Tag Archives: Cyber Attack

A scramble at Cisco exposes uncomfortable truths about U.S. cyber defense

The logo of Cisco is seen at Mobile World Congress in Barcelona, Spain, February 27, 2017. REUTERS/Eric Gaillard

By Joseph Menn

SAN FRANCISCO (Reuters) – When WikiLeaks founder Julian Assange disclosed earlier this month that his anti-secrecy group had obtained CIA tools for hacking into technology products made by U.S. companies, security engineers at Cisco Systems <CSCO.O> swung into action.

The Wikileaks documents described how the Central Intelligence Agency had learned more than a year ago how to exploit flaws in Cisco’s widely used Internet switches, which direct electronic traffic, to enable eavesdropping.

Senior Cisco managers immediately reassigned staff from other projects to figure out how the CIA hacking tricks worked, so they could help customers patch their systems and prevent criminal hackers or spies from using the same methods, three employees told Reuters on condition of anonymity.

The Cisco engineers worked around the clock for days to analyze the means of attack, create fixes, and craft a stopgap warning about a security risk affecting more than 300 different products, said the employees, who had direct knowledge of the effort.

That a major U.S. company had to rely on WikiLeaks to learn about security problems well-known to U.S. intelligence agencies underscores concerns expressed by dozens of current and former U.S. intelligence and security officials about the government’s approach to cybersecurity.

That policy overwhelmingly emphasizes offensive cyber-security capabilities over defensive measures, these people told Reuters, even as an increasing number of U.S. organizations have been hit by hacks attributed to foreign governments.

Larry Pfeiffer, a former senior director of the White House Situation Room in the Obama administration, said now that others were catching up to the United States in their cyber capabilities, “maybe it is time to take a pause and fully consider the ramifications of what we’re doing.”

U.S. intelligence agencies blamed Russia for the hack of the Democratic National Committee during the 2016 election. Nation-states are also believed to be behind the 2014 hack of Sony Pictures Entertainment and the 2015 breach of the U.S. Government’s Office of Personnel Management.

CIA spokeswoman Heather Fritz Horniak declined to comment on the Cisco case, but said it was the agency’s “job to be innovative, cutting-edge, and the first line of defense in protecting this country from enemies abroad.”

The Office of the Director of National Intelligence, which oversees the CIA and NSA, referred questions to the White House, which declined to comment.

Across the federal government, about 90 percent of all spending on cyber programs is dedicated to offensive efforts, including penetrating the computer systems of adversaries, listening to communications and developing the means to disable or degrade infrastructure, senior intelligence officials told Reuters.

President Donald Trump’s budget proposal would put about $1.5 billion into cyber-security defense at the Department of Homeland Security (DHS). Private industry and the military also spend money to protect themselves.

But the secret part of the U.S. intelligence budget alone totaled about $50 billion annually as of 2013, documents leaked by NSA contractor Edward Snowden show. Just 8 percent of that figure went toward “enhanced cyber security,” while 72 percent was dedicated to collecting strategic intelligence and fighting violent extremism.

Departing NSA Deputy Director Rick Ledgett confirmed in an interview that 90 percent of government cyber spending was on offensive efforts and agreed it was lopsided.

“It’s actually something we’re trying to address” with more appropriations in the military budget, Ledgett said. “As the cyber threat rises, the need for more and better cyber defense and information assurance is increasing as well.”

The long-standing emphasis on offense stems in part from the mission of the NSA, which has the most advanced cyber capabilities of any U.S. agency.

It is responsible for the collection of intelligence overseas and also for helping defend government systems. It mainly aids U.S. companies indirectly, by assisting other agencies.

“I absolutely think we should be placing significantly more effort on the defense, particularly in light of where we are with exponential growth in threats and capabilities and intentions,” said Debora Plunkett, who headed the NSA’s defensive mission from 2010 to 2014.

GOVERNMENT ROLE

How big a role the government should play in defending the private sector remains a matter of debate.

