Tag Archives: Technology

Global cyber attack hits hospitals and companies, threat seen fading for now

An ambulance waits outside the emergency department at St Thomas' Hospital in central London, Britain May 12, 2017. REUTERS/Stefan Wermuth

By Jeremy Wagstaff and Costas Pitas

SINGAPORE/LONDON (Reuters) – A global cyber attack leveraging hacking tools believed to have been developed by the U.S. National Security Agency has infected tens of thousands of computers in nearly 100 countries, disrupting Britain’s health system and global shipper FedEx.

Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.

The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access. Security researchers said they observed some victims paying via the digital currency bitcoin, though they did not know what percent had given in to the extortionists.

Researchers with security software maker Avast said they had observed 57,000 infections in 99 countries, with Russia, Ukraine and Taiwan the top targets.

Some experts said the threat had receded for now, in part because a British-based researcher, who declined to give his name, registered a domain that he noticed the malware was trying to connect to, limiting the worm’s spread.

“We are on a downward slope, the infections are extremely few, because the malware is not able to connect to the registered domain,” said Vikram Thakur, principal research manager at Symantec.

“The numbers are extremely low and coming down fast.”

But the attackers may yet tweak the code and restart the cycle. The British-based researcher who may have foiled the ransomware’s spread told Reuters he had not seen any such tweaks yet, “but they will.”

Finance chiefs from the Group of Seven rich countries will commit on Saturday to join forces to fight the growing threat of international cyber attacks, according to a draft statement of a meeting they are holding in Italy.

“Appropriate economy-wide policy responses are needed,” the ministers said in their draft statement, seen by Reuters.

HOSPITALS IN FIRING LINE

In Asia, some hospitals, schools, universities and other institutions were affected, although the full extent of the damage is not yet known because it is the weekend.

“I believe many companies have not yet noticed,” said William Saito, a cyber security adviser to Japan’s government.

“Things could likely emerge on Monday.”

China’s official Xinhua news agency said some secondary schools and universities had been affected, without specifying how many or identifying them.

In Vietnam, Vu Ngoc Son, a director of Bkav Anti Malware, said dozens of cases of infection had been reported there, but he declined to identify any of the victims.

South Korea’s Yonhap news agency reported a university hospital had been affected, while a communications official in Indonesia said two hospitals there had been affected.

The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers on Friday.

International shipper FedEx Corp said some of its Windows computers were also infected. “We are implementing remediation steps as quickly as possible,” it said in a statement.

Telecommunications company Telefonica was among many targets in Spain. Portugal Telecom and Telefonica Argentina both said they were also targeted.

Only a small number of U.S.-headquartered organizations were hit because the hackers appear to have begun the campaign by targeting organizations in Europe, said Thakur.

By the time they turned their attention to the United States, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious, Thakur added.

MICROSOFT UPS DEFENSES

The U.S. Department of Homeland Security said it was sharing information with domestic and foreign partners and was ready to lend technical support.

Private security firms identified the ransomware as a new variant of “WannaCry” that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft’s Windows operating system.

The hackers, who have not come forward to claim responsibility or otherwise been identified, likely made it a “worm”, or self spreading malware, by exploiting a piece of NSA code known as “Eternal Blue” that was released last month by a group known as the Shadow Brokers, researchers with several private cyber security firms said.

“This is one of the largest global ransomware attacks the cyber community has ever seen,” said Rich Barger, director of threat research with Splunk, one of the firms that linked WannaCry to the NSA.

The Shadow Brokers released Eternal Blue as part of a trove of hacking tools that they said belonged to the U.S. spy agency.

Microsoft said it was pushing out automatic Windows updates to defend clients from WannaCry. It issued a patch on March 14 to protect them from Eternal Blue.

“Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt,” Microsoft said in a statement on Friday, adding it was working with customers to provide additional assistance.

SENSITIVE TIMING

The spread of the ransomware capped a week of cyber turmoil in Europe that began the previous week when hackers posted a trove of campaign documents tied to French candidate Emmanuel Macron just before a run-off vote in which he was elected president of France.

