CEO DailyCFO DailyBroadsheetData SheetTerm Sheet

Where that coronavirus text from ‘a friend in the military’ really comes from

April 23, 2020, 3:26 PM UTC

This is the web version of Data Sheet, Fortune’s daily newsletter on the top tech news. To get it delivered daily to your in-box, sign up here.

In mid-March, a family member forwarded a suspicious message to my family’s group chat. She prefaced the note by saying someone else had “just texted us this. Not sure if it’s accurate but sharing just in case.”

The message warned of imminent national lockdown. The note said someone’s “friend from the military” had inside knowledge that “a two week quarantine will be initiated by Trump pursuant to the Stafford act. So make sure you have enough everything for 14 days.”

Awooga! My journalistic skepticism-sensors blared. President Trump declared a national emergency over the then-already rampaging coronavirus on March 13th, a few days prior to my receipt of the message. He did so under the auspices of the legislation in question, which allows the federal government to deploy aid and resources more quickly in the event of disaster. The Stafford act says nothing about the legality of the executive branch implementing country-wide quarantines. (Look to the Commerce Clause of the Constitution, or this section of the U.S. Code, which details the Surgeon General’s powers, for the basis of that possible, though contestable, authority.)

I fired back with a link to a tweet from the White House’s National Security Council. “Text message rumors of a national quarantine are FAKE. There is no national lockdown,” it said, urging people to follow the Centers for Disease Control & Prevention’s Twitter account for more accurate information.

I was one of many, many Americans to receive that erroneous text message, so clearly designed to incite panic. Other iterations proliferated, many attributing advance knowledge of a lockdown to sources in national security-focused federal agencies. (Did you come upon a note like this too?)

Now we know at least partly why such messages ran so rampant. While the exact origins of the bogus claims remain unclear, American officials across six agencies believe Chinese agents amplified the messages, borrowing tactics from Russia’s divisive online disinformation campaigns by using fake social media accounts and distribution to fringe political groups, the New York Times reports. The U.S. intelligence community is allegedly investigating whether spies in Beijing’s diplomatic offices helped covertly propel the propaganda through other means too. (A Chinese foreign ministry spokesman said the allegations were “complete nonsense and not worth refuting.”)

State-sponsored disinformation peddlers are adapting their tactics to stay under the radar for longer. They’re turning to more private, encrypted messaging channels, where they’re less likely to be caught, versus public websites. Like the novel coronavirus itself, which infects far and wide thanks in part to unwittingly contagious, asymptomatic patients, disinformation is spreading stealthily.

As propagandists’ strategies evolve, disinformation will become harder to contain. Earlier this month, Facebook started limiting the number of chats to which frequently forwarded messages can be sent—a welcome measure to fight the proliferation of fake news, but by no means a cure-all. It’s also going to take a concerted effort on individuals’ part to counter threats such as these.

My best advice: Do your part and check the veracity of a claim before spreading it. Be on guard for falsities, and do for the mind what health officials recommend for the body.

Self-quarantine, disinfect, repeat.

***

In case you didn’t tune into yesterday’s enlightening discussion between this newsletter’s usual author, Adam Lashinsky, and Fortune‘s Erika Fry on the admirable responses of Seattle and San Francisco to the pandemic, here’s a recording. Expect to see more virtual events hosted by our team.

Robert Hackett

Twitter: @rhhackett

Email: robert.hackett@fortune.com

THREATS

iCame, iSaw, iPatch. The default email app in Apple iPhones and iPads is said to be vulnerable to two exploitable security bugs that allow attackers to infect and take control of devices. Researchers at the San Francisco-based firm ZecOps discovered the problems, which appear to date back to 2012. Apple plans to patch the bugs in an upcoming software release, but the discoverers say they believe at least six organizations have already been targeted using them, including executives at a Fortune 500 company in North America and one at a telecom carrier in Japan.

Soviet voting bloc. The Senate Intelligence Committee has unanimously endorsed the findings of the U.S. intelligence community about Russian meddling during the last presidential election. In a highly-redacted, 158-page report, both Republican and Democratic leaders agreed that Moscow interfered to boost Donald Trump at the expense of his opponent, Hillary Clinton. The committee affirmed that "analysts were under no political pressure to reach specific conclusions."

Doctor WHO? Nearly 25,000 email addresses and passwords associated with the World Health Organization, the National Institutes of Health, the Gates Foundation and many other groups fighting the coronavirus pandemic have been circulating online. Someone apparently pulled the credentials from old data leaks, as the New York Times' Nicole Perlroth determined. And they did so sloppily: The list contains completely unrelated email addresses referencing things like the British sci-fi series Doctor Who

My way or the Huawei. The British foreign ministry's top official says the country has made a "firm decision" that "is not being reopened" regarding Huawei. The United Kingdom will allow the Chinese telecom firm to help build the country's 5G networks. In its earnings report, Huawei said its revenue growth slowed to a meager uptick of 1.4% to $25.8 billion this year versus galloping 39% growth a year ago as the company has contended with the coronavirus pandemic and U.S. supplier blacklisting, the Wall Street Journal reports.

Chasing Zoom away with a broom. Lots of companies are banning Zoom, the surprise tech darling-turned-tech-bugaboo of the pandemic, due to reported security flaws. Daimler, Ericsson, and Bank of America have joined early naysayers, such as Tesla and Google, in forbidding the ultra-popular software. (Dropbox is unsurprised.) Meanwhile, Zoom says it will debut a new version of the app with more encryption features next week.

Raising hack-les. Personal data has leaked of nearly 8,000 aid-seekers who applied to the Small Business Administration’s Economic Injury Disaster Loan program. Millions of credit card numbers spilled online through an improperly secured database belonging to Paay, a New York-based payments processing firm. Hackers are hijacking people's Nintendo accounts. And Microsoft published an academic paper explaining how it uses machine learning techniques to triage the tens of thousands of bug reports it receives each month

Dungeons & Dragons & Zoombombs, oh my!

ACCESS GRANTED

Will the "contact tracing" measures now pursued by governments, tech companies, and researchers actually help stop the spread of COVID-19, or will they merely expand the encroachment of the surveillance state? Mike Giglio at The Atlantic interviewed national security experts, former intelligence officials, and leading privacy advocates about the approach's risks. It's a balanced consideration

The risk is getting distracted—much as America did after 9/11—from addressing the real issues that led to the problem in the first place. “What do you think doctors and nurses need today? Do they need facial recognition, or do they need masks?” [former FBI agent Ali] Soufan asks. “We need more hospital beds, not more smart cameras surveilling people. We need more scientists. We need an international system that can deal with this kind of problem.”

FORTUNE RECON

Inside Lyft’s coronavirus response team by Emma Hinchliffe

Furlough vs. layoff? As more workers lose their jobs, here’s what to know about your rights and benefits by Lance Lambert

Once hot startup Magic Leap lays off half its workers by Ed Hammond

These publicly traded companies took millions in PPP loan money by Chris Morris

New PPP small business loan bill excludes fintech lenders, threatening the smallest businesses by Jen Wieczner

Which companies’ stocks will thrive after the coronavirus crash? by Adam Seessel

Facebook jumps back into tech’s fight for India’s consumers by Lucinda Shen

ONE MORE THING

Sports-famished quarantiners will be delighted to know the NFL Draft starts today. This is the first time ever the football league will conduct the event virtually. The organization and its 32 teams now face a new challenge: making sure their videoconferencing lines are secure. After all, you never know when Conan O'Brien might crash the party