecured app

China has forced much of its Muslim Uighur population to install software it claims searches for illegal files. A new analysis suggests the program is much more toxic: While it performs government surveillance, it also exposes users' information.

The big picture: Last year, the heavily Uighur residents of Urumqi, the capital of Xinjiang, were told to install the monitoring software or face imprisonment. The Open Technology Fund Monday released a security audit of that app, known as JingWang (CleanInternet), on Monday.

The danger: JingWang operates by uploading phone information — as well as all file names (not just the ones it flags as illegal), and a short numeric descriptor of the file known as a hash — to government servers. But it does so with no encryption, meaning that data can be viewed in transit.

4. Facebook to share user data for elections research

Mark Zuckerberg arives in Washington to meet with lawmakers. Photo by Bill Clark/CQ Roll Call via Getty

A bevy of high profile non profits have wrangled an agreement with Facebook to share user data to investigate the site's impact on elections.

Why it matters: For all the Cambridge Analytica and Russian meddling questions Mark Zuckerberg will be asked on Capitol Hill today, we still know very little about the actual effect social media campaigns — legal and otherwise — have on the election.

The details: The William and Flora Hewlett Foundation, the Alfred P. Sloan Foundation, Charles Koch Foundation, Democracy Fund, the John S. and James L. Knight Foundation, Laura and John Arnold Foundation and Omidyar Network are teaming on the initiative.

  • The foundations will vet researchers to get an exclusive, metered view of Facebook data in a way the foundations' official press release promises "has met the company’s new, heightened security around user privacy."

The big picture: Facebook and other social media sites have historically been stingy about allowing researchers to access data, leading some to resort to Cambridge Analytica-type techniques to access data that the companies could freely provide. At a time when research is critical to understanding the news — and a time when Cambridge Analytica could have motivated Facebook to restrict rather than expand access to data — this is a victory for the non-profits and academic-minded.

5. Popcorn instructions for the Facebook hearing

Start your bag of microwave popcorn at 2:10 pm Eastern time. Popcorn may only take a minute or two to heat, but you'll want at least double that to allow it to cool before beginning to eat. Watch it here. (Tomorrow's hearing is at 10 am. Watch that one here.)

6. Odds and ends
  • The last Defense Authorization required the Trump administration to develop a cybersecurity doctrine explaining what types off attacks would elicit what American responses. We still don't have one. Axios's Shannon Vavra investigates. (Axios)
  • Princeton researchers think they can add more security to the internet switchboard known as DNS by making it a little more oblivious. (The Register)
  • Mexico, too, will look at Cambridge Analytica. (Reuters)
  • Some Best Buy clients may have been ensnared in the 24[7].ai breach that also involved Delta and Sears customers. (Best Buy)
Joe Uchill

See you Thursday!