Russia looms large as U.S. election officials prep for 2018

People walk by the U.S. Capitol building in Washington, U.S., February 8, 2018. REUTERS/ Leah Millis

By Dustin Volz

WASHINGTON (Reuters) – Ten months before the United States votes in its first major election since the 2016 presidential contest, U.S. state election officials huddled in Washington this weekend to swap strategies on dealing with an uninvited guest: Russia.

A pair of conferences usually devoted to staid topics about election administration were instead packed with sessions dedicated to fending off election cyber attacks from Russia or others, as federal authorities tried to portray confidence while pleading with some states to take the threat more seriously.

“Everyone in this room understands that what we are facing from foreign adversaries, particularly Russia, is real,” Chris Krebs, a senior cybersecurity official at the Department of Homeland Security (DHS), told an audience of secretaries of state, who in many states oversee elections. Russia, he added, is “using a range of tools against us.”

The department said last year that 21 states had experienced initial probing of their systems from Russian hackers and that a small number of networks were compromised. Voting machines were not directly affected and there remains no evidence any vote was altered, officials say.

While virtually all 50 states have taken steps since the 2016 election to purchase more secure equipment, expand the use of paper ballots, improve cyber training or seek federal assistance, according to groups that track election security, some officials at the conferences expressed an added sense of urgency.

That is because the meetings came immediately after U.S. Special Counsel Robert Mueller unsealed an indictment accusing 13 Russians and three Russian companies of conducting a criminal conspiracy to interfere in the 2016 election.

The charges alleged a sophisticated multi-year operation carried out by a Russian propaganda factory to use false personas on social media to boost Donald Trump’s campaign. Russia has repeatedly denied it attempted to meddle.

“Loud and clear I hear that the biggest threat is this campaign of disinformation as opposed to the election process itself,” said Denise Merrill, Connecticut’s secretary of state, a Democrat.

DHS has taken the lead on working with states to improve voting machine security, but no federal agency is specifically responsible for combating online propaganda.

Several secretaries of state said they needed more rapid notification from federal partners about not just attempts to breach voting systems but disinformation campaigns as well.

“I don’t want to find out about propaganda two years later, after I elect my congressman,” said Mississippi Secretary of State Delbert Hosemann, a Republican, in an interview while clutching his own printed copy of the 37-page indictment.

Frustration boiled over at times among the secretaries of state, some of whom criticized a classified briefings U.S. intelligence agencies held with them over the weekend as largely unhelpful.

Federal officials, they said, continued to provide inadequate information to states about the nature of the Russian cyber threat and how to protect against it.

“I would have thought that behind closed doors, I would have heard, ‘This is why this has to be classified.’ And I heard none of it,” said West Virginia Secretary of State Mac Warner, a Republican. Still, other secretaries of state and election directors said relationships with DHS had improved dramatically compared with a year ago.

Speaking on a panel and attempting to quell frustration, Robert Kolasky, another DHS cybersecurity official, stressed that U.S. intelligence officials were genuinely worried about how Russia or others may attempt to interfere in 2018.

“There are reasons we are worried that things could become more serious,” Kolasky said. “The Russians got close enough, and we anticipate it could be different, or worse, the next time around,” he said.

(Reporting by Dustin Volz; Editing by Daniel Wallis)

Malicious cyber activity cost U.S. economy $57 billion – $109 billion in 2016: White House report

A hooded man holds a laptop computer as blue screen with an exclamation mark is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration -

WASHINGTON (Reuters) – A White House report estimated on Friday that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.

The estimate was contained in a report by the White House Council of Economic Advisers on the economic costs of cyber threats.

The report quoted the U.S. intelligence community as saying the main foreign culprits responsible for much cyber activity are Russia, China, Iran and North Korea.

(Reporting By Steve HollandEditing by Chizu Nomiyama)

North Korean hackers behind attacks on cryptocurrency exchanges

A coin representing the bitcoin cryptocurrency is seen on computer circuit boards in this illustration picture

SEOUL (Reuters) – South Korea’s spy agency said North Korean hackers were behind attacks on cryptocurrency exchanges this year in which some 7.6 billion won ($6.99 million) worth of cryptocurrencies were stolen, a newspaper reported on Saturday.

The cyber attacks attributed to North Korean hackers also included the leaking of personal information from 36,000 accounts from the world’s busiest cryptocurrency exchange Bitthumb in June, South Korea’s Chosun Ilbo reported, citing the country’s National Intelligence Service (NIS).

Attacks also included the theft of cryptocurrencies from accounts at exchanges Yapizon, now called Youbit, and Coinis in April and September, it said.