On Wednesday, hackers disrupted the websites of several French media companies and aerospace giant Airbus.The hack happened four weeks before a British general election in which national security and the management of the state-run National Health Service are important issues.

The British government did not know who was behind the attack but its National Crime Agency was working to find out, interior minister Amber Rudd said.

Authorities in Britain have been braced for cyber attacks in the run-up to the election, as happened during last year’s U.S. election and on the eve of the French one.

But those attacks – blamed on Russia, which has repeatedly denied them – followed a different modus operandi involving penetrating the accounts of individuals and political organizations and then releasing hacked material online.

On Friday, Russia’s interior and emergencies ministries, as well as its biggest bank, Sberbank, said they were targeted. The interior ministry said about 1,000 computers had been infected but it had localized the virus.

Although cyber extortion cases have been rising for several years, they have to date affected small-to-mid sized organizations.

“Seeing a large telco like Telefonica get hit is going to get everybody worried,” said Chris Wysopal, chief technology officer with cyber security firm Veracode.

(Additional reporting by Kiyoshi Takenaka, Jim Finkle, Eric Auchard, Jose Rodriguez, Alistair Smout, Andrea Shalal, Jack Stubbs, Antonella Cinelli, Dustin Volz, Kate Holton, Andy Bruce, Michael Holden, David Milliken, Rosalba O’Brien, Julien Toyer, Tim Hepher, Luiza Ilie, Patricia Rua, Axel Bugge, Sabine Siebold and Eric Walsh, Engen Tham, Fransiska Nangoy, Soyoung Kim, Mai Nguyen; Editing by Rob Birsel and Mike Collett-White)

Hackers exploit stolen U.S. spy agency tool to launch global cyberattack

An undated aerial handout photo shows the National Security Agency (NSA) headquarters building in Fort Meade, Maryland. NSA/Handout via REUTERS

By Costas Pitas and Carlos Ruano

LONDON/MADRID (Reuters) – A global cyberattack leveraging hacking tools widely believed by researchers to have been developed by the U.S. National Security Agency hit international shipper FedEx, disrupted Britain’s health system and infected computers in nearly 100 countries on Friday.

Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.

The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access. Security researchers said they observed some victims paying via the digital currency bitcoin, though they did not know what percent had given in to the extortionists.

Researchers with security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine and Taiwan the top targets.

The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers.

International shipper FedEx Corp said some of its Windows computers were also infected. “We are implementing remediation steps as quickly as possible,” it said in a statement.

Still, only a small number of U.S.-headquartered organizations were hit because the hackers appear to have begun the campaign by targeting organizations in Europe, said Vikram Thakur, research manager with security software maker Symantec.

By the time they turned their attention to the United States, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious, Thakur said.

The U.S. Department of Homeland Security said late on Friday that it was aware of reports of the ransomware, was sharing information with domestic and foreign partners and was ready to lend technical support.

Telecommunications company Telefonica was among many targets in Spain, though it said the attack was limited to some computers on an internal network and had not affected clients or services. Portugal Telecom and Telefonica Argentina both said they were also targeted.

Private security firms identified the ransomware as a new variant of “WannaCry” that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft’s Windows operating system.

“Once it gets in and starts moving across the infrastructure, there is no way to stop it,” said Adam Meyers, a researcher with cyber security firm CrowdStrike.

The hackers, who have not come forward to claim responsibility or otherwise been identified, likely made it a “worm,” or self spreading malware, by exploiting a piece of NSA code known as “Eternal Blue” that was released last month by a group known as the Shadow Brokers, researchers with several private cyber security firms said.

“This is one of the largest global ransomware attacks the cyber community has ever seen,” said Rich Barger, director of threat research with Splunk, one of the firms that linked WannaCry to the NSA.

The Shadow Brokers released Eternal Blue as part of a trove of hacking tools that they said belonged to the U.S. spy agency.

Microsoft on Friday said it was pushing out automatic Windows updates to defend clients from WannaCry. It issued a patch on March 14 to protect them from Eternal Blue.

“Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt,” Microsoft said in a statement. It said the company was working with its customers to provide additional assistance.

