Cyber alert: EU ministers test responses in first computer war game

Cyber alert: EU ministers test responses in first computer war game

By Robin Emmott

TALLINN (Reuters) – European Union defense ministers tested their ability to respond to a potential attack by computer hackers in their first cyber war game on Thursday, based on a simulated attack on one of the bloc’s military missions abroad.

In the simulation, hackers sabotaged the EU’s naval mission in the Mediterranean and launched a campaign on social media to discredit the EU operations and provoke protests.

Each of the defense ministers tried to contain the crisis over the course of the 90-minute, closed-door exercise in Tallinn that officials sought to make real by creating mock news videos giving updates on an escalating situation.

German Defence Minister Ursula von der Leyen said the “extremely exciting” war game showed the need for EU governments to be more aware of the impact of cyber attacks on critical infrastructure in the EU.

“The adversary is very, very difficult to identify, the attack is silent, invisible,” Von der Leyen told reporters. “The adversary does not need an army, but only a computer with internet connection”.

After a series of global cyber attacks disrupted multinational firms, ports and public services on an unprecedented scale this year, governments are seeking to stop hackers from shutting down more critical infrastructure or crippling corporate and government networks.

“We needed to raise awareness at the political level,” Jorge Domecq, the chief executive of the European Defence Agency that helped organize the exercise with Estonia, told Reuters.

Especially concerned about Russia since it seized Crimea from Ukraine in 2014, Estonia has put cyber security at the forefront of its six-month EU presidency and proposed the exercise.

Estonia was hit by cyber attacks on private and government Internet sites in 2007. One of the world’s most Internet-savvy countries, with 95 percent of government services online, Estonia has a separate cyber command in its armed forces. But it is not without its vulnerabilities.

International researchers have found a security risk with the chips embedded in Estonian identity cards that could allow hackers to steal people’s identities, although officials said there was no evidence of a hack.

INCIDENT, THREAT OR ATTACK?

NATO last year recognized cyberspace as a domain of warfare and said it justified activating the alliance’s collective defense clause. The European Union has broadened its information-sharing between governments and is expected to present a new cyber defense plan.

The EU exercise made ministers consider how to work more closely with NATO, whose Secretary-General Jens Stoltenberg was there as an observer, diplomats present said.

“Over the last year, we saw a 60 percent increase in the number of cyber attacks against NATO networks,” Stoltenberg told reporters. “A timely exchange of information (with the EU) is key to responding to any cyber attacks.”

EU cyber exercises are not new, but officials said the idea of Thursday’s exercise was to put the onus on defense ministers to act by simulating a temporary loss of military operational command, even if they would have more support in a real-life situation.

Using tablet computers, ministers answered multiple-choice questions as they reacted to the situation, including some on whether they would make public statements or keep the situation secret.

“Do you announce to the whole country that you are under a cyber attack. Is it an incident, a threat or an attack? These are the questions that ministers were forced to consider, probably for the first time,” Estonian Defence Minister Juri Luik told Reuters.

(Reporting by Robin Emmott; Editing by Hugh Lawson)

Hackers gain entry into U.S., European energy sector, Symantec warns

Hackers gain entry into U.S., European energy sector, Symantec warns

By Dustin Volz

WASHINGTON (Reuters) – Advanced hackers have targeted United States and European energy companies in a cyber espionage campaign that has in some cases successfully broken into the core systems that control the companies’ operations, according to researchers at the security firm Symantec.

Malicious email campaigns have been used to gain entry into organizations in the United States, Turkey and Switzerland, and likely other countries well, Symantec said in a report published on Wednesday.

The cyber attacks, which began in late 2015 but increased in frequency in April of this year, are probably the work of a foreign government and bear the hallmarks of a hacking group known as Dragonfly, Eric Chien, a cyber security researcher at Symantec, said in an interview.

The research adds to concerns that industrial firms, including power providers and other utilities, are susceptible to cyber attacks that could be leveraged for destructive purposes in the event of a major geopolitical conflict.

In June the U.S. government warned industrial firms about a hacking campaign targeting the nuclear and energy sectors, saying in an alert seen by Reuters that hackers sent phishing emails to harvest credentials in order to gain access to targeted networks.

