Welcome to Codebook, the bad-boy cybersecurity newsletter your mom warned you about.
Illustration: Sarah Grillo/Axios
Before the 2016 election, Western nations' worst cyberattack nightmare involved sabotage of the electric grid. Meanwhile, the top digital fear among Russians was propaganda campaigns, according to Lincoln Pigman, an Oxford postgraduate researcher who studies the history of Moscow's political posture on cybersecurity.
Why it matters: The idea for the online information campaign that rolled out against the United States in 2016 wasn't a stroke of genius out of nowhere. In many ways, it was Russia's worst fears manifested into a weapon.
The big picture: "If you ask the Russian political elite, they will tell you they came under threat by Western propaganda. Whatever follows — fake news and influence operations abroad — that's all a response," said Pigman.
Russia's propaganda paranoia was based on fears of regime change that blossomed during the Arab Spring nearly a decade ago, Pigman added. "That experience unified the Russian political elite," he said. "They thought it was all a part of a U.S. effort to remove unfavorable regimes."
The bottom line: Russia was wrong that the United States rigged the Olympics scandal to discredit Russia. But it's hard to argue it was wrong about the importance of propaganda. To date, Russia has run several successful information campaigns against the U.S. psyche. No one has ever succeeded at taking down a North American electric grid.
But, but, but: The FaceTime glitch isn't a great example of a privacy problem covered by their bill or of something that could be reasonably regulated.
The big picture: It's impossible to force companies to produce perfect code. No amount of auditing catches all errors. The best you can do is force companies to properly handle security concerns as they arise.
The Klobuchar/Kennedy bill largely deals with that kind of privacy and requires notifying users whose personal data was improperly accessed. But that's not what's going on with the FaceTime bug.
Reuters' Wednesday report about Project Raven, a hacking operation in the UAE, is a critically important read. It details how ex-NSA employees became entangled in a project that targeted journalists, Americans and Arab Spring activists.
Why it matters: The report touches on several key issues, including how nations that can't afford homegrown cybersecurity talent build up cyber programs and how an ostensible ally is targeting U.S. citizens.
Credit where credit is due: Christopher Bing and Joel Schectman, who wrote the Reuters piece, substantially advanced the story. But it's also worth checking out Jenna McLaughlin's foundational work on the UAE espionage regime, published in The Intercept and cited in the Reuters story.
Photo: Westend61/Getting Images
On Tuesday, TechCrunch reported that Facebook paid iPhone users — including teenagers — $20 a month to be able to see everything they did on their phones.
The intrigue: To see everything on the users' phones, Facebook circumvented Apple's security controls. In fact, the new research app bore some resemblance to an earlier research app that Apple had already banned.
Apple quickly revoked the certificate allowing that app to work on phones. This was a big problem for Facebook, because their employee-only versions of the Facebook apps, like Messenger, used the same certificate and were therefore rendered useless.
Lawmakers weren't thrilled. Sen. Mark Warner (D-Va.) sent Facebook a strongly worded letter with a detailed list of questions to answer about the research app.
Everybody's doing it: TechCrunch later noted that Google, too, had circumvented the same controls for a similar research app. Google shut down its app after the story.
The Department of Justice is infiltrating and dismantling the North Korean "Joanap" botnet — a network of computers surreptitiously controlled by Pyongyang.
The difficulty here is that the department's aims to connect to the botnet and and notify users who have been infected by it requires communications with each of the controlled systems.
We'll be back on Tuesday. Promise.