White House warns companies to step up cybersecurity

By Doina Chiacu

WASHINGTON (Reuters) – The White House warned corporate executives and business leaders on Thursday to step up security measures to protect against ransomware attacks after intrusions disrupted operations at a meatpacking company and a southeastern oil pipeline.

There has been a significant hike in the frequency and size of ransomware attacks, Anne Neuberger, cybersecurity adviser at the National Security Council, said in a letter.

“The threats are serious and they are increasing. We urge you to take these critical steps to protect your organizations and the American public,” she added.

The recent cyberattacks have forced companies to see ransomware as a threat to core business operations and not just data theft, as ransomware attacks have shifted from stealing to disrupting operations, she said.

Strengthening the country’s resilience to cyberattacks was one of President Joe Biden’s top priorities, she added.

“The private sector also has a critical responsibility to protect against these threats. All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” Neuberger wrote.

The letter came after a major meatpacker resumed U.S. operations on Wednesday following a ransomware attack that disrupted meat production in North America and Australia.

A Russia-linked hacking group that goes by the name of REvil and Sodinokibi was behind the cyberattack against JBS SA, a source familiar with the matter told Reuters.

The cyberattack followed one last month by a group with ties to Russia on Colonial Pipeline, the largest fuel pipeline in the United States, which crippled fuel delivery for several days in the U.S. Southeast.

Biden believes Russian President Vladimir Putin has a role to play in preventing these attacks and planned to bring up the issue during their summit this month, White House press secretary Jen Psaki said on Wednesday.

Neuberger’s letter outlined immediate steps companies can take to protect themselves from ransomware attacks, which can have ripple effects far beyond the company and its customers.

Those include best practices such as multifactor authentication, endpoint detection and response, encryption and a skilled security team. Companies should back up data and regularly test systems, as well as update and patch systems promptly.

Neuberger advised that companies test incident response plans and use a third party to test the security team’s work.

She said it was critical that corporate business functions and production operations be run on separate networks.

(Reporting by Doina Chiacu; Editing by David Holmes and Steve Orlofsky)

U.S., allies urge Facebook not to encrypt messages as they fight child abuse, terrorism

By Joseph Menn, Christopher Bing and Katie Paul

WASHINGTON (Reuters) – The United States and allies are seizing on Facebook Inc’s plan to apply end-to-end encryption across its messaging services to press for major changes to a practice long opposed by law enforcement, saying it hinders the fight against child abuse and terrorism.

The United States, the United Kingdom and Australia plan to sign a special data agreement on Thursday that would fast track requests from law enforcement to technology companies for information about the communications of terrorists and child predators, according to documents reviewed by Reuters.

Law enforcement could get information in weeks or even days instead of the current wait of six months to two years, one document said.

The agreement will be announced alongside an open letter to Facebook and its Chief Executive Mark Zuckerberg, calling on the company to suspend plans related to developing end-to-end encryption technology across its messaging services.

The latest tug-of-war between governments and tech companies over user data could also impact Apple Inc, Alphabet Inc’s Google and Microsoft Corp, as well as smaller encrypted chat apps like Signal.

Washington has called for more regulation and launched anti-trust investigations against many tech companies, criticizing them over privacy lapses, election-related activity and dominance in online advertising.

Child predators have increasingly used messaging applications, including Facebook’s Messenger, in the digital age to groom their victims and exchange explicit images and videos. The number of known child sexual abuse images has soared from thousands to tens of millions in just the past few years.

Speaking at an event in Washington on Wednesday, Associate Attorney General Sujit Raman said the National Center for Missing and Exploited Children received more than 18 million tips of online child sex abuse last year, over 90% of them from Facebook.

He estimated that up to 75% of those tips would “go dark” if social media companies like Facebook were to go through with encryption plans.

Facebook said in a statement that it strongly opposes “government efforts to build backdoors,” which it said would undermine privacy and security.

Antigone Davis, Facebook’s global head of safety, told Reuters the company was looking at ways to prevent inappropriate behavior and stop predators from connecting with children.

This approach “offers us an opportunity to prevent harms in a way that simply going after content doesn’t,” she said.

In practice, the bilateral agreement would empower the UK government to directly request data from U.S. tech companies, which remotely store data relevant to their own ongoing criminal investigations, rather than asking for it via U.S. law enforcement officials.