SENSITIVE TIMING

The spread of the ransomware capped a week of cyber turmoil in Europe that kicked off a week earlier when hackers posted a huge trove of campaign documents tied to French candidate Emmanuel Macron just 1-1/2 days before a run-off vote in which he was elected as the new president of France.

On Wednesday, hackers disputed the websites of several French media companies and aerospace giant Airbus.Also, the hack happened four weeks before a British parliamentary election in which national security and the management of the state-run National Health Service (NHS) are important campaign themes.

Authorities in Britain have been braced for possible cyberattacks in the run-up to the vote, as happened during last year’s U.S. election and on the eve of this month’s presidential vote in France.

But those attacks – blamed on Russia, which has repeatedly denied them – followed an entirely different modus operandi involving penetrating the accounts of individuals and political organizations and then releasing hacked material online.

On Friday, Russia’s interior and emergencies ministries, as well as the country’s biggest bank, Sberbank, said they were targeted. The interior ministry said on its website that around 1,000 computers had been infected but it had localized the virus.

The emergencies ministry told Russian news agencies it had repelled the cyberattacks while Sberbank said its cyber security systems had prevented viruses from entering its systems.

NEW BREED OF RANSOMWARE

Although cyber extortion cases have been rising for several years, they have to date affected small-to-mid sized organizations, disrupting services provided by hospitals, police departments, public transportation systems and utilities in the United States and Europe.

“Seeing a large telco like Telefonica get hit is going to get everybody worried. Now ransomware is affecting larger companies with more sophisticated security operations,” Chris Wysopal, chief technology officer with cyber security firm Veracode, said.

The news is also likely to embolden cyber extortionists when selecting targets, Chris Camacho, chief strategy officer with cyber intelligence firm Flashpoint, said.

“Now that the cyber criminals know they can hit the big guys, they will start to target big corporations. And some of them may not be well prepared for such attacks,” Camacho said.

In Spain, some big firms took pre-emptive steps to thwart ransomware attacks following a warning from Spain’s National Cryptology Centre of “a massive ransomware attack.”

Iberdrola and Gas Natural, along with Vodafone’s unit in Spain, asked staff to turn off computers or cut off internet access in case they had been compromised, representatives from the firms said.

In Spain, the attacks did not disrupt the provision of services or networks operations of the victims, the government said in a statement.

(Additional reporting by Jim Finkle, Eric Auchard, Jose Rodriguez, Alistair Smout, Andrea Shalal, Jack Stubbs, Antonella Cinelli, Dustin Volz, Kate Holton, Andy Bruce, Michael Holden, David Milliken, Rosalba O’Brien, Julien Toyer, Tim Hepher, Luiza Ilie, Patricia Rua, Axel Bugge, Sabine Siebold and Eric Walsh; Writing by Mark Trevelyan and Jim Finkle; Editing by Ralph Boulton and Grant McCool)

English hospitals say hit by suspected national cyber attack

FILE PHOTO: A National Health Service (NHS) sign is seen in the grounds of St Thomas' Hospital, in front of the Houses of Parliament in London June 7, 2011. REUTERS/Toby Melville/File Photo

By Costas Pitas and Alistair Smout

LONDON (Reuters) – Hospitals across England were being forced to divert emergency cases on Friday after suffering a suspected national cyber attack.

Among them was the Barts Health group which manages major central London hospitals including The Royal London and St Bartholomew’s.

“We are experiencing a major IT disruption and there are delays at all of our hospitals,” it said.

“We have activated our major incident plan to make sure we can maintain the safety and welfare of patients. Ambulances are being diverted to neighboring hospitals.”

Patients requiring emergency treatment across England were diverted away from the hospitals affected and the public was advised to only seek medical care for acute medical conditions.

Reuters was unable to independently verify whether the hospitals were the subject of a concerted cyber attack ahead of the June 8 election.

Britain’s National Crime Agency said it was aware of the reports of a cyber attack but made no further comment.

The National Health Service (NHS) said it was responding to the incidents.

“We are aware of a cyber security incident and we are working on a response,” said a spokesman for NHS Digital, a division of the NHS which handles information technology issues.

There was no immediate comment from the Health Ministry.