The 7.6 billion won of stolen cryptocurrencies are now worth about 90 billion won ($82.7 million), Chosun Ilbo reported. It also cited the NIS as saying North Korean hackers had also demanded 6 billion won ($5.5 million) from Bitthumb in return for deleting the leaked personal information.

Another cyber attack on about 10 cryptocurrency exchanges by North Korean hackers in October, using emails containing malware, was thwarted by the Korea Internet Security Agency (KISA), the newspaper reported.

The NIS found that the malware used in hacking the exchanges was made with the same method as malware used in hacking Sony Pictures and the central bank of Bangladesh in 2014 and 2016 respectively, the Chosun Ilbo reported.

The NIS also said emails used in the attacks used North Korean internet addresses, according to the Chosun Ilbo.

The NIS declined to comment. Representatives for KISA, Bitthumb, Youbit and Coinis could not be reached for comment.

($1 = 1,087.9500 won)

(Reporting by Joyce Lee and Heekyong Yang; Editing by Paul Tait)

NATO mulls ‘offensive defense’ with cyber warfare rules

NATO mulls 'offensive defense' with cyber warfare rules

By Robin Emmott

TARTU, Estonia (Reuters) – A group of NATO allies are considering a more muscular response to state-sponsored computer hackers that could involve using cyber attacks to bring down enemy networks, officials said.

The United States, Britain, Germany, Norway, Spain, Denmark and the Netherlands are drawing up cyber warfare principles to guide their militaries on what justifies deploying cyber attack weapons more broadly, aiming for agreement by early 2019.

The doctrine could shift NATO’s approach from being defensive to confronting hackers that officials say Russia, China and North Korea use to try to undermine Western governments and steal technology.

“There’s a change in the (NATO) mindset to accept that computers, just like aircraft and ships, have an offensive capability,” said U.S. Navy Commander Michael Widmann at the NATO Cooperative Cyber Defence Centre of Excellence, a research center affiliated to NATO that is coordinating doctrine writing.

Washington already has cyber weapons, such as computer code to take down websites or shut down IT systems, and in 2011 declared that it would respond to hostile cyber acts.

The United States, and possibly Israel, are widely believed to have been behind “Stuxnet”, a computer virus that destroyed nuclear centrifuges in Iran in 2010. Neither has confirmed it.

Some NATO allies believe shutting down an enemy power plant through a cyber attack could be more effective than air strikes.

“I need to do a certain mission and I have an air asset, I also have a cyber asset. What fits best for the me to get the effect I want?” Widmann said.

The 29-nation NATO alliance recognized cyber as a domain of warfare, along with land, air and sea, in 2014, but has not outlined in detail what that entails.

In Europe, the issue of deploying malware is sensitive because democratic governments do not want to be seen to be using the same tactics as an authoritarian regime. Commanders and experts have focused on defending their networks and blocking attempts at malicious manipulation of data.

Senior Baltic and British security officials say they have intelligence showing persistent Russian cyber hacks to try to bring down European energy and telecommunications networks, coupled with Internet disinformation campaigns.

They believe Russia is trying to break Western unity over economic sanctions imposed over Moscow’s 2014 annexation of Crimea and its support for separatists in eastern Ukraine.

“They (Russia) are seeking to attack the cohesion of NATO,” said a senior British security official, who said the balance between war and peace was becoming blurred in the virtual world. “It looks quite strategic.”

Moscow has repeatedly denied any such cyber attacks.

ESTONIAN ‘CYBER COMMAND’

The United States, Britain, the Netherlands, Germany and France have “cyber commands” — special headquarters to combat cyber espionage and hacks of critical infrastructure.

Estonia, which was hit by one of the world’s first large-scale cyber attacks a decade ago, aims to open a cyber command next year and make it fully operational by 2020, with offensive cyber weapons.

“You cannot only defend in cyberspace,” said Erki Kodar, Estonia’s undersecretary for legal and administrative affairs who oversees cyber policy at the defense ministry.

Across the globe this year computer hackers have disrupted multinational firms, ports and public services on an unprecedented scale, raising awareness of the issue.

NATO held its biggest ever cyber exercise this week at a military base in southern Estonia, testing 25 NATO allies against a fictional state-sponsored hacker group seeking to infiltrate NATO air defense and communication networks.

“The fictional scenarios are based on real threats,” said Estonian army Lieutenant-Colonel Anders Kuusk, who ran the exercise.

NATO’s commanders will not develop cyber weapons but allied defense ministers agreed last month that NATO commanders can request nations to allow them use of their weapons if requested.

