OSIRIS Brief 0.13.0
Hunter Biden's alleged emails may be the most important cybersecurity event this cycle.
"File:R. Hunter Biden at Center for Strategic & International Studies.jpg" by Center for Strategic & International Studies is licensed under CC BY 3.0
(Honestly, if Hunter Biden’s expression isn’t a mood, I don’t know what is.)
BLUF: Hunter Biden's alleged emails may be the most important cybersecurity event this cycle.
The NY Post Publishes Emails From Hunter Biden
On October 15, the NY Post published an exposé claiming that former-VP Joe Biden’s son had peddled his relationship with his father to Chinese business interests. The chain of custody of those emails is dubious, but there is some corroboration of the emails legitimacy, while reasonable avenues for verification remain unexplored for the moment. Almost immediately, social media restricted access to the article, though Twitter has softened its stance.
The arguments over whether the emails are legitimate elide the real point, which is that cybersecurity has—again—become an issue in presidential elections. If the emails came to the Post exactly as described then a human security vulnerability, in this case Hunter Biden, created political weakness. If a foreign actor provided the emails as an information operation, then information that foreign government has again injected itself into American political processes. It is plausible both could be true, with a sophisticated actor using complicated delivery systems to discombobulate the American election.
I assess these emails as unlikely to affect electoral outcomes, since they only tangentially involve one of the candidates. However—as I predict in my manuscript—this kind of operation will weaken democratic states. For those who believe the emails, the information contained therein will confirm that democracy is not functioning correctly Those who doubt the emails already complain that international actors are attempting to sway US elections. Social media companies’ responses are alarming because they demonstrate a willingness an ability to to intervene, whatever the intent. The social media kerfuffle may have even lent the revelation more credence than it would have otherwise received in a Streisand Effect.
Regardless of your preferences about this election, it is important to know exactly where these emails came from. The best-case scenario (from a cybersecurity perspective) is the story the NY Post tells, because it involves only Hunter Biden having a lapse in judgement and poor information security. The worst case is that the emails are fabricated by a foreign intelligence service, which itself implies robust intelligence capabilities targeting individuals close to the presidency. Even Rudy Giuliani believes there is a 50% chance that he interacted with a Russian agent, at some point, so I am not optimistic.
Iranian APT Targets Universities
ATTENTION FELLOW POINDEXTERS: The Iranians are coming for your data! The APT known as Silent Librarian is active again and targeting universities, so secure your data. While Silent Librarian is an Iranian state sponsored threat, other APTs are active online.
Silent Librarian operates primarily through phishing, which implicates everyone at a university. Even if you research something totally uninteresting to Iran, accessing your account is valuable to international espionage. Having accessed your account, phishing APTs will use information in your account, including your email, to acquire access to other people’s information which could be more valuable to the APT. We are all at risk, and must take measures to protect ourselves and those around us.
Joint Operations Take Down Botnet
A massive joint operation involving many different organizations, partially disrupted the botnet known as Trickbot. Apparently Cybercom is also conducting operations against Trickbot, although it is unclear whether Cybercom is coordinating with Microsoft. Trickbot was operating on millions of computers, and was seen as a potential threat to the US elections.
Unfortunately, but unsurprisingly, Trickbot still exists. Because botnets like Trickbot expand and affect other computers surreptitiously, they can be difficult to disrupt fully. Nevertheless, reducing Trickbot’s capacity, especially in the leadup to an election, or in the midst of a ransomware epidemic, should improve cybersecurity.
David Benson is a Professor of Strategy and National Security focusing on cyberstrategy and international relations. You can reach him at dbenson@osiriscodex.com.
To get more insightful analysis like this in your inbox at no cost please subscribe.
Share this Brief with someone who might appreciate it.
Ask a question! Raise an objection! Leave a comment!