Former military and intelligence leaders such as ex-NSA Director Keith Alexander and former Secretary of Defense Ashton Carter say that U.S. companies and other institutions cannot be solely responsible for defending themselves against the likes of Russia, China, North Korea and Iran.

For tech companies, the government’s approach is frustrating, executives and engineers say.

Sophisticated hacking campaigns typically rely on flaws in computer products. When the NSA or CIA find such flaws, under current policies they often choose to keep them for offensive attacks, rather than tell the companies.

In the case of Cisco, the company said the CIA did not inform the company after the agency learned late last year that information about the hacking tools had been leaked.

“Cisco remains steadfast in the position that we should be notified of all vulnerabilities if they are found, so we can fix them and notify customers,” said company spokeswoman Yvonne Malmgren.

SIDE BY SIDE

A recent reorganization at the NSA, known as NSA21, eliminated the branch that was explicitly responsible for defense, the Information Assurance Directorate (IAD), the largest cyber-defense workforce in the government. Its mission has now been combined with the dominant force in the agency, signals intelligence, in a broad operations division.

Top NSA officials, including director Mike Rogers, argue that it is better to have offensive and defensive specialists working side by side. Other NSA and White House veterans contend that perfect defense is impossible and therefore more resources should be poured into penetrating enemy networks – both to head off attacks and to determine their origin.

Curtis Dukes, the last head of IAD, said in an interview after retiring last month that he feared defense would get even less attention in a structure where it does not have a leader with a direct line to the NSA director.

“It’s incumbent on the NSA to say, ‘This is an important mission’,” Dukes said. “That has not occurred.”

(Reporting by Joseph Menn in San Francisco. Additional reporting by Warren Strobel in Washington.; Editing by Jonathan Weber and Ross Colvin)

German parliament foiled cyber attack by hackers via Israeli website

A man types on a computer keyboard in Warsaw in this February 28, 2013 illustration file picture. REUTERS/Kacper Pempel/Files

BERLIN (Reuters) – The German parliament was the target of fresh cyber attacks in January that attempted to piggy-back on an Israeli newspaper site to target politicians in Germany, Berlin’s cyber security watchdog said on Wednesday.

Cyber defenses installed after a 2015 hack of the parliament helped avert the attempted breaches, the Federal Office for Information Security (BSI) said in a statement.

The hackers appeared to use advertising running on the Jerusalem Post website to redirect users to a malicious site, it said.

The BSI looked into unusual activity on the parliament’s network early this year and has just completed a detailed analysis of the incident, which was first reported by the Sueddeutsche Zeitung newspaper on Wednesday.

At least 10 German lawmakers from all parliamentary groups were affected by the attempted hack, the Munich daily reported.

“The technical analysis is complete. The website of the Jerusalem Post was manipulated and had been linked to a malicious third party site,” the agency said in a statement.

“BSI found no malware or infections as part of its analysis of the Bundestag networks.”

The Jerusalem Post confirmed details of the attack with Reuters, but said no malware came from its own site and that it was fully protected against such attacks in the future.

“The Jerusalem Post website was attacked in January by foreign hackers,” the publisher said in a statement. “We immediately took action and together with Israeli cyber authorities successfully neutralized the threat.

Hackers can use infected banner advertisements to attack otherwise safe or secure sites. So-called “malvertising” appeared to be served up to the site via an unidentified third-party advertising network.

There was no suggestion from the German agency of any wrongdoing by the Jerusalem Post.

“SPEAR-PHISHING”

Security expert Graham Cluley said such “spear-phishing” attacks via malicious ads is highly unusual, but possible.

In this instance, the Jerusalem Post site could have served up German language ads to visitors with German internet addresses. However, he said it was unlikely this could be used to target specific politicians in Berlin.

This latest attack comes amid growing concern in Germany about cyber security and reports that Russia is working to destabilize the German government and could seek to interfere in the upcoming Sept. 24 national elections.

The Bundestag lost 16 gigabytes of data to Russian hackers in 2015, after which it revamped its software system with the help of the BSI and private contractors.

