Tag Archives: Technology

U.S. governors, hackers, academics team up to secure elections

FILE PHOTO: A man types into a keyboard during the Def Con hacker convention in Las Vegas, Nevada, U.S. on July 29, 2017. REUTERS/Steve Marcus

By Jim Finkle

(Reuters) – Hackers are joining forces with U.S. governors and academics in a new group aimed at preventing the manipulation of voter machines and computer systems to sway the outcome of future U.S. elections, a source familiar with the project said on Monday.

The anti-hacking coalition’s members include organizers of last summer’s Def Con hacking conference in Las Vegas, the National Governors Association and the Center for Internet Security, said the source, who asked not to be identified ahead of a formal announcement due to be made on Tuesday.

The Washington-based Atlantic Council think tank and several universities are also part of the project, the source said.

The coalition will be unveiled as Def Con organizers release a report describing vulnerabilities in voting machines and related technology that were uncovered in July.

Hackers pulled apart voting machines and election computers at the three-day event, uncovering security bugs that organizers said could be exploited by people trying to manipulate election results.

People at the Las Vegas conference learned to hack voting machines within minutes or just a few hours, according to a copy of the organizers’ report due for release on Tuesday and seen ahead of time by Reuters.

Concerns about election hacking have surged in the United States since late last year, when news surfaced that top U.S. intelligence agencies had determined that Russian President Vladimir Putin ordered computer hacks of Democratic Party emails to help Republican Donald Trump win the Nov. 8 election.

The U.S. Department of Homeland Security has said that Russian hackers targeted 21 U.S. state election systems in the 2016 presidential race and a small number were breached, although some states have disputed they were hacked. There was no evidence that any votes had been manipulated.

Several congressional committees are investigating and special counsel Robert Mueller is leading a separate probe into the Russia matter, including whether the Trump campaign colluded with Moscow.

Russia has denied the accusations.

As one possible counter-measure, organizers of the Def Con hacking conference have recommended that U.S. states reduce the amount of non-American parts and software used in their voting machines, according to the group’s report.

“Via a supply chain originating overseas, voting equipment and software can be compromised at the earliest of stages in manufacturing process,” the report says.

Further details on the members of the anti-hacking coalition were not immediately available.

(Reporting by Jim Finkle in Toronto; Additional reporting by David Ingram in San Francisco; Editing by Jonathan Oatis and Tom Brown)

U.S. financial regulator must beef up cyber security: inspector

A man poses inside a server room at an IT company in this June 19, 2017 illustration photo. REUTERS/Athit Perawongmetha/Illustration

By Lisa Lambert

WASHINGTON (Reuters) – The U.S. Consumer Financial Protection Bureau (CFPB), one of Wall Street’s top regulators, must strengthen its protections against hacking, according to a report the agency’s internal inspector released on Wednesday as the financial sector reels from recent revelations of two major data breaches.

The former head of the Equifax <EFX.N> credit bureau is testifying before Congress this week about the company’s disclosure that personal information for millions of individuals had been stolen from its systems.

At the same time, the Securities and Exchange Commission – the country’s lead securities regulator – is facing lawmakers’ questions about information stolen last year from its filing system that may have been used for illicit trades.

The CFPB, which gathers sensitive information on individuals, banks, credit card companies and other financial firms as the government’s consumer finance watchdog, could suffer similar intrusions that might undermine public trust or limit its ability to carry out its mission, its inspector general said in a report dated Sept. 27 and released on Wednesday.

The agency “has not fully implemented processes, such as data loss prevention technologies, within its internal network that would enable the agency to detect and better protect against unauthorized access to and disclosure of its sensitive information,” the report said.

It also needs to run automated feeds through security checks and move away from manually tracking system security by putting alerts and continuous monitoring tools in place, the inspector general found.

In the five years since it was established, the CFPB has had to quickly erect sound information systems that can repel cyber attacks. All federal agencies are struggling to keep up with a steady rise in the number and sophistication of attempted intrusions, as criminal demand for stolen Social Security numbers and other personally identifiable information swells.

The inspector general also said the CFPB will soon implement a job succession plan to try to close possible staffing and skill gaps, hopefully clarifying what the future holds after Richard Cordray, the CFPB’s first director, leaves the agency.

Cordray, whose term expires in July, was appointed by President Barack Obama after the agency was created under the 2010 Dodd-Frank financial reform law.

