Welcome to Axios Codebook, the cybersecurity newsletter with strong opinions about different brands of mineral water.
Tips? Please reply to this newsletter.
Welcome to Axios Codebook, the cybersecurity newsletter with strong opinions about different brands of mineral water.
Tips? Please reply to this newsletter.
Illustration: Sarah Grillo/Axios
The World Cup begins today in Russia. And while Codebook can't give you any sporting predictions (despite a year as a backup on the JV2 soccer team), we can predict what World Cup hacking will look like.
Hackers are watching the games: In prior years, Cybersecurity firm Akamai has seen declines in cyberattacks while the World Cup games are in play — "at least until games are out of reach," said Patrick Sullivan, Akamai director of security technology.
Hacktivists: Sullivan notes activists frequently use various forms of cyber attacks during major sporting events to protest the host nation — often targeting sponsors to get their point across. He points to protestors upset with the amount of money spent in the recent Brazillian World Cup as an example.
Nations: Some recent Olympics have been marred by destructive nation-led attacks, including attacks against the World Anti-Doping Association and wide-spread malware attacks. However, it appears World Cup host nation Russia was behind the brunt of these assaults, with occasional ducks behind fake personas like "Anonymous Poland."
Tourist traps: The U.S. and U.K. governments are warning tourists and soccer players to leave behind any device not essential to their survival, to avoid both cyber espionage and cyber criminals — Russia has thriving ecosystems of both.
What all this means for your favorite sport: Maybe soccer isn't your thing. But every time there is a successful cyberattack at a sporting event, said Craig Williams, director of outreach for Cisco's Talos research group, the threat creeps closer to a big event — sports or otherwise — that you care about.
The Wall Street Journal reports President Trump has not given up on his $1.4 billion deal to save the Chinese telecom manufacturer ZTE, despite the Senate 's move to nix any deal by adding the provision to a must-sign defense bill.
The counter move: The Journal cites a White House official who says the administration will try to get the ZTE language softened when the House and Senate compromise on a final version of the National Defense Authorization Act. White House deputy press secretary Hogan Gidey said in a statement that the administration would press Congress to back off.
If no deal is reached: For seven years, ZTE wouldn't be able to use American components that the company can't do without. But lawmakers are concerned that ZTE has been twice caught selling banned technology to North Korea and Iran, and — like its Chinese rival Huawei — has been accused of sabotaging its own equipment to let Chinese intelligence spy on communications networks.
Meanwhile: Sen. Tom Cotton (R-Ark.) , who coauthored the amendment with Chris Van Hollen (D-Mary.), took to the floor on its behalf:
The only reason Huawei is the second-largest smartphone maker in the world and ZTE the fourth though is because we’ve let them run wild for too long. We’ve given them access to our markets even as they’ve broken our laws and abused the rights of our citizens. But if we refuse to do business with them, things would change very quickly, believe me.
ZTE proposed a $10.7 billion financing plan Wednesday to weather the storm.
Photo: Jaap Arriens/NurPhoto via Getty Images
Law enforcement officials are upset with Apple's plan to fix a security bug police used to break into phones, according to a New York Times report Wednesday.
The details: The lightning port on the iPhone - the one used to charge the phone - can also transfer data. Police had used that feature to access locked cell phones. Apple will now cut off data transfer after an hour — a plan first reported by Motherboard.
What they're saying: “If we go back to the situation where we again don’t have access, now we know directly all the evidence we’ve lost and all the kids we can’t put into a position of safety,” Chuck Cohen, the head of an Indiana State Police task force crimes against children, told the Times.
The nuance: There is no such thing as a law enforcement-only security defect. Allowing the police to continue to use the bug now widely reported on in the press would also mean acccepting that criminals would be able to do the same thing.
Mexican presidential candidate Ricardo Anaya claimed a website meant to cut into frontrunner Andres Manuel Lopez Obrador's lead was hit by a denial of service attack, rendering it inoperable.
The details: Anaya held up a sign pointing viewers to a website about Lopez Obrador during a debate, but the site was down before viewers were able to see it.
Be smart: That certainly could have happened — but DDoS attacks of that and larger scopes are not difficult to pull off by a single angry person.
The European Union will now discourage governments from using Kaspersky Lab products, after the EU Parliament passed a non-binding measure Wednesday to cease use of the company's products.
Kaspersky Lab's antivirus tools have been accused of masking Russian spying operations — something that Kaspersky has denied.
Why it matters: More than in the U.S., which passed a binding ban last year, there are significant consequences to the EU ban. The company had an agreement to assist Europol in investigations. Kaspersky told Cyberscoop that deal is now off.
Codebook will return Tuesday.