Tag Archives: Cyber Security

Fed records show dozens of cybersecurity breaches

The Federal Reserve building in Washington

By Jason Lange and Dustin Volz

WASHINGTON (Reuters) – The U.S. Federal Reserve detected more than 50 cyber breaches between 2011 and 2015, with several incidents described internally as “espionage,” according to Fed records.

The central bank’s staff suspected hackers or spies in many of the incidents, the records show. The Fed’s computer systems play a critical role in global banking and hold confidential information on discussions about monetary policy that drives financial markets.

The cybersecurity reports, obtained by Reuters through a Freedom of Information Act request, were heavily redacted by Fed officials to keep secret the central bank’s security procedures.

The Fed declined to comment, and the redacted records do not say who hacked the bank’s systems or whether they accessed sensitive information or stole money.

“Hacking is a major threat to the stability of the financial system. This data shows why,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, a Washington think tank. Lewis reviewed the files at the request of Reuters.

For a graphic on the Fed security breaches, see: http://tmsnrt.rs/1TxSu8R

The records represent only a slice of all cyber attacks on the Fed because they include only cases involving the Washington-based Board of Governors, a federal agency that is subject to public records laws. Reuters did not have access to reports by local cybersecurity teams at the central bank’s 12 privately owned regional branches.

The disclosure of breaches at the Fed comes at a time when cybersecurity at central banks worldwide is under scrutiny after hackers stole $81 million from a Bank Bangladesh account at the New York Fed.

Cyber thieves have targeted large financial institutions around the world, including America’s largest bank JPMorgan, as well as smaller players like Ecuador’s Banco del Austro and Vietnam’s Tien Phong Bank.

Hacking attempts were cited in 140 of the 310 reports provided by the Fed’s board. In some reports, the incidents were not classified in any way.

In eight information breaches between 2011 and 2013 – a time when the Fed’s trading desk was buying massive amounts of bonds – Fed staff wrote that the cases involved “malicious code,” referring to software used by hackers.

Four hacking incidents in 2012 were considered acts of “espionage,” according to the records. Information was disclosed in at least two of those incidents, according to the records. In the other two incidents, the records did not indicate whether there was a breach.

In all, the Fed’s national team of cybersecurity experts, which operates mostly out of New Jersey, identified 51 cases of “information disclosure” involving the Fed’s board. Separate reports showed a local team at the board registered four such incidents.

The cases of information disclosure can refer to a range of ways unauthorized people see Fed information, from hacking attacks to Fed emails sent to the wrong recipients, according to two former Fed cybersecurity staffers who spoke on condition of anonymity.

The former employees said that cyber attacks on the Fed are about as common as at other large financial institutions.

It was unclear if the espionage incidents involved foreign governments, as has been suspected in some hacks of federal agencies. Beginning in 2014, for instance, hackers stole more than 21 million background check records from the federal Office of Personnel Management, and U.S. officials attributed the breach to the Chinese government, an accusation denied by Beijing.

TARGET FOR SPYING

Security analysts said foreign governments could stand to gain from inside Fed information. China and Russia, for instance, are major players in the $13.8 trillion federal debt market where Fed policy plays a big role in setting interest rates.

“Obviously that makes it a very clear (hacking) target for other nation states,” said Ari Schwartz, a former top cybersecurity adviser at the White House who is now with the law firm Venable.

U.S. prosecutors in March accused hackers associated with Iran’s government of attacking dozens of U.S. banks.

In the records obtained by Reuters, espionage might also refer to spying by private companies, or even individuals such British activist Lauri Love, who is accused of infiltrating a server at a regional Fed branch in October 2012. Love stole names, e-mail addresses, and phone numbers of Fed computer system users, according to a federal indictment.

The redacted reports obtained by Reuters do not mention Love or any other hacker by name.

The records point to breaches during a sensitive period for the Fed, which was ramping up aid for the struggling U.S. economy by buying massive quantities of U.S. government debt and mortgage-backed securities.

In 2010 and 2011, the Fed went on a $600 billion bond-buying spree that lowered interest rates and made bonds more expensive. It restarted purchases in September 2012 and expanded them up in December of that year.

