Tag Archives: Cyber Security

Exclusive: Hackers accessed Telegram messaging accounts in Iran – researchers

Guy working with those whose accounts were hacked

By Joseph Menn and Yeganeh Torbati

SAN FRANCISCO/WASHINGTON (Reuters) – Iranian hackers have compromised more than a dozen accounts on the Telegram instant messaging service and identified the phone numbers of 15 million Iranian users, the largest known breach of the encrypted communications system, cyber researchers told Reuters.

The attacks, which took place this year and have not been previously reported, jeopardized the communications of activists, journalists and other people in sensitive positions in Iran, where Telegram is used by some 20 million people, said independent cyber researcher Collin Anderson and Amnesty International technologist Claudio Guarnieri, who have been studying Iranian hacking groups for three years.

Telegram promotes itself as an ultra secure instant messaging system because all data is encrypted from start to finish, known in the industry as end-to-end encryption. A number of other messaging services, including Facebook Inc’s <FB.O> WhatsApp, say they have similar capabilities.

Headquartered in Berlin, Telegram says it has 100 million active subscribers and is widely used in the Middle East, including by the Islamic State militant group, as well as in Central and Southeast Asia, and Latin America.

Telegram’s vulnerability, according to Anderson and Guarnieri, lies in its use of SMS text messages to activate new devices. When users want to log on to Telegram from a new phone, the company sends them authorization codes via SMS, which can be intercepted by the phone company and shared with the hackers, the researchers said.

Armed with the codes, the hackers can add new devices to a person’s Telegram account, enabling them to read chat histories as well as new messages.

“We have over a dozen cases in which Telegram accounts have been compromised, through ways that sound like basically coordination with the cellphone company,” Anderson said in an interview.

Telegram’s reliance on SMS verification makes it vulnerable in any country where cellphone companies are owned or heavily influenced by the government, the researchers said.

A spokesman for Telegram said customers can defend against such attacks by not just relying on SMS verification. Telegram allows – though it does not require – customers to create passwords, which can be reset with so-called “recovery” emails.

“If you have a strong Telegram password and your recovery email is secure, there’s nothing an attacker can do,” said Markus Ra, the spokesman.

Iranian officials were not available to comment. Iran has in the past denied government links to hacking.

ROCKET KITTEN

The Telegram hackers, the researchers said, belonged to a group known as Rocket Kitten, which used Persian-language references in their code and carried out “a common pattern of spearphishing campaigns reflecting the interests and activities of the Iranian security apparatus.”

Anderson and Guarnieri declined to comment on whether the hackers were employed by the Iranian government. Other cyber experts have said Rocket Kitten’s attacks were similar to ones attributed to Iran’s powerful Revolutionary Guards.

The researchers said the Telegram victims included political activists involved in reformist movements and opposition organizations. They declined to name the targets, citing concerns for their safety.

“We see instances in which people … are targeted prior to their arrest,” Anderson said. “We see a continuous alignment across these actions.”

The researchers said they also found evidence that the hackers took advantage of a programing interface built into Telegram to identify at least 15 million Iranian phone numbers with Telegram accounts registered to them, as well as the associated user IDs. That information could provide a map of the Iranian user base that could be useful for future attacks and investigations, they said.

“A systematic de-anonymization and classification of people who employ encryption tools (of some sort, at least) for an entire nation” has never been exposed before, Guarnieri said.

Ra said Telegram has blocked similar “mapping” attempts in the past and was trying to improve its detection and blocking strategies.

Cyber experts say Iranian hackers have become increasingly sophisticated, able to adapt to evolving social media habits. Rocket Kitten’s targets included members of the Saudi royal family, Israeli nuclear scientists, NATO officials and Iranian dissidents, U.S.-Israeli security firm Check Point said last November.

POPULAR IN THE MIDDLE EAST

Telegram was founded in 2013 by Pavel Durov, known for starting VKontakte, Russia’s version of Facebook, before fleeing the country under pressure from the government.

