December 09, 2020
Hello, and welcome to the latest edition of Codebook. This week, we're thinking about how foreign cyber spies' targets often reflect their own sense of those targets' importance — and what this says about just how central key threat intelligence firms are to the U.S. cybersecurity landscape.
Today's newsletter is 1,525 words, a 6-minute read.
1 big thing: Finding patterns in a morass of misinformation
As misinformation rampages through the internet, the clearest way to make sense of its scale and impact may be to use a similar lens to that used for detecting targeted influence campaigns, experts tell Axios' Kyle Daly, which means evaluating who's most active in spreading it and why.
Why it matters: Widespread misinformation is endangering public health and faith in democracy. Any hope of containing it relies on greater visibility into exactly how misinformation spreads across the internet.
The big picture: It's exceedingly tough to quantify misinformation. But we're not entirely in the dark and have some simple but useful tools — among them:
- Google Trends measures the total volume of searches for a given term and can capture the tipping point when false narratives break out into the mainstream.
- NewsWhip gauges the attention particular topics are receiving by measuring the social media interactions — likes and shares on Facebook and Twitter, for example — that news stories and other links about them garner. (It's how we built our chart above.)
Yes, but: Such methods provide just a small part of the picture — and nothing about whether the people clicking on misinformation are actually buying it. Experts Kyle talked with point to several big problems with existing methods of quantifying misinformation.
1. The numbers that are available are incomplete and potentially misleading.
- Twitter and Facebook have offered snapshots of how much material they've taken down around certain topics, but not the total volume of material they're reviewing.
- Facebook has spoken about measuring the overall "prevalence" of content that violates its rules by using sampling techniques. But observers aren't sold on relying on the platforms' own assessments.
2. The public internet is only one stream in the broader misinformation deluge.
- False claims and conspiracy theories are increasingly being spread in private Facebook groups, private chat servers on platforms like Discord, and private texts and messaging groups.
- They also surface in partisan media outlets, elected officials' public statements and everyday real-world conversation.
3. "Misinformation" is a subjective category.
- Something like "5G towers spread COVID-19" is an easily adjudicated false claim.
- But most misinformation appears in shades of gray, coming as a misleading gloss on events or statistics with some basis in reality.
- And the language of misinformation is often innuendo and obfuscation — vague allusions to conspiracies and malfeasances rather than bald-faced lies.
What's next: Companies and research groups that track misinformation are increasingly focused on the actors who are most effective in driving discussion around certain topics — and on those actors' agendas. A better understanding of who's giving voice to a particular claim can serve as a shortcut for individuals to judge its merits without relying on platform enforcement or transparency.
- Yonder and Graphika are among the companies making sense of misinformation's spread not by trying to run down every questionable claim, but by analyzing and defining the groups and figures that are either most active in discussing topics like mail-in ballots or responsible for shuttling such discussions from platform to platform.
Of note: These approaches are effective and appealing because they don't require a full picture of every single questionable claim or conspiracy theory that travels across the internet. But researchers and policymakers still contend that we'd benefit from more transparency and accountability from platforms on steps they're taking to fight misinformation.
Something as simple as a government-mandated algorithmic impact assessment could force platforms toward a better understanding of the effect the decisions they farm out to AI have on civic health, argues Nate Erskine-Smith, a Canadian parliamentarian and member of the International Grand Committee on Disinformation.
2. Inside our Chinese spying investigation
The case of Christine Fang shows how a suspected Chinese intelligence agent really dug into U.S. politics, Axios' Bethany Allen-Ebrahimian and I write.
Why it matters: Fang’s case offers unique insights into how China’s spy services operate and the challenges faced by U.S. counterintelligence officials.
Catch up quick: Fang developed extensive ties with local and national politicians, including U.S. congressman Eric Swalwell, in what U.S. officials believe was a political intelligence operation run by China’s main civilian spy agency between 2011 and 2015, Bethany and I found.
Here were some key takeaways from our yearlong investigation:
- Fang’s alleged work as a “bundler” — helping connect donors to political candidates — is a particularly important example of how a potential foreign operative can gain access to, and accrue influence with, important people while participating in outwardly benign civic activities.
- Fang got involved at the core civic level of U.S. politics, attending cookouts with mayors, participating in obscure conferences attended almost exclusively by municipal officials, volunteering for candidates in hyperlocal races in mid-sized cities and in congressional primaries, and leading local student groups that often interfaced with officials.