Many expect him to depart earlier, however, and there is no precedent for replacing him.

President Donald Trump will likely appoint a successor who cuts back on the agency’s reach, raising questions about the direction of open CFPB investigations and rulemakings.

(Reporting by Lisa Lambert, editing by G Crosse)

Rising hacker threat will trigger boom in cyber crime insurance, Tryg says

People pose in front of a display showing the word 'cyber' in binary code, in this picture illustration taken in Zenica December 27, 2014. REUTERS/Dado Ruvic

COPENHAGEN (Reuters) – Insurer Tryg <TRYG.CO> expects 90 percent of its corporate customers to buy cyber crime insurance within five years as the threat from hackers and viruses to crucial data and IT systems grows.

Tryg, Denmark’s biggest insurer, has sold 5,000 cyber crime insurance policies since the turn of the year when it launched a new product providing assistance in restoring data and getting systems up and running if a firm is hit by a cyber attack.

“There are no corporate clients today that don’t have insurance on their buildings or cars, but I think that within a very few years it will be just as evident that you should insure against cyber crime,” chief executive Morten Hubbe told Reuters on Wednesday.

The initial rise in demand for cyber insurance was prompted by the ransomware attack, named “Wannacry”, that infected more than 300,000 computers worldwide in May.

He estimated that around 50 percent of the firm’s corporate clients would buy such an insurance by 2020 and from that point it would only take “a couple of years” to reach 90 percent.

Tryg’s two business segments for small and medium size businesses and larger corporate customers accounts for 44 percent of the group’s total premium income.

“The biggest risk to us is that significantly more customers get hit than we believe and that it gives us a huge economic loss,” said Hubbe.

While the firm has good insight into how often a house burns down or a bicycle is stolen on average, the frequency and extent of cyber crimes is hard to predict.

Tryg will also offer extensions to the basic insurance that cover consequential losses, back-up of data and a so-called DNS box aimed at blocking web pages known to contain viruses and malware.

For the big industrial players, Tryg would look to cooperate with global reinsurers to spread the risk when big companies lose revenues in connection with cyber attacks.

The world’s biggest container shipping firm Maersk Line <MAERSKb.CO> saw a $2-300 million bill from a June cyber attack that disrupted its operations for weeks.

(Reporting by Stine Jacobsen; editing by Ken Ferris)

Security firm finds some Macs vulnerable to ‘firmware’ attacks

FILE PHOTO: Apple CEO Tim Cook speaks under a graphic of the new MacBook Pro during an Apple media event in Cupertino, California, U.S. October 27, 2016. REUTERS/Beck Diefenbach

By Stephen Nellis

(Reuters) – Since 2015, Apple Inc <AAPL.O> has tried to protect its Mac line of computers from a form of hacking that is extremely hard to detect, but it has not been entirely successful in getting the fixes to its customers, according to research released on Friday by Duo Security.

Duo examined what is known as firmware in the Mac computers. Firmware is an in-built kind of software that is even more basic than an operating system like Microsoft Windows or macOS.

When a computer is first powered on — before the operating system has even booted up — firmware checks to make sure that basic components like a hard disk and processor are present and tells them what to do. That makes malicious code hiding in it hard to spot.

In most cases, firmware is a hassle to update with the latest security patches. Updates have to be carried out separately from the operating system updates that are more commonplace.

In 2015, Apple started bundling firmware updates along with operating system updates for Mac machines in an effort to ensure firmware on them stayed up to date.

But Duo surveyed 73,000 Mac computers operating in the real world and found that 4.2 percent of them were not running the firmware they should have been based on their operating system. In some models – such as the 21.5-inch iMac released in late 2015 – 43 percent of machines had out-of-date firmware.

That left many Macs open to hacks like the “Thunderstrike” attack, where hackers can control a Mac after plugging an Ethernet adapter into the machine’s so-called thunderbolt port.

Paradoxically, it was only possible to find the potentially vulnerable machines because Apple is the only computer maker that has sought to make firmware updates part of its regular software updates, making it both more trackable and the best in the industry for firmware updates, Rich Smith, director of research and development at Duo, told Reuters in an interview.

Duo said that it had informed Apple of its findings before making them public on Friday. In a statement, Apple said it was aware of the issue and is moving to address it.

