U.S. judge will not force Georgia to use paper ballots despite concerns

FILE PHOTO: Georgia Secretary of State Brian Kemp speaks with visitors to the state capitol about the "SEC primary" involving a group of southern states voting next month in Atlanta, Georgia February 24, 2016. REUTERS/Letitia Stein/File Photo

By Gina Cherelus

(Reuters) – A federal judge will not force Georgia to use paper ballots for the November election, citing the potential for last-minute confusion, but expressed concern that the state’s electronic machines could be vulnerable to hacking.

U.S. District Judge Amy Totenberg said in a ruling late on Monday that while it is important for citizens to know their ballots are properly counted, voters also must rely on a smooth process, especially in a fast-approaching election race.

“Ultimately, any chaos or problems that arise in connection with a sudden rollout of a paper ballot system with accompanying scanning equipment may swamp the polls with work and voters – and result in voter frustration and disaffection from the voting process,” Totenberg said in a 46-page decision.

The state’s November contests include a gubernatorial race that is among the most high-profile in the country. Democrat Stacey Abrams faces Secretary of State Brian Kemp, who is responsible for the state’s elections and is named as a defendant in the lawsuit.

If elected, Abrams would be the first black female governor in the United States.

Georgia is one of five states that use touchscreen machines with no paper record.

Voting rights groups and individual voters sued Georgia officials in 2017, alleging that the electronic machines are highly vulnerable to hacking and cannot be audited or verified. The judge’s decision to reject their request to require paper ballots in November does not affect the underlying lawsuit, which will continue.

An attorney for the plaintiffs, David Cross, said that while they were disappointed the judge had not imposed paper ballots for November, her decision was nevertheless a victory because she agreed the current election system is “woefully inadequate and insecure.”

Georgia has used direct-recording electronic (DRE) voting machines exclusively since 2002. The machines have drawn criticism from various advocacy groups and federal agencies, including U.S. Department of Homeland Security officials who called the systems a “national security concern” in March, according to Totenberg.

“Plaintiffs shine a spotlight on the serious security flaws and vulnerabilities in the state’s DRE system,” Totenberg said in the court order.

A representative from Kemp’s office did not immediately respond to a request for comment on Tuesday. Kemp on Monday said that Georgia’s electronic voting machines are secure and that switching to paper ballots would cause “chaos,” according to the Atlantic Journal-Constitution newspaper.

(Reporting by Gina Cherelus in New York; Editing by Joseph Ax and Susan Thomas)

Exclusive: Iran-based political influence operation – bigger, persistent, global

FILE PHOTO: Silhouettes of mobile users are seen next to a screen projection of Instagram logo in this picture illustration taken March 28, 2018. REUTERS/Dado Ruvic/Illustration

By Jack Stubbs and Christopher Bing

LONDON/WASHINGTON (Reuters) – An apparent Iranian influence operation targeting internet users worldwide is significantly bigger than previously identified, Reuters has found, encompassing a sprawling network of anonymous websites and social media accounts in 11 different languages.

Facebook and other companies said last week that multiple social media accounts and websites were part of an Iranian project to covertly influence public opinion in other countries. A Reuters analysis has identified 10 more sites and dozens of social media accounts across Facebook, Instagram, Twitter and YouTube.

U.S.-based cybersecurity firm FireEye Inc and Israeli firm ClearSky reviewed Reuters’ findings and said technical indicators showed the web of newly-identified sites and social media accounts – called the International Union of Virtual Media, or IUVM – was a piece of the same campaign, parts of which were taken down last week by Facebook Inc, Twitter Inc and Alphabet Inc.

IUVM pushes content from Iranian state media and other outlets aligned with the government in Tehran across the internet, often obscuring the original source of the information such as Iran’s PressTV, FARS news agency and al-Manar TV run by the Iran-backed Shi’ite Muslim group Hezbollah.

PressTV, FARS, al-Manar TV and representatives for the Iranian government did not respond to requests for comment. The Iranian mission to the United Nations last week dismissed accusations of an Iranian influence campaign as “ridiculous.”