Chien said he believed that alert likely referenced the same campaign Symantec has been tracking.

He said dozens of companies had been targeted and that a handful of them, including in the United States, had been compromised on the operational level. That level of access meant that motivation was “the only step left” preventing “sabotage of the power grid,” Chien said.

However, other researchers cast some doubt on the findings.

While concerning, the attacks were “far from the level of being able to turn off the lights, so there’s no alarmism needed,” said Robert M. Lee, founder of U.S. critical infrastructure security firm Dragos Inc, who read the report.

Lee called the connection to Dragonfly “loose.”

Dragonfly was previously active from around to 2011 to 2014, when it appeared to go dormant after several cyber firms published research exposing its attacks. The group, also known as Energetic Bear or Koala, was widely believed by security experts to be tied to the Russian government.

Symantec did not name Russia in its report but noted that the attackers used code strings that were in Russian. Other code used French, Symantec said, suggesting the attackers may be attempting to make it more difficult to identify them.

(Reporting by Dustin Volz; Editing by Leslie Adler)

Kenya opposition leader says election website hacked to show president in lead

Riot policemen deploy after demonstrators supporting opposition leader Raila Odinga, burned tyres after their political leader claimed "massive" fraud in this week's elections, in Kisumu, Kenya August 9, 2017. REUTERS/James Keyi

By Humphrey Malalo and Duncan Miriri

NAIROBI (Reuters) – Kenya’s opposition leader Raila Odinga said on Wednesday the election commission’s computer system was hacked and fake results posted to show President Uhuru Kenyatta with a strong lead in a case of massive fraud.

The election commission said Tuesday’s vote was free and fair and it was investigating whether or not its computer systems and vote-tallying database had been compromised.

Odinga’s comments raised concerns of unrest over the results in Kenya, East Africa’s leading economy and a regional hub. Around 1,200 people died in violence after a disputed election in 2007.

Speaking at a news conference, Odinga urged his supporters to remain calm, but added: “I don’t control the people”. His deputy Kalonzo Musyoka also called for calm but said the opposition might call for “action” at a later date. He gave no details.

Shortly after Odinga spoke, police fired teargas to scatter a group of around 100 supporters in the western city of Kisumu, an opposition stronghold. The unarmed men had been chanting “No Raila, no peace”.

As of 1100 GMT, the election commission website put Kenyatta in front with 54.3 percent of votes counted to 45 percent for Odinga – a margin of nearly 1.4 million ballots with more than 95 percent of polling stations reported.

Odinga published his own party’s assessment of the count on Twitter, saying he had 8.1 million votes against 7.2 million for Kenyatta.

The main local election monitoring group said its parallel vote tally was incomplete so it could not comment on the differing figures. Foreign observer missions declined to comment.

Kenyatta, a 55-year-old businessman seeking a second five-year term, had held a steady lead of around 10 percent since the start of counting after the peaceful vote, the culmination of a hard-fought contest between the heads of Kenya’s two political dynasties.

Odinga, 72, a former political prisoner and self-described leftist, described the reported hack as an attack on Kenya’s democracy and published 50 pages of computer logs on his Facebook page to support his claims.

POLLING STATIONS

Despite its multimillion dollar electronic voting system, the crucial evidence on voting comes from the paper forms signed at each of the country’s 41,000 polling stations.

Results in each polling station are recorded on a form – known as 34A – that observers from each party must sign. These should then be scanned, sent to the election board and posted on a website.

The measure is designed to ensure the elections cannot be rigged and parties can cross-check results.

On Wednesday morning, the commission said it had received 28,000 forms so far and was working to make all forms public. Neither the commission nor Odinga supplied forms to back up their numbers.

The Kenya Human Rights Commission, a well-known non-governmental organization, said it had discovered some discrepancies between provisional results on the election commission website and the paper forms.

It cited five examples, including a polling station in western Nandi county where the electoral board’s website recorded 439 rejected votes but the paper form only showed four.

Odinga ran in Kenya’s last two elections and lost, blaming vote rigging following irregularities at both polls.

In 2007, tallying was stopped and the incumbent president declared the winner, triggering an outcry from Odinga’s camp. The ethnic and political violence that followed killed 1,200 people and displaced 600,000.