The Fed cybersecurity records did not indicate whether hackers accessed sensitive information on the timing or amounts of bond purchases or used it for financial gain.

UP ALL NIGHT

The Fed’s national cybersecurity team – the National Incident Response Team, or NIRT – created 263 of the incident reports obtained by Reuters.

NIRT operates in a fortress-like building in East Rutherford, New Jersey that also processes millions of dollars in cash everyday as part of the central bank’s duty to keep the financial system running, according to the New York Fed’s website. The unit provides support to the local cybersecurity teams at the Fed’s Board and regional banks, which process more than $3 trillion in payments every day.

The NIRT handles “higher impact” cases, according to a 2013 report by the Board of Governor’s Office of Inspector General.

One of the two former NIRT employees interviewed by Reuters described being on a team that once worked around the clock for five-straight days to patch software hackers had used to gain access to Fed systems in an attempt to obtain passwords. The former employee worked through several of those nights, taking naps at a desk in the office.

In that case, Fed security staff found no signs that sensitive information had been disclosed, the former employee said. Information about future interest rate policy discussions is isolated from other Fed networks and is more difficult for hackers to access, the former NIRT worker said.

But the Fed was under constant assault, much like any large company, the former employee said, and was “compromised frequently.”

An internal watchdog has criticized the central bank for cybersecurity shortcomings. A 2015 audit by the Fed board’s Office of Inspector General found the board was not adequately scanning databases for vulnerabilities or putting enough restrictions on system access.

“There is heightened risk of unauthorized disclosure and inappropriate use of sensitive board information,” according to the audit released in November.

(Reporting by Jason Lange and Dustin Volz; Editing by David Chance and Brian Thevenot)

Cyber security is the biggest risk facing financial system

U.S. Securities and Exchange Commission Chair Mary Jo White is interviewed at the Reuters Financial Regulation Summit in Washington, US May 17, 2016.

By Lisa Lambert and Suzanne Barlyn

WASHINGTON (Reuters) – Cyber security is the biggest risk facing the financial system, the chair of the U.S. Securities and Exchange Commission (SEC) said on Tuesday, in one of the frankest assessments yet of the threat to Wall Street from digital attacks.

Banks around the world have been rattled by a $81 million cyber theft from the Bangladesh central bank that was funneled through SWIFT, a member-owned industry cooperative that handles the bulk of cross-border payment instructions between banks.

The SEC, which regulates securities markets, has found some major exchanges, dark pools and clearing houses did not have cyber policies in place that matched the sort of risks they faced, SEC Chair Mary Jo White told the Reuters Financial Regulation Summit in Washington D.C.

“What we found, as a general matter so far, is a lot of preparedness, a lot of awareness but also their policies and procedures are not tailored to their particular risks,” she said.

“As we go out there now, we are pointing that out.”

White said SEC examiners were very pro-active about doing sweeps of broker-dealers and investment advisers to assess their defenses against a cyber attack.

“We can’t do enough in this sector,” she said.

Cyber security experts said her remarks represented the SEC’s strongest warning to date of the threat posed by hackers.

A former member of the World Bank’s security team, Tom Kellermann, who is now chief executive of the investment firm Strategic Cyber Ventures LLC, called it “a historic recognition of the systemic risk facing Wall Street.”

BROKEN WINDOWS

Under White, a former federal prosecutor, the SEC introduced an initiative called “broken windows” designed to crack down on small violations of SEC rules to deter traders and others from larger transgressions.

But critics have questioned whether the initiative, similar to one used by former New York City Mayor Rudy Giuliani in his crackdown on crime in the city, is an effective use of the agency’s limited resources.

The policy has been applied to instances of “rampant non-compliance” involving serious, significant rules, White said, noting that she considers the initiative a huge success.

For example, the SEC brought three groups of cases in a key area, the prohibition against short selling ahead of an IPO by individuals who then participated in the IPO, since 2013, she said. Each year, there have been fewer cases, with the most recent number at around 12, White said.

GAAP VS. NON-GAAP

Also on Tuesday, the SEC released guidance about how certain accounting practices could potentially mislead investors that White called “consequential.”

