Welcome to Codebook, coming to you live from the Aspen Cyber Summit in San Francisco.
If you have a tip or story idea for the newsletter, just hit reply. And tell your friends to sign up here.
Then Attorney General Jeff Sessions announces charges against Chinese hackers. Photo: Zach Gibson/Getty Images
Under Attorney General Jeff Sessions, the Department of Justice took a harder line against cyber espionage, particularly by China, than it ever had before. But experts say the offensive against China's theft of billions of dollars in intellectual property is likely to continue under Matt Whitaker, the new acting attorney general.
The big picture: Press coverage is spotlighting the impact Sessions' departure may have on the Mueller investigation. But the DOJ is a big machine with many moving parts, and a change at the top could affect any or all of them.
Background: On Oct. 30, the U.S. announced the indictments of 10 Chinese spies and collaborators for hacking aerospace firms to steal intellectual property for the benefit of Chinese industry. On Nov. 1, the U.S. indicted three more Chinese citizens and two companies for similar charges related to computer chips.
Where it stands: The aggressive policy is likely to continue under new DOJ leadership.
The cause and effect: Part of why Sessions was the first attorney general to go on a cyber espionage indictment spree was simple chronology.
The leadership structure: The head of the DOJ doesn't unilaterally set department policy — priorities ultimately flow from the White House.
No one appears to have hacked the 2018 midterm elections. That's pretty good!
Yes, but: Concern over what happened in 2016 fueled much of the legislative momentum to increase election security. After a successful election, some of that impetus could vanish.
What they're saying: "It was clear that the stepped-up effort and heightened awareness around election security helped in the midterm elections," said Jay Kaplan, co-founder and CEO of Synack, a security firm that pledged more than $1 million to a pro bono election security service for states.
The bottom line: States still lack adequate funding to purchase less hackable equipment, including machines with auditable paper backups and other security enhancements. Not all states that can audit machine accuracy, do audit machine accuracy — useful against hacking or bugs. And while the bevy of companies volunteering services, like Synack, is helpful, the effort lacks coordination.
The outlook: Many states are still gung-ho about improving security.
But it will take until January to see whether the new Congress has matching enthusiasm.
And the midterm elections aren't over. There are still recounts and runoff elections aplenty before this election is totally out of the woods.
Election watchers on Twitter took note Wednesday that the Georgia secretary of state's office posted the roster of citizens who filed absentee ballots in the election to its website with no additional security. What many didn't immediately notice is that this had been Georgia's practice for years.
Why it matters: Many states offer voter records to interested parties. But usually there are rules, forms and fees involved in the process to prevent, say, scammers or stalkers from accessing those lists.
The bottom line: What Georgia did was legal, but anecdotally it still appears to have exceeded what voters thought was going to happen with their data when they submitted it to the state. Those fears were amplified by a contentious governor's election, in which one candidate was the secretary who ostensibly oversaw the public release of the database. Secretary of State Brian Kemp resigned his role Thursday morning amid accusations of conflicts of interest.
U.S. Cyber Command uploaded its first malware sample to a widely used malware research community Wednesday, kicking off a new initiative to share nation-state-borne malware with researchers.
Details: VirusTotal, which is owned by Google parent company Alphabet, is sort of a clearinghouse for malware samples. It collects new strains through researcher uploads and a public-facing malware scanner.
Cyber Command's first upload was a derivative of the LoJax malware, widely believed to have been developed by Russia's Fancy Bear espionage group.
Photo: Douglas Sacha / Getty Images