While Facebook and Twitter are banned in Iran, Telegram is widely used by groups across the political spectrum. They shared content on Telegram “channels” and urged followers to vote ahead of Iran’s parliamentary elections in February 2016.

Last October, Durov wrote in a post on Twitter that Iranian authorities had demanded the company provide them with “spying and censorship tools.” He said Telegram ignored the request and was blocked for two hours on Oct. 20, 2015.

Ra said the company has not changed its stance on censorship and does not maintain any servers in Iran.

After complaints from Iranian activists, Durov wrote on Twitter in April that people in “troubled countries” should set passwords for added security.

Amir Rashidi, an internet security researcher at the New York-based International Campaign for Human Rights in Iran, has worked with Iranian hacking victims. He said he knew of Telegram users who were spied on even after they had set passwords.

Ra said that in those cases the recovery email had likely been hacked.

Anderson and Guarnieri will present their findings at the Black Hat security conference in Las Vegas on Thursday. Their complete research is set to be published by the Carnegie Endowment for International Peace, a Washington-based think tank, later this year.

(Reporting by Joseph Menn in San Francisco and Yeganeh Torbati in Washington; Additional reporting by Michelle Nichols at the United Nations and Parisa Hafezi in Ankara; Editing by Jonathan Weber and Tiffany Wu)

U.S. weighs dangers, benefits of naming Russia in cyber hack

Hand in front of computer

By Warren Strobel and John Walcott

WASHINGTON (Reuters) – Wary of a global confrontation with Russia, U.S. President Barack Obama must carefully weigh how to respond to what security experts believe was Moscow’s involvement in the hacking of Democratic Party organizations, U.S. officials said.

Publicly blaming Russian President Vladimir Putin’s intelligence services would bring instant pressure on Washington to divulge its evidence, which relies on highly classified sources and methods, U.S. intelligence officials said.

One option for Washington is to retaliate against Russia in cyberspace. But the intelligence officials said they fear a rapid escalation in which, under a worst-case scenario, Moscow’s sophisticated cyber warriors could attack power grids, financial systems and other critical infrastructure.

Washington also has diplomacy to manage with Russia in Secretary of State John Kerry’s long-shot attempt to enlist Moscow’s help in ending the Syrian civil war and sustaining the Iran nuclear deal, as well as Russia-NATO tensions over Ukraine and Eastern Europe to manage.

“Despite how outrageous it is to interfere with a democratic election, the costs of coming out and saying the Russians did it would far outweigh the benefits, if there would be any benefits,” said one intelligence official, speaking on condition of anonymity to discuss a sensitive matter.

Russia has denied responsibility for hacking the emails of the Democratic National Committee. Also attacked were a computer network used by Democratic presidential nominee Hillary Clinton’s campaign and the party’s fundraising committee for House of Representative candidates in the Nov. 8 election.

Other current and former officials are arguing for a firm response, however. They said the hack was the latest in a series of aggressive moves by Putin, including Russia’s annexation of Crimea, military intervention to rescue Syrian President Bashar al-Assad, and funding of right-wing and anti-European Union groups in Europe.

Columbia University cyber security expert Jason Healey said at an annual security forum in Aspen, Colorado, on Saturday that the Russians had been very aggressive in cyberspace too.

“I think the president needs to start looking at brush-back pitches,” Healey said, referring to a baseball thrown near the batter as a warning.

NAME AND SHAME?

Intelligence officials and cyber experts said the intrusions themselves were not that unusual. American spy agencies conduct similar electronic espionage outside U.S. borders.

What made this hack a game-changer, they said, was the public release of the DNC emails, via the pro-transparency group WikiLeaks, in an apparent attempt to affect the election.

Government and party officials said they were unaware of any evidence that WikiLeaks had received the hacked materials directly from Russians or that WikiLeaks’ release of the materials was in any way directed by Russians.