(Reporting by Robin Emmott; Editing by Peter Graff)

Travelers says it is in ‘right spot’ for cyber insurance exposure

Travelers says it is in 'right spot' for cyber insurance exposure

By Suzanne Barlyn

(Reuters) – Travelers Cos Inc <TRV.N> plans to stick to its recent growth pace for sales of cyber insurance, which protects businesses against hacking and other liabilities, despite potential to boost it, as the insurer assesses risks in the segment, its head of specialty insurance said on Monday.

“We feel like we’re just in the right spot,” Thomas Kunkel, the insurer’s president of bond and specialty insurance, said during an investor meeting in Connecticut.

Travelers has increased its cyber business at a 40 percent compound annual growth rate since 2011 and could quicken the pace, Kunkel said. “It would not be hard,” he said.

But Travelers must be “respectful and prudent” about the risks involved in cyber, Kunkel said.

Insurers have said the growing sophistication of hackers alongside a still-evolving cyber insurance industry makes it difficult to quantify their potential cyber-related losses.

About three-quarters of cyber policies that Travelers writes cover up to $1 million in damages, while nearly a quarter cover between $1 million and $5 million, the company said.

“We manage our limits very closely,” Kunkel said.

Equifax Inc <EFX.N>, which compiles credit information about consumers and assigns them scores, disclosed in September that cyber criminals had breached its systems between mid-May and late July and stolen the sensitive information of 145.5 million people. The hack is among the largest ever.

Regulation will also drive demand for cyber insurance, particularly in the financial services sector, Fitch Ratings said in a report on Monday.

“As the cyber insurance market develops, competition is likely to erode profit margins,” Fitch said.

Some insurers who ultimately enter the cyber market may lack underwriting experience and take on risks that could exceed their capital, Fitch said.

Events that could trigger large claims include cyber attacks on electronic grids and transportation systems, or hacks of large data storage clouds, Fitch said.

Insurer American International Group Inc <AIG.N> said on Oct. 26 that it was reviewing all types of coverage it offers to gauge its exposure to cyber risk.

AIG will start including cyber coverage as part of its commercial casualty insurance during the first quarter of 2018, Tracie Grella, global head of cyber risk insurance, said at the time.

The move would boost rates but also make it clearer how customers are covered if they are the victim of a security breach.

Many commercial insurers offer stand-alone cyber coverage, but it is not yet a standard addition to most other policies, such as property and casualty.

(Reporting by Suzanne Barlyn in New York; Editing by Lisa Von Ahn and Matthew Lewis)

Merck cyber attack may cost insurers $275 million: Verisk’s PCS

Merck cyber attack may cost insurers $275 million: Verisk's PCS

NEW YORK (Reuters) – Insurers could pay $275 million to cover the insured portion of drugmaker Merck & Co’s loss from a cyber attack in June, according to a forecast by Verisk Analytics Inc’s Property Claim Services (PCS) unit.

Merck, however, has not disclosed the magnitude of its uninsured losses from the “NotPetya” attack, which disrupted production of some Merck medicines and vaccines.

The company was among dozens of firms worldwide hit in the June 27 attack, which began in Ukraine, then rapidly spread through corporate networks of multinationals with operations or suppliers in Eastern Europe.

“Merck has not yet fully quantified its losses, much less given any of its insurers an estimate of the total amount of those losses,” Merck spokeswoman Claire Gillespie said in a statement.

She reiterated that Merck has insurance that would cover some costs, but declined to elaborate or say how much Merck expects to have to pay on its own.

The drugmaker said in July that it had suffered a worldwide disruption of its operations as a result of the malware. It was still in the process of restoring its manufacturing operations a month later.

Merck said then that it was confident it would be able to maintain a continuous supply of its top-selling and life-saving drugs, but warned of temporary delays in delivering some other products.

NotPetya is a destructive virus that spread quickly across computer networks, crippling computers by encrypting hard drives so that machines cannot run. The attacks caused massive disruptions to industrial networks that rely on computers because businesses must individually replace damaged drives, a labor-intensive process.

Cyber insurance can be expensive to buy and is not widely used outside the United States, with one insurer previously describing the cost as $100,000 for $10 million in data breach insurance.

Policies typically cover expenses stemming from a data breach, such as forensics and data restoration, among other costs. Coverage also helps pay for business interruption expenses when a breach or malware attack shuts down a company’s website.

Some companies without cyber insurance have used their policies covering kidnap, ransom and extortion to recoup losses caused by ransomware viruses.

PCS provides estimates on a wide variety of insured losses, ranging from damages caused by hacks to hurricanes and wildfires.