The extended network of disinformation highlights how multiple state-affiliated groups are exploiting social media to manipulate users and further their geopolitical agendas, and how difficult it is for tech companies to guard against political interference on their platforms.

In July, a U.S. grand jury indicted 12 Russians whom prosecutors said were intelligence officers, on charges of hacking political groups in the 2016 U.S. presidential election. U.S. officials have said Russia, which has denied the allegations, could also attempt to disrupt congressional elections in November.

Ben Nimmo, a senior fellow at the Atlantic Council’s Digital Forensic Research Lab who has previously analyzed disinformation campaigns for Facebook, said the IUVM network displayed the extent and scale of the Iranian operation.

“It’s a large-scale amplifier for Iranian state messaging,” Nimmo said. “This shows how easy it is to run an influence operation online, even when the level of skill is low. The Iranian operation relied on quantity, not quality, but it stayed undetected for years.”

FURTHER INVESTIGATIONS

Facebook spokesman Jay Nancarrow said the company is still investigating accounts and pages linked to Iran and had taken more down on Tuesday.

“This is an ongoing investigation and we will continue to find out more,” he said. “We’re also glad to see that the information we and others shared last week has prompted additional attention on this kind of inauthentic behavior.”

Twitter referred to a statement it tweeted on Monday shortly after receiving a request for comment from Reuters. The statement said the company had removed a further 486 accounts for violating its terms of use since last week, bringing the total number of suspended accounts to 770.

“Fewer than 100 of the 770 suspended accounts claimed to be located in the U.S. and many of these were sharing divisive social commentary,” Twitter said.

Google declined to comment but took down the IUVM TV YouTube account after Reuters contacted the company with questions about it. A message on the page on Tuesday said the account had been “terminated for a violation of YouTube’s Terms of Service.”

IUVM did not respond to multiple emails or social media messages requesting comment.

The organization does not conceal its aims, however. Documents on the main IUVM website  said its headquarters are in Tehran and its objectives include “confronting with remarkable arrogance, western governments, and Zionism front activities.”

APP STORE AND SATIRICAL CARTOONS

IUVM uses its network of websites – including a YouTube channel, breaking news service, mobile phone app store, and a hub for satirical cartoons mocking Israel and Iran’s regional rival Saudi Arabia – to distribute content taken from Iranian state media and other outlets which support Tehran’s position on geopolitical issues.

Reuters recorded the IUVM network operating in English, French, Arabic, Farsi, Urdu, Pashto, Russian, Hindi, Azerbaijani, Turkish and Spanish.

Much of the content is then reproduced by a range of alternative media sites, including some of those identified by FireEye last week as being run by Iran while purporting to be domestic American or British news outlets.

For example, an article run by in January by Liberty Front Press – one of the pseudo-U.S. news sites exposed by FireEye – reported on the battlefield gains made by the army of Iranian ally Syrian President Bashar al-Assad. That article was sourced to IUVM but actually lifted from two FARS news agency stories.

FireEye analyst Lee Foster said iuvmpress.com, one of the biggest IUVM websites, was registered in January 2015 with the same email address used to register two sites already identified as being run by Iran. ClearSky said multiple IUVM sites were hosted on the same server as another website used in the Iranian operation.

(Reporting by Jack Stubbs in LONDON, Christopher Bing in WASHINGTON; Additional reporting by Bozorgmehr Sharafedin in LONDON; Editing by Damon Darlin and Grant McCool)

More U.S. states deploy technology to track election hacking attempts

FILE PHOTO: A man types into a keyboard during the Def Con hacker convention in Las Vegas, Nevada, U.S. on July 29, 2017. REUTERS/Steve Marcus/File Photo

By Christopher Bing

WASHINGTON (Reuters) – A majority of U.S. states has adopted technology that allows the federal government to see inside state computer systems managing voter data or voting devices in order to root out hackers.