The Justice Department’s National Security Division, which is overseeing the investigation, has publicly charged U.S. adversaries – known as “naming and shaming” – before.

The U.S. government blamed North Korea for a damaging attack on Sony Pictures, and in 2014 indicted five members of the Chinese military for computer hacking and economic espionage.

Among adversary nations with significant cyber capabilities, a list that also includes Iran, the Russian government is the only one the Justice Department has not yet charged.

Obama’s homeland security and counter-terrorism advisor Lisa Monaco said the government has developed “best practices” to investigate cyber attacks and decide when to make the results public.

Monaco, also speaking at the Aspen forum, said that in the Sony case, FBI investigators had high confidence North Korea was responsible. The attack was deemed destructive, as well as coercive, because it was retaliation for a movie parodying North Korean leader Kim Jong Un.

“Those two things, along with our confidence in the attribution and the ability to talk about it in a way that would not disclose sources and methods and hinder our ability to make such attribution in the future all combined to say, ‘We’re going to call this out’,” she said.

Elissa Slotkin, an acting assistant secretary of defense, said that for the next decade, the U.S. government faced a fundamental question in dealing with Russia: “How do you get the balance right?”

“Are we being too charitable and giving them too many opportunities to come back to the table, or are we providing such a high level of deterrence that we’re potentially provoking them?” Slotkin asked.

(Additional reporting by Mark Hosenball, Jonathan Landay and Arshad Mohammed; editing by Grant McCool)

U.S. Democratic congressional group confirms it was hacked

The headquarters of the Democratic National Committee is seen in Washington,

WASHINGTON (Reuters) – The U.S. Democratic Congressional Campaign Committee confirmed on Friday that it had been the target of a cyber security incident similar to other recent attacks, including the theft of documents from the Democratic National Committee.

The DCCC said in a statement that it took immediate action and engaged forensic investigator CrowdStrike to investigate the breach of its systems. The probe is ongoing, it added.

“The DCCC takes this matter very seriously. With the assistance of leading experts we have taken and are continuing to take steps to enhance the security of our network in the face of these recent events,” the committee said in the statement.

“We are cooperating with the federal law enforcement with respect to their ongoing investigation,” it said.

Reuters reported on Thursday that the FBI was investigating a cyber attack against the DCCC that may be related to an earlier hack against the Democratic National Committee.

The potential link to Russian hackers is likely to heighten accusations, so far unproven, that Moscow is trying to meddle in the U.S. presidential election campaign to help Republican nominee Donald Trump.

The Kremlin denied involvement in the DCCC cyber attack.

Hacking of the DNC’s emails caused discord among Democrats at the party’s convention in Philadelphia to nominate Hillary Clinton as its presidential candidate.

(Reporting by Dustin Volz; Writing by David Alexander; Editing by Susan Heavey and Frances Kerry)

U.S. theory on Democratic Party breach: Hackers meant to leave Russia’s mark

secure URL picture

By John Walcott, Joseph Menn and Mark Hosenball

WASHINGTON (Reuters) – Some U.S. intelligence officials suspect that Russian hackers who broke into Democratic Party computers may have deliberately left digital fingerprints to show Moscow is a “cyberpower” that Washington should respect.

Three officials, all speaking on condition of anonymity, said the breaches of the Democratic National Committee (DNC) were less sophisticated than other cyber intrusions that have been traced to Russian intelligence agencies or criminals.

For example, said one official, the hackers used some Cyrillic characters, worked during Russian government business hours but not on Russian religious or political holidays.”Either these guys were incredibly sloppy, in which case it’s not clear that they could have gotten as far as they did without being detected, or they wanted us to know they were Russian,” said the official.

Private sector cyber security experts agreed that the evidence clearly points to Russian hackers but dismissed the idea that they intentionally left evidence of their identities.