“The BSI believes that the defenses of the German Bundestag detected and prevented links to the website. The attack was therefore averted,” BSI President Arne Schoenbohm said in a statement.

A source familiar with the incident said it did not appear to be linked to APT28, a Russian hacking group also known as “Fancy Bear” that was blamed for the 2015 Bundestag hack and the 2016 hack of the U.S. Democratic National Committee.

(Reporting by Andrea Shalal in Berlin, Eric Auchard in London and Luke Baker in Jerusalem; Editing by Tom Heneghan)

U.S. may accuse North Korea in Bangladesh cyber heist: WSJ

Federal Reserve and New York City Police officers stand guard in front of the New York Federal Reserve Building in New York, October 17, 2012. REUTERS/Keith Bedford/File Photo

NEW YORK (Reuters) – U.S. prosecutors are building potential cases that would accuse North Korea of directing the theft of $81 million from Bangladesh Bank’s account at the Federal Reserve Bank of New York last year, and that would charge alleged Chinese middlemen, the Wall Street Journal reported on Wednesday.

The U.S. Federal Bureau of Investigation believes that North Korea is responsible for the heist, an official briefed on the probe told Reuters. Richard Ledgett, deputy director of the U.S. National Security Agency, publicly suggested on Tuesday that North Korea may be linked to the incident, while private firms have long pointed the finger at the reclusive state.

The Journal, citing people familiar with the matter, reported that prosecutors believe Chinese middlemen helped North Korea orchestrate the theft from Bangladesh’s central bank, which was among the biggest bank robberies in modern times.

The current cases being pursued may not include charges against North Korean officials, but would likely implicate the country, the newspaper reported, with the United States accusing a foreign government of orchestrating the heist.

A U.S. Department of Justice spokesman declined to comment.

FBI offices in Los Angeles and New York have been leading an international investigation into the February 2016 incident, in which hackers breached Bangladesh Bank’s systems and used the SWIFT messaging network to request nearly $1 billion from its account at the New York Fed.

The branch of the U.S. central bank rejected most of the requests but filled some of them, resulting in $81 million disappearing into casinos and other entities in the Philippines. A top police investigator in Dhaka told Reuters in December that some Bangladesh Bank officials deliberately exposed its computer systems, enabling the hackers to get in.

The incident exposed bungling and miscommunication between central banks, and left the Fed, Bangladesh, SWIFT, and the Philippine lender that initially received the funds trading blame for months.

SWIFT – or the Society for Worldwide Interbank Financial Telecommunication that serves as the backbone of global finance – has since revealed that its messaging system has been targeted in a “meaningful” number of other attacks last year using a similar approach as in the Bangladesh incident.

Last week, SWIFT said it planned to cut off the remaining North Korean banks still connected to its system as concerns about the country’s nuclear program and missile tests grow.

The Journal reported that federal investigators are focusing on Chinese individuals or businesses who allegedly helped North Korea orchestrate the heist, and that the U.S. Treasury is considering sanctions against these alleged middlemen.

The New York Fed and SWIFT declined to comment.

(Reporting by Jonathan Spicer and Joseph Menn; Editing by Jonathan Oatis and James Dalgleish)

U.S. authorities charge Russian spies, hackers in huge Yahoo hack

The John Sopinka Courthouse, where Karim Baratov appeared in front of a judge, in connection with a U.S. Justice Department investigation into the 2014 hacking of Yahoo, is pictured in Hamilton, Ontario, Canada March 15, 2017 . REUTERS/Peter Power

By Dustin Volz

WASHINGTON (Reuters) – The United States on Wednesday charged two Russian intelligence agents and two hackers with masterminding the 2014 theft of 500 million Yahoo accounts, the first time the U.S. government has criminally charged Russian spies for cyber offences.

The charges came amid a swirl of controversies relating to alleged Kremlin-backed hacking of the 2016 U.S. presidential election and possible links between Russian figures and associates of U.S. President Donald Trump. This has given rise to uncertainty about whether Trump is willing to respond forcefully to any action by Moscow in cyberspace and elsewhere.