International Criminal Court cases against Kenyatta and his now-deputy, William Ruto, for helping direct that violence, collapsed as witnesses died or disappeared.

In 2013, Odinga took his concerns to court. This time, he invoked the unsolved torture and murder of a top election official days before the vote to justify his fears of rigging.

“We fear this was exactly the reason Chris Msando was assassinated, so this could happen,” he said.

Hackers may have used Msando’s identity to access the electronic tallying system, Odinga said. The election commission said its password access system was secure.

Kenya’s shilling firmed and bond prices rose on early results, but analysts said gains could be fragile.

“Kenyatta’s provisional win will soothe those investors who feared a leftist shift in economic policy,” said Hasnain Malik, global head of equities research at Exotix Capital.

“The most important issues are ahead of us: Does Odinga concede peacefully? His initial rhetoric suggests there is a risk he does not.”

Kenya’s B+ credit rating and stable outlook won’t be affected by its election as long as there is no repeat of the 2007 violence, the S&P Global agency said.

(Additional reporting by Maggie Fick in Kisumu and Katharine Houreld, George Obultusa, John Ndiso and Rajiv Golla in Nairobi and Marc Jones in London; Writing by Katharine Houreld and Ed Cropley; Editing by Matthew Mpoke Bigg)

Ukraine finally battens down its leaky cyber hatches after attacks

FILE PHOTO: A message demanding money is seen on a monitor of a payment terminal at a branch of Ukraine's state-owned bank Oschadbank after Ukrainian institutions were hit by a wave of cyber attacks earlier in the day, in Kiev, Ukraine, June 27, 2017. REUTERS/Valentyn Ogirenko/File Photo

By Matthias Williams

KIEV (Reuters) – When the chief of Microsoft Ukraine switched jobs to work for President Petro Poroshenko, he found that everyone in the office used the same login password. It wasn’t the only symptom of lax IT security in a country suffering crippling cyber attacks.

Sometimes pressing the spacebar was enough to open a PC, according to Dmytro Shymkiv, who became Deputy Head of the Presidential Administration with a reform brief in 2014.

Today discipline is far tighter in the president’s office. But Ukraine – regarded by some, despite Kremlin denials, as a guinea pig for Russian state-sponsored hacks – is fighting an uphill battle in turning pockets of protection into a national strategy to keep state institutions and systemic companies safe.

As in many aspects of Ukrainian life, corruption is a problem. Most computers run on pirated software, and even when licensed programs are used, they can be years out of date and lack security patches to help keep the hackers at bay.

Three years into the job, Shymkiv is leading the fight back. He has put together a team, led by a former Microsoft colleague, doing drills, sending out email bulletins to educate staff on new viruses and doing practice hacks offsite.

In the early days, staff complacency and resistance to change were as much a problem as insecure equipment.

“I remember the first weeks when we forced people to do a password change,” Shymkiv told Reuters. “My team heard all kind of screams and disrespectful messages … Over three years, it’s a different organization.”

The team’s small office has a screen with dials, charts and a green spider web showing activity on the network. If there is an attack, a voice shouts “major alarm!” in English, a recording the team downloaded from YouTube.

Eliminating bad practices and introducing good ones is the reason, Shymkiv believes, why the presidential administration was immune to a June 27 virus that spread from Ukraine to cause disruption in companies as far away as India and Australia.

But the country still has a long way to go. Since 2014 repeated cyber attacks have knocked out power supplies, frozen supermarket tills, affected radiation monitoring at the stricken Chernobyl nuclear power plant, and forced the authorities to prop up the hryvnia currency after banks’ IT systems crashed.

Even Poroshenko’s election that year was compromised by a hack on the Central Election Commission’s network, trying to proclaim victory for a far-right candidate — a foretaste of alleged meddling in the 2016 U.S. presidential election.

Ukraine believes the attacks are part of Russia’s “hybrid war” waged since protests in 2014 moved Ukraine away from Moscow’s orbit and closer to the West. Moscow has denied running hacks on Ukraine.

Shymkiv said the task is to “invest in my team, and upgrade them, and teach them, and connect them with other organizations who are doing the right things”.

“If you do nothing like this, you probably will be wiped out,” he added.