These experts – who said they have examined the breach in detail – said the Cyrillic characters were buried in metadata and in an error message. Other giveaways, such as a tainted Internet protocol address, also were difficult to find.

Russian hacking campaigns have traditionally been harder to track than China’s but not impossible to decipher, private sector experts said. But the Russians have become more aggressive and easier to detect in the past two years, security experts said, especially when they are trying to move quickly.

False flags have grown more common, but the government and private experts do not believe that is involved in the DNC case.

The two groups of hackers involved are adept at concealing their intrusions, said Laura Galante, head of global threat intelligence at FireEye, whose Mandiant subsidiary conducted forensic analysis of the attack and corroborated the findings of another cyber company, CrowdStrike.

Russian officials have dismissed the allegations of Moscow’s involvement as absurd. Russian Foreign Minister Sergei Lavrov, in his only response to reporters, said: “I don’t want to use four-letter words.”

EMBARRASSING EMAILS

While private cyber experts and the government were aware of the political party’s hacking months ago, embarrassing emails were leaked last weekend by the WikiLeaks anti-secrecy group just as the Democratic Party prepared to anoint Hillary Clinton as its presidential candidate for the Nov. 8 election.

DNC chairwoman, Debbie Wasserman Schultz, resigned after the leaked emails showed party leaders favoring Clinton over her rival in the campaign for the nomination, U.S. Senator Bernie Sanders of Vermont. The committee is supposed to be neutral.

The U.S. intelligence officials conceded that they had based their views on deductive reasoning and not conclusive evidence, but suggested Russia’s aim probably was much broader than simply undermining Clinton’s campaign.

They said the hack fit a pattern of Russian President Vladimir Putin pushing back on what he sees as the United States and its European allies trying to weaken Russia.

“Call it the cyber equivalent of buzzing NATO ships and planes using fighters with Russian flags on their tails,” said one official.

Two sources familiar with Democratic Party investigations into the hacking said the private email accounts of Democratic Party officials were targeted as well as servers.

They said that the FBI had advised the DNC that it was looking into the hacking of the individual officials’ private accounts. They also said the FBI also requested additional information identifying the personal email accounts of certain party officials.

The DNC hired CrowdStrike to investigate the hack. It spent about six weeks, from late April to about June 11 or 12, monitoring the systems and watching while the hackers – who they believed were Russian – operated inside the systems, one of the sources said.

What actions, if any, the Obama administration will take are unclear and could depend on what diplomatic considerations may ultimately be involved, a former White House cyber security official said.

In past cases, administration officials have decided to publicly blame North Korea and indict members of China’s military for hacking because the administration decided that the net benefit of public shaming – and increased awareness brought to cyber security – outweighed potential risks, the former official said.

But “the Russia calculation is far more difficult and precarious,” the former official said. “Russia is a much more aggressive, capable foreign actor both in the traditional military sense and in the cyber realm” and that made public attribution or covert retaliation much less likely.

The former official, and a source familiar with the Democratic Party investigations, said that they also were unaware of any U.S. intelligence clearly demonstrating that WikiLeaks had received the hacked materials directly from Russians or that WikiLeaks’ release of the materials was in any way directed by Russians.

(Reporting By John Walcott, Joseph Menn and Mark Hosenball; Additional reporting by Dustin Volz; Editing by David Rohde and Grant McCool)

U.S. to sanction cyber attackers, cites Russia, China

US sanctioning cyber attackers

WASHINGTON (Reuters) – The United States will use sanctions against those behind cyber attacks that target transportation systems or the power grid, the White House said on Tuesday, citing Russia and China as increasingly assertive and sophisticated cyber operators.

The sanctions will be used “when the conditions are right and when actions will further U.S. policy,” White House counter terrorism adviser Lisa Monaco said in prepared remarks to a cyber security conference.

Monaco cited an “increasingly diverse and dangerous” global landscape in which Iran has launched denial-of-service attacks on U.S. banks and North Korea has shown it would conduct destructive attacks.