Two years after Russian hackers breached voter registration databases in Illinois and Arizona, most states have begun using the government-approved equipment, according to three sources with knowledge of the deployment. Voter registration databases are used to verify the identity of voters when they visit polling stations.

The rapid adoption of the so-called Albert sensors, a $5,000 piece of hardware developed by the Center for Internet Security https://www.cisecurity.org, illustrates the broad concern shared by state government officials ahead of the 2018 midterm elections, government cybersecurity experts told Reuters.

CIS is a nonprofit organization based in East Greenbush, N.Y., that helps governments, businesses and organization fight computer intrusions.

“We’ve recently added Albert sensors to our system because I believe voting systems have tremendous vulnerabilities that we need to plug; but also the voter registration systems are a concern,” said Neal Kelley, chief of elections for Orange County, California.

“That’s one of the things I lose sleep about: It’s what can we do to protect voter registration systems?”

As of August 7, 36 of 50 states had installed Albert at the “elections infrastructure level,” according to a Department of Homeland Security official. The official said that 74 individual sensors across 38 counties and other local government offices have been installed. Only 14 such sensors were installed before the U.S. presidential election in 2016.

“We have more than quadrupled the number of sensors on state and county networks since 2016, giving the election community as a whole far greater visibility into potential threats than we’ve ever had in the past,” said Matthew Masterson, a senior adviser on election security for DHS.

The 14 states that do not have a sensor installed ahead of the 2018 midterm elections have either opted for another solution, are planning to do so shortly or have refused the offer because of concerns about federal government overreach. Those 14 states were not identified by officials.

But enough have installed them that cybersecurity experts can begin to track intrusions and share that information with all states. The technology directly feeds data about cyber incidents through a non-profit cyber intelligence data exchange and then to DHS.

“When you start to get dozens, hundreds of sensors, like we have now, you get real value,” said John Gilligan, the chief executive of CIS.

“As we move forward, there are new sensors that are being installed literally almost every day. Our collective objective is that all voter infrastructure in states has a sensor.”

Top U.S. intelligence officials have predicted that hackers working for foreign governments will target the 2018 and 2020 elections.

Maria Benson, a spokesperson for the National Association of Secretaries of States, said that in some cases installations have been delayed because of the time spent working out “technical and contractual arrangements.”

South Dakota and Wyoming are among the states without Albert fully deployed to protect election systems, a source with knowledge of the matter told Reuters.

The South Dakota Secretary of State’s office did not respond to a request for comment. The Wyoming Secretary of State’s office said it is currently considering expanding use of the sensors.

(Reporting by Chris Bing; Editing by Damon Darlin and Dan Grebler)

Chinese hackers targeted U.S. firms, government after trade mission: researchers

A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

By Christopher Bing and Jack Stubbs

WASHINGTON/LONDON (Reuters) – Hackers operating from an elite Chinese university probed American companies and government departments for espionage opportunities following a U.S. trade delegation visit to China earlier this year, security researchers told Reuters.

Cybersecurity firm Recorded Future said the group used computers at China’s Tsinghua University to target U.S. energy and communications companies, and the Alaskan state government, in the weeks before and after Alaska’s trade mission to China. Led by Governor Bill Walker, companies and economic development agencies spent a week in China in May.

Organizations involved in the trade mission were subject to focused attention from Chinese hackers, underscoring the tensions around an escalating tit-for-tat trade war between Washington and Beijing.

China was Alaska’s largest foreign trading partner in 2017 with over $1.32 billion in exports.

Recorded Future said in a report to be released later on Thursday that the websites of Alaskan internet service providers and government offices were closely inspected in May by university computers searching for security flaws, which can be used by hackers to break into normally locked and confidential systems.

The Alaskan government was again scanned for software vulnerabilities in June, just 24 hours after Walker said he would raise concerns in Washington about the economic damage caused by the U.S.-China trade dispute.

A Tsinghua University official, reached by telephone, said the allegations were false.

“This is baseless. I’ve never heard of this, so I have no way to give a response,” said the official, who declined to give his name.

