Welcome to Codebook, Axios' cybersecurity newsletter. All of this stuff actually happened.
Tips? Reply to this email.
President Trump chairs a UN Security Council meeting, Sept. 26. Photo: Spencer Platt/Getty Images
At the UN on Wednesday, President Trump repeatedly claimed that China is meddling in the U.S. midterm elections. But his administration has provided no evidence that that's true, according to any useful definition of "election meddling."
In three different stage appearances, the president conflated predictable tactics triggered by his trade war — including tariffs targeted by China at influential states and a clearly labeled "advertorial" about the farm bill in an Iowa newspaper — with Russian-style interference of the sort that clouded the 2016 U.S. elections.
Why it matters: These are serious times, with serious threats. If the accusation of election meddling is to mean anything, it has to mean actions that are covert, illegal or violating an international norm. Unless the Trump administration has intelligence that it hasn't revealed, China's moves are none of those things.
Without offering details, Trump told the UN Security Council: "Regrettably, we found that China has been attempting to interfere in our upcoming 2018 election — coming up in November — against my administration. They do not want me —or us — to win because I am the first president ever to challenge China on trade."
The rest of the day: The administration soon followed with a press call from a "top administration official" that focused on the ad and tariffs. Trump mentioned the ad and tariffs in a tweet and subsequent appearances before the press.
To be clear: The United States also targets tariffs in order to achieve political goals. Trump may not like it when China does the same, but it's neither covert nor illegal.
The scoreboard: Despite being accused of what sounded like a minor act of war, China likely leaves New York happy with Trump's general posture. On Tuesday, Trump offered a speech before the General Assembly emphasizing the importance of national sovereignty.
Codebook reached out to lawmakers interested in cybersecurity, law enforcement, state secretaries of state (who oversee elections) and cybersecurity firms — including those who have traditionally been hawks on China. No one would confirm the administration's charge of Chinese election interference.
A flustered Sen. Mark Warner (D-Va.) pointed out to reporters that the White House has a history of trying to divert attention from scandals and that, if the president really wanted to do something to protect election integrity, he could back the Senate's bipartisan election security bill.
Chinese Foreign Ministry spokesperson Geng Shuang responded Thursday, "We advise the U.S. to stop this unceasing criticism and slander of China. Stop these wrong words and deeds that damage bilateral relations and the basic interests of both countries' peoples."
Users who give Facebook phone numbers as part of a two-factor authentication process can be targeted for ads on the basis of those numbers, according to researchers at Northeastern University and Gizmodo reporter Kashmir Hill. Facebook is also taking the phone numbers of friends that users upload and linking them to those friends' accounts.
Why it matters: It isn’t readily apparent to most people that the phone number they’ve provided solely for security purposes would be treated as content for the social media firm’s advertising mill. It may be even less apparent that phone numbers users don’t upload themselves — that their friends uploaded — would still be linked to them.
Julian Assange. Photo: Jack Taylor/Getty Images
Wikileaks figurehead Julian Assange stepped down as editor-in-chief Wednesday, naming Kristinn Hrafnsson his replacement. Assange will remain publisher.
Why it matters: Assange no longer has internet access after burning bridges at the London Ecuadorian Embassy, where he remains sequestered. He first took asylum in the embassy after being accused with sexual misconduct, claiming he feared extradition.
Researchers at ESET discovered that Fancy Bear, hackers associated with Russian intelligence best known for hacking the Democratic National Committee and other targets in the 2016 election, can now infect a process that is used to allow operating systems to interact with hardware.
Why it matters: The security community has long speculated that malware infecting that process, known as UEFI, might become a problem. It is particularly worrisome because most computer security starts at the operating system level — meaning successful infections would be hard to see.
ESET is calling the malware "LoJax" based on its use of a tool previously used to infect systems with the LoJack security system.
Should you be worried? UEFI has a defense system against these kinds of attacks known as Secure Boot that, if activated, will repel unrecognized software. ESET says turning on Secure Boot would protect against LoJax.
Cisco's Talos research group announced seven new functionalities in VPNFilter, malware targeting routers that the Department of Justice believes is being propagated by the Russian spy group Fancy Bear.
The background: Talos first announced discovering the malware in May. Soon after, the FBI publicly recommended that Americans using routers from the bevy of affected brands (Linksys, MikroTik, NETGEAR and TP-Link) take action to rid potential infection.
The new tools: In a blog post Wednesday, Cisco noted that VPNFilter could be used to do more things than previously thought, including new ways to:
The New York Times launched a Freedom of Information Act lawsuit against the Federal Communications Commission last week for technical information about meddling in the net neutrality debate. Researchers cited in the suit say that a Times win could yield further evidence of the culprit's other activities.
Tom Richards, GroupSense's chief strategy officer, told Codebook those logs could be useful in determining whether Russia actually submitted the false comments and what else they had been up to if the commenters failed to mask their internet addresses.
What they're saying: "They probably masked their IP addresses [internet addresses], but all it takes is them making a mistake once," says Richards.
Caveat: The FCC argues that providing the logs wouldn't be without peril — any authentic commenters would also see their internet addresses revealed.