Companies are increasingly using non-Generally Accepted Accounting Principles, or non-GAAP, to report earnings, permitting them to back out certain expenses from earnings figures, such as non-cash costs. But critics say the practice can also mislead investors by creating a rosier picture of a company’s profits.

The SEC’s current rules allow companies to report with figures that do not comply with GAAP, as long as certain conditions are met and White said the guidance spells out those conditions, such as a requirement that “the GAAP measure has to be of equal or greater prominence than non-GAAP.”

Non-GAAP “is not supposed to supplant GAAP and obviously not obscure GAAP,” she said.

She declined to say if the SEC is considering enforcement actions against companies that might be misleading investors with non-GAAP, but noted the SEC would not hesitate to bring one if it uncovered an “actionable violation.”

For months now, the SEC has only had three commissioners, down from its full complement of five, and the U.S. Congress has stalled on confirming two nominees.

“We’re really functioning on all cylinders,” White said, ticking off a list of projects the commission has recently completed.

She added that, to comply with rules on meetings and disclosures, commissioners typically meet one-on-one.

“If there are only three of you, it’s shorter-circuited to some degree,” she said. “There are some advantages, too.”

Follow Reuters Summits on Twitter @Reuters_Summits

For other news from the Reuters Financial Regulation Summit, click on http://www.reuters.com/summit/FinancialRegulation16

(Additional reporting by Sarah N. Lynch)

U.S., China cyber group holds first talks since September pact

Hands on Keyboard

WASHINGTON (Reuters) – A group of senior U.S. and China cyber officials on Wednesday held its first meeting since the two countries struck an anti-hacking agreement in September to try to ease years of acrimony over the issue.

The so-called Senior Experts Group on International Norms and Related Issues is expected to gather twice a year, the U.S. State Department said in a statement announcing the meeting.

It provided scant information about the talks, saying officials from the two nations’ foreign, defense and other ministries discussed “international norms of state behavior and other crucial issues for international security in cyberspace.”

China’s foreign ministry, in a brief statement, said the two sides had a “positive, deep and constructive” discussion about issues including international law as it relates to the Internet and trust measures.

China and the United States will hold another meeting at an appropriate time within the next six months, it added.

China withdrew in 2014 from a separate bilateral cyber working group following the U.S. indictment of five members of its military on charges it hacked six U.S. companies. The new group appears be a fresh start to grapple with cyber issues.

Cyber security has long been an irritant in relations between China and the United States, despite robust economic ties worth nearly $600 billion in two-way trade last year.

The September pact, reached during a U.S. visit by Chinese President Xi Jinping, included a pledge that neither country would knowingly carry out hacking for commercial advantage.

(Reporting by Arshad Mohammed; Additional reporting by Ben Blanchard in Beijing; Editing by Peter Cooney)

Big Breeches found at major email services

A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin

By Eric Auchard

FRANKFURT (Reuters) a security expert told Reuters.

The discovery of 272.3 million stolen accounts included a majority of users of Mail.r, MAILRq, Russia’s most popular email service, and smaller fractions of Google GO, Yahoo YHOO.O and Microsoft email users, said Alex Holden, founder and chief information security officer of Hold Security.

It is one of the biggest stashes of stolen credentials to be uncovered since cyber attacks hit major U.S. banks and retailers two years ago.

Holden was previously instrumental in uncovering some of the world’s biggest known data breaches, affecting tens of millions of users at Adobe Systems, ADBE., JPMorgan JPM and Target and exposing them to subsequent cyber crimes.

The latest discovery came after Hold Security researchers found a young Russian hacker bragging in an online forum that he had collected and was ready to give away a far larger number of stolen credentials that ended up totaling 1.17 billion records.

After eliminating duplicates, Holden said, the cache contained nearly 57 million Mail.ru accounts – a big chunk of the 64 million monthly active email users Mail.ru said it had at the end of last year. It also included tens of millions of credentials for the world’s three big email providers, Gmail, Microsoft and Yahoo, plus hundreds of thousands of accounts at German and Chinese email providers.

“This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him,” said Holden, the former chief security officer at U.S. brokerage R.W. Baird. “These credentials can be abused multiple times,” he said.