Tsinghua University, known as “China’s MIT,” is closely connected to Tsinghua Holdings, a state-backed company focused on the development of various technologies, including artificial intelligence and robotics.

China’s Defense Ministry did not respond to a request for comment.

Recorded Future gave a copy of its report to law enforcement. The FBI declined to comment.

It is unclear whether the targeted systems were compromised, but the highly focused, extensive and peculiar scanning activity indicates a “serious interest” in hacking them, said Priscilla Moriuchi, director of strategic threat development at Recorded Future and former head of the National Security Agency’s East Asia and Pacific cyber threats office.

“The spike in scanning activity at the conclusion of trade discussions on related topics indicates that the activity was likely an attempt to gain insight into the Alaskan perspective on the trip and strategic advantage in the post-visit negotiations,” Recorded Future said in the report.

The targeted organizations included Alaska Communications Systems Group In, Ensco Atwood Oceanics, the Alaska Department of Natural Resources, the Alaska governor’s office and regional internet service provider TelAlaska.

Alaska Communications declined to comment. The others did not respond to requests for comment.

U.S.-China trade tensions have escalated in recent months with both sides imposing a series of punitive tariffs and restrictions across multiple industries, and threatening more.

The economic conflict has also damaged cooperation in cyberspace following a 2015 agreement by Beijing and Washington to stop cyber-enabled industrial espionage, Moriuchi said.

“In the fall of 2015, cybersecurity cooperation was seen as a bright spot in the U.S.-China relationship,” she said.

“It was seen as a topic that the U.S. and China could actually have substantive discussions on. That’s not really the case anymore, especially with this trade war that both sides have vowed not to lose.”

(Reporting by Christopher Bing in Washington and Jack Stubbs in London; Additional reporting by Gao Liangping and Ben Blanchard in Beijing; Editing by Lisa Shumaker)

U.S. officials warn Congress on 2018 election hacking threats

U.S. Secretary of Homeland Security Kirstjen Nielsen speaks to reporters after she, FBI Director Christopher Wray and Director of National Intelligence Daniel Coats briefed members of the U.S. House of Representatives on election security at the U.S. Capitol in Washington, U.S., May 22, 2018. REUTERS/Leah Millis

By David Shepardson

WASHINGTON (Reuters) – Senior Trump administration officials warned Congress on Tuesday of ongoing efforts by Russia to interfere in the 2018 midterm congressional elections as the federal government prepares to hand out $380 million in election security funding to states.

At a briefing attended by about 40 or 50 members of the 435-member U.S. House of Representatives, the heads of FBI, Homeland Security Department and the director of National Intelligence said states and cities overseeing elections need to be prepared for threats.

DHS Secretary Kirstjen Nielsen told reporters she agreed Russia was trying to influence the 2018 elections.

“We see them continuing to conduct foreign influence campaigns,” Nielsen said, but added there is no evidence of Russia targeting specific races.

Nielsen said DHS is watching other countries that have the capability to influence U.S. elections, including China and Iran. “We need to be prepared,” she said.

Chris Krebs, a senior DHS cyber security official, told Reuters that the administration was sending states guidance on how to spend the $380 million approved by Congress in March to help safeguard U.S. voting systems from cyber attacks. The funds are expected to be distributed later this week.

DHS is assisting 48 states with election security. It handed out a chart at the briefing to members that said states need to have auditable systems, spend time on planning, training and drills and they should “consider investing in full system architecture reviews.”

Representative Michael McCaul, who chairs the House Homeland Security Committee, said after the briefing that members are concerned that “not only Russia but possibly other foreign adversaries are now going to start looking at how they can meddle in the midterm elections and we need to be prepared. We were caught off guard last time.”

U.S. intelligence agencies have concluded that Russian leadership at a very high level was involved in the attempt to interfere in the U.S. election in order to boost President Donald Trump’s candidacy.

Russia has denied interfering in U.S. elections.

Several Democrats after the briefing expressed concern that the federal government was not doing enough to safeguard elections.