The head of Shymkiv’s IT team, Roman Borodin, said the administration is hit by denial-of-service (DDoS) attacks around once every two weeks, and by viruses specifically designed to target it. The hackers seem mainly interested in stealing information from the defense and foreign relations departments, Borodin told Reuters in his first ever media interview.

HONOR AT STAKE

Bruised by past experiences, Ukraine is protecting itself better.

Finance Minister Oleksandr Danylyuk told Reuters his ministry overhauled security after a hack in November crashed 90 percent of its network at the height of budget preparations.

Officials couldn’t log into the system that manages budget transactions for 48 hours, something that played on Danylyuk’s mind as he addressed the Verkhovna Rada or parliament.

“Imagine that, knowing this, I went to the Verkhovna Rada to present the budget – the main financial document on which 45 million people live – and at the same time I was thinking about how to save not only the document itself, but also the honor of the ministry,” he said.

“I understood that if I showed even the slightest hint of our nervousness, the organizers of the attack would achieve their goal.”

Consultants uncovered familiar weaknesses: the budget system operated on a platform dating from 2000, and the version of the database management system should have been upgraded in 2006.

The ministry is introducing new systems to detect anomalies and to improve data protection. “We’re completely revising and restructuring the ministry’s IT landscape,” Danylyuk said.

The ministry emerged unscathed from the June 27 attack. Others weren’t so lucky: Deputy Prime Minister Pavlo Rozenko tweeted a picture of a crashed computer in the cabinet office that same day.

Ukraine is also benefiting from help from abroad.

A cyber police force was set up in 2015 with British funding and training in a project coordinated by the Organization for Security and Co-operation in Europe (OSCE).

While Ukraine is not a NATO member, the Western alliance supplied equipment to help piece together who was behind the June attack and is helping the army set up a cyber defense unit.

Ukraine shares intelligence with neighboring Moldova, another ex-Soviet state that has antagonized Moscow by moving closer to the West and complains of persistent Russian cyber attacks on its institutions.

“At the beginning of this year we had attacks on state-owned enterprises. If it were not for cooperation with the guys from Moldova, we would not have identified these criminals,” Serhiy Demedyuk, the head of the Ukrainian cyber police, told Reuters.

Demedyuk said the attack had been staged by a Russian citizen using a server in Moldova, but declined to give further details.

LAYING DOWN THE LAW

While there has been progress in some areas, Ukraine is still fighting entrenched problems. No less than 82 percent of software is unlicensed, compared with 17 percent in the United States, according to a 2016 survey by the Business Software Alliance, a Washington-based industry group.

Experts say pirated software was not the only factor in the June attack, which also hit up-to-date computers, but the use of unlicensed programs means security patches which could limit the rapid spread of such infections cannot be applied.

Ukraine ranked 60 out of 63 economies in a 2017 survey on digital competitiveness by the International Institute for Management Development. The low ranking is tied to factors such as a weak regulatory framework.

Another problem is that Ukraine has no single agency in charge of ensuring that state bodies and companies of national importance, such as banks, are protected.

This surfaced on June 27, when the NotPetya virus penetrated the company that produces M.E.Doc, an accounting software used by around 80 percent of Ukrainian businesses.

“Locally, the weak spot is accounting, but more generally it is the lack of cyber defenses at a government level. There aren’t agencies analyzing risks at a government level,” said Aleksey Kleschevnikov, the owner of internet provider Wnet, which hosted M.E.Doc’s servers.

Valentyn Petrov, head of the information security department at the National Security and Defence Council, said the state cannot interfere with companies’ security.

“It’s a total disaster from our perspective,” he told Reuters. “All state companies, including state banks, have suffered from attacks, and we really have no influence on them – neither on issuing regulations or checking how they fulfill these regulations.”

Poroshenko signed a decree in February to improve protection of critical institutions. This proposed legislation to spell out which body was in charge of coordinating cyber security and a unified methodology for assessing threats.

The law failed to gather enough votes the day before parliament’s summer recess in July, and MPs voted against extending the session. Shymkiv called that a “big disgrace”.

He added that in many ministries and firms, “we’ve seen very little attention to the IT infrastructures, and it’s something that’s been lagging behind for years”.

