Senators accuse Yahoo of ‘unacceptable’ delay in hack discovery

Yahoo CEO Marissa Mayer delivers her keynote address at the annual Consumer Electronics Show (CES) in Las Vegas, Nevada

By Dustin Volz

WASHINGTON (Reuters) – Six Democratic U.S. senators on Tuesday said it was “unacceptable” that Yahoo only last week announced a 2014 hack into 500 million user accounts and asked embattled CEO Marissa Mayer for more information about the company’s investigation into the data breach.

The lawmakers said they were “disturbed” the two-year-old intrusion was detected so long after the hack occurred.

“That means millions of Americans’ data may have been compromised for two years,” the senators wrote in a joint letter addressed to Mayer. “This is unacceptable.”

Yahoo did not immediately respond to a request for comment about the letter.

Yahoo has faced mounting questions about exactly when it knew about the 2014 cyber attack that exposed the email credentials of users, a critical issue for the company as it seeks to prevent the breach from affecting a pending takeover of its core business by Verizon Inc.

The internet firm has said it detected the breach this summer after conducting a security review prompted by an unrelated hack claim that turned out to be meritless. Yahoo has not given a precise timeline explaining when it was made aware of the 2014 attack, or if it knew of the breach before announcing the deal with Verizon in late July.

The senators requested a briefing from Yahoo to explain the company’s investigation into the breach, its cooperation with law enforcement and national security authorities, and plans to protect affected users.

The letter was signed by Senators Patrick Leahy, Al Franken, Elizabeth Warren, Richard Blumenthal, Ron Wyden and Edward Markey.

The senators asked Mayer for a timeline of the hack and its discovery and how such a large breach went undetected for so long. They also asked what Yahoo was doing to prevent another breach in the future, if the company has changed its security protocols, and whether the U.S. government had warned of a possible hacking attempt.

The letter came a day after Democratic Senator Mark Warner asked the U.S. Securities and Exchange Commission to investigate whether Yahoo and its senior executives fulfilled obligations to inform investors and the public about the hacking attack, which Yahoo has blamed on a “state-sponsored actor.”

(Reporting by Dustin Volz; Editing by Chizu Nomiyama and Andrew Hay)

Democratic Party says it was hacked again, blames Russians

nternet LAN cables are pictured in this photo illustration taken in Sydney June 23, 2011. Australia cleared a key hurdle on Thursday in setting up a $38 billion high-speed broadband system after phone operator Telstra agreed to rent out its network for the nation's biggest infrastructure project in decades.

WASHINGTON (Reuters) – The head of the Democratic National Committee said on Tuesday the organization had been hacked by Russian state-sponsored agents who were trying to influence the U.S. presidential election, after a similar leak in July roiled the party.

A link to the documents was posted on WikiLeaks’ Twitter account and attributed to alleged hacker Guccifer 2.0. The release came during a presentation on Tuesday from a person speaking on behalf of Guccifer 2.0 at a London cyber security conference, Politico reported.

Reuters could not immediately access the documents.

“There’s one person who stands to benefit from these criminal acts, and that’s (Republican presidential nominee) Donald Trump,” DNC interim Chair Donna Brazile said in a statement.

“Not only has Trump embraced (Russian President Vladimir)Putin, he publicly encouraged further Russian espionage to help his campaign,” she said.

Trump in July invited Russia to dig up emails from Clinton’s time as secretary of state, prompting Democrats to accuse him of urging foreigners to spy on Americans. He later said he was speaking sarcastically.

The Trump campaign did not immediately respond to a request for comment.

Debbie Wasserman Schultz resigned as DNC chair on the eve of July’s Democratic National Convention after WikiLeaks published an earlier trove of hacked DNC emails that showed party officials favoring eventual nominee Hillary Clinton over U.S. Senator Bernie Sanders during the party’s nominating contests. Three other senior officials also stepped down from the DNC after the leak.

“We have been anticipating that an additional batch of documents stolen by Russian agents would be released,” said Brazile, who took over from Wasserman Schultz on an interim basis.

Democratic Party sources said the party and Clinton’s presidential campaign were deeply concerned about possible publication by WikiLeaks or other hackers of a new torrent of potentially embarrassing party information ahead of the Nov. 8 election.