“Apple continues to work diligently in the area of firmware security, and we’re always exploring ways to make our systems even more secure,” the company said in a statement. “In order to provide a safer and more secure experience in this area, macOS High Sierra automatically validates Mac firmware weekly.”

(Reporting by Stephen Nellis; Editing by Leslie Adler)

Exclusive: U.S. Homeland Security found SEC had ‘critical’ cyber weaknesses in January

Exclusive: U.S. Homeland Security found SEC had 'critical' cyber weaknesses in January

By Sarah N. Lynch

WASHINGTON (Reuters) – The U.S. Department of Homeland Security detected five “critical” cyber security weaknesses on the Securities and Exchange Commission’s computers as of January 23, 2017, according to a confidential weekly report reviewed by Reuters.

The report’s findings raise fresh questions about a 2016 cyber breach into the U.S. market regulator’s corporate filing system known as “EDGAR.” SEC Chairman Jay Clayton disclosed late Wednesday that the agency learned in August 2017 that hackers may have exploited the 2016 incident for illegal insider-trading.

The January DHS report, which shows its weekly findings after scanning computers for cyber weaknesses across most of the federal civilian government agencies, revealed that the SEC at the time had the fourth most “critical” vulnerabilities.

It was not clear if the vulnerabilities detected by DHS are directly related to the cyber breach disclosed by the SEC. But it shows that even after the SEC says it patched “promptly” the software vulnerability after the 2016 hack, critical vulnerabilities still plagued the regulator’s systems.

The hack, two weeks after credit-reporting company Equifax <EFX.N> said hackers had stolen data on more than 143 million U.S. customers, has sent shockwaves through the U.S. financial sector.

An SEC spokesman did not have any comment on the report’s findings.

It is unclear if any of those critical vulnerabilities, detected after a scan of 114 SEC computers and devices, still pose a threat.

During the Obama administration, such scans were done on a weekly basis.

“I absolutely think any critical vulnerability like that should be acted on immediately,” said Tony Scott, the former federal chief information officer during the Obama administration who now runs his own cybersecurity consulting firm.

“This is what was at the root of the Equifax hack. There was a critical vulnerability that went unpatched for some long period of time. And if you’re a hacker, you are going to … try to see if you can exploit it in some fashion or another. So there is a race against the clock.”

For the past several years, the Department of Homeland Security has been producing a report known as the “Federal Cyber Exposure Scorecard.” It provides a weekly snapshot to more than 80 civilian government agencies about potential outstanding cyber weaknesses and how long they have persisted without being patched.

A directive by Homeland Security requires agencies to address critical vulnerabilities within 30 days, though sometimes that deadline can be difficult to meet if it might disrupt a government system.

The January snapshot shows improvements have been made across the government since May 2015, when there were a total of 363 critical vulnerabilities on devices across all of the civilian agencies, according to the report.

As of January 23, by contrast, there were a total of 40 critical vulnerabilities across the agencies reviewed by DHS and another 280 weaknesses categorized as “active high,” which is the second more severe category.

The top four agencies with the most “critical” vulnerabilities as of January 23 included the Environmental Protection Agency, the Department of Health and Human Services, the General Services Administration and the SEC.

However, more vulnerabilities do not necessarily mean one agency is worse than another because things depend on how many computers or devices known as “hosts” were scanned and what kinds of information could potentially be exposed.

“All it takes is one,” Scott said. “You can have one host and one vulnerability and your risk might be 10 times as high as someone who has 10 hosts and ten vulnerabilities.”

(Reporting by Sarah N. Lynch; Editing by Nick Zieminski)

Equifax reveals hack that likely exposed data of 143 million customers

A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. REUTERS/Pawel Kopczynski/File Photo

By Yashaswini Swamynathan

(Reuters) – Equifax Inc, a provider of consumer credit scores, said on Thursday that personal details of as many as 143 million U.S. consumers were accessed by hackers between mid-May and July, in what could be one of the largest data breaches in the United States.

The company’s shares fell nearly 19 percent in after-market trading as investors reacted to possible consequences of the exposure of sensitive data of nearly half of the U.S. population.

Atlanta-based Equifax said in a statement that it discovered the breach on July 29. It said criminals exploited a U.S. website application vulnerability to gain access to certain files that included names, Social Security numbers and driver’s license numbers.

