Jul 29, 2020

Axios Codebook

Good afternoon, and welcome to this edition of Codebook. This week, we're thinking about the controlled escalation of tensions in great power relations, how states try to gauge adversaries' signals — and how often they miscalculate.

Today's newsletter is 1,619 words, a 6-minute read.

1 big thing: Spies reckon cost of U.S. shuttering Chinese Consulate

Illustration: Annelise Capossela/Axios

It is a universally accepted international convention that diplomatic facilities can be used as cover for espionage activities. But the system only works if states pretend not to acknowledge it.

So the decision last week by the Trump administration to shutter the Chinese Consulate in Houston over allegations that China used it for spying set off a predictable diplomatic firestorm.

  • Beijing retaliated by ordering the U.S. Consulate in the western Chinese city of Chengdu closed.

The big picture: No major diplomatic incident or significant norm-breaking act of espionage between the two economic superpowers preceded the Houston closure.

  • That’s unlike the administration’s targeted 2017 closure of the Russian Consulate in San Francisco, which was a reverberation from Moscow’s covert interference in the 2016 U.S. presidential election, and its 2018 shuttering of the Russian Consulate in Seattle, which was explicitly linked to Moscow’s use of the world’s deadliest nerve gas on a Russian defector in the U.K.

Details: After the closure announcement, the New York Times obtained a dossier that “broadly outlined” investigations by FBI counterintelligence into espionage and influence activities emanating from the facility. These included:

  • Attempted medically focused intellectual property theft.
  • The courting of local academics performing sensitive research.
  • Hard-edged pressure on Chinese dissidents in the area.

Yes, but: Jarring as it may sound, this is unremarkable activity for a Chinese consular establishment.

  • Though its collection priorities differ, the U.S. also conducts widespread intelligence operations out of its diplomatic facilities abroad.
  • Indeed, in 2016, China reportedly snatched, accosted and temporarily detained a suspected U.S. intelligence operative off the streets of Chengdu. This person was formally working out of the now-shuttered U.S. Consulate there.

Bluntly, countries spy on each other, and they do it out of embassies and consulates. (China’s kidnapping of this U.S. operative, however, was a significant violation of the unofficial rules of the game.)

  • The Chinese Consulate in Houston wasn’t even one of its top-tier facilities for intelligence collection within the U.S., say former intelligence officials.
  • It was “the lowest priority of all the consulates” for U.S. counter-spies, said a former senior counterintelligence official.
  • The Houston consulate was “not a hotbed, but there was certainly enough intelligence activity” emanating from there, said another former senior intelligence official.

The Houston closure without a doubt hurts China’s intelligence collection capabilities domestically, and U.S. officials have said that the FBI strongly supported the move.

  • In the past, there have been a few well-identified intelligence officers operating out of the facility, said the second former senior intelligence official, including one recently engaged in “blatant handling” of a human asset at a large American company.

But China doesn’t generally emphasize using its diplomatic outposts for spying, say intelligence officials. Instead, it employs an amorphous mix of operatives — from graduate researchers to tourists to pro-Beijing community leaders — to carry many of its collection priorities.

  • Indeed, Chinese spies under diplomatic cover in the U.S. have often had a narrow focus, says the former senior counterintelligence official.
  • They “were more concerned about keeping tabs on overseas Chinese,” says this person. “It was an internal security issue for them.”

China has also been engaged in a well-documented cyber espionage spree targeting U.S. intellectual property, vast tranches of personally identifiable information, as well as defense and other technology secrets.

  • None of these activities will be affected by closing a single diplomatic outpost. “It won’t deter them domestically,” says the former senior intelligence official.

Between the lines: The Houston closure may have been designed to send a general warning to China about Beijing’s ubiquitous spying, and Houston may have been selected precisely because it is such a low-profile facility.

But there are also potential costs to the U.S.’s actions. For instance, we don't know what the CIA thinks of the move.

  • It relies on America’s diplomatic outposts abroad for its own spying, and now, with the shuttering of the U.S. Consulate in Chengdu, it just lost its window into western China.
  • And how might the Chengdu closure affect the State Department’s insight into China’s vast repression of the Uighurs in Xinjiang, or the political, economic and public health situation in western China more broadly?

The bottom line: The Trump administration’s moves against Russia’s diplomatic facilities in San Francisco and Seattle were carefully calibrated reactions to major normative violations of U.S. and U.K. sovereignty. But the rationale for the Houston closure rests on far murkier grounds.

  • Many will wonder whether, in this case, the Trump administration let politics — the desire to ratchet up pressure on China, which it blames for the pandemic — eclipse the prerogatives of national security.

Go deeper: China's consulates do a lot more than spy

2. Fitness tech company hit by ransomware

Garmin, a major fitness tech company that tracks many users’ workout routines and GPS coordinates, was the victim of a ransomware attack, the company confirmed Monday.