The 47-count Justice Department indictment included charges of conspiracy, computer fraud and abuse, economic espionage, theft of trade secrets, wire fraud, access device fraud and aggravated identify theft. It painted a picture of the Russian security services working hand-in-hand with cyber criminals, who helped spies further their intelligence goals in exchange for using the same exploits to make money.

“The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cyber crime matters, is beyond the pale,” Acting Assistant Attorney General Mary McCord said at a press conference announcing the charges.

Russia’s Federal Security Service (FSB) is the successor to the KGB.

The Kremlin, which denies Russia tried to influence the U.S. election in any way, said on Thursday Moscow had received no official notification of the indictment, but hoped it would.

However, Dmitry Peskov, President Vladimir Putin’s spokesman, dismissed out of hand the idea that FSB employees could have been involved in the Yahoo hack.

“We have said repeatedly that there can be no discussion of any official involvement of any Russian agency, including the FSB…in any unlawful cyber activities,” said Peskov, who has cast U.S. allegations against Russia as part of a political campaign to kill off a U.S.-Russia rapprochement.

Yahoo said when it announced the then-unprecedented breach last September that it believed the attack was state-sponsored, and on Wednesday the company said the indictment “unequivocally shows” that to be the case.

The charges announced Wednesday are not related to the hacking of Democratic Party emails during the 2016 U.S. presidential election. U.S. intelligence agencies have said they were carried out by Russian spy services, including the FSB, to help the campaign of Republican candidate Donald Trump.

The indictment named the FSB officers involved as Dmitry Dokuchaev and his superior, Igor Sushchin, who are both in Russia.

Dokuchaev was arrested for treason in December, according to the Russian news agency Interfax.

Reuters sent a request for comment to the FSB in Moscow on Wednesday evening but there was no response.

The alleged criminals involved in the scheme include Alexsey Belan, who is among the FBI’s most-wanted cyber criminals and was arrested in Europe in June 2013 but escaped to Russia before he could be extradited to the United States, according to the Justice Department.

Karim Baratov, who was born in Kazakhstan but has Canadian citizenship, was also named in the indictment.

The Justice Department said Baratov was arrested in Canada on Tuesday. Mark Pugash of Toronto police later confirmed the Tuesday arrest.

McCord said the hacking campaign was waged by the FSB to collect intelligence but that the two hackers used the collected information as an opportunity to “line their pockets.”

The United States does not have an extradition treaty with Russia, but McCord said she was hopeful Russian authorities would cooperate in bringing criminals to justice. The United States often charges cyber criminals with the intent of deterring future state-sponsored activity.

The administration of former President Barack Obama brought similar charges against Chinese and Iranian hackers who have not been extradited.

In a statement, White House spokesman Michael Anton said the charges “are part of a broad effort across the government to defend the United States against cyber attacks and cyber-related crimes.”

‘RED NOTICE’

Yahoo in December announced another breach that occurred in 2013 affecting one billion accounts. Special Agent Jack Bennett of the FBI’s San Francisco Division said the 2013 breach is unrelated and that an investigation of that incident is ongoing.

The hacks forced Yahoo to accept a discount of $350 million in what had been a $4.83 billion deal to sell its main assets to Verizon Communications Inc <VZ.N>.

At least 30 million of the Yahoo accounts in the 2014 breach were the most seriously affected, with Belan able to burrow deep into their accounts and take user contact lists that were later used for a financially motivated spam campaign, according to the indictment. Belan also stole financial information such as credit card numbers and gift cards, it said.

Yahoo had previously said about 32 million accounts had fallen victim to the deeper attack, which it said leveraged forged browser cookies to access accounts without the need for a password.

According to the indictment, FSB officers Sushchin and Dokuchaev also directed Baratov to use the information gained in the Yahoo breach to hack specific targets who possessed email accounts with other service providers, including Google.

When Baratov was successful, Dokuchaev would reward him with a bounty, the indictment charged.

