Tag Archives: Cyber Security

House backs tighter North Korea sanctions, sends bill to Obama

WASHINGTON (Reuters) – The U.S. House of Representatives overwhelmingly passed legislation on Friday broadening sanctions against North Korea, sending the measure to President Barack Obama to sign into law.

Lawmakers said they wanted to make Washington’s resolve clear to Pyongyang, but also to the United Nations and other governments – especially China, North Korea’s lone major ally and main business partner.

The sanctions would target not just North Korea but also those who do business with it.

The vote was 408-2, following a 96-0 vote in the Senate on Wednesday.

Impatient with what they see as Obama’s failure to respond to North Korean provocations, many of his fellow Democrats as well as the Republicans who control Congress have been clamoring for a clamp down since Pyongyang tested a nuclear device in January.

Pressure for congressional action further intensified after last weekend’s satellite launch by North Korea.

Obama is not expected to veto the bill, given its huge support in Congress. Ben Rhodes, his deputy national security adviser, said the White House would review the measure but does not oppose Congress’ efforts.

“I think this is an area where we and Congress are in the same space and agree on the need for increased sanctions,” Rhodes said at an event at the Center for American Progress on Thursday.

The legislation would sanction anyone who engages in, facilitates or contributes to North Korea’s proliferation of weapons of mass destruction, arms-related materials, luxury goods, human rights abuses, activities undermining cyber security and the provision of materials for such activities.

Penalties include the seizure of assets, visa bans and denial of government contracts.

Unusually, the measure makes most of the sanctions mandatory, rather than giving the president the option to impose them. He can temporarily waive them by making the case that doing so would threaten national security.

The House had backed the sanctions measure 418-2 in January, but the Senate included some new provisions, including cyber security measures, in its version, sending it back to the House.

(Reporting by Patricia Zengerle; Editing by Richard Cowan and Bill Trott)

Ukraine sees Russian hand in cyber attacks on power grid

KIEV (Reuters) – Hackers used a Russian-based internet provider and made phone calls from inside Russia as part of a coordinated cyber attack on Ukraine’s power grid in December, Ukraine’s energy ministry said on Friday.

The incident was widely seen as the first known power outage caused by a cyber attack, and has prompted fears both within Ukraine and outside that other critical infrastructure could be vulnerable.

The ministry, saying it had completed an investigation into the incident, did not accuse the Russian government directly of involvement in the attack, which knocked out electricity supplies to tens of thousands of customers in central and western Ukraine and prompted Kiev to review its cyber defenses.

But the findings chime with the testimony of the U.S. intelligence chief to Congress this week, which named cyber attacks, including those targeting Washington’s interests in Ukraine, as the biggest threat to U.S. national security.

Relations between Kiev and Moscow soured after Russia annexed the Crimean peninsula in March 2014 and pro-Russian separatist violence erupted in Ukraine.

Hackers targeted three power distribution companies in December’s attack, and then flooded those companies’ call centers with fake calls to prevent genuine customers reporting the outage.

“According to one of the power companies, the connection by the attackers to its IT network occurred from a subnetwork … belonging to an (internet service) provider in the Russian Federation,” the ministry said in a statement.

Deputy Energy Minister Oleksander Svetelyk told Reuters hackers had prepared the attacks at least six months in advance, adding that his ministry had ordered tighter security procedures.

“The attack on our systems took at least six months to prepare – we have found evidence that they started collecting information (about our systems) no less than 6 months before the attack,” Svetelyk said by phone.

Researchers at Trend Micro, one of the world’s biggest security software firms, said this week that the software used to infect the Ukrainian utilities has also been found in the networks of a large Ukrainian mining company and a rail company.

The researchers said one possible explanation was that it was an attempt to destabilize Ukraine as a whole. It was also possible these were test probes to determine vulnerabilities that could be exploited later, they said.

(Writing by Matthias Williams; additional reporting by Eric Auchard; Editing by Ruth Pitchford)

Concerned by cyber threat, Obama seeks big increase in funding

WASHINGTON (Reuters) – President Barack Obama on Tuesday sought a surge in funding to counter cyber security threats, as his top intelligence official warned Congress that computer attacks were among the most imminent security challenges facing the United States.

