Welcome to Codebook, the cybersecurity newsletter that only interviews people's enemies.
Illustration: Aïda Amer/Axios
Satellite navigation systems like the Global Positioning System (GPS) make so many different pieces of our global infrastructure tick that most countries treat their signals as sacrosanct, knowing that interfering with them could have devastating effects. But a new report released Tuesday is giving us the first broad view of a country — Russia — that's pervasively tampering with the service.
The big picture: Global navigation satellites — including GPS and less-used competing services like Russia's GLONASS — are coordinated networks of atomic clocks in outer space that can be used to triangulate precise locations or coordinate precise timing. Without them, everything from global shipping to financial markets would suffer.
Why it matters: It's easy to see the military, transportation and pizza delivery importance of precise location information. The timing signals are extremely important, too.
The intrigue: Russia has been called out several times before for interfering with global positioning satellite systems, and it is known to capitalize on interfering with GPS for military and national security purposes like no other country. But before the study by the C4ADS think tank, no one had really taken a scientific look across all of Russia's activities to see how constant the disruptions are.
C4ADS is not formally accusing the Russian government of being behind any of the fraudulent, "spoofed" signals. It would be impossible to make that kind of determination from the space station.
But, but, but: It is clear that many of the instances largely serve Russian national interests.
Why airports? Many manufacturers of drones use GPS chips to prevent their products from flying into airport airspace. C4ADS suspects the spoofing was to prevent drone attacks or surveillance.
Meanwhile, Russia also used spoofing in combat zones, particularly Syria, to try to limit attacks against its installations.
A controversial European Union copyright law cleared its last hurdle Tuesday, to the dismay of protestors.
Why it matters: The copyright law has been a focus of intense criticism online.
Article 11 of the law, the so-called "link tax," would require sites like Facebook and Google to pay a fee when they summarize news stories and link to them.
Article 13 of the law requires sites that distribute user-uploaded content to better screen for copyright violations.
Chairman of the House Oversight and Reform Committee Elijah Cummings (D-Md.) and Sen. Elizabeth Warren (D-Mass.) on Tuesday released an audit of shortcomings in how the government regulates data security at credit bureaus.
Why it matters: Nearly two years after the hackers stole personal information about the majority of Americans in the Equifax breach, lawmakers have made few systemic changes to prevent similar events from happening in the future.
Details: Cummings and Warren requested the audit from the Government Accountability Office in September 2017, and they're releasing the report in advance of a hearing about policy options to prevent future breaches held by the Oversight Committee’s subcommittee on economic and consumer policy Tuesday. The report recommends:
Photo: Dennis Lane/Getting Images
On Monday, Kaspersky Lab announced the discovery of Operation Shadowhammer, a group that implanted a backdoor in the systems of hundreds of thousands of ASUS-brand computers using the firm's software update system.
Why it matters: Shadowhammer infected all of those computers to target a preprogrammed list of 600 computers. This is concerning for a few reasons:
This is not a reason to stop updating software, which, in nearly all cases, improves rather than decreases security. It's very rare that attackers can copy certificates this way.
ASUS released a statement Tuesday morning about the incident, saying a "small number" of machines were infected by malicious code (countering Kaspersky's estimate of half a million).
Researchers at Alert Logic believe they have discovered a way to halt LockerGoga ransomware in its tracks.
Why it matters: LockerGoga has been used in a crippling string of ransomware attacks at industrial firms, causing industrial plants to temporarily shut down.
Details: Alert Logic claims that a specific type of malformed files used to link to files on other systems can crash the malware before it starts encrypting files. The trick involves a .lnk file placed in the "Recent Items" folder.
To be clear: This may just be a temporary fix. Whoever is deploying the malware could fix their wares to not be derailed by the bug.
Codebook will return on Thursday.