“It is clear that our government must do more and whatever possible to secure our elections from foreign interference. The integrity of our democracy is at stake,” said Representative Bennie Thompson, the top Democrat on the Homeland Security Committee.

UNPRECEDENTED, COORDINATED

A May 8 U.S. Senate report said that in 2016 “cyber actors affiliated with the Russian Government conducted an unprecedented, coordinated cyber campaign against state election infrastructure.” Russian actors “scanned databases for vulnerabilities, attempted intrusions, and in a small number of cases successfully penetrated a voter registration database.”

The report said in a small number of states, “these cyber actors were in a position to, at a minimum, alter or delete voter registration data.”

Krebs said on Tuesday that DHS wanted states to “increase awareness” and have a “layered defense.”

If a voter’s information was missing, for example, they could request a provisional ballot. “If we do detect something, we can overcome it,” he said.

During the 2016 campaign, hackers stole emails from the personal account of Democratic candidate Hillary Clinton’s campaign chairman and from the Democratic National Committee, and they were used to embarrass Clinton.

Representative C.A. “Dutch” Ruppersberger, said members of Congress need to be aware of cyber risks. “We need to focus on it, make it a priority,” he said.

DHS said in March it is prioritizing election cyber security above all other critical infrastructure it protects.

The agency has said that 21 states had experienced initial probing of their systems from Russian hackers in 2016 and that a small number of networks were compromised, but that there remains no evidence any votes were actually altered.

Representative Adam Schiff, the top Democrat on the Intelligence Committee, told reporters the federal government should quickly alert states if they learn of election system hacking.

He also wants a “real-time communications channel” between the intelligence community and technology companies in order to assure that internet firms are notified if evidence emerges that Russia is creating fake Facebook Inc <FB.O> pages or taking other actions to influence the elections.

(Reporting by David Shepardson; additional reporting by Susan Cornwell; editing by Bill Berkrot)

U.S. imposes major sanctions on Russian oligarchs, officials

FILE PHOTO: Russian tycoon and President of RUSAL Oleg Deripaska listens during the "Regions in Transformation: Eurasia" event in Davos, Switzerland January 22, 2015. REUTERS/Ruben Sprich/File Photo

By Lesley Wroughton and Patricia Zengerle

WASHINGTON (Reuters) – The United States imposed major sanctions on Friday against 24 Russians, striking at allies of President Vladimir Putin in one of Washington’s most aggressive moves to punish Moscow for what it called a range of “malign activity,” including alleged meddling in the 2016 U.S. election.

The action, taken under pressure from the U.S. Congress, freezes the U.S. assets of “oligarchs” such as aluminum tycoon Oleg Deripaska, a close associate of Putin, and lawmaker Suleiman Kerimov, whose family controls Russia’s largest gold producer, Polyus.

The sanctions are largely a reply to what U.S. intelligence agencies say was Russian interference in the presidential election, although the Treasury Department painted them as a response to a series of adversarial actions by Moscow.

U.S. President Donald Trump has been under fire for not taking strong action against Russia after a series of diplomatic disputes reminiscent of the Cold War era and the sanctions could complicate his hopes for good relations with Putin.

The sanctions are aimed at seven Russian oligarchs and 12 companies they own or control, plus 17 senior Russian government officials. They freeze the U.S. assets of the people and companies named and forbid Americans in general from doing business with them.

Russian Security Council Secretary Nikolai Patrushev said, however, Moscow’s contacts with the U.S. government would not be brought to an end by the sanctions. Russia denies interfering in the U.S. election.

They could hurt the Russian economy, especially the aluminum, financial and energy sectors, and are a clear message to Putin and his inner circle of U.S. displeasure.

In announcing the sanctions, Treasury Secretary Steve Mnuchin said in a statement, “The Russian government operates for the disproportionate benefit of oligarchs and government elites.”

He said Moscow “engages in a range of malign activity around the globe, including continuing to occupy Crimea and instigate violence in eastern Ukraine, supplying the Assad regime with material and weaponry as they bomb their own civilians, attempting to subvert Western democracies, and malicious cyber activities.”