(Reporting by Michael Erman in New York and Noor Zainab Hussain in Bengaluru, additional reporting by Suzanne Barlyn; editing by Jim Finkle and G Crosse)

Researchers uncover flaw that makes Wi-Fi vulnerable to hacks

FILE PHOTO: A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. REUTERS/Pawel Kopczynski

(Reuters) – Cyber security watchdogs and researchers are issuing warnings over risks associated with a widely used system for securing Wi-Fi communications after the discovery of a flaw that could allow hackers to read information thought to be encrypted, or infect websites with malware.

An alert from the U.S. Department of Homeland Security Computer Emergency Response Team on Monday said the flaw could be used within range of Wi-Fi using the WPA2 protocol to hijack private communications. It recommended installing vendor updates on affected products, such as routers provided by Cisco Systems Inc <CSCO.O> or Juniper Networks Inc <JNPR.N>.

Belgian researchers Mathy Vanhoef and Frank Piessens of Belgian university KU Leuven disclosed the bug in WPA2, which secures modern Wi-Fi systems used by vendors for wireless communications between mobile phones, laptops and other connected devices with Internet-connected routers or hot spots.

“If your device supports Wi-Fi, it is most likely affected,” they said on the www.krackattacks.com website, which they set up to provide technical information about the flaw and methods hackers might use to attack vulnerable devices.

It was not immediately clear how difficult it would be for hackers to exploit the bug, or if the vulnerability has previously been used to launch any attacks.

Finnish security firm F-Secure said experts have long been cautious about Wi-Fi’s ability to withstand security challenges of the 21st century.

“But the worst part of it is that it’s an issue with Wi-Fi protocols, which means it affects practically every single person in the world that uses Wi-Fi networks,” it said on its website.

Microsoft Corp <MSFT.O> said it had released a security update for Windows. Customers who applied the update, or had automatic updates enabled, would already be protected, it said in a statement emailed to Reuters.

CERT New Zealand and CERT India asked users to apply security updates. CERT NZ suggested using ethernet cables and to connect directly into the network, when possible.

“Given the complexity of updating smart devices such as mobile phones, CERT NZ also strongly recommends disabling Wi-Fi when it isn’t required,” it said in its advisory. (http://bit.ly/2gfho2b)

The Wi-Fi Alliance, an industry group that represents hundreds of Wi-Fi technology companies, said the issue “could be resolved through a straightforward software update”.

The group said in a statement it had advised members to release patches quickly and recommended that consumers quickly install those security updates.

(Reporting by Jim Finkle in Toronto and Dustin Volz in Washington; Additional reporting by Aradhana Aravindan in Singapore; Editing by Susan Thomas, Dan Grebler and Jacqueline Wong)

U.S. governors, hackers, academics team up to secure elections

FILE PHOTO: A man types into a keyboard during the Def Con hacker convention in Las Vegas, Nevada, U.S. on July 29, 2017. REUTERS/Steve Marcus

By Jim Finkle

(Reuters) – Hackers are joining forces with U.S. governors and academics in a new group aimed at preventing the manipulation of voter machines and computer systems to sway the outcome of future U.S. elections, a source familiar with the project said on Monday.

The anti-hacking coalition’s members include organizers of last summer’s Def Con hacking conference in Las Vegas, the National Governors Association and the Center for Internet Security, said the source, who asked not to be identified ahead of a formal announcement due to be made on Tuesday.

The Washington-based Atlantic Council think tank and several universities are also part of the project, the source said.

The coalition will be unveiled as Def Con organizers release a report describing vulnerabilities in voting machines and related technology that were uncovered in July.

Hackers pulled apart voting machines and election computers at the three-day event, uncovering security bugs that organizers said could be exploited by people trying to manipulate election results.

People at the Las Vegas conference learned to hack voting machines within minutes or just a few hours, according to a copy of the organizers’ report due for release on Tuesday and seen ahead of time by Reuters.

Concerns about election hacking have surged in the United States since late last year, when news surfaced that top U.S. intelligence agencies had determined that Russian President Vladimir Putin ordered computer hacks of Democratic Party emails to help Republican Donald Trump win the Nov. 8 election.

The U.S. Department of Homeland Security has said that Russian hackers targeted 21 U.S. state election systems in the 2016 presidential race and a small number were breached, although some states have disputed they were hacked. There was no evidence that any votes had been manipulated.

Several congressional committees are investigating and special counsel Robert Mueller is leading a separate probe into the Russia matter, including whether the Trump campaign colluded with Moscow.

Russia has denied the accusations.

As one possible counter-measure, organizers of the Def Con hacking conference have recommended that U.S. states reduce the amount of non-American parts and software used in their voting machines, according to the group’s report.

