No country is more central to the world's cybersecurity concerns than China at the moment.
This week's newsletter is 1,167 words, a 4.5-minute read.
Illustration: Aïda Amer/Axios
Forget lone hackers and gangs of digital outlaws: Governments, acting for good and ill, have become the prime movers in the cybersecurity world.
What's happening: Three big stories this week drove home government's central role in a myriad of major breaches, hacks and scams.
1. Equifax: Monday, the Justice Department indicted four members of China's military for executing the 2017 Equifax data breach, which exposed the personal data of nearly 150 million Americans.
2. Huawei: The Wall Street Journal reported Tuesday that U.S. officials say Huawei, the Chinese telecom giant, has been running a decade-long program of installing secret back doors in its equipment that allow it to monitor network traffic on behalf of the Chinese government.
3. The CIA: For nearly 50 years, a Swiss company called Crypto AG that sold encryption systems to governments around the world operated as a CIA front and enabled the U.S. to monitor those governments' secret communications, a remarkable Washington Post investigation revealed Tuesday.
Flashback: Even when governments aren't directly pulling the levers, their power shapes events in cybersecurity.
The bottom line: Modest-size criminal attacks on individuals and businesses can be maddening and destructive, and they come from all directions. But increasingly, we're learning that massive-scale hacks and breaches almost always come with a government's fingerprints somewhere on them.
Greg Miller, author of the Washington Post's story on the CIA's decades-spanning use of Crypto AG to monitor other government's secret communications, says it's likely that there are other companies that are similarly compromised.
Miller talked with Axios' Dan Primack for his Pro Rata podcast.
Primack: "There's all sorts of rumors about what the Russian government's access is to Kaspersky, or Huawei and China. ... Do you believe that there is some other company that we know about that is involved in cybersecurity as a privately held business right now that the U.S. government has a secret piece of?"
Miller: "The short answer is yes. You just used a word here, 'rumors' about Huawei, rumors about Kaspersky. And that was the word we used about Crypto for many years. And the company would say, 'Look those are just rumors, baseless rumors.' And now we know that they weren't just rumors."
Our thought bubble: The Crypto AG revelations cut two ways.
Go deeper: Listen to Miller on the Pro Rata podcast
Illustration: Sarah Grillo/Axios
The Trump campaign, borrowing tactics from dictators and demagogues abroad, is poised to spend $1 billion on "what could be the most extensive disinformation campaign in U.S. history" to sway the 2020 election, McKay Coppins writes in the Atlantic.
Why it matters: Coppins offers the prospect of an election "shaped by coordinated bot attacks, Potemkin local-news sites, micro-targeted fearmongering, and anonymous mass texting."
What they're saying: "Both parties will have these tools at their disposal. But in the hands of a president who lies constantly, who traffics in conspiracy theories, and who readily manipulates the levers of government for his own gain, their potential to wreak havoc is enormous."
Per the Atlantic, here are the key tactics of the coming information inferno, as piloted during the 2016 Trump campaign by its digital director, Brad Parscale, who now leads the overall Trump re-election effort:
The other side: “This story itself is disinformation," Trump campaign communications director Tim Murtaugh told Axios in response to the piece.
Anything that spreads fear and panic can also be used to spread malware. The latest case: files with names that promise to provide information about the coronavirus pandemic but actually are packed with malicious code.
Driving the news: Kaspersky Labs recently reported a big uptick in such files found on computers worldwide, presumably downloaded from the web by users seeking to learn about the infection.
Be careful out there. Don't download and click on .pdf, .mp4 and .docx files about the coronavirus (or, really, anything else!) from sites you don't trust — or at least run the files through a virus scan.
Enjoy your Presidents Day holiday and long weekend — we'll see you next week!