Tag Archives: Cyber Security

St. Jude warns of heart device battery issue linked to two deaths

The ticker and trading information for St. Jude Medical is displayed where the stock is traded on the floor of the New York Stock Exchange (NYSE) in New York City, U.S

By Jim Finkle

(Reuters) – St. Jude Medical Inc warned on Tuesday that some of its implanted heart devices were at risk of premature battery depletion, a condition it said had been linked to two deaths.

News of the issue surfaced late on Monday when short-selling firm Muddy Waters tweeted a copy of a physician advisory on the matter from St. Jude, which agreed in April to sell itself for $25 billion to Abbott Laboratories.

The letter said problems with the lithium batteries that power the devices were rare and could be identified by patients using tools for monitoring battery levels at home.

Patients should seek immediate medical attention as soon as they get a low-battery alert from the monitoring devices, the U.S. Food and Drug Administration said, adding that St. Jude Medical had initiated a recall of the defibrillators.

St. Jude’s shares were down 2.4 percent at $79.35 in premarket trading on Tuesday, while Abbott’s were down 1.7 percent at $42.75. A spokesman for the drugmaker said it still expected to close the St. Jude deal by the end of the year.

The advisory comes as St. Jude is defending itself against unrelated allegations that its heart devices are riddled with defects that make them vulnerable to fatal cyber hacks.

Those claims were made by Muddy Waters and research firm MedSec Holdings. St. Jude has denied the allegations and sued both firms.

The FDA said on Tuesday its investigation into the cyber security vulnerabilities of the devices, including the Merlin@Home monitoring system, was continuing.

“Despite the allegations, at this time, the FDA strongly recommends that the Merlin@Home device be used to monitor the battery for these affected devices because the benefits of continued patient monitoring and the life-saving therapy these devices provide greatly outweighs any potential cybersecurity vulnerabilities,” the FDA said in a statement.

SMALL RISK

St. Jude said that out of nearly 400,000 devices manufactured through May last year, it had identified 841 failed implanted cardioverter defibrillators with lithium clusters, which can form after a device delivers electricity to the heart.

Lithium clusters sometimes cause battery power to deplete quickly, rendering devices unable to deliver doses of electricity when needed, St. Jude’s vice president of quality control, Jeff Fecho, said in a physician advisory.

“There have been two deaths that have been associated with the loss of defibrillation therapy as a result of premature battery depletion,” Fecho wrote in the letter.

Cowen & Co analysts said in a note that while such letters were never a positive, they were common in the industry and there was little risk to St. Jude’s business.

St. Jude advised physicians to replace devices with damaged batteries immediately, but cautioned against swapping out devices that were operating normally because of the potential for complications.

“While this risk is very small, we have provided doctors with information so that they can discuss the most appropriate course of action for each individual patient,” St. Jude’s chief medical officer, Mark Carlson, said in a statement.

St. Jude advised patients to check its website for details on which devices were affected. (http://www.sjm.com/batteryadvisory).

The site tells patients how they can monitor battery activity, look for vibrating alerts when batteries are low and connect to the Merlin.net remote monitoring service.

Battery-depletion advisories have issued in the past by Boston Scientific Corp and Medtronic Plc .

(Reporting by Jim Finkle in Boston and Ankur Banerjee and Natalie Grover in Bengaluru; Editing by Paul Tait and Ted Kerr)

Exclusive: Yahoo secretly scanned customer emails for U.S. intelligence – sources

Yahoo billboard

By Joseph Menn

SAN FRANCISCO (Reuters) – Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.

The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.

Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to an intelligence agency’s request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified.

Reuters was unable to determine what data Yahoo may have handed over, if any, and if intelligence officials had approached other email providers besides Yahoo with this kind of request.

According to two of the former employees, Yahoo Chief Executive Marissa Mayer’s decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc.

“Yahoo is a law abiding company, and complies with the laws of the United States,” the company said in a brief statement in response to Reuters questions about the demand. Yahoo declined any further comment.

Through a Facebook spokesman, Stamos declined a request for an interview.

The NSA referred questions to the Office of the Director of National Intelligence, which declined to comment.

The request to search Yahoo Mail accounts came in the form of a classified edict sent to the company’s legal team, according to the three people familiar with the matter.