(Reporting by Eric Beech and Mark Hosenball; Editing by Peter Cooney)

Russians suspected in hack of New York Times, other U.S. media

The sun peaks over the New York Times Building in New York

WASHINGTON (Reuters) – The FBI and other U.S. security agencies are investigating cyber breaches targeting reporters at the New York Times and other U.S. news organizations that are thought to have been carried out by hackers working for Russian intelligence, CNN reported on Tuesday, citing unnamed U.S. officials.

“Investigators so far believe that Russian intelligence is likely behind the attacks and that Russian hackers are targeting news organizations as part of a broader series of hacks that also have focused on Democratic Party organizations, the officials said,” CNN said.

Reuters could not immediately confirm the report. The FBI declined to comment, and representatives for the U.S. Secret Service, which has a role in protecting the country from cyber crime, did not immediately reply to a request for comment.

The intrusions were detected in recent months, according to CNN. Citing the U.S. officials, it said the Times had hired private security investigators to work with national security officials in assessing the breach.

Representatives for the Times could not be immediately reached for comment.

News of the cyber attack comes amid a wave of similar attacks targeting major U.S. political parties that have surfaced in recent weeks ahead of the Nov. 8 presidential election.

The Democratic National Committee, Democratic presidential candidate Hillary Clinton’s campaign and the party’s congressional fundraising committee have all been affected.

Hackers have also targeted the computer systems of Republican presidential candidate Donald Trump and Republican Party organizations, sources have told Reuters.

If confirmed, the breach at the Times would not be the first time foreign hackers infiltrated a news organization: media are frequently targeted in an order to glean insights into U.S. policies or to spy on journalists.

In 2013, a group of hackers known as the Syrian Electronic Army also attacked Times and other media outlets. Chinese attackers also infiltrated the Times that year.

(Reporting by Dustin Volz, John Walcott and Mohammad Zargham in Washington, and Jessica Toonkel in New York; Writing by Susan Heavey; Editing by Jonathan Oatis and Frances Kerry)

FBI took months to warn Democrats of suspected Russian role in hack

A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris April

By Mark Hosenball, John Walcott and Joseph Menn

WASHINGTON/SAN FRANCISCO (Reuters) – The FBI did not tell the Democratic National Committee that U.S officials suspected it was the target of a Russian government-backed cyber attack when agents first contacted the party last fall, three people with knowledge of the discussions told Reuters.

And in months of follow-up conversations about the DNC’s network security, the FBI did not warn party officials that the attack was being investigated as Russian espionage, the sources said.

The lack of full disclosure by the FBI prevented DNC staffers from taking steps that could have reduced the number of   confidential emails and documents stolen, one of the sources said. Instead, Russian hackers whom security experts believe are affiliated with the Russian government continued to have access to Democratic Party computers for months during a crucial phase in the U.S. presidential campaign, the source said.

As late as June, hackers had access to DNC systems and the network used by the Democratic Congressional Campaign Committee, a group that raises money for Democratic candidates and shares an office with the DNC in Washington, people with knowledge of the cases have said.

A spokeswoman for the FBI said she could not comment on a current investigation. The DNC did not respond to requests for comment.

In its initial contact with the DNC last fall, the FBI instructed DNC personnel to look for signs of unusual activity on the group’s computer network, one person familiar with the matter said. DNC staff examined their logs and files without finding anything suspicious, that person said.

When DNC staffers requested further information from the FBI to help them track the incursion, they said the agency declined to provide it. In the months that followed, FBI officials spoke with DNC staffers on several other occasions but did not mention the suspicion of Russian involvement in an attack, sources said.

The DNC’s information technology team did not realize the seriousness of the incursion until late March, the sources said. It was unclear what prompted the IT team’s realization.

Emails captured in the DNC hack were leaked on the eve of the July 25-28 Democratic Party convention to name Hillary Clinton as the party’s presidential candidate in the Nov. 8 election against Republican Party nominee Donald Trump.

Those emails exposed bias in favor of Clinton on the part of DNC officials at a time when she was engaged in a close campaign against U.S. Senator Bernie Sanders for the party’s nomination.

The DNC said on Tuesday that three senior officials had resigned after the email embarrassment.

Last week, Debbie Wasserman Schultz stepped down as DNC chairwoman as criticism mounted of her management of the party committee, which is supposed to be neutral.