Shares in Russian aluminum producer Rusal were down 2.2 percent on Moscow’s exchange after the company was named on the sanctions list.

Russian state companies under the U.S. sanctions will receive additional government support, Russian Industry and Trade Minister Denis Manturov said, according to Interfax.

MUELLER INVESTIGATION

U.S. intelligence agencies last year accused Russia of using hacking and disseminating false information and propaganda to disrupt the 2016 elections and eventually try to ensure Trump defeated Democratic candidate Hillary Clinton.

Special Counsel Robert Mueller is investigating whether Trump’s election campaign colluded with Russia, something that Trump denies. Mueller has indicted 13 Russians and three organizations in his probe.

Elizabeth Rosenberg, a former senior U.S. Treasury Department official who is now a senior fellow at the Center for a New American Security think tank, said the sanctions were significant, although there is more to do.

“I’m impressed by how aggressive this is,” she said. “I thought it would be serious and this is certainly a very serious statement of U.S. policy.

“I would hasten to say that Russia hawks may welcome this but wouldn’t find it satisfying. And by no means would this be the sum total of what the U.S. government should do to advance its concerns.”

Trump has faced fierce criticism – including from fellow Republicans – for doing too little to punish Russia for the election meddling, aggression in Ukraine, and support of President Bashar al-Assad in Syria’s civil war.

He angered many members of Congress by failing for months to implement sanctions on Russia that lawmakers passed nearly unanimously last year.

But pressure for the United States to take action against Russia, especially from U.S. lawmakers, has been increasing.

Putin’s government has been blamed for the poisoning of a former Russian double agent living in Britain last month and the United States and several European states announced plans to expel more than 100 Russian diplomats in response.

In February, the White House blamed Russia for the international “NotPetya” cyber attack, which has been called the most destructive and costly in history.

On March 15, the Trump administration said it would impose sanctions on 19 people and five entities, including Russian intelligence services, for cyber attacks stretching back at least two years.

Friday’s sanctions were authorized by the Countering America’s Adversaries Through Sanctions Act, known as CAATSA, which Trump reluctantly signed into law in August.

Chris Painter, the former top cyber diplomat at the U.S. State Department, said the latest sanctions are unlikely to deter the Kremlin unless Trump formally condemns Putin.

Painter, who left government last year, criticized Trump’s rhetoric toward Putin – including a congratulatory call last month when Putin won another presidential term in a widely criticized election.

“We need the head of our country saying, ‘This is not going to happen,'” Painter said. “That’s a critical piece.”

(Reporting by Lesley Wroughton and Patricia Zengerle; Additional reporting by Doina Chiacu, Tim Ahmann and Susan Heavey; Writing by Alistair Bell; Editing by Yara Bayoumy and Bill Trott)

Facebook to change privacy controls in wake of data scandal

Figurines are seen in front of the Facebook logo in this illustration taken March 20, 2018. REUTERS/Dado Ruvic

By Julia Fioretti

BRUSSELS (Reuters) – Facebook announced a series of changes on Wednesday to give users more control over their data, after a huge data scandal which has wiped more than $100 billion from its stock market value.

The company has faced a global outcry after a whistleblower revealed, on March 17, that data from 50 million users was improperly harvested to target U.S. and British voters in close-run elections.

“The last week showed how much more work we need to do to enforce our policies, and to help people understand how Facebook works and the choices they have over their data,” Erin Egan, Vice President and Chief Privacy Officer, and Ashlie Beringer, Vice President and Deputy General Counsel at Facebook, wrote in a blog post.

“So in addition to Mark’s announcements last week – cracking down on abuse of the Facebook platform, strengthening our policies, and making it easier for people to revoke apps’ ability to use your data – we’re taking additional steps in the coming weeks to put people in more control over their privacy.”

The measures come ahead of a landmark European Union data protection law in May. The social network will add a new “Privacy Shortcuts” menu which will let users worldwide review what they’ve shared and delete it, as well as features enabling them to download their data and move it to another service.