- Of course, civic participation is a good thing. The U.S. has a long and shameful history of discrimination against Asian Americans, particularly Chinese Americans. So the need for student and civic organizations to encourage Asian American political participation and representation is clear.
- Local officials often don't know they might be the target of a foreign intelligence operation. And why would they? They don't have access to classified information, they're not privy to affairs of state, and they're not getting detailed FBI briefings on local CI threats.
- But China's spy services understand that "all politics is local." It's fair to say that U.S. counterintelligence has never faced a rival with this much capacity, will and means when it comes to penetrating local U.S. politics.
Between the lines: With Christine Fang’s story now public, it is perhaps easier to understand why in recent years many U.S. counterintelligence officials believed the American people didn't fully grasp the threat posed by China's political influence operations.
3. FireEye hit by nation-state hackers
Cybersecurity firm FireEye said Tuesday it had been hacked by what the company called "a nation with top-tier offensive capabilities," compromising its internal software and systems, the Wall Street Journal reported.
Why it matters: The company said the attacker sought information about its government customers and accessed the firm's internal tools used to test the cyber defenses of its clients.
- FireEye noted it had no evidence thus far that data belonging to its clientele had been jeopardized and said it's investigating the breach with the help of the FBI and industry partners, such as Microsoft.
Russia's SVR intelligence agency appears to be behind the hack, a source told the Washington Post.
- In response, FireEye "has developed more than 300 countermeasures for its customers to help shield them from attack" using the stolen tools, the company’s CEO told the Post.
- The hack was a "sniper shot," a person familiar with the breach told the Post, with the SVR putting together infrastructure solely for a breach into FireEye.
Our thought bubble: Though most public commentary has focused on the exploits or hacking tools stolen in the FireEye breach, the primary purpose of the intrusion by the SVR may have been to gather intelligence on the firm's government clients.
- That in turn could help facilitate future Russian hacking operations or provide Russian intelligence deeper context or understanding of the relationship between FireEye and government agencies.
4. Report: Businesses still have a dim grasp on 5G security
The business world has a muddled view of the cybersecurity challenges and opportunities presented by the rollout of 5G networks and services, per a paper out yesterday, Kyle reports.
Why it matters: Secure hardware and systems will be a must in order to fulfill the vision of a 5G future filled with ubiquitous super-fast internet and a plethora of connected devices. Business leaders having a dim understanding of where things stand on that front could presage some headaches to come.
By the numbers: Some 31% of 1,000 global business leaders and security professionals polled in September said they believe 5G will be fully secure at the network provider point, according to the report from AT&T Cybersecurity, formerly known as AlienVault, which AT&T acquired in 2018 and which runs the Open Threat Exchange for sharing cyber threat intelligence.
- 26% said they have no strategic plan to address 5G security.
- Yet 56% said they understand they'll have to tailor their approach to cybersecurity for 5G.
What they're saying: "These diametrically opposing beliefs sum up the conundrum facing enterprises as they transition to secure 5G," reads the report. "Nearly half of the survey respondents think 5G requires no change to their security infrastructure, while the other half understands that this shift demands a rework of the security posture to keep the business protected."
Yes, but: Despite the mixed messages, respondents said their companies, all organizations with at least 1,000 employees, are investing heavily in 5G cybersecurity.
- Respondents implementing 5G said they now spend 18–23% of their total security budgets on 5G security and expect that to tick up to nearly a quarter of their budgets within 12–18 months.
5. Odds and ends
- Fired ex-CISA director Chris Krebs spoke out against ongoing election disinformation from President Trump and his allies in an episode of "Axios on HBO," and he subsequently sued the Trump lawyer who said he should be "shot." (Axios)
- The National Security Agency warned that a vulnerability in virtual workspace products is being exploited by Russian cyber spies. (NSA)
- California Secretary of State Alex Padilla, a leading contender for the Senate seat being vacated by Vice President-elect Kamala Harris, is an experienced hand on election security issues. (Politico)
- Researchers discovered a serious vulnerability affecting millions of IoT devices that may never be ameliorated. (Wired)
- Huawei is testing facial recognition software to identity Uighurs. (Washington Post)
- Former NSA contractor Reality Winner has lost her appeal and will continue to serve her prison sentence. (CyberScoop News)