U.S. phone and Internet companies are known to have handed over bulk customer data to intelligence agencies. But some former government officials and private surveillance experts said they had not previously seen either such a broad demand for real-time Web collection or one that required the creation of a new computer program.

“I’ve never seen that, a wiretap in real time on a ‘selector,'” said Albert Gidari, a lawyer who represented phone and Internet companies on surveillance issues for 20 years before moving to Stanford University this year. A selector refers to a type of search term used to zero in on specific information.

“It would be really difficult for a provider to do that,” he added.

Experts said it was likely that the NSA or FBI had approached other Internet companies with the same demand, since they evidently did not know what email accounts were being used by the target. The NSA usually makes requests for domestic surveillance through the FBI, so it is hard to know which agency is seeking the information.

Alphabet Inc’s Google and Microsoft Corp, two major U.S. email service providers, separately said on Tuesday that they had not conducted such email searches.

“We’ve never received such a request, but if we did, our response would be simple: ‘No way’,” a spokesman for Google said in a statement.

A Microsoft spokesperson said in a statement, “We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.” The company declined to comment on whether it had received such a request.

CHALLENGING THE NSA

Under laws including the 2008 amendments to the Foreign Intelligence Surveillance Act, intelligence agencies can ask U.S. phone and Internet companies to provide customer data to aid foreign intelligence-gathering efforts for a variety of reasons, including prevention of terrorist attacks.

Disclosures by former NSA contractor Edward Snowden and others have exposed the extent of electronic surveillance and led U.S. authorities to modestly scale back some of the programs, in part to protect privacy rights.

Companies including Yahoo have challenged some classified surveillance before the Foreign Intelligence Surveillance Court, a secret tribunal.

Some FISA experts said Yahoo could have tried to fight last year’s demand on at least two grounds: the breadth of the directive and the necessity of writing a special program to search all customers’ emails in transit.

Apple Inc made a similar argument earlier this year when it refused to create a special program to break into an encrypted iPhone used in the 2015 San Bernardino massacre. The FBI dropped the case after it unlocked the phone with the help of a third party, so no precedent was set.

“It is deeply disappointing that Yahoo declined to challenge this sweeping surveillance order, because customers are counting on technology companies to stand up to novel spying demands in court,” Patrick Toomey, an attorney with the American Civil Liberties Union, said in a statement.

Some FISA experts defended Yahoo’s decision to comply, saying nothing prohibited the surveillance court from ordering a search for a specific term instead of a specific account. So-called “upstream” bulk collection from phone carriers based on content was found to be legal, they said, and the same logic could apply to Web companies’ mail.

As tech companies become better at encrypting data, they are likely to face more such requests from spy agencies.

Former NSA General Counsel Stewart Baker said email providers “have the power to encrypt it all, and with that comes added responsibility to do some of the work that had been done by the intelligence agencies.”

SECRET SIPHONING PROGRAM

Mayer and other executives ultimately decided to comply with the directive last year rather than fight it, in part because they thought they would lose, said the people familiar with the matter.

Yahoo in 2007 had fought a FISA demand that it conduct searches on specific email accounts without a court-approved warrant. Details of the case remain sealed, but a partially redacted published opinion showed Yahoo’s challenge was unsuccessful.

Some Yahoo employees were upset about the decision not to contest the more recent edict and thought the company could have prevailed, the sources said.

They were also upset that Mayer and Yahoo General Counsel Ron Bell did not involve the company’s security team in the process, instead asking Yahoo’s email engineers to write a program to siphon off messages containing the character string the spies sought and store them for remote retrieval, according to the sources.

The sources said the program was discovered by Yahoo’s security team in May 2015, within weeks of its installation. The security team initially thought hackers had broken in.

When Stamos found out that Mayer had authorized the program, he resigned as chief information security officer and told his subordinates that he had been left out of a decision that hurt users’ security, the sources said. Due to a programming flaw, he told them hackers could have accessed the stored emails.

Stamos’s announcement in June 2015 that he had joined Facebook did not mention any problems with Yahoo. (http://bit.ly/2dL003k)

In a separate incident, Yahoo last month said “state-sponsored” hackers had gained access to 500 million customer accounts in 2014. The revelations have brought new scrutiny to Yahoo’s security practices as the company tries to complete a deal to sell its core business to Verizon Communications Inc for $4.8 billion.