“To put it bluntly, we are in the midst of a revolution of the cyber threat – one that is growing more persistent, more diverse, more frequent and more dangerous every day,” she said.

The United States is working with other countries to adopt voluntary norms of responsible cyber behavior and work to reduce malicious activity, she said. At the same time, it will use an executive order authorizing sanctions against those who attack U.S. critical infrastructure.

Monaco introduced a new directive from President Barack Obama that establishes a “clear framework” to coordinate the government’s response to cyber incidents.

“It will help answer a question heard too often from corporations and citizens alike – ‘In the wake of an attack, who do I call for help?'” she said.

(Reporting by Doina Chiacu; Editing by Jonathan Oatis)

Behind Democrats’ email leak, U.S. experts see a Russian subplot

By Mark Hosenball and Arshad Mohammed

WASHINGTON (Reuters) – If the Russian government is behind the theft and release of embarrassing emails from the Democratic Party, as U.S. officials have suggested, it may reflect less a love of Donald Trump or enmity for Hillary Clinton than a desire to discredit the U.S. political system.

A U.S. official who is taking part in the investigation said that intelligence collected on the hacking of Democratic National Committee (DNC) emails released by Wikileaks on Friday “indicates beyond a reasonable doubt that it originated in Russia.”

The timing on the eve of Clinton’s formal nomination this week for the Nov. 8 presidential election has raised questions about whether Russia may have been trying to hurt her, to help Trump, her Republican rival, or to fan populist sentiment against establishment politicians as it has sought to do across Europe in recent years.

“Certainly Russia has become a master at manipulating information for their strategic goals: Witness the information bubble they have created for their threatening behavior in the Crimea, the Ukraine and elsewhere,” said former CIA and National Security Agency director Michael Hayden. “A step like this, however, would be really upping their game.”

The emails showed that DNC officials explored ways to undermine U.S. Senator Bernie Sanders’ presidential campaign against Clinton and raised questions about whether Sanders, who is Jewish, was really an atheist.

The disclosures confirmed Sanders’ frequent charge that the party played favorites against him and clouded a party convention Clinton hoped would signal unity, not division.

PUTIN’S COUNTERPUNCH?

Two U.S. intelligence officials, speaking on condition of anonymity, said the hack could be part of a broader campaign by Russian President Vladimir Putin to push back against what he thinks is an effort by the European Union and NATO, a military alliance of European and North American democracies, to encircle and weaken Russia.

One of the officials called the fear “a hangover” from Putin’s service in the KGB, the Soviet intelligence agency.

“Time and again, we’re seeing Russia push back at what Putin considers Russia’s mortal enemies,” said the other official. “He’s been actively attacking the U.S.-backed rebels in Syria, buzzing ships and planes in the Black Sea and the Baltic, not to mention invading Ukraine and seizing Crimea. This fits the pattern.”

Despite Clinton’s short-lived attempt as secretary of state to “reset” U.S.-Russian relations after U.S. President Barack Obama took office in 2009, the leaked emails could damage a candidate the Kremlin may consider hostile and benefit her opponent, who has been friendlier.

Putin accused Clinton of stirring up protests against his rule after a December 2011 Russian parliamentary election that was marred by allegations of fraud, saying she had encouraged “mercenary” Kremlin foes by criticizing the vote.

“She set the tone for some opposition activists, gave them a signal, they heard this signal and started active work,” Putin told supporters.

Asked about claims that Russian intelligence had hacked the DNC to obtain the emails, Wikileaks founder Julian Assange told NBC News’ Richard Engel “there is no proof of that whatsoever” and said “this is a diversion” pushed by the Clinton campaign.

TRUMP’S WARMER TONEAnalysts said Russia’s goal may be much broader than simply meddling in the U.S. presidential election.