The big picture: The attack, first reported by TechCrunch, froze “the company’s online services for millions of users, including Garmin Connect, which syncs user activity and data to the cloud and other devices.” Garmin’s “aviation navigation and route-planning service” was also affected, says TechCrunch.

  • The ransomware used in the attack, known as WastedLocker, is associated with Evil Corp, a notorious Russian cyber crime group whose leaders were sanctioned by the Treasury Department in 2019.
  • “We have no indication that any customer data, including payment information ... was accessed, lost or stolen,” Garmin wrote in its statement Monday.

Our thought bubble: Although it’s heartening that Garmin claims no data was exfiltrated during the ransomware attack, a Russian hacker group gaining access to millions of users’ workout and travel data should serve as yet another wake-up call to the dangers of commercial tracking data.

Why it matters: Among the millions of users whose data was frozen, it is a safe bet that more than a few were U.S. military and intelligence operatives.

Fitness apps have proven vulnerabilities.

  • In 2018, data leakage from the Strava fitness app revealed the location of secret U.S. military bases abroad.
  • “Pattern of life” analysis is a critical tool in 21st century intelligence operations, and information contained in a seemingly innocuous fitness tracker can offer gold mines to a foreign intelligence service.
  • While the Garmin breach may have ended without mass data leakage, the next major fitness tracking company to be hacked may not be so lucky.
3. U.S. prosecutors expand charges against alleged Saudi agents at Twitter

In a prominent spy case, U.S. prosecutors in San Francisco have greatly expanded charges against three men, including two ex-Twitter employees who allegedly worked as Saudi intelligence agents and used their Twitter credentials to gather information about dissidents on the social network.

Details: The new indictment, which replaces the original 2019 one, deepens the spying-related charges against the men and also alleges a series of financial and other crimes.

Prosecutors say that two of the men, who were based in Seattle and San Francisco at the time of their recruitment, were paid hundreds of thousands of dollars by a Saudi-based operative to access data on high-profile Saudi dissidents.

  • The U.S.-based assets were not recruited by the main Saudi intelligence agencies, but by a Saudi associated with the crown prince’s “charity and private office,” according to BuzzFeed.

The big picture: Saudi Crown Prince Mohammed bin Salman has shifted key intelligence operations to opaque entities under his personal control, as evidenced by the 2018 murder of Saudi regime critic Jamal Khashoggi in Turkey, which was also carried out by units personally loyal to the crown prince.

Where it stands: Only one of the three men is currently in U.S. custody. 

  • The other formerly U.S.-based operative returned to Saudi Arabia in 2015 after Twitter became suspicious of his activities. 

The bottom line: The case underscores the greater focus in recent years by foreign intelligence services on spying in Silicon Valley.

4. Cisco report details 2020 election security challenges

Illustration: Sarah Grillo/Axios

A report based on four years of research from Cisco’s Talos Intelligence Group examines the manifold security challenges U.S. elections face, from the fragmented and localized control of voting infrastructure to the need to combat election-related disinformation.

How it worked: As part of their research, Talos representatives cold-called top election officials from all 50 states and traveled to state capitols throughout the country.

  • “It isn’t just the core integrity of individual elections that we are worried about, we are also worried about the faith and trust the electorate has in state institutions to fairly administer the elections,” says the report.

Long-running federal underinvestment in election security has also led to decayed infrastructure, says the report.

  • “It’s hard to have a functioning marketplace for ideas and improvements and patching and security maintenance when you have this boom and bust approach to funding elections from the federal government,” said Matthew Olney, the report’s author, in an interview.

With the U.S.’s patchwork of election infrastructure, voter technology vendors are also a critical — and potentially particularly vulnerable — piece of the puzzle, concludes the report.

  • “Vendors are not the enemy,” says the report. “But as profit-motivated entities with risk exposure, their motivations and concerns may not always be aligned with the election officials who retain them.”

On the positive side, the election security environment has significantly improved since 2016, says the report.

  • That’s partially thanks to greater public education on the subject, but also because of concerted efforts of the Cybersecurity and Infrastructure Security Agency (CISA) to work with local and state governments on securing elections, and more than $800 million in federal investments in election infrastructure.
  • “The thing that’s really changed the most in my mind in these four years is the connectivity between federal, state and local officials,” says Olney. “Those bridges are much firmer in 2020 than they were in 2016. There’s a lot more conversation, a lot more communication. Even if something were to happen in 2020, the cohesiveness of the response would be much better than it was in 2016.”
5. Odds and ends
  • A bipartisan group of former U.S. officials, academics and others enacted an online role-playing scenario in which President Trump refused to step down after a contested 2020 presidential election. (Boston Globe)
  • Technology issues are one of eight reasons Election Day in November could be disastrous. (Politico)