Feb 13, 2020

Axios Codebook

No country is more central to the world's cybersecurity concerns than China at the moment.

  • Get the latest intel on Beijing's influence and intentions from Axios' China expert Bethany Allen-Ebrahimian in our weekly China newsletter, which you can subscribe to here.

This week's newsletter is 1,167 words, a 4.5-minute read.

1 big thing: Cybersecurity is a government game

Illustration: Aïda Amer/Axios

Forget lone hackers and gangs of digital outlaws: Governments, acting for good and ill, have become the prime movers in the cybersecurity world.

What's happening: Three big stories this week drove home government's central role in a myriad of major breaches, hacks and scams.

1. Equifax: Monday, the Justice Department indicted four members of China's military for executing the 2017 Equifax data breach, which exposed the personal data of nearly 150 million Americans.

  • Equifax had already agreed to a settlement with state and federal authorities for hundreds of millions of dollars, one that focused on efforts to recompense consumers harmed by the breach and to provide incentives to businesses to batten down their hatches against similar future attacks.
  • By attributing the breach to China and bringing the receipts, the U.S. made clear that what had seemed to be a business story was in fact more about China's hunger for data on U.S. citizens — and the ability of its state-employed actors to execute one of the largest data heists in history.

2. Huawei: The Wall Street Journal reported Tuesday that U.S. officials say Huawei, the Chinese telecom giant, has been running a decade-long program of installing secret back doors in its equipment that allow it to monitor network traffic on behalf of the Chinese government.

  • The charges, which Huawei vehemently denies, repeat long-standing U.S. claims against the company, and many experts are critical of Huawei's close ties to the Chinese authorities. But the U.S. has never publicly provided evidence to back the charge.

3. The CIA: For nearly 50 years, a Swiss company called Crypto AG that sold encryption systems to governments around the world operated as a CIA front and enabled the U.S. to monitor those governments' secret communications, a remarkable Washington Post investigation revealed Tuesday.

  • The audacity, scope and span of the operation (from 1970 to 2018) make it "one of the most momentous and simply mind-boggling revelations in intelligence history," as Thomas Rid, professor of strategic studies at Johns Hopkins, said on Twitter.

Flashback: Even when governments aren't directly pulling the levers, their power shapes events in cybersecurity.

  • When a group that called itself the Shadow Brokers stole and shared a trove of NSA hacking tools in 2017, third parties grabbed the NSA code and transformed it into what became known as the WannaCry and NotPetya worms, which caused enormous damage to businesses worldwide.

The bottom line: Modest-size criminal attacks on individuals and businesses can be maddening and destructive, and they come from all directions. But increasingly, we're learning that massive-scale hacks and breaches almost always come with a government's fingerprints somewhere on them.

2. What the CIA's Crypto saga means today

Greg Miller, author of the Washington Post's story on the CIA's decades-spanning use of Crypto AG to monitor other government's secret communications, says it's likely that there are other companies that are similarly compromised.

Miller talked with Axios' Dan Primack for his Pro Rata podcast.

Primack: "There's all sorts of rumors about what the Russian government's access is to Kaspersky, or Huawei and China. ... Do you believe that there is some other company that we know about that is involved in cybersecurity as a privately held business right now that the U.S. government has a secret piece of?"

Miller: "The short answer is yes. You just used a word here, 'rumors' about Huawei, rumors about Kaspersky. And that was the word we used about Crypto for many years. And the company would say, 'Look those are just rumors, baseless rumors.' And now we know that they weren't just rumors."

  • "I think that it's inevitable that we'll look back on this moment at some point in the future and be confronted with evidence that companies or devices that we assumed were secure were not, they were penetrated and compromised by someone."

Our thought bubble: The Crypto AG revelations cut two ways.

  • They make the U.S. government look hypocritical for expressing outrage at alleged back doors operated by other governments through companies in their countries.
  • That said, they could also give more weight to suspicions that those governments and companies are doing what the U.S. claims.

Go deeper: Listen to Miller on the Pro Rata podcast

3. What we're reading: Trump's disinfo blitzkrieg

Illustration: Sarah Grillo/Axios

The Trump campaign, borrowing tactics from dictators and demagogues abroad, is poised to spend $1 billion on "what could be the most extensive disinformation campaign in U.S. history" to sway the 2020 election, McKay Coppins writes in the Atlantic.

Why it matters: Coppins offers the prospect of an election "shaped by coordinated bot attacks, Potemkin local-news sites, micro-targeted fearmongering, and anonymous mass texting."

What they're saying: "Both parties will have these tools at their disposal. But in the hands of a president who lies constantly, who traffics in conspiracy theories, and who readily manipulates the levers of government for his own gain, their potential to wreak havoc is enormous."

Per the Atlantic, here are the key tactics of the coming information inferno, as piloted during the 2016 Trump campaign by its digital director, Brad Parscale, who now leads the overall Trump re-election effort:

  • Tell brazen lies.
  • Undermine trust in the press.
  • Amass detailed data on supporters.
  • Flood Facebook with ads micro-targeted to them.
  • Use those ads to drive turnout and fundraising.
  • Use bots on Twitter to "simulate false consensus, derail sincere debate, and hound people out of the public square."
  • Inoculate supporters against facts.
  • Instill confusion and doubt in opponents.

Key takeaways:

  • In 2016, the political class viewed disinformation as an external threat, but now it's become a domestic problem.
  • Other countries, like Indonesia, have found some success in combatting agents of disinformation — but in the U.S., First Amendment protections will shield them.
  • Democrats will have to decide whether to denounce the GOP tactics or embrace them.

The other side: “This story itself is disinformation," Trump campaign communications director Tim Murtaugh told Axios in response to the piece.

4. Coronavirus fears become vector for software viruses

Anything that spreads fear and panic can also be used to spread malware. The latest case: files with names that promise to provide information about the coronavirus pandemic but actually are packed with malicious code.

Driving the news: Kaspersky Labs recently reported a big uptick in such files found on computers worldwide, presumably downloaded from the web by users seeking to learn about the infection.

  • "As this sort of activity often happens with popular media topics, we expect that this tendency may grow," Anton Ivanov, Kaspersky malware analyst, said in an email statement.

Be careful out there. Don't download and click on .pdf, .mp4 and .docx files about the coronavirus (or, really, anything else!) from sites you don't trust — or at least run the files through a virus scan.

5. Odds and ends

Enjoy your Presidents Day holiday and long weekend — we'll see you next week!