Attitudes can be slow to change. Borodin said a policy at the administration to lock computer screens after 15 minutes of inactivity was greeted with indignation. One staffer pointed out that their room was protected by an armed guard.

The staffer said “‘I have a guy with a weapon in my room. Who can steal information from this computer?'” Borodin recounted.

(Additional reporting by Pavel Polityuk, Jack Stubbs, Natalia Zinets and Margaryta Chornokondratenko in Kiev, Eric Auchard in Frankfurt and David Mardiste in Tallinn; editing by David Stamp)

Flush times for hackers in booming cyber security job market

A recruiter advertises a QR code to attract hackers to apply for jobs at the Black Hat security conference in Las Vegas, Nevada, U.S. July27, 2017. REUTERS/Joseph Menn

By Joseph Menn and Jim Finkle

LAS VEGAS (Reuters) – The surge in far-flung and destructive cyber attacks is not good for national security, but for an increasing number of hackers and researchers, it is great for job security.

The new reality is on display in Las Vegas this week at the annual Black Hat and Def Con security conferences, which now have a booming side business in recruiting.

“Hosting big parties has enabled us to meet more talent in the community, helping fill key positions and also retain great people,” said Jen Ellis, a vice president with cybersecurity firm Rapid7 Inc, which filled the hip Hakkasan nightclub on Wednesday at one of the week’s most popular parties.

Twenty or even 10 years ago, career options for technology tinkerers were mostly limited to security firms, handfuls of jobs inside mainstream companies, and in government agencies.

But as tech has taken over the world, the opportunities in the security field have exploded.

Whole industries that used to have little to do with technology now need protection, including automobiles, medical devices and the ever-expanding Internet of Things, from thermostats and fish tanks to home security devices.

More insurance companies now cover breaches, with premiums reduced for strong security practices. And lawyers are making sure that cloud providers are held responsible if a customer’s data is stolen from them and otherwise pushing to hold tech companies liable for problems, meaning they need security experts too.

The non-profit Center for Cyber Safety and Education last month predicted a global shortage of 1.8 million skilled security workers in 2022. The group, which credentials security professionals, said that a third of hiring managers plan to boost their security teams by at least 15 percent.

For hackers who prefer to pick things apart rather than stand guard over them, an enormous number of companies now offer “bug bounties,” or formal rewards, for warnings about vulnerabilities that leave them exposed to criminals or spies.

One of the outside firms that handle such programs, HackerOne, said it has paid out $18.8 million since 2014 to fix 50,140 bugs, with about half of that work done in the past year.

Mark Litchfield made it into the firm’s “Hacker Hall of Fame” last year by being the first to pull in more than $500,000 in bounties through the platform, well more than he earned at his last full-time security job, at consulting firm NCC Group.

In the old days, “The only payout was publicity, free press,” Litchfield said. “That was the payoff then. The payoff now is literally to be paid in dollars.”

There are other emerging ways to make money too. Justine Bone’s medical hacking firm, MedSec, took the unprecedented step last year of openly teaming with an investor who was selling shares short, betting that they would lose value.

It was acrimonious, but St Jude Medical ultimately fixed its pacemaker monitors, which could have been hacked, and Bone predicted others will try the same path.

“Us cyber security nerds have spent most of our careers trying to make the world a better place by engaging with companies, finding bugs which companies may or may not repair,” Bone said.

“If we can take our expertise out to customers, media, regulators, nonprofits and think tanks and out to the financial sector, the investors and analysts, we start to help companies understand in terms of their external environment.”

Chris Wysopal, co-founder of code auditor Veracode, bought in April by CA Technologies, said that he was initially skeptical of the MedSec approach but came around to it, in part because it worked. He appeared at Black Hat with Bone.

“Many have written that the software and hardware market is dysfunctional, a lemon market, because buyers don’t know how insecure the products they purchase are,” Wysopal said in an interview.

“I’d like to see someone fixing this broken market. Profiting off of that fix seems like the best approach for a capitalism-based economy.”

(Reporting by Joseph Menn and Jim Finkle; additional reporting by Dustin Volz; Editing by Jonathan Weber and Grant McCool)

Half of German companies hit by sabotage, spying in last two years, BSI says

FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on March 1, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

BERLIN (Reuters) – More than half the companies in Germany have been hit by spying, sabotage or data theft in the last two years, the German IT industry association Bitkom said on Friday, and estimated the attacks caused around 55 billion euros’ worth of damage a year.