LESS THAN $1

Mysteriously, the hacker asked just 50 rubles – less than $1 – for the entire trove, but gave up the dataset after Hold researchers agreed to post favorable comments about him in hacker forums, Holden said. He said his company’s policy is to refuse to pay for stolen data.

Such large-scale data breaches can be used to engineer further break-ins or phishing attacks by reaching the universe of contacts tied to each compromised account, multiplying the risks of financial theft or reputational damage across the web.

Hackers know users cling to favorite passwords, resisting admonitions to change credentials regularly and make them more complex. It’s why attackers reuse old passwords found on one account to try to break into other accounts of the same user.

After being informed of the potential breach of email credentials, Mail.ru spokeswoman Madina Tayupova told Reuters: “We are now checking, whether any combinations of usernames/passwords match users’ e-mails and are still active.

“As soon as we have enough information we will warn the users who might have been affected,” she said, adding that Mail.ru’s initial checks found no live combinations of usernames and passwords which match existing emails.

A Microsoft spokesman said stolen online credentials was an unfortunate reality. “Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.”

Yahoo and Google did not respond to requests for comment.

Yahoo Mail credentials numbered 40 million, or 15 percent of the 272 million unique IDs discovered. Meanwhile, 33 million, or 12 percent, were Microsoft Hotmail accounts and 9 percent, or nearly 24 million, were Gmail, according to Holden.

Thousands of other stolen username/password combinations appear to belong to employees of some of the largest U.S. banking, manufacturing and retail companies, he said.

Stolen online account credentials are to blame for 22 percent of big data breaches, according to a recent survey of 325 computer professionals by the Cloud Security Alliance.

In 2014, Holden, a Ukrainian-American who specializes in Eastern European cyber crime threats, uncovered a cache of 1.2 billion unique credentials that marked the world’s biggest-ever recovery of stolen accounts.

His firm studies cyber threats playing out in the forums and chatrooms that make up the criminal underground, speaking to hackers in their native languages while developing profiles of individual criminals.

Holden said efforts to identify the hacker spreading the current trove of data or the source or sources of the stolen accounts would have exposed the investigative methods of his researchers. Because the hacker vacuumed up data from many sources, researchers have dubbed him “The Collector”.

Ten days ago, Milwaukee-based Hold Security began informing organizations affected by the latest data breaches. The company’s policy is to return data it recovers at little or no cost to firms found to have been breached.

“This is stolen data, which is not ours to sell,” said Holden.

(Editing by Mark Trevelyan)

FBI paid more than $1.3 million to break into San Bernardino iPhone

Apple Logo

By Julia Edwards

WASHINGTON (Reuters) – Federal Bureau of Investigation Director James Comey said on Thursday the agency paid more to get into the iPhone of one of the San Bernardino shooters than he will make in the remaining seven years and four months he has in his job.

According to figures from the FBI and the U.S. Office of Management and Budget, Comey’s annual salary as of January 2015 was $183,300. Without a raise or bonus, Comey will make $1.34 million over the remainder of his job.

That suggests the FBI paid the largest ever publicized fee for a hacking job, easily surpassing the $1 million paid by U.S. information security company Zerodium to break into phones.

Speaking at the Aspen Security Forum in London, Comey was asked by a moderator how much the FBI paid for the software that eventually broke into the iPhone.

“A lot. More than I will make in the remainder of this job, which is seven years and four months for sure,” Comey said. “But it was, in my view, worth it.”

The Justice Department said in March it had unlocked the San Bernardino shooter’s iPhone with the help of an unidentified third party and dropped its case against Apple Inc <AAPL.O>, ending a high-stakes legal clash but leaving the broader fight over encryption unresolved.

Comey said the FBI will be able to use software used on the San Bernardino phone on other 5C iPhones running IOS 9 software.

There are about 16 million 5C iPhones in use in the United States, according to estimates from research firm IHS Technology. Eighty-four percent of iOS devices overall are running iOS 9 software, according to Apple.

The FBI gained access to the iPhone used by Rizwan Farook, one of the shooters who killed 14 people in San Bernardino, California on Dec. 2.

The case raised the debate over whether technology companies’ encryption technologies protect privacy or endanger the public by blocking law enforcement access to information.