Examples where Google accounts were targeted include an assistant to the deputy chairman of the Russian Federation, an officer of the Russian Ministry of Internal Affairs, and a physical training expert employed by the Russian government.

Details in the indictment reflect the often murky relationship in Russia between criminal hackers and government intelligence officers.

Interpol issued a “red notice” on Belan in relation to an earlier hacking campaign, according to the indictment. Instead of arresting Belan, however, the FSB recruited him to help with cyber espionage and provided tools to evade detection from other authorities.

Belan later gained unauthorized access to Yahoo’s network that he shared with FSB, the indictment said.

(Reporting by Dustin Volz in Washington and Joseph Menn in San Francisco; Additional reporting by Julia Edwards in Washington and Alexander Winning and Dasha Afanasieva in Moscow; Editing by Jeffrey Benkoe and James Dalgleish)

SAP pushes to patch risky HANA security flaws before hackers strike

SAP logo at SAP headquarters in Walldorf, Germany, January 24, 2017. REUTERS/Ralph Orlowski

By Eric Auchard

FRANKFURT (Reuters) – Europe’s top software maker SAP said on Tuesday it had patched vulnerabilities in its latest HANA software that had a potentially high risk of giving hackers control over databases and business applications used to run big multinational firms. While hacks on phones, websites and computers that consumers rely on every day grab headlines, vulnerabilities in big business software are more lucrative to attackers as these tools store data and run transactions which are the lifeblood of businesses. The latest security weaknesses, known in industry parlance as “zero day” vulnerabilities, rank among the most critical ever found in HANA, the engine that runs SAP’s latest database, cloud and other more traditional business apps, according to Onapsis, the security company which uncovered these issues.

SAP software acts as the corporate plumbing for many multinationals and the company claims 87 percent of the top 2,000 global companies as customers.

Onapsis said vulnerabilities lay in a HANA component known as “User Self Service” (USS) which would allow malicious insiders or remote attackers to fully compromise vulnerable systems, without so much as valid usernames and passwords.

It reported 10 HANA vulnerabilities to SAP less than 60 days ago, which the German software maker fixed in near-record time, according to interviews with executives of both companies.

The resulting patch issued by SAP on Tuesday was rated by it as 9.8 on a scale of 10, “very high” in terms of relative risk to its customers. SAP is releasing five HANA patches this week to fix a range of vulnerabilities uncovered in recent months.

“SAP has done a great job by releasing fixes much faster than in past situations,” Onapsis Chief Executive Mariano Nunez told Reuters in an interview.

Customers must in turn choose when to apply such patches to software that runs their most critical corporate functions, a process that may take months or years, in rare cases. They must balance security risks against operational demands.

SAP executives urged security managers working for its customers to patch relevant systems.

“There has not been one case where a customer who applied the recommended patches has been affected,” Siddhartha Rao, vice president of SAP Product Security Response, said of the six years he has been on the job. “We currently expect there will not be that many customers affected by these issues,” he said.

Last May, however, the U.S. Department of Homeland Security issued an alert advising SAP customers they needed to urgently plug holes for which SAP already had offered patches in 2010, but which some customers failed to adopt, leaving dozens exposed to hacker break-ins afterward. (http://reut.rs/2mkTVgI)

Three dozen enterprises were found to have telltale signs of unauthorized access due to outdated or misconfigured SAP NetWeaver Java systems, Onapsis said at the time.

Onapsis helps secure more than 200 SAP customers ranging from Schlumberger to Sony Corp, Westinghouse and the U.S. Army. It also identifies security vulnerabilities for corporate customers in rival systems from Oracle.

Giving HANA customers breathing room, the USS component first offered by SAP in October 2014 is not activated by default, but must be specially enabled, Onapsis said.

It has identified two companies – an energy company and a retailer – where vulnerabilities were found and fixed. Companies which are not using USS features are unaffected, Onapsis said.

Technical details can be found on the security blogs of SAP (https://goo.gl/11Dz5w) and Onapsis (https://goo.gl/Xiryyp). There is no evidence hackers have taken advantage so far, the companies said.