Several high-profile attacks have occurred recently, such as the WannaCry ransomware attacks in May and a virus dubbed “NotPetya” that halted production at some companies for more than a week. Others lost millions of euros to organized crime in a scam called “CEO Fraud”.

Some 53 percent of companies in Germany have been victims of industrial espionage, sabotage or data theft in the last two years, Bitkom found – up from 51 percent in a 2015 study.

At the same time, the damage caused rose by 8 percent to around 55 billion euros a year, the survey of 1,069 managers and people responsible for security in various sectors found.

Arne Schoenbohm, president of Germany’s BSI federal cyber agency, said many big companies and especially those operating critical infrastructure were generally well-prepared for cyber attacks. But many smaller and medium-sized companies did not take the threat seriously enough, he said.

“The high number of companies affected clearly shows that we still have work to do on cyber security in Germany,” he said in a statement on Friday.

The BSI urged companies in Europe’s largest economy to make information security a top priority and said all companies need to report serious IT security incidents, even if anonymously.

Schoenbohm told Reuters in an interview that hardware and software makers should do their part to shore up cyber security and patch weaknesses in software more quickly once identified.

“There’s still a lot of work to be done,” he said. “We have to be careful that we don’t focus solely on industry and computer users, but also look at the producers and quality management.”

Some 62 percent of companies affected found those behind the attacks were either current or former employees. Forty-one percent blamed competitors, customers, suppliers or service providers for the attacks, Bitkom said.

Foreign intelligence agencies were found to be responsible in 3 percent of the cases, it said.

Twenty-one percent believed hobby hackers were responsible while 7 percent attributed attacks to organized crime.

(Reporting by Michelle Martin, Andrea Shalal and Thorsten Severin; Editing by Larry King and Hugh Lawson)

German military aviation command launches cyber threat initiative

A German Air Force piolt poses inside the cockpit of an Airbus A400M military aircraft at the ILA Berlin Air Show in Schoenefeld, south of Berlin, Germany, June 1, 2016. Picture taken with a fish-eye lens. REUTERS/Fabrizio Bensch

By Andrea Shalal

BERLIN (Reuters) – The German military’s aviation safety chief has launched a new initiative against cyber threats, citing research that he said shows hackers can commandeer military airplanes with the help of equipment that costs about 5,000 euros ($5,700).

A defense ministry spokesman told Reuters that development of new “aviation cyber expertise” would cover everything from raising consciousness about cyber threats to technical research projects and equipping aircraft with protective systems.

State Secretary Katrin Suder had backed the idea, which Major General Ansgar Rieks, head of the German Military Aviation Authority, proposed in a letter in June, the spokesman said.

Rieks said last week that he was unnerved by a demonstration by the government-funded German Aerospace Center (DLR) in Bavaria showing hackers could take control of an aircraft with inexpensive equipment.

“That frightens me. I wrote to the state secretary about it and said doing nothing would amount to gross negligence,” he said at a talk at a conference in Bueckeburg, Germany. He said the issue was also a vital concern for civil aviation.

He said military officials needed to focus not just on potential problems with computer software, but should also work to “ensure that airplanes cannot be taken over from the ground, or possibly by a passenger in the air”.

A spokesman for the DLR, which has studied aviation cyber security extensively, had no immediate comment on the issue.

Germany’s military this year launched a new cyber command that groups cyber units from across the military, which will also involved in the new aviation cyber initiative.

Cyber resilience – making sure that systems can survive a cyber attack and keep functioning – was a major topic during a conference at Bundeswehr University Munich last month, the DLR spokesman said.

Germany’s military is also working on the aviation cyber issue within the European Union and NATO, he said.

Concerns about cyber attacks on aircraft and in the broader aviation sector have grown sharply in recent years with a growing barrage of attacks and breaches against other sectors.

Many experts fear that the aviation industry has not kept pace with the threat hackers pose to increasingly computer-connected airplanes.

Rapid adoption of communication protocols similar to those used on the internet to connect cockpits, cabins and ground controls, have left air traffic open to vulnerabilities bedevilling other sectors such as finance and oil and gas.