“It’s a gross oversimplification to suggest that the Russian government is all-in for Donald Trump,” said Andrew Weiss, a Russia analyst at the Carnegie Endowment for International Peace, a Washington-based think tank.

“It’s in Russia’s interest … to portray the United States as riven with popular discontent, xenophobia and high-level political corruption,” Weiss said. “It fits nicely with the Kremlin’s standard narrative … that the White House rushes to criticize others without getting its own house in order.”

The Russian leader may well have been encouraged by Trump’s comments to The New York Times last week that with him in the White House, NATO might not automatically defend the Baltic states that were once a part of the Russian-led Soviet Union.

Despite public Trump-Putin exchanges of praise, Eugene Rumer, a former national intelligence officer for Russia and Eurasia, warned against reaching any quick conclusions about Putin’s view of Trump.

“We can say with some degree of confidence that they don’t like Hillary,” Rumer said. “It’s less clear that they like Trump, although over the years the Russians have said they prefer to deal with the Republicans – (that) they are kind of hard-line but they can do deals.”

A diplomat with experience working on Russia said the Kremlin also might be betting that Clinton will win and is sending a shot across her bow.

“Messing with her like this now puts her on notice that these are tough guys that she’s got to be really careful with,” said the diplomat, who spoke on condition of anonymity.

A U.S. intelligence official who is reviewing the emails as part of the investigation into their origin said that those emails describing the privileges the Democratic National Committee showers on its wealthiest donors bolster the Russian narrative of an American political system rigged by the wealthy and riddled with corruption.

“In addition to countering the U.S. narrative that the Russian government is a corrupt oligarchy, leaking these emails fits rather conveniently with Trump’s charges about a rigged system and ‘crooked Hillary’,” said the official, who spoke on condition of anonymity to discuss domestic politics.

(Reporting by Mark Hosenball, Arshad Mohammed and John Walcott.; Additional reporting by Jonathan Landay; Writing by Arshad Mohammed; Editing by John Walcott and Howard Goller)

Keyboard warriors: South Korea trains new frontline in decades-old war with North

Student training to be hacker

By Ju-min Park

SEOUL (Reuters) – In one college major at Seoul’s elite Korea University, the courses are known only by number, and students keep their identities a secret from outsiders.

The Cyber Defense curriculum, funded by the defense ministry, trains young keyboard warriors who get a free education in exchange for a seven-year commitment as officers in the army’s cyber warfare unit – and its ongoing conflict with North Korea.

North and South Korea remain in a technical state of war since the 1950-53 Korean War ended in an armed truce. Besides Pyongyang’s nuclear and rocket program, South Korea says the North has a strong cyber army which it has blamed for a series of attacks in the past three years.

The cyber defense program at the university in Seoul was founded in 2011, with the first students enrolled the following year.

One 21-year-old student, who allowed himself to be identified only by his surname Noh, said he had long been interested in computing and cyber security and was urged by his father to join the program. All South Korean males are required to serve in the military, usually for up to two years.

“It’s not a time burden but part of a process to build my career,” Noh said.

“Becoming a cyber warrior means devoting myself to serve my country,” he said in a war room packed with computers and wall-mounted flat screens at the school’s science library.

South Korea, a key U.S. ally, is one of the world’s most technologically advanced countries.

That makes its networks that control everything from electrical power grids to the banking system vulnerable against an enemy that has relatively primitive infrastructure and thus few targets against which the South can retaliate.

“In relative terms, it looks unfavorable because our country has more places to defend, while North Korea barely uses or provides internet,” said Noh.

Last year, South Korea estimated that the North’s “cyber army” had doubled in size over two years to 6,000 troops, and the South has been scrambling to ramp up its capability to meet what it considers to be a rising threat.

The United States and South Korea announced efforts to strengthen cooperation on cyber security, including “deepening military-to-military cyber cooperation,” the White House said during President Park Geun-hye’s visit to Washington in October.

