Welcome to Codebook, the cybersecurity newsletter returning from CyberwarCon.
If you've got tips or story ideas, I'd love to see. Just reply to this email.
Yemeni soldiers in Sanaa, Yemen. Photo: Mohammed Hamoud/Getty Images
The conflict tearing Yemen apart is a human catastrophe and a geopolitical mess. It's also providing a look at how today's shooting wars spill over into digital conflict, even in the poorer corners of the world, as two presentations at Wednesday's CyberwarCon in Washington, D.C., elucidated.
Background: Houthi rebels, backed by Iran, currently control the capital city of Sanaa — and with it the main internet service in the country, YemenNet.
By gaining control of YemenNet, the Houthis gained control of the “.ye” domain — the Yemeni equivalent of “.com.” At the conference, threat intelligence firm Recorded Future noted that the Houthis used that control to take over national websites and declare themselves the official government.
The Hadi government built its AdenNet using Huawei routers. The Chinese telecommunications firm’s presence reflects China’s practice of using infrastructure assistance to secure valuable alliances (the Belt and Road initiative). Yemen is currently a war zone, but some day it will return to being a nation that controls important shipping lanes.
The influence campaign: The Houthi government is also running social media influence campaigns to pressure the West and Saudi Arabia to stop bombing Yemen, Johns Hopkins student Dan O’Keefe reported at CyberwarCon.
Though many big players are involved in bringing weapons to the region — with Saudi Arabia and Iran, both liberal users of surveillance technology, among them — it doesn't appear that there is a proxy war of surveillance tech underway in Yemen, yet.
The Department of Justice announced it had indicted 2 Iranians Wednesday for creating and deploying the SamSam ransomware that plagued the city of Atlanta and several other high-profile targets.
Details: Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri are accused of causing $30 million in losses from more than 200 victims in 10 states and Canada.
As pundits try to update their timeline for the 2016 Russia hacking scandal based on new emails and information from Roger Stone associate and conspiracy theorist Jerome Corsi, they are missing a key piece of the puzzle.
Background: This week, Corsi blew apart plea arrangements with the Mueller investigation, and now he publicly denies being an intermediary between Stone (a would-be proxy for the Trump campaign) and WikiLeaks or having any advance knowledge of the site's leak schedule.
The big question: What was Corsi referring to with the leak planned for when he got back?
So, what gives? Independent intelligence pundit Marcy Wheeler suggests Corsi may have been referring to a leak from Guccifer 2.0 in August that did materialize rather than a leak from WikiLeaks.
But there's an easier explanation: WikiLeaks, I'm told, was consistently behind schedule in releasing leaks, or at least behind the schedule Russia appears to have set for the site.
Maybe Corsi's "friend in embassy" didn't leak documents in August because he was running late.
Photo: NurPhoto/NurPhoto via Getty Images
Dell acknowledged Wednesday it had detected a breach of its systems on Nov. 9, but has yet to find any evidence consumer data was taken.
Details: Dell says hackers tried, and failed, to steal names, passwords and email addresses.
Codebook will return on Tuesday, why not?