(Reporting by Joseph Menn; Editing by Jonathan Weber and Tiffany Wu)

FBI Probes Hacks targeting phones of Democratic Party officials

The headquarters of the Democratic National Committee is seen in Washington,

By Mark Hosenball

WASHINGTON (Reuters) – The FBI is investigating suspected attempts to hack mobile phones used by Democratic Party officials as recently as the past month, four people with direct knowledge of the attack and the investigation told Reuters.

The revelation underscores the widening scope of the U.S. criminal inquiry into cyber attacks on Democratic Party organizations, including the presidential campaign of its candidate, former U.S. Secretary of State Hillary Clinton.

U.S. officials have said they believe those attacks were orchestrated by hackers backed by the Russian government, possibly to disrupt the Nov. 8 election in which Clinton faces Republican Party candidate Donald Trump. Russia has dismissed allegations it was involved in cyber attacks on the organizations.

The more recent attempted phone hacking also appears to have been conducted by Russian-backed hackers, two people with knowledge of the situation said.

Federal Bureau of Investigation representatives had no immediate comment, and a Clinton campaign spokesman said they were unaware of the suspected phone hacking.

The Democratic National Committee (DNC) did not respond to a request for comment. An official of the Democratic Congressional Campaign Committee (DCCC) said that nobody at the organization had been contacted by investigators about possible phone hacking.

Interim DNC Chairwoman Donna Brazile told CNN: “Our struggle with the Russian hackers that we announced in June is ongoing – as we knew it would be – and we are choosing not to provide general updates unless personal data or other sensitive information has been accessed or stolen.”

FBI agents had approached a small number of Democratic Party officials to discuss concerns their mobile phones may have been compromised by hackers, people involved said. It was not clear how many people were targeted by the hack or whether they included members of Congress, a possibility that could raise additional security concerns for U.S. officials.

‘OFFICE BRAIN’

If they were successful, hackers could have been able to acquire a wide range of data from targeted cellphones, including call data, text messages, emails, photos and contact lists, one person with knowledge of the situation said.

“In a sense, your phone is your office brain,” said Bruce Schneier, a cyber security expert with Resilient, an IBM company, which is not involved in the investigation. “It’s incredibly intimate.”

“Anything that’s on your phone, if your phone is hacked, the hacker can get it.”

The FBI has asked some of those whose phones were believed to have hacked to turn over their phones so that investigators could “image” them, creating a copy of the device and related data.

U.S. investigators are looking into whether hackers used data stolen from servers run by Democratic organizations or the private emails of their employees to get access to cellphones, one person said.

Hackers previously targeted servers used by the DNC, the body that sets strategy for the party, and the DCCC, which raises money for Democrats running for seats in the House of Representatives, officials have said.

Clinton said during Monday’s presidential debate there was “no doubt” Russia has sponsored hacks against “all kinds of organizations in our country” and mentioned Russian President Vladimir Putin by name.

“Putin is playing a really tough, long game here. And one of the things he’s done is to let loose cyber attackers to hack into government files, to hack into personal files, hack into the Democratic National Committee,” Clinton said.

Trump countered that there was no definitive proof that Russia had sponsored the hacks of Democratic organizations.

“I don’t think anybody knows it was Russia that broke into the DNC,” he said. “It could be Russia, but it could also be China. It could also be lots of other people.”

(Reporting By Mark Hosenball; Editing by Kevin Krolicki and Grant McCool)

Probe of leaked U.S. NSA hacking tools examines operative’s ‘mistake’

The logo of the U.S. National Security Agency

By Joseph Menn and John Walcott

SAN FRANCISCO/WASHINGTON (Reuters) – A U.S. investigation into a leak of hacking tools used by the National Security Agency is focusing on a theory that one of its operatives carelessly left them available on a remote computer and Russian hackers found them, four people with direct knowledge of the probe told Reuters.

The tools, which enable hackers to exploit software flaws in computer and communications systems from vendors such as Cisco Systems and Fortinet Inc, were dumped onto public websites last month by a group calling itself Shadow Brokers.

The public release of the tools coincided with U.S. officials saying they had concluded that Russia or its proxies were responsible for hacking political party organizations in the run-up to the Nov. 8 presidential election. On Thursday, lawmakers accused Russia of being responsible.

