Cyber Saturday—Red Flags Flap Before U.S.-Russia Meeting
Happy weekend, Cyber Saturday readers.
On Friday, the special counsel investigating Russian interference in the 2016 presidential election issued an indictment of 12 Russian military intelligence officers accused of conspiring to obstruct American democracy. The indictment, which you can read here, reconstructs in granular detail the alleged actions of meddling spies: who took part in the plot, what they hacked, how they stole and laundered documents, how they tried to cover their tracks, and just about everything else you might want to know. It’s a stunning document—an extraordinary record of the ongoing FBI investigation’s findings to date.
Shortly after Rod Rosenstein, the deputy attorney general, announced the indictment during a news conference, another senior administration official delivered a grave warning. Daniel Coates, director of national intelligence, told an audience at the Hudson Institute think tank that the “warning lights are blinking red again,” per the New York Times’ report. He said the last time the nation encountered this frequency and intensity of threat indicators was two decades prior, in the lead-up to the Sept. 11, 2001 attacks. While Coates name-checked North Korea, China, and Iran during his talk, he noted that “Russia has been the most aggressive foreign actor, no question.” (Look no further than Ukraine, whose security services claimed this week to have thwarted a Russian cyberattack targeting a water treatment plant.)
Next week President Trump is set to meet with Russian President Vladimir Putin in Helsinki. There’s no paucity of subjects to discuss—Crimea, Syria, Europe, economic sanctions, assassination attempts, extradition of the indicted Kremlin spies. But anyone hoping for a resolution to the election interference plot is sure to be disappointed. Putin has repeatedly denied Russia’s involvement. And as Trump already told reporters during Thursday’s tense NATO summit in Brussels, “all I can do is say, ‘Did you?’ and ‘Don’t do it again.'”
“I don’t think you’ll have any, ‘Gee, I did it, you got me,’” Trump said a day later, just hours before the indictments were issued.
He’s right. Putin is unlikely to have a sudden change of heart, despite the indictments. Even if the presidential tête-à-tête doesn’t result in any perps being brought to justice, the preemptive naming-and-shaming will at least, one hopes, force foreign actors to think twice before committing similarly egregious transgressions. Anyone plotting a similar ruse should expect to be uncovered. The message is clear: the U.S. sees you.
While Trump is meeting the Russian President, another summit of power players will be taking place on the other side of the world. On Monday, Fortune’s Brainstorm Tech conference will be kicking off in Aspen, Colo. There I’ll be interviewing two of America’s fiercest digital defenders on the main stage: Jen Easterly, global head of Morgan Stanley’s cybersecurity fusion center and former counter-terrorism lead under Obama, and Jay Kaplan, cofounder and CEO of Synack, a startup that hires hackers to root out organizations’ security vulnerabilities. I’ll report on the conversation next week.
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’sdaily tech newsletter. Fortune reporter Robert Hackett here. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
A bad apple. A former Apple engineer was arrested at an airport and accused of stealing trade secrets related to Apple's self-driving car technology. The man, Xiaolang Zhang, earlier told Apple he was leaving his post to take a job with Xiaopeng Motors or XMotors in China, where he planned to spend more time with his sick mother. If convicted, he could face up to a decade in prison and $250,000 in fines.
Flipping the bird. Twitter has been ramping up its battle against bots and scam accounts. The company has been suspending as many as 1 million accounts a day between May and June. When Twitter confirmed the purge, investors sent its market cap spiraling by $3 billion. Undeterred, Twitter said it would up the ante on Thursday, continuing to rid the site of tens of millions of faux followers.
Buy, buy, buy. AT&T has agreed to purchase AlienVault, a private cybersecurity firm based in San Mateo, Calif., in a bid to bolster its security offerings for small- and medium-sized businesses. The deal's terms were not disclosed. Defense contractor L3 is buying Azimuth Security and Linchpin Labs, two hacking shops, for about $200 million. Apple was rumored to be considering an acquisition of AgileBits, maker of a popular password manager called 1Password, but AgileBits has since denied the rumor.
Once more unto the breach. Department store Macy's said hackers got their hands on names and passwords, and possibly some credit card data, for 0.5% of customers on macys.com and bloomingdales.com. Thieves looted Bancor, a cryptocurrency exchange, to the tune of $23.5 million. Hackers breached Timehop, an app that surfaces past social media posts, and they accessed 21 million people's personal information, including names, addresses, some phone numbers, and other data. Finally, Ticketmaster's recently reported breach is apparently part of a bigger credit card skimming operation.
You thought tinfoil hats were just for your head?
Share today's Data Sheet with a friend:
Looking for previous Data Sheets? Click here.
Today, most people have a passing understanding of what a bad guy with an internet connection can do. But you might be surprised how much of this kind of activity happens without direct human supervision. “Malicious computer programs that could be described as ‘intelligent autonomous agents’ are what steal people’s data, build bot-nets, lock people out of their systems until they pay ransom, and do most of the other work of cyber criminals,” says Scott Borg, director and chief economist of the U.S. Cyber Consequences Unit, a nonprofit research institute.
The damage done by such programs is not restricted to credit card stealing—cyber attacks also have the potential to inflict fairly widespread damage to physical infrastructure...
Hackers Have a New Favorite Target: Gas Stations by Chris Morris
Video Game 'Hacknet' Is Free on Steam Right Now by Lisa Marie Segarra
How to Stop Third-Party Companies From Reading Your Gmail by Emily Price
ONE MORE THING
Have you ever felt like Facebook is eavesdropping on you? You're not alone. People commonly report believing that Facebook, via mobile app, listens in on their conversations with intimates and uses that data to serve targeted advertisements. I've felt this way myself—despite knowing Facebook claims not to do so. Now there's a website, called New Organs, that lets people report their own eerie, surveillance experiences. Launched in June, the project has already collected roughly 700 testimonies, according to a profile in The Outline. I plan to submit a couple too.