Facebook shares have fallen almost 18 percent since March 17. Users’ data was improperly accessed by British political consultancy Cambridge Analytica, which was hired by Donald Trump’s 2016 presidential campaign.

The company’s CEO, Mark Zuckerberg, has repeatedly apologized and bought full-page advertisements in U.S. and British newspapers promising to do more to restrict access to users’ information.

While Facebook said on Wednesday the changes it was announcing had been in the works for some time, it said the events of the “past several days underscore their importance.”

The Privacy Shortcuts menu will allow users to control their data in a few taps, including by letting them add more protection to their account, like two-factor authentication.

“You can review what you’ve shared and delete it if you want to. This includes posts you’ve shared or reacted to, friend requests you’ve sent, and things you’ve searched for on Facebook,” Egan and Beringer wrote.

Users will also be able to manage the information Facebook utilizes to serve them ads and download the data they have shared with Facebook – including photos, contacts and posts – and move it to another service.

The EU General Data Protection Regulation enters into force on May 25 and requires companies to give people a “right to portability”, namely to take their data with them.

It also introduces hefty fines for companies breaking the law, running up to 4 percent of global revenues.

Lawmakers in the United States and Europe are demanding to know more about Facebook’s privacy practices and Zuckerberg is due to testify before the U.S. Congress.

(Reporting by Julia Fioretti; Editing by Elaine Hardcastle)

Fewer Russian spies in U.S. but getting harder to track

FILE PHOTO: A sign at the gated entrance of the Consulate General of the Russian Federation in Seattle, Washington, U.S., March 26, 2018. REUTERS/Lindsey Wasson/File Photo

By Warren Strobel and John Walcott

WASHINGTON (Reuters) – The U.S. decision to expel 60 alleged spies is unlikely to cripple Russian spying in the United States because others have wormed and hacked their way into American companies, schools, and even the government, current and former U.S. officials said.

Moscow’s spy services still use the cover of embassies and consulates, as Washington does. But they also recruit Russian emigres, establish front companies, dispatch short-term travelers to the United States, recruit Americans, and penetrate computer networks, the officials said.

“Russia used to have one way of doing things. Now, Putin is – let a thousand flowers bloom,” a former senior U.S. official said in a recent interview, describing Moscow’s move to a more multifaceted approach under President Vladimir Putin, a former Soviet spy himself.

The FBI follows the movements and monitors the communications of suspected foreign spies, but the increased Russian presence and the advent of commercially available encrypted communications are an added challenge to the FBI’s counter-espionage force, said the officials, some of whom spoke on condition of anonymity to discuss the sensitive topic.

As one U.S. official put it when asked if Russian spying is a harder target: “It’s more complex now. The complexity comes in the techniques that can be used.”

While the CIA tracks foreign spies overseas and the National Security Agency monitors international communications, the FBI is responsible for spy-catching inside the United States.

The White House on Monday said it would expel 60 Russian diplomats, 12 of them at the U.N. mission, and close the Russian consulate in Seattle as part of a multi-nation response to the Kremlin’s alleged nerve agent attack on a former Russian spy in Britain.

Briefing reporters, a senior U.S. official said there were “well over” 100 Russian spies posing as diplomats in the United States before the expulsion order.

A veteran U.S. official charged with keeping tabs on Russian espionage said the administration downplayed the number of suspected Russian spies working under diplomatic cover to avoid giving the Russians a clearer picture of how many people are under surveillance.

The actual number varies over time, but “it averages more like 150 or so,” the official said.

“We’ve got a very, very, very good counter-intelligence apparatus,” said Robert Litt, a former general counsel for the U.S. Director of National Intelligence. “There are a lot of people in the FBI whose job it is to track these people – and they’re very good at it.”

TAKES TEN TO TANGO

Still, it can take 10 or more U.S. trained FBI and local law enforcement officers to keep tabs on one trained spy for a 24-hour period – covering back entrances to buildings and multiple elevators, and being alert for changes in clothes, cars and even hairpieces, the same official said.