(Reporting by Julia Edwards in Washington; additional reporting by Julia Love in San Francisco; Editing by Simon Cameron-Moore)

Trail in cyber heist suggests hackers were Chinese: senator

Bangladesh central bank

By Karen Lema

MANILA (Reuters) – A Philippine senator said on Wednesday that Chinese hackers were likely to have pulled off one of the world’s biggest cyber heists at the Bangladesh central bank, citing the network of Chinese people involved in the routing of the stolen funds through Manila.

Unidentified hackers infiltrated the computers at Bangladesh Bank in early February and tried to transfer a total of $951 million from its account at the Federal Reserve Bank of New York.

All but one of the 35 attempted transfers were to the Rizal Commercial Banking Corp (RCBC), confirming the Philippines’ centrality to the heist.

Most transfers were blocked, but a total of $81 million went to four accounts at a single RCBC branch in Manila. The stolen money was swiftly transferred to a foreign exchange broker and distributed to casinos and gambling agents in Manila.

“The hacking was done, chances are, by Chinese hackers,” Senator Ralph Recto told Reuters in a telephone interview. “Then they saw that, in the Philippines, RCBC particularly was vulnerable and sent the money over here.”

Beijing was quick to denounce the comments by Recto, vice chairman of the Senate Committee on Finance and a former head of the Philippines’ economic planning agency.

The suggestion that Chinese hackers were possibly involved was “complete nonsense” and “really irresponsible,” Chinese foreign ministry spokesman Lu Kang told reporters.

Recto said he couldn’t prove the hackers were Chinese, but was merely “connecting the dots” after a series of Senate hearings into the scandal.

At one hearing, a Chinese casino boss and junket operator called Kim Wong named two high-rolling gamblers from Beijing and Macau who he said had brought the stolen money into the Philippines. He displayed purported copies of their passports, showing they were mainland Chinese and Macau administrative region nationals respectively.

“BEST LEAD”

Wong, a native of Hong Kong who holds a Chinese passport, received almost $35 million of the stolen funds through his company and a foreign exchange broker.

The two Chinese named by Wong “are the best lead to determine who are the hackers,” said Recto. “Chances are… they must be Chinese.”

The whereabouts of the two high-rollers were unknown, Recto added, saying the Senate inquiry “may” seek help from the Chinese government to find them.

Recto also questioned the role of casino junket operators in the Philippines, saying many of them have links in Macau, the southern Chinese territory that is the world’s biggest casino hub. “There are junket operators who are from Macau, so it (the money) may find its way back to Macau,” he said.

A senior executive at a top junket operator in Macau told Reuters there was “no reason” to bring funds from the Philippines to Macau.

“This seems more like a political story in the Philippines,” he said, speaking anonymously because he was not authorized to talk to the media.

The U.S. State Department said in a report last month that the gaming industry was “a weak link” in the Philippines’ anti-money laundering regime.

Philrem, the foreign exchange agent, said it distributed the stolen $81 million to Bloomberry Resorts Corp, which owns and operates the upmarket Solaire casino in Manila; to Eastern Hawaii Leisure Company, which is owned by Wong; and to an ethnic Chinese man believed to be a junket operator in Manila.

Wong has returned $5.5 million to the Philippines’ anti-money laundering agency and has promised to hand over another $9.7 million. A portion of the money he received, he said, has already been spent on gambling chips for clients.

Solaire has told the Senate hearing that the $29 million that ended up with them was credited to an account of the Macau-based high-roller but it has managed to seize and confiscate $2.33 million in chips and cash.

(Writing by Andrew R.C. Marshall; Additional reporting by Farah Master in Hong Kong; Editing by Raju Gopalakrishnan)

U.S. to charge Iranians in cyber attacks, including New York dam

WASHINGTON (Reuters) – The Obama administration is expected to blame Iranian hackers as soon as Thursday for a coordinated campaign of cyber attacks in 2012 and 2013 on a suburban New York City dam and several other targets, sources familiar with the matter have told Reuters.

In one of the largest foreign cyber attack cases since 2014 when the United States charged five Chinese military hackers, the U.S. Justice Department has prepared an indictment against about a half-dozen Iranians, said four sources, who spoke on condition of anonymity due to the sensitivity of the matter.

