May 27, 2020



Welcome back to the new Axios Codebook! I’m Zach Dorfman, senior staff writer at the Aspen Institute, and every Wednesday I’ll be in your inbox exploring the intersection of cybersecurity, espionage and technology.

A little bit about me: I’m a national security journalist who has written for Politico, The Atlantic, Foreign Policy and other publications. My work has focused on challenges that nation-states like China, Russia, North Korea and Iran pose to the U.S. and its Western allies; the inner workings of the $60 billion-a-year world of U.S. spy agencies; and the ways in which technology is changing what intelligence is and how it’s gathered.

I’m excited to dig into all things cybersecurity-related — which is, broadly speaking, the most important story of our time. You can always send feedback by replying to this email.

Today's newsletter is 1,353 words, a 5-minute read.

1 big thing: Inside hackers’ pivot to medical espionage

Illustration: Aïda Amer/Axios

A wave of cyber spying around COVID-19 medical research is once more demonstrating the perils of treating cybersecurity as a separate, walled-off realm.

Driving the news: U.S. officials recently announced an uptick in Chinese-government affiliated hackers targeting medical research and other facilities in the United States for data on a potential COVID-19 cure or effective treatments to combat the virus. Additionally, “more than a dozen countries have redeployed military and intelligence hackers to glean whatever they can about other nations’ virus responses,” reports the New York Times.

  • According to a recent FBI bulletin, “nation-state cyber actors are targeting COVID-19-related research as many foreign governments seek to accelerate their own R&D processes and clinical trials.”
  • Since February, suspected foreign government hackers have compromised the systems of a “healthcare-related” company and a “U.S. research entity,” and they have targeted other medical, pharmaceutical and academic institutions, says the FBI.

The big picture: For years, policymakers and media outlets have stowed cybersecurity threats and conflicts away in their own specialized silo. But the world of cyber espionage isn’t really separate at all: It’s just another means for countries to pursue their tactical and strategic objectives.

  • “When there’s a cyber intrusion and exfiltration of a defense industrial contractor, that’s not a cyber case, that’s a counterintelligence case,” said a current senior U.S. intelligence official.
  • In those incidents, the culprit is most likely a Chinese government agency, according to the official. "I have not been able to convince people of that. Because we’ve created this world of cyber, and it’s like floating in the Atlantic. … We cannot get off that island. It’s really frustrating.”

Of course the world’s spies are trying to purloin vaccine research: Nothing is more valuable right now anywhere on the planet. The country that’s first with a vaccine will, in theory, benefit immensely. Elections may be won or lost because of it. Industries and entire economies hang in the balance. Social stability may depend on vaccine access.

There are also subtler benefits of a vaccine: the soft power accrued to whoever develops and shares it internationally, as well as the potential profits from what should be a global, compulsory, vaccination campaign — and one that may be required at regular intervals, like a flu shot.

Between the lines: The pandemic took an already accelerating trend toward the virtualization of our work and private lives and kicked it into overdrive.

  • What holds true for us as individuals also holds true for states. They’re spying more online because more of life is being lived online. And, right now, many of them want to steal medical research on COVID-19.
  • As Alex Orleans, a cyber threat intelligence researcher, tweeted: “The most tedious part of COVID-19 lockdown is everyone being (or pretending to be) shocked by the universal and long-standing truth that everybody spies on everybody else.”

Why it matters: We won’t be able to understand or predict where the next threats will emerge unless we get better at integrating the stuff we call “cyber” with all the other ways we think about the world.

2. "Unmasking" unmasked

President Trump and his allies have made a lot of noise about purported Obama administration wrongdoing via the “unmasking” of then-incoming national security adviser Michael Flynn’s identity in reports of intercepted conversations between Flynn and Russian Ambassador Sergey Kislyak during the 2016–17 presidential transition.

This is, at bottom, a manufactured controversy. Neither the interception of Kislyak’s calls nor the requests by senior U.S. officials to know whom he was speaking with about sanctions relief were unusual in and of themselves, though the context — the Russian election interference scheme in 2016 — certainly was.

Yes, but: What is unusual is the declassification of this request log by former acting director of national intelligence Richard Grenell.

  • Its motivation appears political: to muddy the waters about what transpired in 2016 and to tar 2020 Democratic presidential nominee Joe Biden, who was among the U.S. officials who at the time requested an “unmasking” of Flynn’s identity. (Indeed, according to the Washington Post, Flynn’s name wasn’t actually even masked on FBI documents related to the call.)

How it works: Unmasking is a routine operation in the U.S. security bureaucracy.

