ATM makers warn of ‘jackpotting’ hacks on U.S. machines

: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on March 1, 2017.

By Jim Finkle

(Reuters) – Diebold Nixdorf Inc and NCR Corp, two of the world’s largest ATM makers, have warned that cyber criminals are targeting U.S. cash machines with tools that force them to spit out cash in hacking schemes known as “jackpotting.”

The two ATM makers did not identify any victims or say how much money had been lost. Jackpotting has been rising worldwide in recent years, though it is unclear how much cash has been stolen because victims and police often do not disclose details.

The attacks were reported earlier on Saturday by the security news website Krebs on Security, which said they had begun last year in Mexico.

The companies confirmed to Reuters on Saturday they had sent out the alerts to clients.

NCR said in a Friday alert that the cases were the first confirmed “jackpotting” losses in the United States. It said its equipment had not been targeted in the recent attacks, but that it was still a concern for the entire ATM industry.

“This should be treated by all ATM deployers as a call to action to take appropriate steps to protect their ATMs against these forms of attack,” the alert said.

Diebold Nixdorf said in a separate Friday alert that U.S. authorities had warned the company that hackers were targeting one of its ATM models, known as Opteva, which went out of production several years ago.

A confidential U.S. Secret Service alert sent to banks said the hackers targeted stand-alone ATMs typically located in pharmacies, big box retailers and drive-thru ATMs, Krebs on Security reported.

Diebold Nixdorf’s alert described steps that criminals had used to compromise ATMs. They include gaining physical access, replacing the hard drive and using an industrial endoscope to depress an internal button required to reset the device.

Reuters was unable to obtain a copy of the Secret Service report and an agency representative declined comment. Officials with the Federal Bureau of Investigation could not immediately be reached.

Russian cyber security firm Group IB has reported that cyber criminals remotely attacked cash machines in more than a dozen countries across Europe in 2016. Similar attacks were also reported that year in Thailand and Taiwan.

(Reporting by Jim Finkle in Toronto; Additional reporting by Dustin Volz in Washington; Editing by Susan Thomas)

U.N. survey finds cybersecurity gaps everywhere except Singapore

FILE PHOTO - A hooded man holds a laptop computer as blue screen with an exclamation mark is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

By Tom Miles

GENEVA (Reuters) – Singapore has a near-perfect approach to cybersecurity, but many other rich countries have holes in their defenses and some poorer countries are showing them how it should be done, a U.N. survey showed on Wednesday.

Wealth breeds cybercrime, but it does not automatically generate cybersecurity, so governments need to make sure they are prepared, the survey by the U.N. International Telecommunication Union (ITU) said.

“There is still an evident gap between countries in terms of awareness, understanding, knowledge and finally capacity to deploy the proper strategies, capabilities and programmes,” the survey said.

The United States came second in the ITU’s Global Cybersecurity Index, but many of the other highly rated countries were small or developing economies.

The rest of the top 10 were Malaysia, Oman, Estonia, Mauritius, Australia, Georgia, France and Canada. Russia ranked 11th. India was 25th, one place ahead of Germany, and China was 34th.

The ranking was based on countries’ legal, technical and organizational institutions, their educational and research capabilities, and their cooperation in information-sharing networks.

“Cybersecurity is an ecosystem where laws, organizations, skills, cooperation and technical implementation need to be in harmony to be most effective,” the survey said.

“The degree of interconnectivity of networks implies that anything and everything can be exposed, and everything from national critical infrastructure to our basic human rights can be compromised.”

The crucial first step was to adopt a national security strategy, but 50 percent of countries have none, the survey said.

Among the countries that ranked higher than their economic development was 57th-placed North Korea, which was let down by its “cooperation” score but still ranked three spots ahead of much-richer Spain.

The smallest rich countries also scored badly – Andorra, Liechtenstein, Monaco and San Marino were all well down the second half of the table. The Vatican ranked 186th out of 195 countries in the survey.

But no country did worse than Equatorial Guinea, which scored zero.

(Reporting by Tom Miles)

Cyber extortion demands surge as victims keep paying: Symantec

A man walks past a display of hexadecimal code in a file photo. REUTERS/Nigel Treblin

By Alastair Sharp

TORONTO (Reuters) – Hackers are demanding increasingly hefty ransoms to free computers paralyzed with viruses, as cyber criminals seek to maximize profits from large numbers of victims willing to pay up, according to cyber security firm Symantec Corp.

The average demand embedded in such malicious software, which is known as ransomware, more than tripled last year to $1,077 from $294, and the pricing has continued to rise in 2017, according to Symantec.

