Today's newsletter is 1,332 words, a 5-minute read.
Today's newsletter is 1,332 words, a 5-minute read.
Illustration: Eniola Odetunde/Axios
American outrage over foreign cyber espionage, like Russia's SolarWinds hack, obscures the uncomfortable reality that the U.S. secretly does just the same thing to other countries.
Why it matters: Secrecy is often necessary in cyber spying to protect sources and methods, preserve strategic edges that may stem from purloined information, and prevent diplomatic incidents.
The big picture: The U.S. is stronger in cyberspace than any other country, with world-spanning digital snooping capabilities, buttressed by American technological ingenuity and some of the planet’s most talented hackers and daring overseas operators.
Generally, only foreign-owned private cyber firms like the Russia-based Kaspersky, the object of deep distrust by U.S. intelligence officials, have treated U.S. threat actors like others: by naming them, describing their targets, and detailing their tactics, techniques and procedures.
Between the lines: The greater visibility, and heated rhetoric, surrounding cyber operations targeting the U.S. leads to more ink being spilled on the subject, which, in an escalatory spiral, further raises the public temperature.
Even when officials do acknowledge American cyber spying, it's often in coded language or to describe a specific subset of U.S. actions.
Yes, but: "Russia launched SolarWinds — the latest in a long series of hostile Russian cyber operations — not because the U.S. has engaged too proactively in cyberspace," Gary Corn, a former senior Cyber Command official, wrote in Lawfare. "Quite the opposite; it did so, very simply, because it could."
The most measured reactions to SolarWinds have therefore often come from top U.S. intelligence officials, who know too much about the country’s own activities to pretend otherwise.
"Good on them, bad on us," said former acting CIA director Michael Morell to news of the Russian hack. Morell emphasized that SolarWinds appears to have "just" been espionage and not, apparently, some type of prelude to destruction.
The bottom line: The question isn’t whether U.S. cyber operators are, for example, targeting major Russian government agencies, but how successful these ventures have been and continue to be.
Photo illustration: Eniola Odetunde/Axios. Photo: Win McNamee/Getty Images
The Biden administration is planning on nominating Jen Easterly, a former top Obama-era NSA and counterterrorism official, to the new Senate-confirmed national cyber director position, reports Politico.
Why it matters: Assuming she’s confirmed, Easterly will serve as the inaugural director of a new institution that is supposed to be the principal adviser to the president on cybersecurity issues.
Background: Easterly “served as deputy director for counterterrorism at the NSA from 2011 to 2013 before joining Obama’s NSC, where she served as special assistant to the president and senior director for counterterrorism,” writes Politico. Easterly also helped stand up the U.S. military’s Cyber Command.
Additionally, Biden is poised to likely select Robert Silvers, a former Obama-era DHS undersecretary, as the new head of CISA and Eric Goldstein, another DHS veteran, as head of CISA’s cybersecurity division, writes Politico.
The three Obama administration veterans will face a bevy of acute cybersecurity-related challenges, including the fallout from the SolarWinds hack.
The Defense Intelligence Agency has purchased cellphone data from commercial brokers that can track American and other app users’ movements, according to an unclassified memo provided to the New York Times.
Between the lines: It's unsurprising that U.S. intelligence agencies are trying to use commercially available (and relatively cheap) data to circumvent collection restrictions. But U.S. intelligence agencies are still supposed to face limits on their use of this data when it comes to users on U.S. soil.
Details: The data streams do not separate Americans’ geolocation information from non-Americans’ user information, so the DIA “processes the location data as it arrives to identify U.S. location data points, that it segregates in a separate database,” according to the memo.
Flashback: Vice previously reported that another Pentagon entity, U.S. Special Operations Command, has also purchased commercially available geolocation data via brokerage firms for counterterrorism purposes, including access to data derived from a Muslim prayer app that has been downloaded over 98 million times worldwide.
Our thought bubble: If U.S. spy agencies can access these tranches, it’s a good bet that foreign intelligence services — including hostile services — can too, with far fewer internal restrictions governing their use.
Suspected North Korean state hackers have been using social engineering schemes to target security researchers, according to researchers with Google’s Threat Analysis Group.
Driving the news: Using platforms "including Twitter, LinkedIn, Telegram, Discord, Keybase and email," the hackers themselves posed as threat researchers in order to build legitimate profiles and backstories.
One security researcher described how he was targeted — and later compromised — by someone he later realized was a North Korean operative.
The Google team also said that the North Korean hackers set up a phony research blog that included malicious code that compromised the devices of targets who followed links to the site.