U.S. officials and private cyber security experts said last week they believed Russian hackers were behind the cyber attack on the DNC. The Obama administration has not yet publicly  declared who it believes is responsible.

Director of National Intelligence James Clapper said last week the U.S. intelligence community was not ready to “make the call on attribution.”

It was not immediately clear how the FBI had learned of the hack against the DNC. One U.S. official with knowledge of the investigation said the agency had withheld information about details of the hacking to protect classified intelligence operations.

“There is a fine line between warning people or companies or even other government agencies that they’re being hacked – especially if the intrusions are ongoing – and protecting intelligence operations that concern national security,” said the official, who spoke on condition of anonymity.

The first internal DNC emails alerting party officials to the seriousness of the suspected hacking were sent in late March, one person said. In May, the DNC contacted California-based cyber security firm CrowdStrike to analyze unusual activity on the group’s network.

The Brooklyn-based Clinton campaign operation was also the target of hacking, people with knowledge of the situation have said. The Clinton campaign has confirmed that a DNC-linked system the campaign used to analyze voter data was compromised.

Yahoo News reported last week that the FBI had warned the Clinton campaign that it was the target of a hack in March, just before the DNC discovered it had been hacked.

Glen Caplin, a Clinton campaign spokesman, said it had taken steps to safeguard its internal information systems.

“Multiple Democratic party organizations, including our campaign and staff, have been the subject of attempted cyber attacks that experts say are Russian intelligence agencies, which enlist some of the most sophisticated hackers in the world,” Caplin said.

(Reporting By Mark Hosenball amd John Walcott in Washington and Joseph Menn in San Francisco; Editing by David Rohde and Grant McCool)

U.S. Democratic congressional group confirms it was hacked

The headquarters of the Democratic National Committee is seen in Washington,

WASHINGTON (Reuters) – The U.S. Democratic Congressional Campaign Committee confirmed on Friday that it had been the target of a cyber security incident similar to other recent attacks, including the theft of documents from the Democratic National Committee.

The DCCC said in a statement that it took immediate action and engaged forensic investigator CrowdStrike to investigate the breach of its systems. The probe is ongoing, it added.

“The DCCC takes this matter very seriously. With the assistance of leading experts we have taken and are continuing to take steps to enhance the security of our network in the face of these recent events,” the committee said in the statement.

“We are cooperating with the federal law enforcement with respect to their ongoing investigation,” it said.

Reuters reported on Thursday that the FBI was investigating a cyber attack against the DCCC that may be related to an earlier hack against the Democratic National Committee.

The potential link to Russian hackers is likely to heighten accusations, so far unproven, that Moscow is trying to meddle in the U.S. presidential election campaign to help Republican nominee Donald Trump.

The Kremlin denied involvement in the DCCC cyber attack.

Hacking of the DNC’s emails caused discord among Democrats at the party’s convention in Philadelphia to nominate Hillary Clinton as its presidential candidate.

(Reporting by Dustin Volz; Writing by David Alexander; Editing by Susan Heavey and Frances Kerry)

Kremlin say allegations it hacked U.S. Democratic Party ‘made up horror stories’

Delegates cheer at the annoucement that Hillary Clinton is named the Democratic Party nominee for president at the Democratic National Convention in Philadelphia

MOSCOW (Reuters) – The Kremlin on Wednesday dismissed allegations Russia had hacked Democratic Party emails as “horror stories” dreamt up by U.S. politicians, saying it never interfered in other countries’ election campaigns.

“Moscow is at pains to avoid any words that could be interpreted as direct or indirect interference in the election process,” Kremlin spokesman Dmitry Peskov told a conference call with reporters.

“… We see that the Russian card is in the red corner on the writing table of all Washington politicians during the election campaign, and that very often they make it a trump card in their game.”

Peskov was responding after U.S. President Barack Obama in an interview with NBC News said it was possible Russia would try to influence the U.S. presidential election after a leak of Democratic National Committee emails that experts have blamed on Russian hackers.

“This reminds me of a company where they tell each other horror stories and then start being frightened of their own stories,” said Peskov.

The Kremlin on Tuesday said unidentified individuals in the United States were trying to cynically exploit fear of Russia for electoral purposes.

(Reporting by Dmitry Solovyov; Editing by Andrew Osborn)