In addition to the course at Korea University, the national police has been expanding its cyber defense capabilities, while the Ministry of Science, ICT and Future Planning started a one-year program in 2012 to train so-called “white hat” – or ethical – computer hackers.

NORTH’S CYBER OFFENSIVES

Still, the North appears to have notched up successes in the cyber war against both the South and the United States.

Last week, South Korean police said the North hacked into more than 140,000 computers at 160 South Korean companies and government agencies, planting malicious code under a long-term plan laying groundwork for a massive cyber attack against its rival.

In 2013, Seoul blamed the North for a cyber attack on banks and broadcasters that froze computer systems for over a week.

North Korea denied responsibility.

The U.S. Federal Bureau of Investigation has blamed Pyongyang for a 2014 cyber attack on Sony Pictures’ network as the company prepared to release “The Interview,” a comedy about a fictional plot to assassinate North Korean leader Kim Jong Un. The attack was followed by online leaks of unreleased movies and emails that caused embarrassment to executives and Hollywood personalities.

North Korea described the accusation as “groundless slander.”

South Korea’s university cyber defense program selects a maximum of 30 students each year, almost all of them men. On top of free tuition, the school provides 500,000 won ($427) per month support for each student for living expenses, according to Korea University Professor Jeong Ik-rae.

The course trains pupils in disciplines including hacking, mathematics, law and cryptography, with students staging mock hacking attacks or playing defense, using simulation programs donated by security firms, he said.

The admission to the selective program entails three days of interviews including physical examinations, attended by military officials along with the school’s professors, he said.

While North Korea’s cyber army outnumbers the South’s roughly 500-strong force, Jeong said a small group of talented and well-trained cadets can be groomed to beat the enemy.

Jeong, an information security expert who has taught in the cyber defense curriculum since 2012, said the school benchmarks itself on Israel’s elite Talpiot program, which trains gifted students in areas like technology and applied sciences as well as combat. After graduating, they focus on areas like cybersecurity and missile defense.

“It’s very important to have skills to respond when attacks happen – not only to defend,” Jeong said.

(Editing by Tony Munroe and Raju Gopalakrishnan)

Massive cyber attack could trigger NATO response: Stoltenberg

NATO Secretary-General Jens Stoltenberg

BERLIN (Reuters) – A major cyber attack could trigger a collective response by NATO, NATO Secretary General Jens Stoltenberg said in an interview published by Germany’s Bild newspaper on Thursday.

“A severe cyber attack may be classified as a case for the alliance. Then NATO can and must react,” the newspaper quoted Stoltenberg as saying. “How, that will depend on the severity of the attack.”

He spoke after a decision this week by NATO ministers to designate cyber as an official operational domain of warfare, along with air, sea, and land.

In 2014 the U.S.-led alliance assessed that cyber attacks could potentially trigger NATO’S mutual defense guarantee, or Article 5. That means NATO could potentially respond to a cyber attack with conventional weapons, although the response would be decided by consensus.

The NATO chief told Bild that the alliance needed to adjust to the increasingly complex series of threats it faces, which is why NATO members have agreed to defend against attacks in cyberspace just as they do against attacks launched against targets on land, in the air and at sea.

The United States and other NATO states have become increasingly vocal about cyber attacks launched from Russia, China and Iran, but officials say it remains hard to determine if such attacks stem from government bodies or private groups.

Recognizing cyber as an official domain of warfare will allow NATO to improve planning and better manage resources, training and personnel needs for cyber defense operations, said a NATO official, speaking on condition of anonymity.

The official stressed that NATO’s cyber activities would remain purely defensive. “We have no offensive cyber doctrine or offensive cyber capability. And there are no plans for NATO as a body to use such capabilities. NATO’s core cyber defense task is to defend NATO’s own networks,” said the official.

Individual members have already declared cyber an operational warfare domain, including the United States, which said in 2011 that it would respond to hostile attacks in cyberspace as it would to any other threat.