Earlier on Friday, Spain’s government warned that a large number of companies had been attacked by cyber criminals who infected computers with malicious software known as “ransomware” that locks up computers and demands ransoms to restore access.

(Additional reporting by Kate Holton, Andy Bruce, Michael Holden and David Milliken; Writing by Guy Faulconbridge; editing by Stephen Addison)

German cyber agency chides Yahoo for not helping hacking probe

A photo illustration shows a Yahoo logo on a smartphone in front of a displayed cyber code and keyboard on December 15, 2016. REUTERS/Dado Ruvic/Illustration

By Andrea Shalal

BERLIN (Reuters) – Germany’s federal cyber agency said on Thursday that Yahoo Inc <YHOO.O> had not cooperated with its investigation into a series of hacks that compromised more than one billion of the U.S. company’s email users between 2013 and 2016.

Yahoo’s Dublin-based Europe, Middle East and Africa unit “refused to give the BSI any information and referred all questions to the Irish Data Protection Commission, without, however, giving it the authority to provide information to the BSI,” Germany’s BSI computer security agency said.

A BSI spokesman said it decided to go public after Yahoo repeatedly failed to respond to efforts to look into the data breaches and garner lessons to prevent similar lapses. BSI also urged internationally active Internet service providers to work more closely with it when German customers were affected by cyber attacks and other computer security issues.

Yahoo did not respond to requests for comment, while Ireland’s data protection agency was not immediately available.

The BSI’s statement comes at a time of heightened German government concerns about Russian meddling in national elections in September, after cyber attacks on the French and U.S. presidential elections which have been linked to Russia.

The U.S. Justice Department in March charged two Russian intelligence agents and two hackers with masterminding the 2014 theft of 500 million Yahoo accounts, marking the first time the U.S. government had criminally charged Russian spies for cyber offences., while U.S. officials have charged Russian intelligence agents with involvement in at least one of the hacks that affected Yahoo.

Moscow has denied any involvement in hacking.

The BSI said it did not yet have any concrete information about the data breaches because of Yahoo’s lack of cooperation.

“Users should therefore be very careful about which services they want to use in the future and to whom they entrust their data,” BSI President Arne Schoenbohm said in a statement.

The BSI chief reiterated his recommendation that German consumers consider switching to other email service providers, adding that certifications such as those offered with C5-class cloud service security were valuable for customers.

C5 is a German government scheme to encourage cloud-based internet service providers to attest they use various safeguards against cyber attacks.

Late last year Yahoo, which has agreed to be acquired by U.S. telecoms giant Verizon <VZ.N> and is set to be merged with AOL to form a new business known as Oath, revealed a data breach dating back to 2013 of one billion user accounts.

The various disclosures led Verizon to cut the amount it was willing to pay for Yahoo by $350 million on its previously agreed $4.83 billion deal. Yahoo has said it expects the merger into Verizon to close in June.

BSI said an additional 32 million Yahoo users were affected by cyber breaches in 2015 and 2016. A spokesman for the agency said he was unaware of any additional breaches in 2017.

(Additional reporting by Eric Auchard in Frankfurt; editing by Alexander Smith)

Dos, don’ts and geo-fencing: Europe proposes rules for small drones

A drone flies as Belgian police officers showcase the use of drones deployed over traffic accidents occurring on highways, in Ranst near Antwerp, Belgium, January 18, 2017. REUTERS/Francois Lenoir

BERLIN (Reuters) – Europe’s aviation safety authorities have proposed rules for operating small drones that include requirements for geo-fencing technology to prevent them from straying into banned areas and a “dos and don’ts” leaflet to be inserted in retail packaging.

With demand booming, both for hobby and commercial use, European regulators have been looking for ways to ensure drones can be safely operated, while allowing the industry to grow.

Fears have been raised over the use of drones near airports in particular, with a number of pilots reporting near collisions with drones, and the European Aviation Safety Agency (EASA) has set up a task force to look into the risk of drone strikes.

EASA’s proposals include requirements for drones to be remotely identifiable, to be fitted with geo-fencing technology to prevent them from entering prohibited zones such as airports and nuclear sites, and a requirement for people operating drones weighing more than 250 grams to register themselves.