In his fiscal 2017 budget proposal, Obama asked for $19 billion for cyber security across the U.S. government, an increase of $5 billion over this year.

While the White House’s overall fiscal plan faces tough going in the Republican-controlled Congress, increased cyber security funding has won bipartisan support of lawmakers in the past.

The request comes as the Obama administration has struggled to address the growing risk posed by criminals and nation states in the digital world.

In Congress, Obama’s director of national intelligence, James Clapper, warned that cyber threats “could lead to widespread vulnerabilities in civilian infrastructures and U.S. government systems.”

The Obama initiative calls for a more than one-third increase from the $14 billion appropriated this year and would include $3.1 billion for technology modernization at various federal agencies.

Cyber threats are “among the most urgent dangers to America’s economic and national security,” Obama said in a Wall Street Journal op-ed published on Tuesday.

The request for a cash infusion is the latest signal that the White House intends to make cyber security a priority in the last year of Obama’s presidency.

It follows a series of high-profile hacks against the government and companies like Sony Pictures and Target that were largely met with legislative inaction and administrative uncertainty on how best to address evolving cyber threats.

Those difficulties played out publicly last year when the Office of Personnel Management announced it had fallen victim to a hack that lifted sensitive information on roughly 22 million individuals from its databases.

The White House issued an executive order setting up a presidential commission on cyber security, which would make recommendations for strengthening defenses over the next decade. A new position of federal chief information security officer also would be established.

A government watchdog report last month concluded the government’s cyber defense system, known as Einstein, is ineffective at combating hackers.

Obama also signed another executive order creating a permanent Federal Privacy Council, which aims to connect privacy officials across the government to develop comprehensive guidelines for how personal data is collected and stored.

The president’s budget proposal also called for $62 million to expand efforts to attract and retain qualified cyber professionals working for the government.

(Reporting by Dustin Volz; Editing by Richard Cowan, Andrew Hay, Chizu Nomiyama and Alistair Bell)

U.S. intelligence chief warns of cyber, ‘homegrown’ security threats

WASHINGTON (Reuters) – Attacks by “homegrown” Islamist extremists are among the most imminent security threats facing the United States in 2016, along with dangers posed overseas by Islamic State and cyber security concerns, the top U.S. intelligence official said on Tuesday.

In his annual assessment of threats to the United States, Director of National Intelligence James Clapper warned that fast-moving cyber and technological advances “could lead to widespread vulnerabilities in civilian infrastructures and U.S. government systems.”

In prepared testimony before the Senate Armed Services and Intelligence Committees, Clapper outlined an array of other threats from Russia and North Korean nuclear ambitions to instability caused by the Syrian migrant crisis.

“In my 50 plus years in the intelligence business I cannot recall a more diverse array of crises and challenges than we face today,” Clapper said.

Islamic State poses the biggest danger among militant groups because of the territory it controls in Iraq and Syria, and is determined to launch attacks on U.S. soil, Clapper said. It also has demonstrated “unprecedented online proficiencies,” he said.

While the United States “will almost certainly remain at least a rhetorically important enemy” for many foreign militant groups, “homegrown violent extremists … will probably continue to pose the most significant Sunni terrorist threat to the U.S. homeland in 2016,” he said, referring to Sunni Muslim jihadists.

“The perceived success” of attacks by such extremists in Europe and San Bernardino, California, “might motivate others to replicate opportunistic attacks with little or no warning,” Clapper said.

A married couple inspired by Islamist militants shot and killed 14 people in San Bernardino in December.

General Vincent Stewart, director of Defense Intelligence Agency, told the Senate Armed Services Committee that Islamic State aims to conduct more attacks in Europe during 2016 and has ambitions to attack inside the United States.

The group is taking advantage of the refugee flow from Syria’s civil war to hide militants among them and is adept at obtaining false documentation, Clapper said.

Al Qaeda affiliates, most notably the one in Yemen known as Al Qaeda in the Arabian Peninsula, have proven resilient and are positioned to make gains this year despite pressure from Western counterterrorism operations, Clapper said.

He cited threats from Russia’s increasingly assertive international policies, saying “We could be into another Cold War-like spiral.”