“Via a supply chain originating overseas, voting equipment and software can be compromised at the earliest of stages in manufacturing process,” the report says.

Further details on the members of the anti-hacking coalition were not immediately available.

(Reporting by Jim Finkle in Toronto; Additional reporting by David Ingram in San Francisco; Editing by Jonathan Oatis and Tom Brown)

Rising hacker threat will trigger boom in cyber crime insurance, Tryg says

People pose in front of a display showing the word 'cyber' in binary code, in this picture illustration taken in Zenica December 27, 2014. REUTERS/Dado Ruvic

COPENHAGEN (Reuters) – Insurer Tryg <TRYG.CO> expects 90 percent of its corporate customers to buy cyber crime insurance within five years as the threat from hackers and viruses to crucial data and IT systems grows.

Tryg, Denmark’s biggest insurer, has sold 5,000 cyber crime insurance policies since the turn of the year when it launched a new product providing assistance in restoring data and getting systems up and running if a firm is hit by a cyber attack.

“There are no corporate clients today that don’t have insurance on their buildings or cars, but I think that within a very few years it will be just as evident that you should insure against cyber crime,” chief executive Morten Hubbe told Reuters on Wednesday.

The initial rise in demand for cyber insurance was prompted by the ransomware attack, named “Wannacry”, that infected more than 300,000 computers worldwide in May.

He estimated that around 50 percent of the firm’s corporate clients would buy such an insurance by 2020 and from that point it would only take “a couple of years” to reach 90 percent.

Tryg’s two business segments for small and medium size businesses and larger corporate customers accounts for 44 percent of the group’s total premium income.

“The biggest risk to us is that significantly more customers get hit than we believe and that it gives us a huge economic loss,” said Hubbe.

While the firm has good insight into how often a house burns down or a bicycle is stolen on average, the frequency and extent of cyber crimes is hard to predict.

Tryg will also offer extensions to the basic insurance that cover consequential losses, back-up of data and a so-called DNS box aimed at blocking web pages known to contain viruses and malware.

For the big industrial players, Tryg would look to cooperate with global reinsurers to spread the risk when big companies lose revenues in connection with cyber attacks.

The world’s biggest container shipping firm Maersk Line <MAERSKb.CO> saw a $2-300 million bill from a June cyber attack that disrupted its operations for weeks.

(Reporting by Stine Jacobsen; editing by Ken Ferris)

Security firm finds some Macs vulnerable to ‘firmware’ attacks

FILE PHOTO: Apple CEO Tim Cook speaks under a graphic of the new MacBook Pro during an Apple media event in Cupertino, California, U.S. October 27, 2016. REUTERS/Beck Diefenbach

By Stephen Nellis

(Reuters) – Since 2015, Apple Inc <AAPL.O> has tried to protect its Mac line of computers from a form of hacking that is extremely hard to detect, but it has not been entirely successful in getting the fixes to its customers, according to research released on Friday by Duo Security.

Duo examined what is known as firmware in the Mac computers. Firmware is an in-built kind of software that is even more basic than an operating system like Microsoft Windows or macOS.

When a computer is first powered on — before the operating system has even booted up — firmware checks to make sure that basic components like a hard disk and processor are present and tells them what to do. That makes malicious code hiding in it hard to spot.

In most cases, firmware is a hassle to update with the latest security patches. Updates have to be carried out separately from the operating system updates that are more commonplace.

In 2015, Apple started bundling firmware updates along with operating system updates for Mac machines in an effort to ensure firmware on them stayed up to date.

But Duo surveyed 73,000 Mac computers operating in the real world and found that 4.2 percent of them were not running the firmware they should have been based on their operating system. In some models – such as the 21.5-inch iMac released in late 2015 – 43 percent of machines had out-of-date firmware.

That left many Macs open to hacks like the “Thunderstrike” attack, where hackers can control a Mac after plugging an Ethernet adapter into the machine’s so-called thunderbolt port.

Paradoxically, it was only possible to find the potentially vulnerable machines because Apple is the only computer maker that has sought to make firmware updates part of its regular software updates, making it both more trackable and the best in the industry for firmware updates, Rich Smith, director of research and development at Duo, told Reuters in an interview.

Duo said that it had informed Apple of its findings before making them public on Friday. In a statement, Apple said it was aware of the issue and is moving to address it.

“Apple continues to work diligently in the area of firmware security, and we’re always exploring ways to make our systems even more secure,” the company said in a statement. “In order to provide a safer and more secure experience in this area, macOS High Sierra automatically validates Mac firmware weekly.”

(Reporting by Stephen Nellis; Editing by Leslie Adler)