“The bad guys haven’t found the top end of what people will pay,” Symantec Director of Security Response Kevin Haley said in a telephone interview.

Symantec said 69 percent of ransomware infections in 2016 hit consumer computers, with the remainder targeting businesses and other organizations.

More than a third of consumer ransomware victims around the globe pay cyber criminals to regain access to their data, according to Symantec. In the United States, where such attacks are most prevalent, 64 percent pay.

“If six out of ten people will pay your ransom when it’s three hundred bucks, you’re thinking ‘What if I raise it to four hundred? What if I raise to five hundred?'” Haley said.

The surge in cyber extortion has been fueled partly by the sale of ransomware kits, which sell for $10 to $1,800 on underground markets and make it easy for wannabe cyber crooks to get in the business, according to Symantec.

One kit, known as Shark, lets users name their demand, which its creators collect from victims and pass on to attackers, minus a 20 percent commission.

Ransomware attacks have increased sharply over the past year, with criminals targeting hospitals, police departments and other providers of critical services in the United States and Europe.

In some cases, the attacks have interrupted critical public services.

U.S. and European hospitals have been forced to divert patients to other facilities when ransomware paralyzed computer systems.

Local police have been forced to manually dispatch calls, and San Francisco’s public transit system was unable to collect fares for a weekend during the busy Christmas shopping season.

(Reporting by Alastair Sharp; Editing by Steve Orlofsky; Editing by Jim Finkle and Steve Orlofsky)

China warns against cyber ‘battlefield’ in internet strategy

A map of China is seen through a magnifying glass on a computer screen showing binary digits in Singapore in this January 2, 2014 photo illustration. REUTERS/Edgar Su

BEIJING (Reuters) – The strengthening of cyber capabilities is an important part of China’s military modernization, the government said on Wednesday, warning that the internet should not become “a new battlefield”.

China, home to the largest number of internet users, has long called for greater cooperation among countries in developing and governing the internet, while reiterating the need to respect “cyber sovereignty”.

But Beijing, which operates the world’s most sophisticated online censorship mechanism known elsewhere as the “Great Firewall”, has also signaled that it wants to rectify “imbalances” in the way standards across cyberspace are set.

“The building of national defense cyberspace capabilities is an important part of China’s military modernization,” the Foreign Ministry and the Cyberspace Administration of China, the country’s internet regulator, said in a strategy paper on the ministry’s website.

China will help the military in its important role of “safeguarding national cyberspace sovereignty, security and development interests” and “hasten the building of cyberspace capabilities”, they said, but also called on countries to “guard against cyberspace becoming a new battlefield”.

Countries should not engage in internet activities that harm nations’ security, interfere in their internal affairs, and “should not engage in cyber hegemony”.

“Enhancing deterrence, pursing absolute security and engaging in a (cyber) arms race – this is a road to nowhere,” Long Zhao, the Foreign Ministry’s coordinator of cyberspace affairs, said at a briefing on the strategy.

“China is deeply worried by the increase of cyber attacks around the world,” Long said.

The United States has accused China’s government and military of cyber attacks on U.S. government computer systems. China denies the accusations and says it is a victim of hacking.

A cyber attack from China crashed the website of South Korea’s Lotte Duty Free on Thursday, a company official said, at a time when South Korean firms are reporting difficulties in China following the deployment of a U.S. missile defense system in South Korea that China objects to.

While China’s influence in global technology has grown, its ruling Communist Party led by President Xi Jinping has presided over broader and more vigorous efforts to control and censor the flow of information online.

The “Great Firewall” blocks many social media services, such as Twitter, Facebook, YouTube, Instagram, Snapchat and Google, along with sites run by human rights groups and those of some foreign media agencies.

Chinese officials say the country’s internet is thriving and controls are needed for security and stability.

(Reporting by Michael Martina and Catherine Cadell; Editing by Nick Macfie)

New York state cyber security regulation to take effect March 1

projection of man in binary code representing cyber security or cyber attack

By Karen Freifeld and Jim Finkle

NEW YORK/BOSTON (Reuters) – New York state on Thursday announced final regulations requiring banks and insurers to meet minimum cyber-security standards and report breaches to regulators as part of an effort to combat a surge in cyber crime and limit damages to consumers.

The rules, in the works since 2014, followed a series of high-profile data breaches that resulted in losses of hundreds of millions of dollars to U.S. companies, including Target Corp, Home Depot Inc and Anthem Inc .

They lay out unprecedented requirements on steps financial firms must take to protect their networks and customer data from hackers and disclose cyber events to state regulators.

