Posts Tagged ‘cyber’

China Demands U.S. Withdraw Sanctions Imposed Over Military Purchases From Russia

September 23, 2018

WASHINGTON — Chinese officials have summoned the United States ambassador in Beijing to denounce the United States for imposing economic sanctions this past week on a Chinese military organization for buying equipment from Russia, according to Chinese state news reports on Saturday.

The Chinese military also recalled a Chinese naval commander, Shen Jinlong, who was in the United States attending a naval conference, and it postponed a September meeting on joint staff communications between the two nations.

The United States ambassador to Beijing, Terry Branstad, with President Xi Jinping of China last year. Beijing is said to have summoned the ambassador to protest economic sanctions imposed by the United States.  Credit Lintao Zhang/Reuters

The moves are aimed at pressuring the United States to withdraw the sanctions. The sanctions are “a flagrant breach of basic rules of international relations” and “a stark show of hegemonism,” said Wu Qian, a spokesman for the Ministry of Defense, according to the state news agency Xinhua.

The diplomatic dispute adds to rising tensions between the United States and China, the world’s two largest economies.

By Edward Wong
The New York Times

Image may contain: 1 person

Ministry of National Defense spokesperson Wu Qian [File photo]

Foreign Ministry officials raised objections to the United States ambassador, Terry Branstad, according to People’s Daily, the official Communist Party newspaper.

The State Department confirmed on Saturday that Mr. Branstad met with Chinese officials, but declined to comment further.

On Thursday, the State Department said that it was imposing sanctions on the Equipment Development Department of the Chinese Central Military Commission and its top official for “engaging in significant transactions” with a group in the Russian defense sector that is on a list of blacklisted entities.

The transactions involved the purchase of Russian Su-35 combat aircraft and equipment related to the S-400 surface-to-air missile system, the State Department said.

Image may contain: airplane and sky

Russian Su-35

The Chinese received the aircraft in December 2017 and an initial batch of the missile equipment in 2018, the department said. Both were the result of deals negotiated before August 2017 between the Chinese military organization and Rosoboronexport, a state organization that is the main arms exporter of Russia.

Such military cooperation between the countries was normal, and in line with international law, said Mr. Wu, the military spokesman, according to the Xinhua report.

The State Department said it was imposing the sanctions against Russian and Chinese officials for violating a law enacted by the American government last year to punish Iran, North Korea and Russia for what American officials called hostile behavior. In the case of Russia, the act is intended to punish its military actions in Ukraine and Syria and cyberinterference in the American presidential election of 2016, among other things.

Tensions between the United States and China have escalated over a trade war that President Trump and his economic advisers started over the summer. Mr. Trump announced tariffs last week on an additional $200 billion worth of goods from China, prompting China to retaliate by promising to impose similar tariffs on $60 billion worth of goods from the United States. China also canceled trade talks that had been scheduled for this week in Washington.

Relations between the countries have grown strained on other fronts. Trump administration officials have scolded China for not doing enough to pressure North Korea over its nuclear program; criticized what they call Chinese military expansionism in the Pacific and Indian Oceans; and are weighing sanctions against Chinese officials for the repression of ethnic Uighurs in the region of Xinjiang, where up to one million Uighurs are being detained in re-education camps.

Image may contain: 1 person, standing, child, stripes, outdoor and closeup

Uighur children

As well, American officials are anxious about Chinese influence in Latin America. This month, the State Department recalled its three chiefs of mission in Panama, the Dominican Republic and El Salvador as a rebuke to those nations, which recently chose to drop diplomatic recognition of Taiwan in favor of recognizing China. The United States has recognized China since 1979, but wants the handful of small countries that recognize Taiwan to continue doing so as a hedge against Chinese power.

A version of this article appears in print on , on Page A12 of the New York edition with the headline: Beijing Denounces U.S. Sanctions Over Russian Deals

North Korea denies existence of hacker accused of cyber crime wave

September 14, 2018

Pyongyang warns such ‘falsehoods’ from US could jeopardise denuclearisation talks

Image may contain: 1 person, text

Washington says Park Jin Hyok is orchestrating a global cyber crime wave while Pyongyang says he does not exist

By Bryan Harris in Seoul

A North Korean hacker accused by the US of orchestrating of a global cyber crime wave does not exist, Pyongyang said, warning that such “falsehoods” could jeopardise denuclearisation talks.