U.S. intelligence assesses that North Korea, which launched a satellite into orbit last weekend, is committed to developing a long-range nuclear armed missile that can reach the United States and has carried out some steps towards fielding a mobile intercontinental ballistic missile system, Clapper said.

He said North Korea has followed through on publicly stated plans to re-start a plutonium production reactor and could begin to assemble a plutonium stockpile within months.

CIA director John Brennan said one of North Korean leader Kim Jong Un’s objectives in conducting nuclear and missile tests is to advance efforts by North Korea to “market” such technology, presumably to other rogue regimes around the world.

(Writing by Doina Chiacu; Editing by Mohammad Zargham and Alistair Bell)

National Security Agency merging offensive, defensive hacking operations

WASHINGTON (Reuters) – The U.S. National Security Agency on Monday outlined a reorganization that will consolidate its spying and domestic cyber-security operations, despite recommendations by a presidential panel that the agency focus solely on espionage.

The NSA said the reorganization, known as “NSA21,” or NSA in the 21st century, will take two years to complete, well into the first term of whoever is elected president in November.

A review board appointed by President Barack Obama recommended in December 2013 that the NSA concentrate solely on foreign intelligence gathering. The board’s recommendations came as the United States was reeling from disclosures from former NSA contractor Edward Snowden about the collection of vast amounts of domestic and international communications data.

Under the board’s plan, a separate agency would have been housed within the Department of Defense with responsibility for enhancing the security of government networks and assisting corporate computer systems.

Ignoring that recommendation, the Obama administration will replace its separate spying and cyber-defense directorates with a unified organization responsible for both espionage and helping defend U.S. computer networks.

The “new structure will enable us to consolidate capabilities and talents to ensure that we’re using all of our resources to maximum effect to accomplish our mission,” NSA Director Mike Rogers said in a workforce address made publicly available on Monday.

Some technology specialists and privacy advocates have said the government agency responsible for building and exploiting flaws in computer software for spying purposes should not be the same one entrusted to warn companies about detected software weaknesses.

The presidential panel cited concerns about “potential conflicts of interest” between the NSA’s offensive and defensive objectives, in addition to the need to restore confidence with the U.S. technology industry to induce better cyber-security collaboration.

“I hope the NSA will explain its strategy for continuing to rebuild trust with the private sector,” Peter Swire, a professor of law at the Georgia Institute of Technology, who served on the five-member review group, said on Monday.

In November, the NSA told Reuters it informed U.S. technology firms more than 90 percent of the time about serious software flaws it found. The spy agency did not say how quickly it alerted those firms, leaving open the possibility it exploits software vulnerabilities before sharing details about them.

(Reporting by Dustin Volz; Editing by Peter Cooney)

Hackers attack 20 million accounts on Chinese shopping site

BEIJING (Reuters) – Hackers in China attempted to access over 20 million active accounts on Alibaba Group Holding Ltd’s Taobao e-commerce website using Alibaba’s own cloud computing service, according to a state media report posted on the Internet regulator’s website.

Analysts said the report from The Paper led to the price of Alibaba’s U.S.-listed shares falling as much as 3.7 percent in late Wednesday trade.

An Alibaba spokesman on Thursday said the company detected the attack in “the first instance”, reminded users to change passwords, and worked closely with the police investigation.

Chinese companies are grappling a sharp rise in the number of cyber attacks, and cyber security experts say firms have a long way to go before defenses catch up to U.S. counterparts.

In the latest case, hackers obtained a database of 99 million usernames and passwords from a number of websites, according to a separate report on a website managed by the Ministry of Public Security.

The hackers then used Alibaba’s cloud computing platform to input the details into Taobao. Of the 99 million usernames, they found 20.59 million were also being used for Taobao accounts, the ministry website said.

The hackers started inputting the details into Taobao in mid-October and were discovered in November, at which time Alibaba immediately reported the case to police, the ministry website said. The hackers have since been caught, it said.

Alibaba’s systems discovered and blocked the vast majority of log-in attempts, according to the ministry website.

The hackers used compromised accounts to fake orders on Taobao, a practice known as “brushing” in China and used to raise sellers’ rankings, the newspaper said. The hackers also sold accounts to be used for fraud, it said.