The effort represents a two-pronged approach by the United States and its allies to pressure private technology companies while making information sharing about criminal investigations faster.

A representative for the U.S. Department of Justice declined to comment.

Susan Landau, a professor of cybersecurity and policy at the Fletcher School of Law and Diplomacy at Tufts University, said disputes over encryption have flared on-and-off since the mid-1990s.

She said government officials concerned with fighting child abuse would be better served by making sure investigators had more funding and training.

“They seem to ignore the low-hanging fruit in favor of going after the thing they’ve been going after for the past 25 years,” she said.

The letter addressed to Zuckerberg and Facebook comes from U.S. Attorney General William Barr, UK Secretary of State for the Home Department Priti Patel and Australian Minister of Home Affairs Peter Dutton.

“Our understanding is that much of this activity, which is critical to protecting children and fighting terrorism, will no longer be possible if Facebook implements its proposals as planned,” the letter reads.

“Unfortunately, Facebook has not committed to address our serious concerns about the impact its proposals could have on protecting our most vulnerable citizens.”

WhatsApp’s global head Will Cathcart wrote in a public internet forum https://news.ycombinator.com/item?id=21100588 on Saturday that the company “will always oppose government attempts to build backdoors because they would weaken the security of everyone who uses WhatsApp including governments themselves.”

That app, which is already encrypted, is also owned by Facebook.

(Reporting by Joseph Menn and Katie Paul in San Francisco and Christopher Bing in Washington; Editing by Lisa Shumaker)

London attacker took steroids before deadly rampage, inquest told

Police officers and forensics investigators and police officers work on Westminster Bridge the morning after an attack by a man driving a car and weilding a knife left five people dead and dozens injured, in London, Britain, March 23, 2017.

LONDON (Reuters) – The man who mowed down pedestrians on London’s Westminster Bridge before killing a police officer outside Britain’s parliament last year had taken steroids beforehand, a London court heard on Monday.

Last March Khalid Masood, 52, killed four people on the bridge before, armed with two carving knives, he stabbed to death an unarmed police officer in the grounds of parliament. He was shot dead at the scene.

It was the first of five attacks on Britain last year which police blamed on terrorism.

A submission to a pre-inquest hearing into the fatalities at London’s Old Bailey Court said there was evidence that Masood had taken anabolic steroids in the hours or days before his death.

“A more specialist pharmaceutical toxicologist … has been instructed to prepare a report addressing how steroid use may have affected Khalid Masood,” the submission by the inquiry’s lawyer Jonathan Hough said.

The hearing also heard from Gareth Patterson, a lawyer representing relatives of four of the victims, who lambasted tech firms over their stance on encryption and failing to remove radicalizing material from websites.

Patterson said families wanted answers about how Masood, who was known to the UK security service MI5, was radicalized and why shortly before his attack, he was able to share an extremist document via WhatsApp.

He said victims’ relatives could not understand “why it is that radicalizing material continues to be freely available on the internet”.

“We do not understand why it’s necessary for WhatsApp, Telegram and these sort of media applications to have end-to-end encryption,” he told the hearing at London’s Old Bailey court.

Patterson told Reuters following the hearing that he was “fed up” of prosecuting terrorism cases which featured encryption and particularly the WhatsApp messaging service.

“How many times do we have to have this?” he said.

The British government has been pressurizing companies to do more to remove extremist content and rein in encryption which they say allows terrorists and criminals to communicate without being monitored by police and spies, while also making it hard for the authorities to track them down.

However, it has met quiet resistance from tech leaders like Facebook, Google and Twitter and critics say ending encryption will weaken security for legitimate actions and open a back door for government snooping.

Samantha Leek, the British government’s lawyer, said the issues over encryption and radicalization were a matter of public policy and too wide for an inquest to consider.

Police say Masood had planned and carried out his attack alone, despite claims of responsibility from Islamic State, although a report in December confirmed he was known to MI5 for associating with extremists, particularly between 2010 and 2012, but not considered a threat.

Coroner Mark Lucraft said the inquest, which will begin in September, would seek to answer “obvious and understandable questions” the families might have.

(Reporting by Michael Holden; editing by Guy Faulconbridge)

Trump administration to order agencies to adopt new email security standards

Jeanette Manfra, Acting Deputy Undersecretary for Cybersecurity at the DHS, testifies about Russian interference in U.S. elections to the Senate Intelligence Committee in Washington, U.S., June 21, 2017.