Various explanations have been floated by officials in Washington as to how the tools were stolen. Some feared it was the work of a leaker similar to former agency contractor Edward Snowden, while others suspected the Russians might have hacked into NSA headquarters in Fort Meade, Maryland.

But officials heading the FBI-led investigation now discount both of those scenarios, the people said in separate interviews.

NSA officials have told investigators that an employee or contractor made the mistake about three years ago during an operation that used the tools, the people said.

That person acknowledged the error shortly afterward, they said. But the NSA did not inform the companies of the danger when it first discovered the exposure of the tools, the sources said. Since the public release of the tools, the companies involved have issued patches in the systems to protect them.

Investigators have not ruled out the possibility that the former NSA person, who has since departed the agency for other reasons, left the tools exposed deliberately. Another possibility, two of the sources said, is that more than one person at the headquarters or a remote location made similar mistakes or compounded each other’s missteps.

Representatives of the NSA, the Federal Bureau of Investigation and the office of the Director of National Intelligence all declined to comment.

After the discovery, the NSA tuned its sensors to detect use of any of the tools by other parties, especially foreign adversaries with strong cyber espionage operations, such as China and Russia.

That could have helped identify rival powers’ hacking targets, potentially leading them to be defended better. It might also have allowed U.S officials to see deeper into rival hacking operations while enabling the NSA itself to continue using the tools for its own operations.

Because the sensors did not detect foreign spies or criminals using the tools on U.S. or allied targets, the NSA did not feel obligated to immediately warn the U.S. manufacturers, an official and one other person familiar with the matter said.

In this case, as in more commonplace discoveries of security flaws, U.S. officials weigh what intelligence they could gather by keeping the flaws secret against the risk to U.S. companies and individuals if adversaries find the same flaws.

Critics of the Obama administration’s policies for making those decisions have cited the Shadow Brokers dump as evidence that the balance has tipped too far toward intelligence gathering.

The investigators have not determined conclusively that the Shadow Brokers group is affiliated with the Russian government, but that is the presumption, said one of the people familiar with the probe and a fifth person.

One reason for suspecting government instead of criminal involvement, officials said, is that the hackers revealed the NSA tools rather than immediately selling them.

The publication of the code, on the heels of leaks of emails by Democratic Party officials and preceding leaks of emails by former U.S. Secretary of State Colin Powell, could be part of a pattern of spreading harmful and occasionally false information to further the Russian agenda, said Jim Lewis, a cybersecurity expert at the Center for Strategic and International Studies.

“The dumping is a tactic they’ve been developing for the last five years or so,” Lewis said. “They try it, and if we don’t respond they go a little further next time.”

(Reporting by Joseph Menn in San Francisco and John Walcott in Washington; Editing by Jonathan Weber and Grant McCool)

Yahoo to provide details on massive data breach

A Yahoo logo is seen on top of the building where they have offices in New York City, U.S.,

(Reuters) – Yahoo Inc will disclose details this week of a data breach that compromised the data of several hundred million users, technology news site Recode reported on Thursday, citing unnamed sources familiar with the company’s plan.

Reuters was not able to immediately confirm the report.

It was not clear how such a disclosure might affect Yahoo’s plan to sell its email service and other core internet properties to Verizon Communications Inc for $4.8 billion.

Yahoo might have to force users to reset their passwords, the Recode report said, citing unnamed sources.

The report follows an Aug. 1 story in the technology news site, Motherboard, that said a cyber criminal known as Peace was selling the data of about 200 million Yahoo users, but did not confirm its authenticity.

The Motherboard report was published a week after Verizon announced its deal with Yahoo.

Peace was selling that batch of data on the 200 million Yahoo users for 3 bitcoin, or around $1,860, according to Motherboard. The possibly compromised data includes user names, birth dates, some backup email addresses and scrambled passwords, Motherboard said.

(Reporting by Jim Finkle in Boston and Aishwarya Venugopal in Bengaluru; Editing by Ted Kerr and Bernadette Baum)

McCain vows to block proposed separation of NSA, cyber command

U.S. Senator John McCain speaks at the Munich Security Conference in Munich, Germany,

By Patricia Zengerle

WASHINGTON (Reuters) – U.S. Senator John McCain said on Tuesday he would use his power to block the confirmation of a key cybersecurity official if necessary to prevent any Obama administration move to separate the U.S. Cyber Command from the National Security Agency.