In addition, credit card numbers of around 209,000 U.S. consumers and certain dispute documents with personal identifying information of around 182,000 U.S. consumers were accessed. Information of some UK and Canadian residents was also gained in the hack, Equifax said.

Equifax said in its statement that it was working with law enforcement agencies and has hired a cyber-security firm to investigate the breach. It said its investigation is “substantially complete,” and expects it will be completed in the coming weeks.

The company declined to comment beyond its statement.

The Federal Bureau of Investigation is tracking the situation, a spokeswoman for the agency said.

U.S. Senator Mark Warner, vice chairman of the Senate Select Committee on Intelligence, said in a statement that it would not be an “exaggeration to suggest that a breach such as this represents a real threat to the economic security of Americans.”

Equifax’s breach follows rival Experian Plc’s breach two years ago that exposed sensitive personal data of some 15 million people who applied for service with T-Mobile US Inc (http://reut.rs/2f8ES9k)

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” Equifax Chief Executive Richard Smith said in a statement, adding that the company is conducting “a thorough review of our overall security operations.”

LIKELIHOOD FOR PHISHING SEEN HIGH

Cybersecurity experts said the breach was very serious.

“On a scale of 1 to 10, this is a 10. It affects the whole credit reporting system in the United States because nobody can recover it, everyone uses the same data,” said Avivah Litan, a Gartner Inc analyst who tracks identity theft and fraud.

Equifax handles data on more than 820 million consumers and more than 91 million businesses worldwide and manages a database with employee information from more than 7,100 employers, according to its website.

Ryan Kalember, senior vice president of cyber security firm Proofpoint, said the hack was “especially troubling” because companies typically offer free credit monitoring services from firms such as Equifax, which has now itself suffered a huge cyber attack.

“The information is very personal – the likelihood that it could be used for phishing is very high,” said Matt Tait, a former analyst at the British intelligence service GCHQ and a cyber security researcher.

Equifax said consumers could check if their information had been impacted at, www.equifaxsecurity2017.com.

Representative Maxine Waters, a member of the House of Representatives Financial Services Committee, said in a statement that she would reintroduce legislation to “enhance consumer protection tools available to minimize harm caused by identity theft.”

Three days after Equifax discovered the breach, three top Equifax executives, including Chief Financial Officer John Gamble and a president of a unit, sold Equifax shares or exercised options to dispose off stock worth about $17.8 million, regulatory filings show. It was not clear whether these transactions were part of a pre-arranged sales plan.

Equifax said in a statement that the executives were not aware that an intrusion had occurred when they sold their shares.

(Reporting by Yashaswini Swamynathan in Bengaluru; Additional reporting by Laharee Chatterjee in Bengaluru and Siddharth Cavale and Dustin Volz in Washington; Editing by Leslie Adler)

Ukraine cyber security firm warns of possible new attacks

Ukraine cyber security firm warns of possible new attacks

KIEV (Reuters) – Ukrainian cyber security firm ISSP said on Tuesday it may have detected a new computer virus distribution campaign, after security services said Ukraine could face cyber attacks similar to those which knocked out global systems in June.

The June 27 attack, dubbed NotPetya, took down many Ukrainian government agencies and businesses, before spreading rapidly through corporate networks of multinationals with operations or suppliers in eastern Europe.

ISPP said that, as with NotPetya, the new malware seemed to originate in accounting software and could be intended to take down networks when Ukraine celebrates its Independence Day on Aug. 24.

“This could be an indicator of a massive cyber attack preparation before National Holidays in Ukraine,” it said in a statement.

In a statement, the state cyber police said they also had detected new malicious software.

The incident is “in no way connected with global cyber attacks like those that took place on June 27 of this year and is now fully under control,” it said.

The state cyber police and the Security and Defence Council have said Ukraine could be targeted with a NotPetya-style attack aimed at destabilizing the country as it marks its 1991 independence from the Soviet Union.

Last Friday, the central bank said it had warned state-owned and private lenders of the appearance of new malware, spread by opening email attachments of word documents.

Ukraine – regarded by some, despite Kremlin denials, as a guinea pig for Russian state-sponsored hacks – is fighting an uphill battle in turning pockets of protection into a national strategy to keep state institutions and systemic companies safe.

