Welcome to Codebook, the cybersecurity newsletter with a crippling fear of accidentally eating the freshness packets in bags of beef jerky.
Today's newsletter is 1,944 words, a 7-minute read.
Illustration: Sarah Grillo/Axios
In what could become a landmark case limiting how government surveillance contractors can operate, Facebook is suing Israeli firm NSO Group for allegedly hacking WhatsApp in order to monitor users on behalf of foreign governments.
Why it matters: Firms like NSO sell software ostensibly intended to surveil potential criminals and terrorists. In practice, their tools have been used to commit human rights abuses.
The big picture: Western governments and human rights advocates have raised their voices about those abuses, but so far they have been unable to stop them. The WhatsApp suit represents a different and potentially stronger kind of threat to the surveillance industry.
Details: In the lawsuit, Facebook claims that NSO used WhatsApp to send malware to 1,400 targeted cellphones and mobile devices. A blog post from WhatsApp says that at least 100 of those were civil society targets.
Context: NSO is a major player in commercial spyware, but by no means alone.
The catch: Spyware contractors operate with the express permission of governments and are based abroad, blurring the issue of U.S. judicial oversight, even as it relates to the use of private networks.
What they're saying: NSO fiercely denies the charges in the Facebook suit, saying in a statement that it "considers any other use of our products than to prevent serious crime and terrorism a misuse, which is contractually prohibited. ... This technology is rooted in the protection of human rights — including the right to life, security and bodily integrity."
In the first paragraph of Facebook's filings and the second paragraph of the NSO response to the press, both companies mention WhatsApp's use of end-to-end encryption. That encryption makes it difficult for intelligence agencies and law enforcement to intercept messages without a password.
The big picture: This issue doesn't matter to the underlying question in the lawsuit — no matter how the messaging network works, someone is using it to install malware to monitor a target's phone.
One reason encryption might have come up: The Department of Justice is currently pushing for tech industries to limit their use of end-to-end encryption.
Photo: Thomas Körbel/picture alliance via Getty Images
October was a big month for reports of Russian cyber campaigns from government intelligence agencies, private firms and researchers.
Why it matters: Of the four major cyber powers lined up against the United States (Iran, North Korea, China and Russia), Russia is the most technically advanced, and every documented Russian effort reminds Americans of that nation's outsized role in interference in the 2016 presidential election — and possibly that of 2020.
Driving the news:
The big picture: As with all nations involved in espionage, Russia's efforts pursue all sorts of interests, and none of this is new for Russian hackers.
A hacker group linked to Chinese espionage is illicitly installing software at telecommunications companies to steal text messages from specific users and regarding specific topics, according to cybersecurity firm FireEye.
The big picture: While Chinese espionage is often linked to intellectual property theft, the targets in this case appear to be linked more to traditional espionage, including senior political and military figures and topics that could be of interest to Chinese policymakers.
The backdrop: The hacking group identified in this campaign, known as APT 41, is believed to have been active for nearly a decade.
What's happening: FireEye has discovered "multiple" telecoms infected with the newly discovered malware, which has been dubbed Messagetap, Steven Stone, the firm's director of advanced practices, told Axios.
Details: Messagetap installs onto telecommunication company-specific hardware.
A high-ranking Ukrainian military official says that sanctions on Russia have thwarted Russia's longstanding efforts to jam Ukraine's unmanned autonomous vehicles in eastern Ukraine, according to Oriana Pawlyk of Military.com.
Why it matters: Ukraine has lost almost 100 drones (by its count) used for reconnaissance on Russian-backed separatists because of Russian GPS jamming equipment.
But, but, but: Sanctions have limited the ability of Russia to repair and replace faulty equipment, according to Ukrainian Col. Ivan Pavlenko, deputy chief of Combat Support Units of the Joint Forces Headquarters, who spoke at the Association of Old Crows annual meeting this week in Washington D.C.
"Sanctions [are] like a virus," he told Pawlyk after his speech.
In stark contrast to Facebook's pledge not to censor political ads, Twitter announced Wednesday it would not accept political ads.
The big picture: There is often an association made between political ads and Russian information campaigns, even though the Russian campaigns in 2016 and since then largely didn't use ads. Still, promoted tweets are a potential way for information operations to expand their reach, or for politicians to lie about opponents.
Civil liberties advocates like Privacy International praised the move, noting that while Twitter had special labeling for political ads in the U.S. and a handful of other countries, it didn't in more than 80% of nations worldwide.
There are a few hiccups ahead: Twitter's Vijaya Gadde clarified the policy to say the company's definition for political ads would include "1/ Ads that refer to an election or a candidate, or 2/ Ads that advocate for or against legislative issues of national importance (such as: climate change, healthcare, immigration, national security, taxes)."
President Trump's campaign manager, Brad Parscale, tweeted that the move to ban all political ads from all political parties worldwide was "yet another attempt by the left to silence Trump and conservatives."
Companies widen the workforce pipeline (Aspen Institute): The Aspen Institute announced Wednesday that 14 large companies and one industry consortium agreed to new recruiting standards to expand cybersecurity job applicant pools.
North Korean malware was found at an Indian power plant (NPCIL, via ZDNet): The Nuclear Power Corporation of India Limited confirmed Wednesday that North Korean malware was found on a business computer system at an Indian power plant. ZDNet uploaded the press release from the NPCIL here.
Georgia hit by massive cyberattack (BBC): A Monday cyberattack in Georgia (the nation, not the state) knocked 15,000 web pages offline.
We'll be back next week.
Codebook fan pick the Cleveland Browns continued to struggle with play-calling, game-planning and football discipline in a loss to New England. They remain a team with on-field talent two or three letter grades better than their coaching.