The charges, related to unlawful access to computers and other alleged crimes, were expected to be announced publicly by U.S. officials as soon as Thursday morning at a news conference in Washington, the sources said.

The indictment was expected to directly link the hacking campaign to the Iranian government, one source said.

Though the breach of back-office computer systems at the Bowman Avenue Dam in Rye Brook, New York has been reported, it was only part of a hacking campaign that was broader than previously known, as the indictment will show, the sources said.

In the intrusion of the dam computers, the hackers did not gain operational control of the floodgates, and investigators believe they were attempting to test their capabilities.

The dam breach coincided roughly with attacks on U.S. financial institutions. Cyber security experts have said these, too, were perpetrated by Iranian hackers against Capital One, PNC Financial Services and SunTrust Bank. Prosecutors were considering including those breaches in the indictment, sources said.

The hackers who were expected to be named in the indictment all reside in Iran, one source said.

The Justice Department declined to comment.

The indictment would be the Obama administration’s latest step to confront foreign cyber attacks on the United States. President Barack Obama accused and publicly condemned North Korea over a 2014 hack on Sony Pictures and vowed to “respond proportionally.” No details were made public of any retaliation.

James Lewis, a cyber security expert with the Center for Strategic and International Studies think tank, said, “We need to make clear that there will be consequences for cyber-attacks and that the Wild West days are coming to an end.”

Two weeks ago, it was widely reported that U.S. prosecutors were preparing an indictment against Iranian hackers related solely to the dam attack.

The broader indictment would come at a time of reduced tensions between the United States and Iran after a landmark 2015 nuclear deal. At the same time, the Obama administration has shown a willingness to confront Tehran for bad behavior.

Charging the Iranian hackers would be the highest-profile move of its type by the Obama administration since the Justice Department in 2014 accused five members of China’s People’s Liberation Army with hacking several Pennsylvania-based companies in an alleged effort to steal trade secrets.

(Reporting by Dustin Volz in Washington and Nate Raymond in New York; additional reporting by Mark Hosenball in Washington and Jim Finkle in Boston; Editing by Kevin Drawbaugh and Jonathan Oatis)

U.S. charges three Syrian hackers, Justice Department says

WASHINGTON (Reuters) – U.S. authorities have charged three Syrian nationals who are current or former members of the Syrian Electronic Army with multiple conspiracies related to computer hacking, the U.S. Justice Department said on Tuesday.

Ahmad Umar Agha, 22, and Firas Dardar, 27, were charged with a criminal conspiracy that included “a hoax regarding a terrorist attack” and “attempting to cause mutiny of the U.S. armed forces,” the department said in a statement. Dardar and Peter Romar, 36, were separately charged with other conspiracies, it said.

The FBI announced on Tuesday it was adding Agha and Dardar to its Cyber Most Wanted list and offering a reward of $100,000 for information leading to their arrest, the statement said.

Agha and Dardar, who are believed to reside in Syria, began their criminal activities in or around 2011 under the name of the Syrian Electronic Army in support of the Syrian government, the statement said.

In June 2015, the U.S. Army said it temporarily took down its website after the Syrian Electronic Army hacked into the site and posted messages.

(Reporting by Washington Newsroom)

U.S. says it may not need Apple to open San Bernardino iPhone

(Reuters) – U.S. prosecutors said Monday that a “third party” had presented a possible method for opening an encrypted iPhone used by one of the San Bernardino shooters, a development that could bring an abrupt end to the high-stakes legal showdown between the government and Apple Inc.

A federal judge in Riverside, California, late Monday agreed to the government’s request to postpone a hearing scheduled for Tuesday so that the FBI could try the newly discovered technique. The Justice Department said it would update the court on April 5.

The government had insisted until Monday that it had no way to access the phone used by Rizwan Farook, one of the two killers in the December massacre in San Bernardino, California, except to force Apple to write new software that would disable the password protection.

The Justice Department last month obtained a court order directing Apple to create that software, but Apple has fought back, arguing that the order is an overreach by the government and would undermine computer security for everyone.

The announcement on Monday that an unnamed third party had presented a way of breaking into the phone on Sunday – just two days before the hearing and after weeks of heated back-and-forth in court filings – drew skepticism from many in the tech community who have insisted that there were other ways to get into the phone.