“I do not believe rushing to separate the ‘dual hat’ in the final months of an administration is appropriate, given the very serious challenges we face in cyberspace,” McCain, the Republican chairman of the Senate Armed Services Committee, said at a hearing.

“Dual hat” refers to one individual holding both positions.

Current and former U.S. officials told Reuters in August that President Barack Obama’s administration was preparing to elevate the stature of the Department of Defense’s Cyber Command, including separating it from the NSA.

Officials argued that the focus of the NSA, a spy agency responsible for electronic eavesdropping, is gathering intelligence, often favoring the monitoring of an enemy’s cyber activities.

Cyber Command’s mission is geared more to shutting down cyber attacks – and, if ordered, counter attacking.

McCain said the two agencies must work closely together to protect U.S. national security and he would block any nominee if that person was not nominated both to run the NSA and lead Cyber Command.

He also said he wanted the administration to provide his panel with detailed plans of its proposed reorganization.

“This committee does not take well to being stonewalled while their colleagues in the administration leak information to the press,” McCain said.

Admiral Mike Rogers, the current NSA director and head of Cyber Command, told the hearing that he did not think it was in the best U.S. national security interest at this point to separate the two functions.

(Reporting by Patricia Zengerle; Editing by Bill Trott)

White House names retired Air Force general as first cyber security chief

By Dustin Volz

WASHINGTON (Reuters) – The White House on Thursday named a retired U.S. Air Force brigadier general as the government’s first federal cyber security chief, a position announced eight months ago that is intended to improve defenses against hackers.

Gregory Touhill’s job will be to protect government networks and critical infrastructure from cyber threats as federal chief information security officer, according to a statement.

The administration of President Barack Obama has made bolstering federal cyber security a top priority in his last year in office. The issue has gained more attention because of high-profile breaches in recent years of government and private sector computers.

U.S. intelligence officials suspect Russia was responsible for breaches of Democratic political organizations and state election systems to exert influence on the Nov. 8 presidential election. Russia has dismissed the allegations as absurd.

Obama announced the new position in February alongside a budget proposal to Congress asking for $19 billion for cyber security across the U.S. government. The job is a political appointment, meaning Obama’s successor can choose to replace Touhill after being sworn in next January.

Touhill is currently a deputy assistant secretary for cyber security and communications at the Department of Homeland Security.

He will begin his new role later this month, a source familiar with the matter said. Touhill’s responsibilities will include creating and implementing policy for best security practices across federal agencies and conducting periodic audits to test for weaknesses, according to the announcement.

Grant Schneider, who is the director of cyber security policy at the White House’s National Security Council, will be acting deputy to Touhill, according to the announcement.

(Reporting by Dustin Volz; editing by Cynthia Osterman and Grant McCool)

Hacking group claims to offer cyber-weapons in online auction

Cyber coder

By Joseph Menn

(Reuters) – Hackers going by the name Shadow Brokers said on Monday they will auction stolen surveillance tools they say were used by a cyber group linked to the U.S. National Security Agency.

To arouse interest in the auction, the hackers released samples of programs they said could break into popular firewall software made by companies including Cisco Systems Inc, Juniper Networks Inc and Fortinet Inc.

The companies did not respond to request for comment, nor did the NSA.

Writing in imperfect English, the Shadow Brokers promised in postings on a Tumblr blog that the auctioned material would contain “cyber weapons” developed by the Equation Group, a hacking group that cyber security experts widely believe to be an arm of the NSA. [http://reut.rs/2aVA7LD]

The Shadow Brokers said the programs they will auction will be “better than Stuxnet,” a malicious computer worm widely attributed to the United States and Israel that sabotaged Iran’s nuclear program.

Reuters could not contact the Shadow Brokers or verify their assertions. Some experts who looked at the samples posted on Tumblr said they included programs that had previously been described and therefore were unlikely to cause major damage.

“The data [released so far] appears to be relatively old; some of the programs have already been known for years,” said researcher Claudio Guarnieri, and are unlikely “to cause any significant operational damage.”

Still, they appeared to be genuine tools that might work if flaws have not been addressed. After examining the code released Monday, Matt Suiche, founder of UAE-based security startup Comae Technologies, concluded they looked like “could be used.”