EASA hopes such measures will address privacy concerns, as well as safety risks.

The design requirements for small drones will be implemented using the CE product legislation commonly used across Europe.

Along with the CE marking, drones will be identified according to their class, and a “dos and don’ts” leaflet will be in all product boxes.

“Based on the drone class, an operator will know in which area he can operate and what competence is required,” EASA said in a statement.

The proposal is now open for comment from May 12 until Aug. 12 and EASA will submit its final opinion to the European Commission at the end of 2017.

The regulation of drones weighing less than 150 kg is currently up to individual EU member states, resulting in a fragmented regulatory framework.

Makers of commercial drones include China’s DJI and France’s Parrot <PARRO.PA>.

(Reporting by Victoria Bryan; Editing by Mark Potter)

FBI warns of surge in wire-transfer fraud via spoofed emails

A computer keyboard is seen in this picture illustration taken in Bordeaux, Southwestern France, August 22, 2016. REUTERS/Regis Duvignau

By Alastair Sharp

(Reuters) – Attempts at cyber wire fraud globally, via emails purporting to be from trusted business associates, surged in the last seven months of 2016, the U.S. Federal Bureau of Investigation said in a warning to businesses.

Fraudsters sought to steal $5.3 billion through schemes known as business email compromise from October 2013 through December, the FBI said in a report released Thursday by its Internet Crime Complaint Center.(http://bit.ly/2qAEVBE)

The figure is up sharply from the FBI’s previous report which said thieves attempted to steal $3.1 billion from October 2013 through May 2016, according to a survey of cases from law enforcement agencies around the world.

The number of business-email compromise cases, in which cyber criminals request wire transfers in emails that look like they are from senior corporate executives or business suppliers who regularly request payments, almost doubled from May to December of last year, rising to 40,203 from 22,143, the FBI said.

The survey does not track how much money was actually lost to criminals.

Robert Holmes, who studies business email compromise for security firm Proofpoint Inc <PFPT.O>, estimated the incidents collated by the FBI represent just 20 percent of the total, and that total actual losses could be as much as double the figures reported by the FBI.

The losses are growing as scammers become more sophisticated, delving deeper into corporate finance departments to find susceptible targets, he said.

“This is not a volume play; it’s a carefully researched play,” he said.

The United States is by far the biggest target market, though fraudsters have started to expand in other developed countries, including Australia, Britain, France and Germany, Holmes said.

The FBI has said that about one in four U.S. victims respond by wiring money to fraudsters. In some of those cases, authorities have been able to identify the crimes in time to help victims recover the funds from banks before the criminals pulled them out of the system.

The U.S. Department of Justice said in March that it had charged a Lithuanian man with orchestrating a fraudulent email scheme that had tricked agents and employees of two U.S.-based internet companies into wiring more than $100 million to overseas bank accounts.

Fraudsters have also used spoofed emails to trick corporate workers into releasing sensitive data, including wage and tax reports, according to the advisory.

(Reporting by Alastair Sharp in Toronto; Editing by Bernadette Baum and Lisa Shumaker)

Islamic State militants developing own social media platform: Europol

A 3D printed logo of Twitter and an Islamic State flag are seen in this picture illustration taken February 18, 2016.

By Michael Holden

LONDON (Reuters) – Islamic State militants are developing their own social media platform to avoid security crackdowns on their communications and propaganda, the head of the European Union’s police agency said on Wednesday.

Europol Director Rob Wainwright said the new online platform had been uncovered during a 48-hour operation against Internet extremism last week.

“Within that operation it was revealed IS was now developing its very own social media platform, its own part of the Internet to run its agenda,” Wainwright told a security conference in London. “It does show that some members of Daesh (IS), at least, continue to innovate in this space.”

During a Europol-coordinated crackdown on IS and al Qaeda material, which involved officials from the United States, Belgium, Greece, Poland, and Portugal, more than 2,000 extremist items were identified, hosted on 52 social media platforms.

Jihadists have often relied on mainstream social media platforms for online communications and to spread propaganda, with private channels on messaging app Telegram being especially popular over the past year.