Alibaba’s spokesman said the hackers rented the cloud computing service, but declined to comment on security measures designed to stop the system being used for the attack. He said they could have used any such service, and that the attack was not aided by any possible loopholes in Alibaba’s platform.

“Alibaba’s system was never breached,” the spokesman said.

The number of accounts, 20.59 million, represents about 1 out of every 20 annual active buyers on Alibaba’s China retail marketplaces.

(Reporting by Paul Carsten; Additional reporting by Beijing Newsroom; Editing by Christopher Cushing)

Ex-government employee pleads guilty in nuclear secrets cyber attack scheme

A former government employee who was accused of trying to orchestrate a cyber attack against computers that contained information about nuclear weapons pleaded guilty to a federal computer crime, the Department of Justice announced in a news release on Tuesday afternoon.

Prosecutors said 62-year-old Charles Harvey Eccleston, a former employee of the Nuclear Regulatory Commission, admitted his guilt in the attempted “spear-phishing” attack that took place last January. Eccleston was arrested after an undercover operation in which prosecutors said the accused dealt with FBI employees who had been posing as foreign government officials.

Spear-phishing is a type of cyber attack in which people send authentic-looking emails to their targets, encouraging the recipients to open them. However, the emails contain malicious code.

According to the Department of Justice, Eccleston sent an email that he believed contained a virus to about 80 Department of Energy employees, thinking the code would allow a foreign country to infiltrate or harm their computers. Prosecutors said Eccleston targeted employees “whom he claimed had access to information related to nuclear weapons or nuclear materials.”

The code was harmless and was actually crafted by the FBI, according to the release.

Eccleston, who thought he would be paid roughly $80,000 for sending the spear-phishing email, was arrested last March during a meeting with an undercover FBI employee, prosecutors said.

“Eccleston admitted that he attempted to compromise, exploit and damage U.S. government computer systems that contained sensitive nuclear weapon-related information with the intent of allowing foreign nations to gain access to that information or to damage essential systems,” Assistant Attorney General John P. Carlin said in a statement announcing the guilty plea.

Prosecutors said Eccleston was fired from his job with the Nuclear Regulatory Commission in 2010. He moved to the Philippines the following year and had been living there until his arrest.

The alleged cyber attack wasn’t the first time that law enforcement heard Eccleston’s name.

Prosecutors said the FBI first learned about Eccleston in 2013 after he walked into an embassy in the Philippines and offered to sell a list of 5,000 U.S. government email accounts for $18,800. If the nation wasn’t interested, Eccleston said he would offer the list to China, Iran or Venezuela.

That November, the FBI sent undercover employees to meet with Eccleston and had them pose as foreign government officials. One FBI employee bought a list of 1,200 email addresses for $5,000, prosecutors said, though an investigation found the accounts were publicly available.

Prosecutors said Eccleston communicated with the employees for “several months,” and offered to help design the spear-phishing emails during a meeting with an undercover FBI employee in June 2014. He made the bogus emails look like advertisements for a nuclear energy conference.

Eccleston pleaded guilty to attempted unauthorized access and intentional damage to a protected computer and faces 24 to 30 months in prison and a $95,000 fine when he is sentenced in April, prosecutors announced.

Company develops ‘tech tattoos’ to store medical, financial info

A software company has created a “tech tattoo” that allows a person to store their medical and financial information inside his or her body, according to a new report from CBS New York.

Officials from Chaotic Moon, the company behind the tattoos, told the television station that the tattoos can monitor a patient’s vital signs and other medical information and wirelessly send the data to doctors. The tattoos, which use special ink and microchips, can last up to a year and may replace the need for people to visit doctors for their annual physicals, according to the report.

The tattoos could also one day be used to help locate lost children or monitor the vital signs of soldiers in combat, the television station reported, and might also eliminate the need for wallets because people will be able to store their credit card information and identification in them.

Reports: U.S., British spies hacked Israeli air force

JERUSALEM (Reuters) – The United States and Britain have monitored secret sorties and communications by Israel’s air force in a hacking operation dating back to 1998, according to documents attributed to leaks by former U.S. spy agency contractor Edward Snowden.