(Reporting by Natalia Zinets; Additional reporting by Pavel Polityuk; Writing by Alessandra Prentice; editing by Mark Heinrich and Richard Balmforth)

Tech companies urge U.S. Supreme Court to boost cellphone privacy

FILE PHOTO: A fan uses a cell phone to record a performance during the 2014 CMT Music Awards in Nashville, Tennessee June 4, 2014. REUTERS/Harrison McClary

By Andrew Chung

WASHINGTON (Reuters) – More than a dozen high technology companies and the biggest wireless operator in the United States, Verizon Communications Inc <VZ.N>, have called on the U.S. Supreme Court to make it harder for government officials to access individuals’ sensitive cellphone data.

The companies filed a 44-page brief with the court on Monday night in a high-profile dispute over whether police should have to get a warrant before obtaining data that could reveal a cellphone user’s whereabouts.

Signed by some of Silicon Valley’s biggest names, including Apple <AAPL.O>, Facebook <FB.O>, Twitter <TWTR.N>, Snap <SNAP.N> and Alphabet’s <GOOGL.O> Google, the brief said that as individuals’ data is increasingly collected through digital devices, greater privacy protections are needed under the law.

“That users rely on technology companies to process their data for limited purposes does not mean that they expect their intimate data to be monitored by the government without a warrant,” the brief said.

The justices agreed last June to hear the appeal by Timothy Carpenter, who was convicted in 2013 in a series of armed robberies of Radio Shack and T-Mobile stores in Ohio and Michigan.

Federal prosecutors helped place him near several of the robberies using “cell site location information” obtained from his wireless carrier.

Carpenter claims that without a warrant from a court, such data amounts to an unreasonable search and seizure under the U.S. Constitution’s Fourth Amendment. But last year a federal appeals court upheld his convictions, finding that no warrant was required.

Carpenter’s case will be argued before the court some time after its new term begins in October.

The case comes amid growing scrutiny of the surveillance practices of U.S. law enforcement and intelligence agencies and concern among lawmakers across the political spectrum about civil liberties and police evading warrant requirements.

Nathan Freed Wessler, an attorney with the American Civil Liberties Union who is representing Carpenter, said the companies’ brief represented a “robust defense of their customers’ privacy rights in the digital age.”

Verizon’s participation in the brief was important, he added, given that it receives, like other wireless carriers, thousands of requests for cellphone location records every year from law enforcement. The requests are routinely granted.

Civil liberties lawyers have said police need “probable cause,” and therefore a warrant, to avoid constitutionally unreasonable searches.

The companies said in their brief the Supreme Court should clarify that when it comes to digital data that can reveal personal information, people should not lose protections against government intrusion “simply by choosing to use those technologies.”

(Reporting by Andrew Chung; Editing by Chizu Nomiyama)

Greater China cyber insurance demand set to soar after WannaCry attack: AIG

FILE PHOTO: A map of China is seen through a magnifying glass on a computer screen showing binary digits in Singapore in this January 2, 2014 photo illustration. REUTERS/Edgar Su/File Photo

By Julie Zhu

HONG KONG (Reuters) – Demand for cyber insurance from firms in Greater China and elsewhere in Asia is poised to soar, based on enquiries received after the “WannaCry ransomware” attack earlier this year, executives at American International Group Inc said.

The American insurer saw an 87 percent jump in enquiries for cyber insurance policies in May compared to April for Greater China including Hong Kong as a direct result of the WannaCry attack, while the global increase was 38 percent, they said.

“The big increase means the organizations are aware they really need protection,” Cynthia Sze, head of an AIG business in Greater China that provides solutions to companies dealing with cyber breaches, told reporters. AIG executives declined to give details on numbers or say how many of the enquiries actually resulted in policy sales.

The self-replicating WannaCry malware in May infected over 200,000 computers in 150 countries.

A typical cyber insurance policy can protect companies against extortion like ransomware attacks. It could also cover the investigation costs and pay the ransom.

In Hong Kong, which is dominated by small and medium sized enterprises, the impact of a cyber attack could be severe as cyber threats are not a priority given the limited resources of SMEs, said Sze.

Citing Hong Kong police statistics, Sze said computer security incident reports have grown to about 6,000 last year from 1,500 in 2009. Financial losses resulting from such incidents jumped from HK$45 million ($5.76 million) to HK$2.3 billion over the same period, she said.