Last year, the company issued more than 160 patches in all, SAP said. Ten percent of these were HANA related, Onapsis added.

(Reporting by Eric Auchard; Editing by Stephen Coates)

Consumer Reports to consider cyber security in product reviews

A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris April 15, 2014. REUTERS/Mal Langsdon

(Reuters) – Consumer Reports, an influential U.S. non-profit group that conducts extensive reviews of cars, kitchen appliances and other goods, is gearing up to start considering cyber security and privacy safeguards when scoring products.

The group, which issues scores that rank products it reviews, said on Monday it had collaborated with several outside organizations to develop methodologies for studying how easily a product can be hacked and how well customer data is secured.

Consumer Reports will gradually implement the new methodologies, starting with test projects that evaluate small numbers of products, Maria Rerecich, the organization’s director of electronics testing, said in a phone interview.

“This is a complicated area. There is going to be a lot of refinement to get this right,” Rerecich said.

The effort follows a surge in cyber attacks leveraging easy-to-exploit vulnerabilities in webcams, routers, digital video recorders and other connected devices, which are sometimes collectively referred to as the internet of things.

“Personal cyber security and privacy is a big deal for everyone. This is urgently needed,” said Craig Newmark, the founder of Craigslist who sits on the board of directors at Consumer Reports.

In one high-profile October attack, hackers used a piece of software known as Mirai to cripple an internet infrastructure provider, blocking access to PayPal, Spotify, Twitter and dozens of other websites for hours. Another attack in November shut off internet access to some 900,000 Deutsche Telekom customers.

Security researchers have said the attacks are likely to continue because there is little incentive for manufacturers to spend on securing connected devices.

“We need to shed light that this industry really hasn’t been caring about the build quality and software safety,” said Peiter Zatko, a well-known hacker who is director of Cyber Independent Testing Lab, one of the groups that helped Consumer Reports establish the standards.

The first draft of the standards is available online at https://thedigitalstandard.org.

Issues covered in the draft include reviewing whether software is built using best security practices, studying how much information is collected about a consumer and checking whether companies delete all user data when an account is terminated.

Jeff Joseph, senior vice president for the Consumer Technology Association, called the decision by Consumer Reports a “positive step” but cautioned that the group “must be very clear about how they score products and the limitations of what consumers can expect.”

(Reporting by Jim Finkle in Boston; Editing by Peter Cooney and Lisa Shumaker)

Hong Kong police struggle to stop brokerage hacking spree

Electric display chart

By Michelle Price

HONG KONG (Reuters) – Hong Kong police are struggling to deal with digital pump-and-dump schemes targeting brokerages – a little-known type of computer-generated fraud that surged in the Chinese territory last year.

Although the money involved was small – only about $20 million worth of shares – there were 81 such incidents reported in 2016, more than triple the number in 2015, according to police.

In the scheme, criminals invest in thinly traded penny stocks and then manipulate their share prices by ordering trades from hacked brokerage accounts. They earn profits by selling before the fraudulent trades are reported.

After last year’s cyber-heist of $81 million at Bangladesh’s central bank and a series of hacks of ATM’s around the world, authorities fear such pump-and-dump schemes could be increasingly used for electronic theft.

Hong Kong is a favored place for such attacks because of the number of thinly-traded penny stocks in the territory and because its securities industry has fallen behind other financial centers in defending against cyber fraud.

At least seven brokers and eight banks have been targeted in Hong Kong, including HSBC Holdings Plc and Bank of China International (BOCI) Securities, according to regulators and people familiar with confidential investigations.

A spokesman for HSBC declined to comment.

A spokeswoman for BOCI Securities said he could not comment on its case but the brokerage would continue to invest in IT security.

“If you ask regulators in the industry what is the number one threat, not surprisingly it’s all about cyber attacks,” Ashley Alder, CEO of the Hong Kong Securities and Futures Commission (SFC) and chairman of the International Organization of Securities Commissions, said in a speech to the local legislature last week.