“These strong, first-in-the-nation protections will help ensure this industry has the necessary safeguards in place” to protect businesses and clients “from the serious economic harm caused by these devastating cyber-crimes,” Governor Andrew Cuomo said in a statement.

The state in December delayed implementation of the rules by two months and loosened some requirements after financial firms complained they were onerous and said they would need more time to comply.

The new rules call for banks and insurers to scrutinize security at third-party vendors that provide them goods and services. In 2015, the New York Department of Financial Services found that a third of 40 banks polled did not require outside vendors to notify them of breaches that could compromise data.

The revised rule requires firms to perform risk assessments in order to design a program particular to them, and gives them at least a year-and-a-half to comply with the requirements. The final rule took into account the burden on smaller companies, a spokeswoman for the agency said.

Covered entities must annually certify compliance.

Institutions subject to the regulation include state-chartered banks, as well as foreign banks licensed to operate in the state, along with any insurer that does business in New York.

A task force of U.S. state insurance regulators is also developing a model cyber security law, which individual state legislatures could ultimately choose to adopt.

White House voices concerns about China cyber law

A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris

WASHINGTON (Reuters) – The White House said on Thursday that it raised concerns about China’s new cyber security law during a meeting with a Chinese official after the latest round of talks between the two countries on cyber crime.

U.S. National Security Adviser Susan Rice met with Chinese State Councilor Guo Shengkun to discuss the importance “of fully adhering” to an anti-hacking accord signed last year between the China and the United States, National Security Council spokesman Ned Price said.

The deal, brokered during Chinese President Xi Jinping’s state visit to Washington in 2015, included a pledge that neither country would knowingly carry out hacking for commercial advantages.

Rice told Guo that the United States was concerned “about the potential impacts” of a law that China adopted in November aimed at combating hacking and terrorism.

Critics of the law say it threatens to shut foreign technology companies out of various sectors deemed “critical,” and includes contentious requirements for security reviews and for data to be stored on servers in China.

Rights advocates also say the law will enhance restrictions on China’s Internet, already subject to the world’s most sophisticated online censorship mechanism, known outside China as the Great Firewall.

Rice met with Guo after the third round of high level talks on cyber security between China and the United States was held on Wednesday.

(Reporting by Ayesha Rascoe; Editing by Alistair Bell)

Russian hackers accused of post-election attacks on U.S. think tanks

padlock graphic

By Jim Finkle and Dustin Volz

(Reuters) – A Russian hacking group began attacking U.S.-based policy think tanks within hours of Donald Trump’s presidential election victory, according to cyber experts who suspect Moscow is seeking information on the incoming administration.

Three cyber security firms told Reuters that are tracking a spear-phishing campaign by a Russian-government linked group known as Cozy Bear, which is widely suspected of hacking the Democratic Party ahead of the election.

“Probably now they are trying to rush to gain access to certain targets where they can get a better understanding on what is going on in Washington after the election and during the transition period,” said Jaime Blasco, chief scientist with cyber security firm AlienVault.

Targets included the Council for Foreign Relations, said Adam Segal, a security expert with the think tank. His colleagues include former U.S. Senator John D. Rockefeller IV and former Reagan administration State Department official Elliott Abrams.

Representatives with the Russian Embassy in Washington could not be reached for comment. Moscow has strongly denied that it was behind the hacks.

Spear-phishing campaigns use malware-tainted emails to infect computers of carefully selected staff at target organizations. They typically appear to be from people whom the victims know and on subjects of interest to them.

Some of the emails appeared to be from Harvard University under the subject line, “Why American Elections are flawed,” according to Washington-based cyber security firm Volexity.

The attacks began as the Obama administration was weighing if and how it might respond in its final two months to a series of high-profile hacks on Democratic Party organizations that U.S. intelligence officials have publicly blamed on Moscow.

A former senior Obama administration official said on Thursday that the White House had decided to take action against Russia after the election but no decision had been made on exactly how to respond.

Options included U.S. prosecutors indicting Russians believed to be behind the attacks, applying new economic sanctions against Moscow and the United States launching a retaliatory cyber attack against Russia, said the former official who asked not to be named.

White House officials feared that retaliating before the election could have led Russia to launch a major cyber attack on the United States that would have disrupted the banking system, power grid or internet service. But they said administration officials had decided that the United States needed to show after the election that it would respond to state-sponsored cyber attacks, said the former official.

Trump has said he is not convinced Russia was behind the attacks. He has yet to fill key national security posts, which makes it difficult to assess how his administration might handle the issue.