Park Jin Hyok was last week charged alongside other unnamed co-conspirators by the US justice department of spearheading the attacks, allegedly on the orders of the Kim Jong Un regime.

The hackers are accused of stealing $81m from the Bangladesh central bank; causing worldwide chaos with the WannaCry malware attack; stealing emails from Sony Pictures in 2014; and attempting to hack the systems of Lockheed Martin, a US defence contractor.

For observers, the move by the US prosecutors suggested Washington was becoming increasingly determined to fight back against cyber attacks, even as US President Donald Trump attempted to nurture fledgling diplomatic ties with Pyongyang.

But on Friday North Korea roundly rebuffed the US investigation, claiming Mr Park was a “non-existent entity”.

“‘[Park] Jin Hyok’ whom the US Department of Justice accuses of being implicated in the hacking attack into the American film company Sony Pictures Entertainment is a non-existent entity, and furthermore, the act of cyber crimes mentioned by the Justice Department has nothing to do with us,” said Han Yong Song, an official at the Ministry of Foreign Affairs.

“The US farce of prosecution is none other than a vicious slander and another smear campaign full of falsehood and fabrication designed to undermine [North Korea],” Mr Han said in comments published by the state-run Korean Central News Agency.

Mr Han then warned that “circulating falsehoods” could undermine talks between the two sides.

US announces charges against N Korean hacker over global cyber crime

The US and North Korea are in tentative preparations a second high-level summit after an initial meeting between Mr Trump and Mr Kim in June did not result in the denuclearisation of the regime.

In recent days, however, the US leader has thanked the North Korean dictator for his diplomatic efforts.

The comments contrast those of a year ago when the White House accused North Korea of being “directly responsible” for WannaCry, a worldwide attack that wreaked havoc on tens of thousands of organisations.

The US also believes North Korea is responsible for the theft of $81m from the Bangladesh central bank in 2016.

Most of the North Korean population is barred from accessing the internet. The regime has, however, nurtured an elite cohort of hackers to target companies and governments around the world.

The approach offers the regime financial reward but also an asymmetric military advantage as North Korea’s adversaries are more reliant on technology.

On Thursday, the US announced further sanctions on two North Korean-controlled IT companies based in Russia and China.

Steven Mnuchin, US Treasury secretary, said the move was aimed at stopping the flow of cash from such technology companies back to Pyongyang.


British Airways hacked as 380,000 sets of payment details stolen

September 7, 2018

British Airways has launched an “urgent” investigation and notified police after hundreds of thousands of customers’ personal and financial details were stolen.

The airline said the hack continued for almost two weeks, between August 21 and September 5, with 380,000 payments compromised.

Stolen information did not include travel or passport details.

Customers who made bookings through or the airline’s app are being urged to contact banks and credit card providers.

Image may contain: outdoor

Alex Cruz, British Airways’ chairman and chief executive, said: “We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.”

Customers raised concerns that the airline had not contacted them directly to tell them about the hack.

Daniel Willis, 34, from Milton Keynes who booked a flight on Monday with the airline, said: “I saw the tweet, that was the first I knew of it. This is my first involvement with BA since they left me stranded with my wife and 2-year-old daughter for a few days in Düsseldorf in December – again with no communication.

“I’ve not heard anything from them on this and I’ve just had to cancel the card I used. They’re a shambles.”

Stephanie Jowers, who works in tech and is from New York, said she contacted the airline just hours before the hack was announced on Twitter with concerns about charges on her account, but was not informed that it could have been compromised.

British Airways


We are investigating the theft of customer data from our website and our mobile app, as a matter of urgency. For more information, please click the following link: 

“I contacted BA customer service by phone three hours prior to the Twitter announcement. I was unclear about the ‘fee’ charged referencing my booking reference number. They put me on hold for a bit. Then the rep told me I would be ‘refunded within 24 hours’. I asked repeatedly for an explanation. None was given. No case ID provided either or further contact information for follow-up issues,” she told the Daily Telegraph.

She had booked flights during the window of time the airline said their systems had been affected, and the charge had appeared on the booking a week after she paid for the flights. When she contacted her bank following BA’s announcement the bank advised her to cancel her card immediately.

Under GDPR rules, companies must inform regulators within 72 hours of becoming aware of a data breach.

“If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay,” according to guidelines from the  Information Commissioner’s Office (ICO), the independent regulator that upholds information rights in Britain.

The ICO said it had been alerted to the British Airways hack. A spokesman said it would be “making inquiries”, but declined to comment further given the airline’s investigations were “at a very early stage”.