“We’ve seen that happen not only in banking but also at brokers in Hong Kong, in particular recent attacks to do with basically hijacking share trading accounts.”

Such schemes surfaced more than a decade ago in the United States. Charles Schwab Corp, E*Trade Financial Corp and JP Morgan Chase & Co. were identified as victims of these schemes in a 2006 complaint filed by the Securities and Exchange Commission.

The pace of attacks reported in the United States has slowed in recent years after big brokerages implemented a variety of strategies to thwart the hacks, said John Reed Stark, a former chief of the Securities and Exchange Commission’s (SEC) Office of Internet Enforcement.

Some use algorithms to identify and halt unusual trading activity, others scrutinize Internet traffic for orders coming from suspicious servers and one stopped permitting customers to use its online trading platform from buying penny stocks, said Stark, who now runs cyber-security consulting firm John Reed Stark Consulting LLC.

But such protections are rare in Hong Kong, where the government has only recently started suggesting security improvements to banks and brokerages which have traditionally considered stock trading to be low-risk.

TWO-FACTOR AUTHENTICATION

The Hong Kong SFC last year told firms to increase surveillance of client transactions and data protection.

Authorities believe that hackers accessed brokerage accounts using stolen or guessed passwords, according to investigators. This might have been thwarted if they were protected with two-factor authentication, the Hong Kong Monetary Authority has said.

Two-factor authentication typically includes a password and a piece of information only the user has, for instance an electronic token with changing numbers.

“Hong Kong is being targeted because they have not instituted the same cyber protections that we see in the U.S. and certain parts of Europe,” said Jeff Cramer, a former U.S. prosecutor.

Cramer, who is managing director with cyber-security investigations firm Berkeley Research Group, said he expects to see more attacks in Hong Kong and perhaps other Asian nations, including China, Japan and South Korea that are also behind in cyber security.

FIGHTING BACK

Such pump and dump cases have proven tough to crack in the United States because the masterminds are typically overseas, using surrogates and pseudonyms to make investments.

Brokerages are typically not required to go public when they are hacked, so cases often only surface when the government files a complaint against suspected cyber criminals, or the hack results in litigation.

The attack involving BOCI Securities year became public after it was sued by a customer that claimed its account was breached.

Trading firm Fast Track Holdings Limited alleged in court documents that somebody hacked into its brokerage account on the afternoon of September 23 using a valid user ID and password. Within 18 minutes, the intruder had emptied the account by spending HK$38 million to buy 49 million shares of thinly traded Pa Shun Pharmaceutical, according to Fast Track.

The stock soared more than 30 percent after the purchase, which was made at a 36 percent premium to the previous day’s closing price, Reuters data shows.

BOCI alerted Fast Track of the suspicious activity an hour later, but it has said in court documents it should not be held financially responsible, saying it found no evidence its systems had been compromised.

Peter Pang, Pa Shun’s CFO, told Reuters the management “would keep an eye to the incident and report to the regulators and the public when necessary”.

One person familiar with the case said Fast Track’s management believes the incident was a pump and dump scam and that Pa Shun was targeted because it is thinly-traded, but it remained unclear who was responsible.

Fast Track’s directors did not respond to requests for comment.

(Additional reporting by Jim Finkle in Boston and Jessica Yu, Katy Wong and Donny Kwok in Hong Kong; Editing by Raju Gopalakrishnan)

Austrian parliament says Turkish Islamist hackers claim cyber attack

Austrian Parliament building

VIENNA (Reuters) – Austria’s parliament said on Tuesday that a Turkish Islamist hackers’ group had claimed responsibility for a cyber attack that brought down its website for 20 minutes this weekend.

Aslan Neferler Tim (ANT), or Lion Soldiers Team, whose website says it defends the homeland, Islam, the nation and flag, without any party political links, claimed the attack, a parliamentary spokeswoman said.

