Axios Codebook

A master lock with ones and zeroes instead of the regular numbers.

June 14, 2018

Welcome to Axios Codebook, the cybersecurity newsletter with strong opinions about different brands of mineral water.

Tips? Please reply to this newsletter.

1 big thing: The World Cup (of hacking)

A soccer ump gives hackers a red card

Illustration: Sarah Grillo/Axios

The World Cup begins today in Russia. And while Codebook can't give you any sporting predictions (despite a year as a backup on the JV2 soccer team), we can predict what World Cup hacking will look like.

Hackers are watching the games: In prior years, Cybersecurity firm Akamai has seen declines in cyberattacks while the World Cup games are in play — "at least until games are out of reach," said Patrick Sullivan, Akamai director of security technology.

  • Once games are well in hand, attacks from the losing team's nation spike well above normal. Often, said Sullivan, that takes the form of attacks designed to take down news stories in the victor's country that tout a home-team win.
  • Akamai specializes in the types of attacks involving the flow of internet traffic, making those types of attacks the ones the company has the most insight into.

Hacktivists: Sullivan notes activists frequently use various forms of cyber attacks during major sporting events to protest the host nation — often targeting sponsors to get their point across. He points to protestors upset with the amount of money spent in the recent Brazillian World Cup as an example.

  • But threat intelligence firm Flashpoint tells Codebook there is little credible chatter from activists looking to use the Russian games as a soapbox this year.

Nations: Some recent Olympics have been marred by destructive nation-led attacks, including attacks against the World Anti-Doping Association and wide-spread malware attacks. However, it appears World Cup host nation Russia was behind the brunt of these assaults, with occasional ducks behind fake personas like "Anonymous Poland."

  • "It is telling that those [cover personas] who claimed to be exposing hypocrisy in sports have been quiet when the event is in Russia," said Roman Sannikov, director of European research and analysis at Flashpoint.

Tourist traps: The U.S. and U.K. governments are warning tourists and soccer players to leave behind any device not essential to their survival, to avoid both cyber espionage and cyber criminals — Russia has thriving ecosystems of both.

What all this means for your favorite sport: Maybe soccer isn't your thing. But every time there is a successful cyberattack at a sporting event, said Craig Williams, director of outreach for Cisco's Talos research group, the threat creeps closer to a big event — sports or otherwise — that you care about.

  • "There's never been a publicly acknowledged Olympic Destroyer type attack at a U.S. sporting event," said Williams. "But you have to think of this like arson. Every time there's a successful attack, the arsonists gets emboldened."

2. White House eyes ZTE bargain after Senate vote

The Wall Street Journal reports President Trump has not given up on his $1.4 billion deal to save the Chinese telecom manufacturer ZTE, despite the Senate 's move to nix any deal by adding the provision to a must-sign defense bill.

The counter move: The Journal cites a White House official who says the administration will try to get the ZTE language softened when the House and Senate compromise on a final version of the National Defense Authorization Act. White House deputy press secretary Hogan Gidey said in a statement that the administration would press Congress to back off.

If no deal is reached: For seven years, ZTE wouldn't be able to use American components that the company can't do without. But lawmakers are concerned that ZTE has been twice caught selling banned technology to North Korea and Iran, and — like its Chinese rival Huawei — has been accused of sabotaging its own equipment to let Chinese intelligence spy on communications networks.

Meanwhile: Sen. Tom Cotton (R-Ark.) , who coauthored the amendment with Chris Van Hollen (D-Mary.), took to the floor on its behalf:

The only reason Huawei is the second-largest smartphone maker in the world and ZTE the fourth though is because we’ve let them run wild for too long. We’ve given them access to our markets even as they’ve broken our laws and abused the rights of our citizens. But if we refuse to do business with them, things would change very quickly, believe me.

ZTE proposed a $10.7 billion financing plan Wednesday to weather the storm.

3. Police upset that Apple is closing iPhone vulnerability

iPhone 8 viewed with Lightning port in foreground

Photo: Jaap Arriens/NurPhoto via Getty Images

Law enforcement officials are upset with Apple's plan to fix a security bug police used to break into phones, according to a New York Times report Wednesday.

The details: The lightning port on the iPhone - the one used to charge the phone - can also transfer data. Police had used that feature to access locked cell phones. Apple will now cut off data transfer after an hour — a plan first reported by Motherboard.

What they're saying: “If we go back to the situation where we again don’t have access, now we know directly all the evidence we’ve lost and all the kids we can’t put into a position of safety,” Chuck Cohen, the head of an Indiana State Police task force crimes against children, told the Times.

The nuance: There is no such thing as a law enforcement-only security defect. Allowing the police to continue to use the bug now widely reported on in the press would also mean acccepting that criminals would be able to do the same thing.

4. Mexican presidential candidate claims website was DDoSed

Mexican presidential candidate Ricardo Anaya claimed a website meant to cut into frontrunner Andres Manuel Lopez Obrador's lead was hit by a denial of service attack, rendering it inoperable.

The details: Anaya held up a sign pointing viewers to a website about Lopez Obrador during a debate, but the site was down before viewers were able to see it.

  • Distributed denial of service attacks (DDoS) flood a site with so much traffic that the site bcomes inaccessible.
  • A representative for Anaya told Reuters, "On this website, 185,000 visits were registered within 15 minutes, with the attacks coming mainly from Russia and China. It can take hours to prospect the configurations needed for attacking a website, which indicates the attack was planned and coordinated with national and international agents.”

Be smart: That certainly could have happened — but DDoS attacks of that and larger scopes are not difficult to pull off by a single angry person.

  • If it was a DDoS — still just a claim at this point — it could have been run off of free software available online, or any of a number of rent-a-DDoS services.
  • The fact that "attacks [came] mainly from Russia and China" doesn't actually mean anything. A DDoS uses hacked systems — often internet-connected devices, like cameras. The location of those devices doesn't correlate to the attacker's whereabouts.

5. EU governments, too, now dumping Kaspersky wares

The European Union will now discourage governments from using Kaspersky Lab products, after the EU Parliament passed a non-binding measure Wednesday to cease use of the company's products.

Kaspersky Lab's antivirus tools have been accused of masking Russian spying operations — something that Kaspersky has denied.

Why it matters: More than in the U.S., which passed a binding ban last year, there are significant consequences to the EU ban. The company had an agreement to assist Europol in investigations. Kaspersky told Cyberscoop that deal is now off.

6. Odds and ends

  • Intel is warning about a new processor vulnerability. (Intel)
  • The EU removes the U.K. from its GPS competitor, Galileo. (The Register)
  • A protestor is hacking unsecured televisions to protest controversial European copyright proposals...(ZDNet)
  • ...that 70 or so internet luminaries protested in a more conventional way — a strongly worded letter. (EFF)
  • MIT can use WiFi signals to see through walls. (Motherboard)
  • North Korea may have hacked a South Korean think tank. (ZDNet)
  • The senate confirmed Christopher Krebs to head the DHS’s cybersecurity and critical infrastructure wing. (Axios)
  • Palo Alto Networks added former National Security Agency Deputy Director Richard H. Ledgett and one-time top cyber diplomat Christopher Painter to its public sector advisory group. (Palo Alto Networks)
  • Chinese-speaking hackers who have elsewhere been linked to the Chinese government targeted a central Asian data center with government clients. (SecureList)

Codebook will return Tuesday.