Other security experts warned the posting could prove to be a hoax. The group said interested parties had to send funds in advance of winning the auction via Bitcoin currency and would not get their money back if they lost.

The auction will end at an unspecified time, Shadow Brokers said, encouraging bidders to “keep bidding until we announce winner.”

(Editing by Cynthia Osterman)

U.S. offers states help to fight election hacking

Homeland Security Secretary

By Doina Chiacu

WASHINGTON (Reuters) – The government is offering to help states protect the Nov. 8 U.S. election from hacking or other tampering, in the face of allegations by Republican Party presidential candidate Donald Trump that the system is open to fraud.

Homeland Security Secretary Jeh Johnson told state officials in a phone call on Monday that federal cyber security experts could scan for vulnerabilities in voting systems and provide other resources to help protect against infiltration, his office said in a statement.

Trump has questioned the integrity of U.S. election systems in recent weeks, but his allegations have been vague and unsubstantiated.

The attempts to sow doubts about the 2016 election results coincided with Trump’s slide in opinion polls against Democratic Party candidate Hillary Clinton and missteps in his campaign. His complaints have focused on fears of voter fraud – that people will vote more than once – rather than election rigging.

“I mean people are going to walk in, they’re going to vote 10 times maybe. Who knows? They’re going to vote 10 times. So I am very concerned and I hope the Republicans are going to be very watchful,” Trump said in an Aug. 3 interview.

President Barack Obama dismissed the claims as “ridiculous.” “Of course the elections will not be rigged. What does that mean?” Obama said at a news conference the next day.

In his phone call, Johnson encouraged the state officials to comply with federal cyber recommendations, such as making sure electronic voting machines are not connected to the internet while voting is taking place, the department said.

Concerns in both parties about manipulation of electronic electoral systems are not new. Hackers can wreak havoc in myriad ways, from hijacking a candidate’s website to hacking voting machines or deleting or changing election records.

An Electronic Privacy Information Center report this week said 32 of the 50 states would allow voting by insecure email, fax and internet portals in this election cycle.

(Reporting by Doina Chiacu; Editing by Jonathan Oatis and Grant McCool)

China says cyber rules no cause for foreign business concern

Computer mouse with China light

BEIJING (Reuters) – China’s pending cyber security law will not create obstacles for foreign business, China’s Foreign Ministry said, responding to concerns by international business lobbies over the planned rules.

More than 40 global business groups last week petitioned Premier Li Keqiang, according to a copy of a letter seen by Reuters, urging China to revise draft cyber rules they believe are vague and discriminate against foreign enterprises.

The groups say the pending rules, including a cyber security law that could be passed this year, include provisions for invasive government security reviews and onerous requirements to keep data in China.

They say the regulations would impede China’s economic growth, create barriers to market entry and impair the country’s security by isolating it technologically.

The ministry, in a faxed statement to Reuters late on Tuesday night, said the law will not be used to “carry out differential treatment and will not create obstacles and barriers for international trade and foreign businesses investing in China.”

It said companies would be able to transfer data required for business purposes outside China’s borders after passing a security evaluation.

“These evaluations are for supervising and guaranteeing that the security of this data accords with China’s security standards,” the ministry said.

“As for the legal requirement for internet operators to provide relevant data in the course of enforcement agencies’ counter-terrorism and criminal investigations, this is necessary for safeguarding national security and investigating crimes. All countries do this,” the ministry said.

‘UNNECESSARY’ CONCERNS

“The concerns of foreign investors and businesses invested in China are unnecessary,” it said.

Some foreign businesses in China are becoming increasingly pessimistic, in part due to rules companies think could make it harder to operate there.

The cyber rules have added to tensions between China and its trade partners, who have been concerned about Beijing’s Made in China 2025 plan. The proposal calls for a progressive increase in domestic components in sectors such as advanced information technology and robotics.

Business lobbies also say requirements to hand over sensitive data or source code to the government could put business secrets at risk and boost the capabilities of domestic competitors.

How much technology firms should cooperate with governments has been a contentious issue in many countries, not just in China.

Apple Inc <AAPL.O> was asked by Chinese authorities within the past two years to hand over its source code but refused, the company’s top lawyer said this year, even as U.S. law enforcement tried to get the company to unlock encrypted data from an iPhone linked to a mass shooting.

(Reporting by Michael Martina; Editing by Richard Borsuk)