Israel voiced disappointment at the disclosures, which were published on Friday in three media outlets and might further strain relations with Washington after years of feuding over strategies on Iran and the Palestinians.

Israel’s Yedioth Ahronoth daily said the U.S. National Security Agency, which specializes in electronic surveillance, and its British counterpart GCHQ spied on Israeli air force missions against the Palestinian enclave Gaza, Syria and Iran.

The spy operation, codenamed “Anarchist”, was run out of a Cyprus base and targeted other Middle East states too, it said. Its findings were mirrored by stories in Germany’s Der Spiegel news magazine and the online publication The Intercept, which lists Snowden confidant Glenn Greenwald among its associates.

“This access is indispensable for maintaining an understanding of Israeli military training and operations and thus an insight to possible future developments in the region,” The Intercept quoted a classified GCHQ report as saying in 2008.

That year, Israel went to war against Hamas guerrillas in Gaza and began issuing increasingly vocal threats to attack Iranian nuclear facilities if it deemed international diplomacy insufficient to deny its arch-foe the means of making a bomb.

Asked for comment, the United States and Britain said through spokespeople for their embassies in Israel that they do not publicly discuss intelligence matters.

NOT “DEEPEST KINGDOM OF SECRETS”

Israeli Energy Minister Yuval Steinitz, a member of Prime Minister Benjamin Netanyahu’s security cabinet, sought to play down the potential damage but said lessons would be learned.

“I do not think that this is the deepest kingdom of secrets, but it is certainly something that should not happen, which is unpleasant,” he told Israel’s Army Radio. “We will now have to look and consider changing the encryption, certainly.”

With the Netanyahu government and Obama administration at loggerheads over the U.S.-led nuclear agreement with Iran, there have been a series of high-profile media exposes in recent months alleging mutual espionage between the allies.

Israel insists that it ceased such missions since it ran U.S. Navy analyst Jonathan Pollard as an agent in the 1980s.

“We know that the Americans spy on the whole world, and also on us, also on their friends,” Steinitz said. “But still, it is disappointing, inter alia because, going back decades already, we have not spied nor collected intelligence nor hacked encryptions in the United States.”

The Intercept report included what it said were images of armed Israeli drones hacked from onboard cameras’ live feeds.

Israel neither confirms nor denies having armed drones, though one of its senior military officers was quoted as acknowledging their existence in a 2010 U.S. diplomatic cable that was previously disseminated by WikiLeaks.

Yedioth said that the hacking revelations could hurt Israeli drone sales to Germany should Berlin worry about the aircraft networks’ security. But Steinitz brushed off that possibility.

“Every country carries out its own encryption,” he said.

Germany said on January 12 it would lease Heron TP drones from state-owned Israel Aerospace Industries (IAI).

(Writing by Dan Williams; Editing by Mark Heinrich)

Hackers target HSBC, disrupt online banking for UK customers

Hackers targeted one of the world’s largest banks on Friday morning, preventing some of HSBC’s customers in the United Kingdom from being able to access their online accounts.

HSBC issued a statement saying it “successfully defended” against a denial-of-service attack, in which hackers try to prevent people from accessing a given site by overwhelming it with traffic.

The company said the attack targeted its Internet banking system for the United Kingdom, but no transactions were affected. However, some United Kingdom customers who tried to log into their accounts Friday were greeted by a message that said online banking was unavailable.

That message did not appear on the company’s website for online banking in the United States.

HSBC tweeted that its service was recovering, though it was still seeing some denial-of-service attacks some five hours after it initially reported the incident. The bank added it was “working closely with law enforcement authorities to pursue the criminals responsible.”

About 17 million United Kingdom residents are HSBC customers, the bank says. It apologized to all those inconvenienced by the outage, and encouraged them to visit a branch for urgent issues.

It was the second time this month that HSBC customers had an issue with online banking.

The company tweeted that “an internal technical issue” prevented some people from accessing their accounts on Jan. 4 and Jan. 5. In a video tweeted from the company’s account, an HSBC official said that was not caused by a cyber attack and that customers’ data was never at risk.

HSBC has about 6,100 offices in more than 70 countries and territories across the globe, according to its website.