One Russian tactic is sending a large number of people, including just one or two intelligence officers, streaming out of a diplomatic mission at once, making it harder for the FBI to decide whom to follow, said a former U.S. intelligence officer, also speaking on the condition of anonymity.

Microsoft Corp. was one target of the Russian espionage operation in Seattle, U.S. officials familiar with the expulsions said. One goal was identifying targets for recruitment in the company’s coding operations because the company’s products are used in so many applications, they said.

Microsoft declined comment.

In 2010, Alexey Karetnikov, a 23-year-old Russian spy who had worked at testing computer code in Microsoft’s Richmond, Wash., headquarters, was deported by an immigration judge.

Several of the officials traced the Kremlin’s more aggressive spying approach to Putin’s 2012 return to the presidency, and Moscow’s 2014 seizure of Crimea and intervention in eastern Ukraine.

“We observed a commensurate uptick in Russian intelligence and espionage activity in the U.S. and across Europe, although few analysts connected the dots,” said Heather Conley, a former State Department official now at the Center for Strategic and International Studies think tank.

Michael Rochford, a former FBI chief for espionage, said the mass expulsion of suspected spies posing as diplomats will affect Russia’s security services and dent morale at their Moscow headquarters.

After past expulsions, he said, Russian spies have handed their operations over to officers who remain behind, or to “illegals” – long-term agents with no demonstrable connections to the Russian government.

The risk, he said, is that when Moscow replaces the expelled personnel, it will not be clear who the new spies are.

“Sometimes it’s better to know who they are and follow them,” he said.

(Additional reporting by Jonathan Landay; Editing by Mary Milliken and James Dalgleish)

Malicious cyber activity cost U.S. economy $57 billion – $109 billion in 2016: White House report

A hooded man holds a laptop computer as blue screen with an exclamation mark is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration -

WASHINGTON (Reuters) – A White House report estimated on Friday that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.

The estimate was contained in a report by the White House Council of Economic Advisers on the economic costs of cyber threats.

The report quoted the U.S. intelligence community as saying the main foreign culprits responsible for much cyber activity are Russia, China, Iran and North Korea.

(Reporting By Steve HollandEditing by Chizu Nomiyama)

‘Olympic Destroyer’ malware targeted Pyeongchang Games: firms

Performers appear during the opening ceremonies at the 2018 Winter Olympics at the Pyeongchang Olympic Stadium in Pyeongchang, South Korea February 9, 2018. REUTERS/Christof Stache/File Photo

By Jim Finkle

(Reuters) – Several U.S. cyber security firms said on Monday that they had uncovered a computer virus dubbed “Olympic Destroyer” that was likely used in an attack on Friday’s opening ceremony of the Pyeongchang Winter Games.

Games Organizers confirmed the attack on Sunday, saying that it affected internet and television services but did not compromise critical operations. Organizers did not say who was behind the attack or provide detailed discussion of the malware, though a spokesman said that all issues had been resolved as of Saturday.

Researchers with cyber security firms Cisco Systems Inc, CrowdStrike and FireEye Inc said in blog posts and statements to Reuters on Monday that they had analyzed computer code they believed was used in Friday’s attack.

All three security companies said the Olympic Destroyer malware was designed to knock computers offline by deleting critical system files, which would render the machines useless.

The three firms said they did not know who was behind the attack.

“Disruption is the clear objective in this type of attack and it leaves us confident in thinking that the actors behind this were after embarrassment of the Olympic committee during the opening ceremony,” Cisco said in its blog.

The attack took the Olympics website offline, which meant that some people could not print out tickets and WiFi used by reporters covering the games did not work during the opening ceremony, according to Cisco.

The attack did not affect the performance of drones, which were initially scheduled to be included in the opening ceremony, but later pulled from the program, organizers said in a statement.

The drone light show was canceled because there were too many spectators standing in the area where it was supposed to take place, the statement said.

(Reporting by Jim Finkle in Toronto; Editing by David Gregorio, Andrew Hay and Cynthia Osterman)