Harvard’s chief information security officer, Christian Hamer, warned staff about the attacks on Thursday afternoon, saying that federal law enforcement was investigating.

He said some of the emails used in the campaign appeared as if they were sent from members of Harvard’s Faculty of Arts and Sciences, using the school’s branding.

An FBI representative declined comment.

(Reporting by Jim Finkle in Boston and Dustin Volz in Washington. Additional reporting by David Rohde in New York and Steve Holland in Washington.; Editing by Cynthia Osterman)

Proposals to curb online speech viewed as threat to open internet

Anonymous members protesting censorship of Internet usage

By Yasmeen Abutaleb and Alastair Sharp

SAN FRANCISCO/ TORONTO (Reuters) – At least a dozen countries are considering or have enacted laws restricting online speech, a trend that is alarming policymakers and others who see the internet as a valuable medium for debate and expression.

Such curbs are called out as a threat to the open internet in a report on internet governance set to be released today at an Organization for Economic Cooperation and Development meeting in Cancun, Mexico.

The report, reviewed by Reuters, warns of dangers for the global internet, including intrusive surveillance, rising cybercrime and fragmentation as governments exert control of online content.

It was prepared by the London-based Chatham House think tank and the Centre for International Governance Innovation, founded by former BlackBerry Ltd co-chief Jim Balsillie.

China and Iran long have restricted online speech. Now limitations are under discussion in countries that have had a more open approach to speech, including Brazil, Malaysia, Pakistan, Bolivia, Kenya and Nigeria.

Advocates said some of the proposals would criminalize conversations online that otherwise would be protected under the countries’ constitutions. Some use broad language to outlaw online postings that “disturb the public order” or “convey false statements” – formulations that could enable crackdowns on political speech, critics said.

“Free expression is one of the foundational elements of the internet,” said Michael Chertoff, former U.S. secretary of Homeland Security and a co-author of the internet governance report. “It shouldn’t be protecting the political interests of the ruling party or something of that sort.”

Turkey and Thailand also have cracked down on online speech, and a number of developing world countries have unplugged social media sites altogether during elections and other sensitive moments. In the U.S. as well, some have called for restrictions on Internet communications.

Speech limitations create business and ethical conflicts for companies like Facebook Inc, Twitter Inc and Alphabet Inc’s Google, platforms for debate and political organizing.

“This is the next evolution of political suppression,” said Richard Forno, assistant director of the University of Maryland, Baltimore County Center for Cybersecurity. “Technology facilitates freedom of expression, and politicians don’t like that.”

“FIGHTING DELINQUENCY”

Tanzania and Ethiopia have passed laws restricting online speech. In others, including Pakistan, Brazil, Bolivia and Kenya, proposals are under discussion or under legislative consideration, according to a review of laws by Reuters and reports by Internet activist groups.

In Bolivia, President Evo Morales earlier this year said that the country needs to “regulate the social networks.” A bill has been drafted and is ready for introduction in the legislature, said Leonardo Loza, head of one of Bolivia’s coca growers unions, a supporter of the proposal.

“It is aimed at educating and disciplining people, particularly young Bolivians, and fighting delinquency on social networks,” Loza said. “Freedom of expression can’t be lying to the people or insulting citizens and politicians.”

A bill in Pakistan would allow the government to block internet content to protect the “integrity, security or defense” of the state. The legislation, which has passed a vote in Pakistan’s lower house of parliament, is supposed to target terrorism, but critics said the language is broad.

It comes after Pakistan blocked YouTube in 2012 when a video it deemed inflammatory sparked protests across the country and much of the Muslim world.

Earlier this year, YouTube, which is owned by Google, agreed to launch a local version of its site in the country. But now, the internet report said, the Pakistan Telecommunications Authority can ask the company to remove any material it finds offensive.

COMPANIES IN THE CROSSFIRE

U.S. internet companies have faced mounting pressure in recent years to restrict content. Companies’ terms of service lay out what users can and cannot post, and they said they apply a single standard globally. They aim to comply with local laws, but often confront demands to remove even legal content.

The new laws threaten to raise a whole new set of compliance and enforcement issues.

“There’s a technical question, which is, could you comply if you wanted to, and then the bigger meta question is why would you want to cooperate with this politicized drive to suppress freedom of expression,” said Andrew McLaughlin, Google’s former director of global policy and now leading content organization at Medium.

Facebook, Twitter and Google declined to comment for this story.

(Reporting By Yasmeen Abutaleb and Alastair Sharp; Additional reporting by Daniel Ramos in La Paz, Bolivia; Editing by Jonathan Weber and Lisa Girion)