The data breach is the latest in a string to hit the airline sector. Last week  Air Canada confirmed a data breach affecting 20,000 customers. In July, Thomas Cook admitted names, emails and flight details had been accessed, although the travel and airline company insisted fewer than 100 bookings had been compromised.

In May, US airline Delta admitted to two breaches during September and October last year.

Rob Burgess, editor of UK frequent flyer website, said: “Data breaches are part and parcel of the world we now live in, and criminal activity is getting ever more sophisticated.  Unfortunately, this is likely to be another PR disaster for British Airways, especially as it includes tickets bought in their September sale which is being widely promoted at the moment.

“Following on from the IT meltdown last year, it seems that the decision to outsource the majority of BA’s IT to India is yet again coming back to haunt them. The airline has actually been working hard and succeeding of late, to reverse many of the recent cuts to in-flight service in an attempt to improve its public image.  Sadly, this data breach is likely to knock back its efforts.”

China police investigate possible data breach at hotel operator Huazhu

August 29, 2018

Chinese police are investigating a possible leak of client information from Huazhu Group, after state media said nearly 500 million pieces of customer-related information from the hotel operator had emerged in an online post.

Shanghai’s Changning District police said, on their official Weibo account late on Tuesday, that they had been alerted to the possible data breach by the company.

Image may contain: 1 person, standing and outdoor

Huazhu operates 18 brands in China including that of French hotel group AccorHotel’s Mercure and Ibis hotels. The company’s headquarters are in Shanghai’s Changning district.

Xinhua reported on Wednesday that nearly 500 million pieces of information related to the hotel group’s customers had emerged on an online post on Tuesday, which included customer registration information, personal data and booking records.


Reporting by Brenda Goh; Editing by Himani Sarkar

Online Propaganda Builds Islamic State Brand in the Face of Military Losses

August 26, 2018

Extremist group uses claims of attacks to maintain relevance as it faces pressure in Syria and Iraq

Fighters from Syrian Democratic Forces last October in Raqqa, the Syrian city that was Islamic State’s de facto capital.
Fighters from Syrian Democratic Forces last October in Raqqa, the Syrian city that was Islamic State’s de facto capital. PHOTO:YOUSSEF/EPA-EFE/REX/SHUTTERSTOCK/EPA/SHUTTERSTOCK

Islamic State has lost most of the territory it once held in Syria and Iraq. It is vying for survival with other, sometimes stronger, extremist groups. But one sphere where Islamic State still reigns supreme among terrorists is in cyberspace.

The group’s vast online presence is a critical recruitment and marketing tool that has helped it build a brutish brand using propaganda and sometimes false claims. Maintaining the perception that Islamic State can shape the actions of loyalists has become all the more important as its territorial control, or self-declared caliphate, has almost completely collapsed.

Last October, the group claimed to have inspired the Las Vegas shooter Stephen Paddock, who killed 59 people attending a country-music concert. A month earlier, Islamic State said it had planted a bomb on a U.K.-bound flight that was held in Paris for what officials called a “direct security threat.” Authorities in both cases rebuffed the group’s assertions.

Islamic State also claimed that a man who attacked a casino in the Philippine capital of Manila in June 2017 was a soldier of its caliphate, despite local authorities saying that the perpetrator was an indebted gambler trying to make off with $2 million in chips.

The latest example of the role of such online propaganda came on Thursday, when Islamic State’s official news outlet claimed that a man who stabbed his mother and sister to death in France had responded to its calls to attack citizens of countries that are part of the U.S.-led coalition fighting the group. French Interior Minister Gerard Collomb disputed the statement, saying the perpetrator was mentally unstable.

That claim came a day after Islamic State, widely known as ISIS, released what it said was a recording of its leader Abu Bakr al-Baghdadi, the first in nearly a year, calling for supporters abroad to continue attacks on Western cities.

In internal field guides, Islamic State regards its propaganda as “projectiles” fired into mainstream media. Like actual bombs, threats and claims of attacks are intended to intimidate and destroy the morale of the enemy. In many cases, even if authorities don’t establish specific links between an attacker in the West and Islamic State, the perpetrator has turned out to have been a consumer of the group’s propaganda.

The group frequently describes “information wars” as important as its military battles, according to Charlie Winter, senior research fellow with the Institute for the Study of Radicalization and Political Violence, a London-based think tank.

