Axios Login

President Trump's reluctance to name and shame Russia for the SolarWinds cyberattack will hamper companies and government agencies as they begin the long and daunting job of assessing and repairing the hack's damage.

Why it matters: Experts say Russia's fingerprints are all over the attack, but the president's dissent will hobble any U.S. response — at least until Jan. 20.

Catch up quick: Security officials and experts share a broad consensus that the "Cozy Bear" group, also known as APT29, overseen by Russia's SVR intelligence service, was responsible for the hack.

• The Cybersecurity and Infrastructure Security Agency (CISA) described the attackers as "a patient, well-resourced, and focused adversary that has sustained long duration activity on victim networks."

White House officials had readied a statement Friday calling Russia "the main actor" in the attack, but were ordered not to release it, the Associated Press reports.

• Around the same time, Secretary of State Mike Pompeo said in an interview that Russia is "pretty clearly" behind the attack, which hit the State Department, among many other agencies and businesses.
• Saturday, Trump tweeted that the extent of the attack was being overplayed by the media and that others could be responsible for the attack, perhaps China.

Between the lines: Some security experts fear the president's position will transform what should be a unified government response to a hostile act by a foreign power into yet another personal loyalty test.

• Last month Trump fired CISA director Christopher Krebs after Krebs affirmed that the 2020 election had been secure.
• Anything involving "Russia, Russia, Russia" (as Trump put it in his tweet) has been a sore point for the president since Russia's hacks during the 2016 election became the foundation for years of investigations into his administration's relationship with Moscow.

Yes, but: Leaders from both parties, including Sen. Mitt Romney (R-Utah), have called for holding Russia accountable and launching a significant response.

• President-elect Joe Biden said in a statement: "I will not stand idly by in the face of cyber assaults on our nation."
• Incoming White House chief of staff Ron Klain told CBS' "Face the Nation" that the new administration's response to an "attack like this" would go beyond sanctions and include steps "to degrade the capacity of foreign actors to repeat this sort of attack."

With all this going on, the administration is also pushing a plan to separate the leadership of the Cyber Command from the National Security Agency, according to a story in Defense One.

• The "dual hat" arrangement has long been under review, but the SolarWinds crisis seems a strange moment to start a big reorg in the world of cyber defense.
• The New York Times reports some observers are questioning the timing and whether the move is "retribution" against Gen. Paul Nakasone, who now runs both agencies.

Breaking: Private-sector victims of the hack include Cisco, Intel, Nvidia, Deloitte, VMware and Belkin, according to the Wall Street Journal, which identified infected systems at those firms.

• Each company told the Journal they'd found no evidence of actual harm from the intrusions.

How it worked: Microsoft, in a fascinating weekend post, provided details of how the hackers hid their break-in, using a software update for SolarWinds' Orion network management platform to gain access to thousands of institutions' systems.

• "The threat actors were savvy enough to avoid give-away terminology like 'backdoor', 'keylogger,' etc.," the Microsoft post says. Instead, they gave their tampered code an innocuous name — "OrionImprovementBusinessLayer" — that would fit right into a marketing brochure.
• The attack's crucial, door-opening exploit was a small chunk of "poisoned code" (as Microsoft dubbed it) all of five lines long, or roughly 160 characters.
• This could well be the most damage per character yet achieved in the short history of cyberwarfare.

The coronavirus relief package deal that Congressional leaders reached Sunday includes $7 billion in funding for broadband internet access, as Margaret Harding McGill reports.

Why it matters: The move to remote learning and work has made broadband access essential for many families during the pandemic, at a moment when some can't afford it.

Details: The broadband funding includes a new $3.2 billion Emergency Broadband Benefit that will provide $50 per month for broadband for low-income families, a provision based on legislation from Sen. Ron Wyden (D-Ore.).

The funding also includes, per a Hill aide:

• $1.9 billion for "rip and replace" efforts to remove Huawei and ZTE equipment from U.S. networks.
• $1 billion in grants for Tribal broadband programs.
• $300 million for rural broadband deployment.
• $285 million that will in part fund a pilot program to help with broadband issues for communities around historically Black colleges and universities.
• $250 million for the Federal Communications Commission's telehealth program.
• $65 million to improve broadband mapping.