Technology firms, such as Facebook and Google, have come under increasing political pressure to do more to tackle extremist material online and to make it harder for groups such as Islamic State to communicate through encrypted services to avoid detection by security services.

However, Wainwright said that IS, by creating its own service, was responding to concerted pressure from intelligence agencies, police forces and the tech sector, and were trying to found a way around it.

“We have certainly made it a lot harder for them to operate in this space but we’re still seeing the publication of these awful videos, communications operating large scale across the Internet,” he said, adding he did not know if it would be technically harder to take down IS’s own platform.

Wainwright also said he believed that security cooperation between Britain and the EU would continue after Brexit, despite British warnings it is likely to leave Europol and cease sharing intelligence if it strikes no divorce deal with the bloc.

“The operational requirement is for that to be retained. If anything, “If anything we need to have an even more closely integrated pan-European response to security if you consider the way in which the threat is heading,” he said.

Europe, he added, is facing “the highest terrorist threat for a generation”.

However, Wainwright said there were important legal issues that would have to be thrashed out and it was not easy “to just cut and paste current arrangements”.

“The legal issues have to be worked through and then they have to be worked through within of course the broader political context of the Article 50 negotiations (on Britain’s planned exit from the EU),” he said.

“In the end I hope the grown-ups in the room will realize that … security is one of the most important areas of the whole process. We need to get that right in the collective security interest of Europe as a whole, including of course the United Kingdom.”

(Additional reporting by Eric Auchard; editing by Mark Heinrich)

Germany challenges Russia over alleged cyberattacks

Hans-Georg Maassen, Germany's head of the German Federal Office for the Protection of the Constitution (Bundesamt fuer Verfassungsschutz) addresses a news conference in Berlin, Germany, in this file photo dated June 28, 2016. REUTERS/Fabrizio Bensch

By Andrea Shalal

BERLIN (Reuters) – The head of Germany’s domestic intelligence agency accused Russian rivals of gathering large amounts of political data in cyber attacks and said it was up to the Kremlin to decide whether it wanted to put it to use ahead of Germany’s September elections.

Moscow denies it has in any way been involved in cyber attacks on the German political establishment.

Hans-Georg Maassen, president of the BfV agency, said “large amounts of data” were seized during a May 2015 cyber attack on the Bundestag, or lower house of parliament, which has previously been blamed on APT28, a Russian hacking group.

Maassen, speaking with reporters after a cyber conference in Potsdam, repeated his warning from last December in which he said Russia was increasing cyber attacks, propaganda and other efforts to destabilize German society.

Some cyber experts have drawn clear links between APT28 and the GRU Russian military intelligence organization.

Maassen said there had been subsequent attacks after the 2015 Bundestag hack that were directed at lawmakers, the Christian Democratic Union (CDU) of Chancellor Angela Merkel, and other party-affiliated institutions, but it was unclear if they had resulted in the loss of data.

Germany’s top cyber official last week confirmed attacks on two foundations affiliated with Germany’s ruling coalition parties that were first identified by security firm Trend Micro.

“We recognize this as a campaign being directed from Russia. Our counterpart is trying to generate information that can be used for disinformation or for influencing operations,” he said. “Whether they do it or not is a political decision … that I assume will be made in the Kremlin.”

Maassen said it appeared that Moscow had acted in a similar manner in the United States, making a “political decision” to use information gathered through cyber attacks to try to influence the U.S. presidential election.

Maassen told reporters that Germany was working hard to strengthen its cyber defenses, but also needed the legal framework for offensive operations.

Berlin was studying what legal changes were needed to allow authorities to purge stolen data from third-party servers, and to potentially destroy servers used to carry out cyber attacks.

“We believe it is necessary that we are in a position to be able to wipe out these servers if the providers and the owners of the servers are not ready to ensure that they are not used to carry out attacks,” Maassen said.

He said intelligence agencies knew which servers were used by various hacker groups, including APT10, APT28 and APT29.

The German government also remained deeply concerned about the possibility that German voters could be manipulated by fake news items, like the bogus January 2016 story about the rape of a 13-year Russian-German girl by migrants that sparked demonstrations by over 12,000 members of that community.