(Reporting by Andrea Shalal; Editing by Dan Grebler and Mark Heinrich)

Wendy’s says it finds more unusual card activity at restaurants

Wendy's

(Reuters) – U.S. burger chain operator Wendy’s Co <WEN.O> said it had discovered additional instances of unusual credit card activity at some of its franchise-operated restaurants, widening the scope of an earlier cyber attack on the company.

The company in January said it was investigating reports of unusual activity with payment cards used at some of its restaurants.

Wendy’s said it recently discovered a variant of a malware that was discovered and reported in May. The new malware was used to target a point-of-sales system that was earlier believed to be unaffected.

The company said the new variant of the malware had been disabled in cases where it was detected.

Wendy’s expects the number of franchise restaurants that will be impacted by the cybersecurity attacks is now “considerably higher” than the 300 restaurants already affected.

“To date, there has been no indication in the ongoing investigation that any company-operated restaurants were impacted by this activity,” Wendy’s said on Thursday.

The new discoveries are a result of the company’s continuing investigation into unusual credit card activity at its restaurants.

Large retailers such as Target Corp <TGT.N> and Home Depot Inc <HD.N> have been victims of security breaches in recent years.

(Reporting by Narottam Medhora in Bengaluru; Editing by Shounak Dasgupta)

Congress has launched investigation into FED’s cyber security

The Federal Reserve building in Washington

By Dustin Volz and Jason Lange

WASHINGTON (Reuters) – A U.S. congressional committee has launched an investigation into the Federal Reserve’s cyber security practices after a Reuters report revealed that the U.S. central bank had been hacked more than 50 times between 2011 and 2015.

The House Committee on Science, Space and Technology on Friday sent a letter to Federal Reserve Chair Janet Yellen to express “serious concerns” over the central bank’s ability to protect sensitive financial information.

The letter cited the Reuters report, which was based on heavily redacted internal Fed records obtained through a Freedom of Information Act request. The redacted records did not say who hacked the bank’s systems or whether they accessed sensitive information or stole money.

“These reports raise serious concerns about the Federal Reserve’s cyber security posture, including its ability to prevent threats from compromising highly sensitive financial information housed on the agency’s systems,” said the letter, signed by House Science Committee Chairman Lamar Smith, a Texas Republican, and Barry Loudermilk, a Georgia Republican and chairman of the panel’s oversight subcommittee.

The Fed had declined to comment on the cyber breaches reported by Reuters on Wednesday.

The panel asked the Fed’s national cyber security team – the National Incident Response Team – to turn over all cyber incident reports in unredacted form from Jan. 1, 2009, to the present. It also asked for incident reports from the Fed’s local incident response teams.

Global policymakers, regulators and financial institutions have become increasingly concerned about the security of the international banking system after a string of cyber attacks against banks in Bangladesh, Vietnam and elsewhere linked to fraudulent transaction messages sent across the global financial platform SWIFT.

The probe into the Fed’s security practices followed a separate inquiry by the same committee into the Federal Reserve Bank of New York’s handling of the cyber theft of $81 million from one of its accounts held by the central bank of Bangladesh.

The committee said it has jurisdiction over the Fed’s cyber security because the panel is tasked with oversight of the U.S. National Institute of Standards and Technology, an agency responsible for developing federal cyber security standards and guidelines, under a 2014 federal information technology law.

The panel also requested a “detailed description of all confirmed cyber security incidents” from 2009 to the present, all documents and communications referring or relating to “higher impact cases” handled by the Fed’s NIRT team, all documents and communications with the Fed’s Office of Inspector General related to confirmed cyber incidents, and an organizational chart detailing the Fed’s top cyber security personnel.

The committee requested a response to its inquiry by June 17.

(Reporting by Dustin Volz and Jason Lange; Editing by David Chance and Tiffany Wu)