Of note: The compromise package also extends special pandemic benefits for gig workers.

A large collection of nonprofits is sending an open letter today calling on the incoming Biden-Harris administration to do a better job of both educating the public on misinformation and taking stronger action to protect the health care system, voting process and other critical institutions.

Why it matters: Misinformation amplified on social media has worn down the factual foundations of democracy and led to an upsurge in conspiracy theories on everything from the 2020 election results to how COVID-19 spreads.

Details:

• The letter makes a number of proposals, including adding a disinformation expert to the COVID-19 vaccine effort, creating a national site for debunking misinformation modeled on CISA’s “Rumor Control” site and tapping the Education Department to develop media literacy standards.
• The groups also want the Justice Department to apply the Voting Rights Act to online voter suppression efforts.
• Signatories include dozens of mostly left-leaning groups, ranging from Common Cause to Greenpeace USA to New America's Open Technology Institute and the Secure Elections Network.

Between the lines: Organizers, which include Accountable Tech, MapLight and Avaaz, say the goal of the effort was to figure out what's doable in an administration with a lot on its plate — understanding that tech priorities may not be first in line.

What they're saying: "Your administration faces urgent and unprecedented challenges, from steering us past a deadly pandemic to reversing the decay of our democratic institutions," the groups wrote in the letter. "It’s a daunting to-do list, and our intention is not to add new items. Rather, we encourage you to recognize disinformation as a ubiquitous and foundational impediment to tackling those challenges."

Instacart has asked public health authorities to include its workers as part of the essential workers who'll get COVID-19 vaccines, according to letters it provided to Axios' Kia Kokalitcheva. Uber, Lyft and DoorDash have made similar requests in recent days, as has Amazon.

Why it matters: These workers are disproportionately bearing more exposure and risk than many of their customers, who have the luxury of staying home and having their groceries and food delivered.

Yes, but: Many delivery and rideshare companies have actively fought not to classify their workers as employees, which would give them full benefits, such as health care coverage and sick leave.

• The companies have provided workers with some safety supplies throughout the pandemic and limited pay if they get sick with the virus, but workers have complained of problems in accessing these resources.
• Instacart is sending letters to the Centers for Disease Control and Prevention as well as all 50 governors.

Between the lines: Getting their workers vaccinated earlier rather than later could help the companies' bottom lines if more drivers feel comfortable giving rides and doing deliveries, and if it makes ride-hailing passengers more comfortable booking rides.

The bottom line: It remains to be seen what the states, which are in charge of doling out the vaccines, will do and how they would provide shots to gig workers, given that many of them work varying hours and for multiple companies.

On Tap

• It's the final week before Christmas, which ordinarily would consist of most tech workers taking vacations and the rest stuck getting ready for CES in January. That's still largely true — but the big SolarWinds hack, the coronavirus and a slew of government antitrust actions are keeping more people than usual at their computers.

ICYMI

• SoftBank plans today to file papers to raise between $500 million and $600 million via an IPO of its first special purpose acquisition company, Axios' Dan Primack scooped on Sunday, citing multiple sources.
• Microsoft is reportedly working on its own ARM-based chips, initially for use for servers in its data center. (Bloomberg)
• Apple has again temporarily shuttered stores due to COVID-19, this time closing locations in California and eight other states as well as London. (The Verge)
• Zoom has been providing information to "multiple U.S. prosecutors and regulators" about interactions with China, security and privacy matters. The news comes after the Justice Department filed charges against a former Zoom executive for disrupting video meetings commemorating the 1989 Tiananmen Square massacre. (Bloomberg, Axios)
• Toronto-based Citizen Lab reports that users of NSO's Pegasus spyware — most likely Arab governments in the Gulf — hacked the phones of 36 Al Jazeera employees. (Citizen Lab)

YouTube star Jimmy Donaldson (Aka MrBeast) went viral with an effort to create a pop-up burger movement, even rising to the top of the App Store charts.