(Reporting by Andrea Shalal; Editing by Louise Ireland)

Foreign hackers probe European critical infrastructure networks

Cables and computers are seen inside a data centre at an office in the heart of the financial district in London, Britain

By Mark Hosenball

LONDON (Reuters) – Cyber attackers are regularly trying to attack data networks connected to critical national infrastructure systems around Europe, according to current and former European government sources with knowledge of the issue.

The sources acknowledged that European infrastructure data networks face regular attacks similar to those which the Washington Post newspaper said on Sunday had been launched by Russian government hackers against business systems of U.S. nuclear power and other companies involved in energy production.

One former senior British security official said it was an “article of faith” that Russian government hackers were seeking to penetrate UK critical infrastructure though the official said he could not cite public case studies.

A European security source acknowledged that UK authorities were aware of the latest reports about infrastructure hacking attempts and that British authorities were in regular contact with other governments over the attacks.

UK authorities declined to comment on the extent of any such attempted or successful attacks in Britain or elsewhere in Europe or to discuss what possible security measures governments and infrastructure operators might be taking.

The Washington Post said recent attempted Russian hacking attacks on infrastructure related systems in the United States appeared to be an effort to “assess” such networks.

But there was no evidence that hackers had actually penetrated or disrupted key systems controlling operations at nuclear plants.

The Post cited several U.S. and industry officials saying that this was the first time hackers associated with the Russian government are known to have tried to get into US nuclear power companies.

The newspaper said that in late June the Federal Bureau of Investigations (FBI) and the U.S. Homeland Security Department warned energy companies that unnamed foreign hackers were trying to steal login and password information so they could hack into networks.

U.S. officials have acknowledged that many key computer systems which run critical infrastructure ranging from power grids to transportation networks originally were not built with strong security protection against outside hackers.

Security experts in the U.S. and Europe acknowledge that the development and evolution of security measures to protect critical infrastructure system against outside intruders has often run behind the ability of hackers to invent tools to get inside such systems.

 

(Editing by Richard Balmforth)

 

Private not state hackers likely to have targeted UK parliament: sources

FILE PHOTO - The Union Flag flies near the Houses of Parliament in London, Britain, June 7, 2017. REUTERS/Clodagh Kilcoyne/File Photo

LONDON (Reuters) – A cyber attack on email accounts of British lawmakers last month is likely to have been by amateur or private hackers rather than state-sponsored, European government sources said.

The private email accounts of up to 90 of the 650 members of Britain’s House of Commons were targeted in late June, with some news reports suggesting that the attack was carried out by a foreign government, such as Russia.

However, cyber security experts had found that the hackers only managed to access accounts of lawmakers who used primitive and easily discovered passwords, the sources, who are familiar with the investigations into the attacks, said.

It remains unclear who did carry out the attack, they added.

Investigators hope the hack will convince politicians and other public figures to use more sophisticated passwords for their email and other online activities.

British authorities are not commenting publicly on the progress of investigations, but an official cautioned after the hack was discovered that “cyber threats to the UK come from criminals, terrorists, hacktivists as well as nation states.”

(Reporting by Mark Hosenball; Editing by Alexander Smith)

Ransomware virus hits computer servers across the globe

A message demanding money is seen on a monitor of a payment terminal at a branch of Ukraine's state-owned bank Oschadbank after Ukrainian institutions were hit by a wave of cyber attacks earlier in the day, in Kiev, Ukraine, June 27, 2017. REUTERS/Valentyn Ogirenko

By Jack Stubbs and Pavel Polityuk

MOSCOW/KIEV (Reuters) – A ransomware attack hit computers across the world on Tuesday, taking out servers at Russia’s biggest oil company, disrupting operations at Ukrainian banks, and shutting down computers at multinational shipping and advertising firms.

Cyber security experts said those behind the attack appeared to have exploited the same type of hacking tool used in the WannaCry ransomware attack that infected hundreds of thousands of computers in May before a British researcher created a kill-switch.

“It’s like WannaCry all over again,” said Mikko Hypponen, chief research officer with Helsinki-based cyber security firm F-Secure.

He said he expected the outbreak to spread in the Americas as workers turned on vulnerable machines, allowing the virus to attack. “This could hit the U.S.A. pretty bad,” he said.