He said another attempt was made in January shortly after the Social Democrats named former European Parliament President Martin Schulz as their chancellor candidate, with a Russian website carrying a blatantly false story about Schulz’s father having run a Nazi concentration camp.

However that story did not receive as much attention.

Officials also remained concerned that real information seized during cyber attacks could be used to discredit politicians or affect the election, he said.

(Reporting by Andrea Shalal; Editing by Madeline Chambers)

Spam campaign targets Google users with malicious link

A security guard keeps watch as he walks past a logo of Google in Shanghai, China, April 21, 2016. REUTERS/Aly Song/File Photo

By Jim Finkle and Alastair Sharp

(Reuters) – Alphabet Inc <GOOGL.O> warned its users to beware of emails from known contacts asking them to click on a link to Google Docs after a large number of people turned to social media to complain that their accounts had been hacked.

Google said on Wednesday that it had taken steps to protect users from the attacks by disabling offending accounts and removing malicious pages.

The attack used a relatively novel approach to phishing, a hacking technique designed to trick users into giving away sensitive information, by gaining access to user accounts without needing to obtain their passwords. They did that by getting an already logged-in user to grant access to a malicious application posing as Google Docs.

“This is the future of phishing,” said Aaron Higbee, chief technology officer at PhishMe Inc. “It gets attackers to their goal … without having to go through the pain of putting malware on a device.”

He said the hackers had also pointed some users to another site, since taken down, that sought to capture their passwords.

Google said its abuse team “is working to prevent this kind of spoofing from happening again.”

Anybody who granted access to the malicious app unknowingly also gave hackers access to their Google account data including emails, contacts and online documents, according to security experts who reviewed the scheme.

“This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party,” said Justin Cappos, a cyber security professor at NYU Tandon School of Engineering.

Cappos said he received seven of those malicious emails in three hours on Wednesday afternoon, an indication that the hackers were using an automated system to perpetuate the attacks.

He said he did not know the objective, but noted that compromised accounts could be used to reset passwords for online banking accounts or provide access to sensitive financial and personal data.

(Reporting by Alastair Sharp and Jim Finkle in Toronto; editing by Grant McCool)

China tightens rules on online news, network providers

A map of China is seen through a magnifying glass on a computer screen showing binary digits in Singapore in this January 2, 2014 photo illustration. REUTERS/Edgar Su/File Photo

BEIJING (Reuters) – China on Tuesday issued tighter rules for online news portals and network providers, the latest step in President Xi Jinping’s push to secure the internet and maintain strict party control over content.

Xi has made China’s “cyber sovereignty” a top priority in his sweeping campaign to bolster security. He has also reasserted the ruling Communist Party’s role in limiting and guiding online discussion.

The new regulations, released by the Cyberspace Administration of China (CAC) on its website, extend restrictions on what news can be produced and distributed by online platforms, requiring all services to be managed by party-sanctioned editorial staff.

The rules, which come into effect on June 1, apply to all political, economic, military, or diplomatic reports or opinion articles on blogs, websites, forums, search engines, instant messaging apps and all other platforms that select or edit news and information, the administration said.

All such platforms must have editorial staff who are approved by the national or local government internet and information offices, while their workers must get training and reporting credentials from the central government, it said.

Editorial work must be separate from business operations and only public funds can be used to pay for any work, it added.

Under the rules, editorial guidance measures used for the mainstream media will be applied to online providers to ensure they too adhere to the party line, such as requiring “emergency response” measures to increase vetting of content after disasters.

The rules also stipulate that a domestic business that wants to set up a joint venture with a foreign partner, or accept foreign funding, must be assessed by the State Internet Information Office.

Content on China’s internet has never been free of government censorship, though a number of internet companies run news portals that produce relatively independent reporting and opinion pieces.

A number of these platforms were shut down last year, after Xi in April called in a speech for better regulation of China’s internet.

The CAC separately on Tuesday released another set of rules that on June 1 will require “network providers and products” used by people who might touch upon “national security and the public interest” go through a new round of security reviews.

Beijing adopted a cyber security law last year that overseas critics say could shut foreign businesses out of various sectors in China.

(Reporting by Christian Shepherd; Editing by Robert Birsel)