By Dustin Volz

WASHINGTON (Reuters) – The Trump administration on Monday will order federal agencies to adopt common email security standards in an effort to better protect against hackers, a senior Department of Homeland Security official said.

DHS Assistant Secretary for Cybersecurity Jeanette Manfra, speaking at an event in New York, said the agency would issue a binding directive to require implementation of two cyber security measures, known as DMARC and STARTTLS, intended to guard against email spoofing and phishing attacks.

The new requirements are “discrete steps that have scalable, broad impact” that will improve federal government cyber security, Manfra said.

DMARC, or domain-based message authentication, reporting and conformance, is a popular technical standard that helps detect and block email impersonation, such as when a hacker might try to pose as a government official or agency.

STARTTLS is a form of encryption technology that protects email traveling between servers, making it more difficult for a third-party to intercept.

 

(Reporting by Dustin Volz; Editing by Chizu Nomiyama and Bill Trott)

 

FBI paid more than $1.3 million to break into San Bernardino iPhone

Apple Logo

By Julia Edwards

WASHINGTON (Reuters) – Federal Bureau of Investigation Director James Comey said on Thursday the agency paid more to get into the iPhone of one of the San Bernardino shooters than he will make in the remaining seven years and four months he has in his job.

According to figures from the FBI and the U.S. Office of Management and Budget, Comey’s annual salary as of January 2015 was $183,300. Without a raise or bonus, Comey will make $1.34 million over the remainder of his job.

That suggests the FBI paid the largest ever publicized fee for a hacking job, easily surpassing the $1 million paid by U.S. information security company Zerodium to break into phones.

Speaking at the Aspen Security Forum in London, Comey was asked by a moderator how much the FBI paid for the software that eventually broke into the iPhone.

“A lot. More than I will make in the remainder of this job, which is seven years and four months for sure,” Comey said. “But it was, in my view, worth it.”

The Justice Department said in March it had unlocked the San Bernardino shooter’s iPhone with the help of an unidentified third party and dropped its case against Apple Inc <AAPL.O>, ending a high-stakes legal clash but leaving the broader fight over encryption unresolved.

Comey said the FBI will be able to use software used on the San Bernardino phone on other 5C iPhones running IOS 9 software.

There are about 16 million 5C iPhones in use in the United States, according to estimates from research firm IHS Technology. Eighty-four percent of iOS devices overall are running iOS 9 software, according to Apple.

The FBI gained access to the iPhone used by Rizwan Farook, one of the shooters who killed 14 people in San Bernardino, California on Dec. 2.

The case raised the debate over whether technology companies’ encryption technologies protect privacy or endanger the public by blocking law enforcement access to information.

(Reporting by Julia Edwards in Washington; additional reporting by Julia Love in San Francisco; Editing by Simon Cameron-Moore)

ISIS Using Encryption To Avoid FBI

FBI Director James Comey admitted to lawmakers that ISIS and other terrorist groups are using encryption methods as a way to avoid federal investigators.

“This is not your grandfather’s al Qaeda,” he told a Senate panel.

Comey said that ISIS has been effective in using social media outlets like Twitter where they have over 22,000 English-language followers.

“[It’s like a] devil in their pocket all day long that says ‘Kill, kill, kill,” Comey said.  “There is simply no doubt that bad people can communicate with impunity in a world of universal strong encryption.”

“We cannot break strong encryption,” Comey told lawmakers on the Senate Intelligence Committee. “I think people watch TV and think the bureau can do lots of things. We cannot break strong encryption.”

Comey cited as an example the case of Usaamah Rahim, the Boston man killed when he attacked FBI and Boston Police as they tried to question him.  The agents tracking him couldn’t see his exact plans because they went into an encrypted site.

The FBI calls that “going dark.”

“ISIL does something al-Qaida would never imagine: they test people by tasking them,” Comey told the senators. “Kill somebody and we’ll see if you are really a believer. And these people react in a way that is very difficult to predict. What you saw in Boston is what the experts say is flash-to-bang being very close. You had a guy who was in touch in an encrypted way with these ISIL recruiters and we believe was bent on doing something on July 4th. He woke up one morning, June 2nd, and decided he was going to go kill somebody.”