“From a purely technical perspective, one of the most fragile parts of the government’s case is the claim that Apple’s help is required to unlock the phone,” said Matt Blaze, a professor and computer security expert at the University of Pennsylvania. “Many in the technical community have been skeptical that this is true, especially given the government’s considerable resources.”

Former prosecutors and lawyers supporting Apple said the move suggested that the Justice Department feared it would lose the legal battle, or at minimum would be forced to admit that it had not tried every other way to get into the phone.

In a statement, the Justice Department said its only interest has always been gaining access to the information on the phone and that it had continued to explore alternatives even as litigation began. It offered no details on the new technique except that it came from a non-governmental third party, but said it was “cautiously optimistic” it would work.

“That is why we asked the court to give us some time to explore this option,” a spokeswoman for the Justice Department, Melanie R. Newman, said. “If this solution works, it will allow us to search the phone and continue our investigation into the terrorist attack that killed 14 people and wounded 22 people.”

It would also likely end the case without a legal showdown that many had expected to reach the U.S. Supreme Court.

An Apple executive told reporters on a press call that the company knew nothing about the Justice Department’s possible method for getting into the phone, and that the government never gave any indication that it was continuing to search for such solutions.

The executive characterized the Justice Department’s admission Monday that it never stopped pursuing ways to open the phone as a sharp contrast with its insistence in court filings that only Apple possessed the means to do so.

Nate Cardozo, staff attorney at the Electronic Frontier Foundation, a civil liberties group backing Apple, said the San Bernardino case was the “hand-chosen test case” for the government to establish its authority to access electronic information by whatever means necessary.

In that context, he said, the last-minute discovery of a possible solution and the cancellation of the hearing is “suspicious,” and suggests the government might be worried about losing and setting a bad precedent.

But George Washington University law professor Orin Kerr, a former Justice Department computer crime prosecutor, said the government was likely only postponing the fight.

“The problem is not going away, it’s just been delayed for a year or two,” he said.

Apple said that if the government was successful in getting into the phone, which might involve taking advantage of previously undiscovered vulnerabilities, it hoped officials would share information on how they did so. But if the government drops the case it would be under no obligation to provide information to Apple.

In opposing the court order, Apple’s chief executive, Tim Cook, and his allies have argued that it would be unprecedented to force a company to develop a new product to assist a government investigation, and that other law enforcement agencies around the world would rapidly demand similar services.

Law enforcement officials, led by Federal Bureau of Investigation Director James Comey, have countered that access to phones and other devices is crucial for intelligence work and criminal investigations.

The government and the tech industry have clashed for years over similar issues, and Congress has been unable to pass legislation to address the impasse.

(Reporting by Joseph Menn, additional reporting by Mari Saito; Editing by Leslie Adler and Andrew Hay)

Number of U.S. government ‘cyber incidents’ jumps in 2015

WASHINGTON (Reuters) – The U.S. government was hit by more than 77,000 “cyber incidents” like data thefts or other security breaches in fiscal year 2015, a 10 percent increase over the previous year, according to a White House audit.

Part of the uptick stems from federal agencies improving their ability to identify and detect incidents, the annual performance review from the Office and Management and Budget said.

The report, released on Friday, defines cyber incidents broadly as “a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices.” Only a small number of the incidents would be considered as significant data breaches.

National security and intelligence officials have long warned that cyber attacks are among the most serious threats facing the United States. President Barack Obama asked Congress last month for $19 billion for cyber security funding across the government in his annual budget request, an increase of $5 billion over the previous year.

The government’s Office of Personnel Management was victim of a massive hack that began in 2014 and was detected last year. Some 22 million current and former federal employees and contractors in addition to family members had their Social Security numbers, birthdays, addresses and other personal data pilfered in the breach.

That event prompted the government to launch a 30-day “cyber security sprint” to boost cyber security within each federal agency by encouraging adoption of multiple-factor authentication and addressing other vulnerabilities.

“Despite unprecedented improvements in securing federal information resources … malicious actors continue to gain unauthorized access to, and compromise, federal networks, information systems, and data,” the report said.

(Reporting by Dustin Volz; Editing by Alistair Bell)