Hong Kong police did not immediately respond to a request for comment to confirm the numbers.

“WannaCry has really changed the dynamics. We used to tap large multinational companies that understood where the exposure was. Now we are really talking about mid-market and SMEs,” said Jason Kelly, AIG’s head of liabilities and financial lines for Greater China, Australasia and South Korea.

The global market for cyber insurance is worth $2 billion, with 30 percent of middle to large firms purchasing cyber insurance protection, according to AIG. The insurer has also seen an average annual growth rate of 20 to 25 percent in cyber insurance policies over the past three years worldwide, said Kelly.

Insurance companies have been cautiously entering the cyber insurance market as they look for growth amid stiff competition and potential exposure to cyber breaches.

According to Kelly, the annual damage from hackers to the global economy reached about $400 billion in 2015.

(Reporting by Julie Zhu; Editing by Muralikumar Anantharaman)

As shootings soar, Chicago police use technology to predict crime

A Chicago police officer attends a news conference announcing the department's plan to hire nearly 1,000 new police officers in Chicago, Illinois, U.S. on September 21, 2016.

By Timothy Mclaughlin

CHICAGO (Reuters) – In a control room at a police headquarters on Chicago’s South Side, officers scan digital maps on big screens to see where a computer algorithm predicts crime will happen next.

Thrust into a national debate over violent crime and the use of force by officers, police in the third-largest U.S. city are using technology to try to rein in a surging murder rate.

And while commanders recognize the new tools can only ever be part of the solution, the number of shootings in the 7th District from January through July fell 39 percent compared with the same period last year. The number of murders dropped by 33 percent to 34. Citywide, the number of murders is up 3 percent at 402.

Three other districts where the technology is fully operational have also seen between 15 percent and 29 percent fewer shootings, and 9 percent to 18 percent fewer homicides, according to the department’s data.

“The community is starting to see real change in regards to violence,” said Kenneth Johnson, the 7th District commander.

Cities like Philadelphia, San Francisco, Milwaukee, Denver, Tacoma, Washington, and Lincoln, Nebraska have tested the same or similar technologies.

The techniques being used in Chicago’s 7th District’s control room, one of six such centers opened since January as part of a roughly $6 million experiment, are aimed at complimenting traditional police work and are part of a broader effort to overhaul the force of some 12,500 officers.”We are not saying we can predict where the next shooting is going to occur,” said Jonathan Lewin, chief of the Chicago Police Department’s Bureau of Technical Services. “These are just tools. They are not going to replace (officers).”

The department’s efforts come after a Justice Department investigation published in January found officers engaged in racial discrimination and routinely violated residents’ civil rights.

That probe followed street protests triggered by the late 2015 release of a video showing a white police officer fatally shooting black teenager Laquan McDonald a year earlier.

Some critics of the department fear the technology could prove a distraction from confronting what they say are the underlying issues driving violence in the city of 2.7 million.

“Real answers are hard,” said Andrew Ferguson, a law professor at the University of the District of Columbia who has written a book on police technology. “They involve better education, better economic opportunity, dealing with poverty and mental illness.”

 

‘KILLING FIELDS’

Chicago’s recent rash of shootings – 101 people were shot over the Independence Day weekend alone – prompted President Donald Trump to bemoan the response of city leaders to the bloodshed, and Attorney General Jeff Sessions to describe some of its areas as “killing fields.”

One of the technologies being used in the 7th District is HunchLab, a predictive policing program made by Philadelphia-based company Azavea. It combines crime data with factors including the location of local businesses, the weather and socioeconomic information to forecast where crime might occur. The results help officers decide how to deploy resources.

Another is the Strategic Subject’s List, a database of individuals likely to be involved in shootings that was developed by the Illinois Institute of Technology.

Police are tight-lipped about how it is compiled, saying only that the algorithm looks at eight factors including gang affiliation and prior drug arrests to assign people a number between 0 and 500. A higher number reflects higher risk.

They are also using the gunfire detection system made by ShotSpotter Inc which uses sensors to locate the source of gunshots. Police officials declined, however, to say how many such devices were installed in the 7th District.

“We can’t give away the kitchen sink and tell them all of our secrets,” district commander Johnson said.

 

(Reporting by Timothy Mclaughlin; Editing by Ben Klayman and Lisa Shumaker)