Relations between Turkey and Austria soured last year after President Tayyip Erdogan cracked down on dissent following a failed coup, and Vienna has since made a solo charge within the European Union for accession talks to be dropped.

On its Facebook page on Sunday afternoon, above a screenshot indicating the website was not loading, ANT said in Turkish: “Our reaction will be harsh in response to this racism of Austria against Muslims!!! (Parliament down).”

ANT says it has carried out “operations” against the pro-Kurdish Peoples’ Democratic Party (HDP), the Austrian central bank and an Austrian airport.

An Interior Ministry spokesman said on Tuesday that an investigation had begun into the cyber attack and, declining to elaborate further, noted that no data had been lost.

A parliamentary spokeswoman said: “ANT has claimed responsibility.” When asked if ANT was responsible, she said: “We assume so.”

The website was brought down after the server was flooded with service requests, a so-called DDoS-attack, similar to an attack last November that targeted the Foreign Affairs and Defense Ministries’ websites, a statement from parliament said.

DDoS attacks are among the most common cyber threats. One such attack targeted the European Commission’s computers in November.

The Vienna-based Organization for Security and Cooperation in Europe (OSCE) was also recently the target of a cyber attack.

(Reporting by Shadia Nasralla, Francois Murphy in VIENNA and Daren Butler in ISTANBUL; Editing by Louise Ireland)

U.S. Treasury holds debt auctions steady, plans cyber test

dollar note

By Jason Lange

WASHINGTON (Reuters) – The U.S. Treasury announced on Wednesday it will hold the size of coupon auctions steady in the upcoming quarter when it conducts a small “contingency auction” that an official said would test its ability to borrow following a cyber attack.

It was unclear how much of a role, if any, the White House had in crafting the Treasury’s quarterly debt policy statement, which was the first since President Donald Trump took office last month.

The U.S. Senate has yet to confirm Trump’s Treasury secretary nominee, Steven Mnuchin. Several Treasury officials from the Obama administration have left, with their positions filled on a temporary basis by career bureaucrats or political appointees from the last administration.

The latest policy statement was made by Monique Rollins, Treasury’s acting assistant secretary for financial markets and a holdover from the Obama administration. A Treasury official told reporters separately that the new political leadership was aware of the debt policies announced on Wednesday.

Rollins said in the policy statement that Treasury plans to offer $62 billion in notes and bonds next week, raising approximately $17 billion in new cash.

The contingency test was part of regular auction infrastructure testing, Rollins said.

The Treasury official who briefed reporters separately said the test would gauge the government’s ability to borrow money if a cyber attack disrupted normal auctions.

On future coupon sizes, Rollins said the department “will continue to monitor projected financing needs and make appropriate adjustments as necessary.”

(Reporting by Jason Lange; Editing by Paul Simao)

French central bank chief urges insurers to step up cyber risk coverage

man representing cyber attack

PARIS (Reuters) – France’s central bank governor called on French insurers to enhance cyber risk coverage for their clients, as hack attacks and data privacy laws in Europe spur rising demand.

“With the help of reinsurers, insurers should be able to meet demands of cyber risk coverage, a concern that affects all businesses,” Francois Villeroy de Galhau said during a conference in Paris.

Though growing fast, the European cyber insurance market remains dwarfed by that in the United States, but is likely to expand in the coming years as new EU regulations come into force requiring firms to disclose when they have been the victim of an attack.

Around 28 percent of companies in Europe have been subject to a cyber attack over the past 12 months, but only 13 percent of companies have purchased cyber insurance, Marsh & McLennan Co’s (MMC.N) Marsh broker unit said in a survey, published in October 2016.

The value of global cyber insurance premiums outstanding is estimated by Marsh & McLennan Co’s (MMC.N) Marsh broker unit to be around $3.5 billion with 3 billion coming from the United States, and around $300 million coming from Europe.

“Insurance companies should learn from their own experience … in order to create a more mature market in France and Europe for insurance against cyber risks,” Villeroy added.

(Reporting by Maya Nikolaeva and Myriam Rivet; Editing by Leigh Thomas)