“ISIS uses propaganda as an extension of its military methods,” Mr. Winter said in an interview earlier this year. “Terrorism is a way of communication more than anything else.”

In a survey of about 1,000 Facebook profiles, the Counter Extremism Project, a nonpartisan policy organization, documented Islamic State supporters in 96 countries, including in such disparate locations as Namibia, Argentina and the Dominican Republic. The research shows the vast spread of Islamic State influence and gives an idea where the group’s soldiers may return to after fighting for the group.

“By having this big network, their propaganda is constantly being disseminated and spread, and that’s a key thing for the group,” said Robert Postings, a researcher who co-authored the study. “This way, they can continue to radicalize people and inspire attacks.”

Meanwhile, Islamic State’s physical footprint has shrunk. The former al Qaeda affiliate Hayat Tahrir al-Sham has become the dominant rebel group in Syria, while al Qaeda itself remains strong in several countries.

But neither rivals Islamic State in cyberspace. Both groups mostly spread propaganda through more decentralized methods, such as sermons on flash drives, leaflets or public gatherings.

Islamic State does use its online influence to direct actual attacks. The mastermind of the November 2015 attacks in Paris was a Belgian-Moroccan who, after returning from fighting in Syria, set up a terrorist cell that included scouts who traveled across Europe feeding him information on potential targets through hundreds of Facebook messages. Their fake accounts went untouched by Facebook before the attack, according to CEP, the group that has studied online extremism.

Facebook has since said it is actively looking for Islamic State content on its platform in order to remove it, but hundreds of accounts belonging to ISIS sympathizers remain active.

In 2016, hackers loyal to Islamic State published the names of more than 70 U.S. military personnel they said were involved in drone strikes in Syria and Iraq. “Kill them wherever they are, knock on their doors and behead them, stab them, shoot them in the face or bomb them,” the group calling itself the Islamic State Hacking Division said on a website at the time.

Western security agencies have attacked Islamic State propaganda outlets, but they have resurfaced. An operation by U.S., Canadian and six European agencies in April took down servers and outlets run by Islamic State. Days later, many were back online.

Islamic State propagandists also take steps to avoid being completely removed from social media, including preparing backup accounts should Facebook remove their current operating account.

In a sign of how swiftly they work, Mr. Winter pointed out that on one spring day this year, more than 100 accounts sympathetic to Islamic State appeared on the encrypted messaging app Telegram.

Telegram didn’t respond to a request for comment. Last year, Telegram promised to block terror-related content in Indonesia, but only after that country’s government threatened to ban the app.

Write to Sune Engel Rasmussen at

Tech giants aim to coordinate fight on misinformation: report

August 24, 2018

Major technology firms including Facebook, Google and Twitter were set to meet Friday as part of an effort to coordinate the battle against misinformation campaigns by foreign agents, a media report said.

The report by BuzzFeed based on a leaked email said the companies were set to meet at Twitter’s headquarters in San Francisco.

Microsoft, Snapchat and other tech firms were expected to participate in the gathering called by Facebook cybersecurity head Nathaniel Gleicher.

© GETTY IMAGES NORTH AMERICA/AFP/File | Major tech firms were reportedly gathering at Twitter’s San Francisco headquarters to discuss coordinating efforts to counter foreign misinformation campaigns

“As I’ve mentioned to several of you over the last few weeks, we have been looking to schedule a follow-on discussion to our industry conversation about information operations, election protection, and the work we are all doing to tackle these challenges,” Gleicher wrote, according to BuzzFeed.

Twitter declined to comment on the report. Facebook and Google did not immediately respond to an AFP query.

The news follows actions by Facebook, Twitter, Google and Microsoft blocking accounts from Russian and Iranian entities which the companies said were propagating misinformation aimed at disrupting the November US elections.

On Thursday, Google said that working with the cybersecurity firm FireEye, it linked the accounts to the Islamic Republic of Iran Broadcasting as part of an effort dating to at least January 2017.

Earlier this week, Facebook announced it removed more than 650 pages, groups and accounts identified as “networks of accounts misleading people about what they were doing.”

Separately, Twitter said it suspended 284 accounts “for engaging in coordinated manipulation,” adding that “it appears many of these accounts originated from Iran.

Former Facebook security chief Alex Stamos said in a blog post Wednesday that gaping holes remain in online platforms and that not enough is being done to counter foreign interference ahead of the elections.

“The revelations are evidence that Russia has not been deterred and that Iran is following in its footsteps,” Stamos wrote on the Lawfare blog.