  • All over the world, U.S. citizens and U.S. officials bump up against legal and legitimate targets of surveillance under U.S. law, often under entirely benign circumstances.
  • “If I, in standing requirements, am targeting Putin’s or Erdogan’s inner circle, you’re going to collect [intelligence] incidentally” on U.S. officials, says a former U.S. intelligence official.
  • Indeed, if you’re a U.S. diplomat, it’s your job to be interacting with these folks. You’re going to get picked up on U.S. surveillance. (And almost certainly the surveillance of other countries as well.)
  • The process for reporting on U.S. persons whose communications are collected “incidentally” (that is, not as the intended target of surveillance) in conversations with an intelligence target is to “mask” them — to hide their names for privacy reasons.
  • But sometimes U.S. officials can request that these hidden identities be “unmasked” — that is, revealed — to better understand the context or import of the conversation.

There were more than 10,000 such requests in 2019.

  • There are just some reports that “you know when you write it, you’re going to get an unmasking request,” said the same former official.

Our thought bubble: These conversations involved U.S. sanctions relief and the larger policies of the incoming Trump administration toward Russia — policies about which there was great concern, as Russia had just executed a successful influence campaign to help elect Donald Trump president. It would have been a scandal if U.S. counterintelligence officials weren’t alarmed.

3. Arrest deepens rift with China over scholarship program

Illustration: Rebecca Zisser/Axios

The Justice Department's arrest of Simon Saw-Teong Ang, an engineering professor at the University of Arkansas, for wire fraud earlier this month ratcheted up a long-running confrontation with China over a controversial scholarship program.

What’s happening: Ang’s indictment was related to his failure to disclose the extent of his ties to China’s 1000 Talents Program, an initiative of the Chinese government to encourage U.S. scientists and researchers to share technical know-how and innovations with Chinese universities and businesses.

  • U.S. officials view the program warily — primarily as an instrument used by the Chinese government to facilitate the transfer of valuable intellectual property out of the United States, and perhaps even to steal it.

The big picture: Ang’s arrest was the latest in a crackdown by DOJ officials over the 1000 Talents Programs, which has ensnared the chair of Harvard’s chemistry program, a former Emory University neuroscientist, a Coca-Cola engineer and others.

  • 1000 Talents-related criminal charges have generally not involved espionage and have centered instead on the theft of trade secrets, false statements, tax fraud and wire fraud.
  • This isn’t entirely unusual in national security-adjacent cases, but critics say that DOJ’s hard-charging approach will chill scientific exchanges between the U.S. and China and discourage open laboratory environments more broadly.

The bottom line: The U.S. is walking a tightrope between aggressively pursuing intellectual property theft cases and creating a chilling effect through overbroad and/or racially tinged prosecutions.

4. Beer rating app reveals spies' locations

Untapped, a popular beer-rating app, can easily be manipulated to identify and track military and intelligence personnel, according to a report in the investigative open-source journalism and research outlet Bellingcat.

In one case, Bellingcat located an individual who “checked in” multiple times from Camp Peary, commonly known as “The Farm” — a highly restricted Virginia military base where CIA operations officers are trained in spycraft.

  • This person then “checked in at military locations throughout the Middle East, and has logged an additional 700+ check-ins at 500+ unique locations,” according to Bellingcat. 
  • In another case, a user uploaded a photo of beer — with military documents lying on his or her desk.

The bottom line: Digital trails make surveillance of individuals much easier than in the past. For government officials, using even harmless-seeming apps — like ones that rate beer! — can provide foreign intelligence services with massive troves of information useful in tracking top-tier espionage targets.

Between the lines: The trend is gradually rendering it impossible to conduct the traditional kind of human spying, say intelligence officials. Now, spies have to “hide in plain sight,” accept that their identities may be known and rely on superior tradecraft to keep their work secret.

5. Odds and ends
  • German Prime Minister Angela Merkel's office was the target of an apparently successful 2015 hacking attempt by Russian intelligence. (BBC)
  • A hacking group called ShinyHunters went on a “rampage” in early May, peddling what it claimed were close to 200 million records stolen from e-commerce and media firms. (Wired)
  • Facial recognition technology is struggling to adapt to the COVID-19 era's face masks. (CNet)
  • Security researchers disclosed a new iOS “jailbreak,” a way to defeat Apple's restrictions preventing iPhone users from installing software that's not Apple-approved. (Vice)
  • A hacking group linked to Russian intelligence, and known for targeting critical infrastructure, is continuing to compromise German companies, according to a warning from German authorities. (CyberScoop)