The U.S. Department of Homeland Security said it was monitoring reports of cyber attacks around the world and coordinating with other countries.

The first reports of organizations being hit emerged from Russia and Ukraine, but the impact quickly spread westwards to computers in Romania, the Netherlands, Norway, and Britain.

Within hours, the attack had gone global.

Danish shipping giant A.P. Moller-Maersk, which handles one out of seven containers shipped globally, said the attack had caused outages at its computer systems across the world on Tuesday, including at its terminal in Los Angeles.

Pharmaceutical company Merck & Co said its computer network had been affected by the global hack.

A Swiss government agency also reported computer systems were affected in India, though the country’s cyber security agency said it had yet to receive any reports of attacks.

“DON’T WASTE YOUR TIME”

After the Wannacry attack, organizations around the globe were advised to beef up IT security.

“Unfortunately, businesses are still not ready and currently more than 80 companies are affected,” said Nikolay Grebennikov, vice president for R&D at data protection firm Acronis.

One of the victims of Tuesday’s cyber attack, a Ukrainian media company, said its computers were blocked and it had a demand for $300 worth of the Bitcoin crypto-currency to restore access to its files.

“If you see this text, then your files are no longer accessible, because they have been encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service,” the message said, according to a screenshot posted by Ukraine’s Channel 24.

The same message appeared on computers at Maersk offices in Rotterdam and at businesses affected in Norway.

Other companies that said they had been hit by a cyber attack included Russian oil producer Rosneft, French construction materials firm Saint Gobain and the world’s biggest advertising agency, WPP – though it was not clear if their problems were caused by the same virus.

“The building has come to a standstill. It’s fine, we’ve just had to switch everything off,” said one WPP employee who asked not to be named.

WANNACRY AGAIN

Cyber security firms scrambled to understand the scope and impact of the attacks, seeking to confirm suspicions hackers had leveraged the same type of hacking tool exploited by WannaCry, and to identify ways to stop the onslaught.

Experts said the latest ransomware attacks unfolding worldwide, dubbed GoldenEye, were a variant of an existing ransomware family called Petya.

It uses two layers of encryption which have frustrated efforts by researchers to break the code, according to Romanian security firm Bitdefender.

“There is no workaround to help victims retrieve the decryption keys from the computer,” the company said.

Russian security software maker Kaspersky Lab, however, said its preliminary findings suggested the virus was not a variant of Petya but a new ransomware not seen before.

Last’s month’s fast-spreading WannaCry ransomware attack was crippled after a 22-year-old British security researcher Marcus Hutchins created a so-called kill-switch that experts hailed as the decisive step in slowing the attack.

Any organization that heeded strongly worded warnings in recent months from Microsoft Corp to urgently install a security patch and take other steps appeared to be protected against the latest attacks.

Ukraine was particularly badly hit, with Prime Minister Volodymyr Groysman describing the attacks on his country as “unprecedented”.

An advisor to Ukraine’s interior minister said the virus got into computer systems via “phishing” emails written in Russian and Ukrainian designed to lure employees into opening them.

According to the state security agency, the emails contained infected Word documents or PDF files as attachments.

Yevhen Dykhne, director of the Ukrainian capital’s Boryspil Airport, said it had been hit. “In connection with the irregular situation, some flight delays are possible,” Dykhne said in a post on Facebook. A Reuters reporter who visited the airport late on Tuesday said flights were operating as normal.

Ukrainian Deputy Prime Minister Pavlo Rozenko said the government’s computer network had gone down and the central bank said a operation at a number of banks and companies, including the state power distributor, had been disrupted by the attack.

“As a result of these cyber attacks these banks are having difficulties with client services and carrying out banking operations,” the central bank said in a statement.

Russia’s Rosneft, one of the world’s biggest crude producers by volume, said its systems had suffered “serious consequences” from the attack. It said it avoided any impact on oil production by switching to backup systems.

The Russian central bank said there were isolated cases of lenders’ IT systems being infected by the cyber attack. One consumer lender, Home Credit, had to suspend client operations.

(Additional reporting by European bureaux and Jim Finkle in Toronto; writing by Christian Lowe; editing by David Clarke)