“If the United States continues down this path, it risks allowing its elections to become the World Cup of information warfare, in which US adversaries and allies battle to impose their various interests on the American electorate.”


T-Mobile reports cybersecurity incident

August 24, 2018

T-Mobile US has informed customers about a potential security breach. The telecoms company said it had discovered a fresh attack, but was able to quickly shut down unauthorized access to personal information.

T-Mobile logo (picture-alliance/dpa/EPA/J. Lane)

T-Mobile US and its unit Metro PCS told customers that cybersecurity staff found and shut down unauthorized access to certain information on August 20 and immediately reported the matter to authorities.

The company added that no financial data, social security numbers or passwords were compromised during the attack on its networks, admitting, though, that other personal information like names, email IDs, phone numbers as well as account numbers or account types (postpaid or prepaid) may have been exposed.

T-Mobile said that about 3 percent of its 77 million customers could have been affected (roughly 2 million people potentially affected).

Who did it?

A spokesperson for the telecoms firm said the incident occurred after hackers compromised its servers through an API, an application programming interface as a set of routines, protocols and tools for building software applications.

T-Mobile did not specify whether it knew who was behind the intrusion.

“We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access,” the company told its customers.

“We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you.”

Sweden’s centre-left fears once-in-a-century setback over immgration — Social Democrats’ website hacked in attack linked to Russia and North Korea

August 23, 2018

They put more money into immigration than elderly care — they care more about people who have come to Sweden in the last two or three years than the people who built the system

Governing Social Democrats under threat over response to crime and immigration

Sweden's Social Democrats' website hacked in attack linked to Russia and North Korea
The party’s leader and current prime minister Stefan Löfven pictured at the weekend. Photo: Nils Petter Nilsson/TT

Richard Milne in Trollhattan

The last time Sweden’s Social Democrats failed to come top in national elections, the first world war was just two months old.

No political force has dominated a European country quite like the centre-left party — but the era is coming to an end. In Sweden’s next election on September 9, the Social Democrats are almost certain to record their lowest share of the vote in more than a century and their record of heading the polls is under threat.

A visit to Trollhattan, an industrial town in western Sweden, shows why. Once home to the Saab car company, Trollhattan used to vote in droves for the Social Democrats. Now, Saab is bankrupt, taking with it many of the blue-collar jobs that were the bedrock of the party’s support, and the town of 49,000 has a different car problem to worry about: this month a gang of youths set fire to vehicles in Kronogarden, a suburb with a big immigrant population, in part of a wave of such crimes across Sweden.

Stefan Lofven, Sweden’s Social Democrat prime minister, lashed out at the youths, saying: “What the hell are you doing?” But Trollhattan’s discontent with the government is palpable.

Julius Lundqvist, who has just parked his own car in a garage in central Trollhattan, said: “The Social Democrats have not lived to what they have promised. They put more money into immigration than elderly care — they care more about people who have come to Sweden in the last two or three years than the people who built the system,” he said.

His friend Stefan Clare, who is thinking of voting for a centre-right party, added: “The Social Democrats are not doing a good job. I’m working five days a week and some are just staying at home doing nothing. The Social Democrats are supporting a lazy lifestyle, and a lot of people are fed up with that.”

The Social Democrats in Sweden, like elsewhere in Europe, have been hurt by changes in society. Rising prosperity means that fewer voters are interested in issues such as labour rights, while the centre-left has struggled to come up with answers to voters’ worries such as globalisation and immigration.

“Social democracy rose when industrial society was rising. Today, it’s a new society where so many of the old parties are doing badly with a rise of rightwing populists,” said Ulf Bjereld, a professor at Gothenburg University and an active Social Democrat.

The Social Democrats’ support stands at about 25 per cent in the opinion polls, still the largest party, but well below the 31 per cent they received in 2014. As recently as in 1994 they received 45 per cent.

The current Social Democrat-led government is widely viewed as one of the weakest in decades, unable to push through its policies. But the party still has a chance to cling to power because the main centre-right Moderate party is also set to record a worse score than in 2014.

Instead, the main election winners look set to be the parties at the extremes of the political spectrum: the anti-immigration Sweden Democrats, and the ex-Communists of the Left party.

The election would be “about how badly [the Social Democrats] will do,” said Jonas Sjostedt, leader of the Left party.

Mr Sjostedt argued that the Social Democrats had lost their way on issues from equality and justice to immigration. “We fill the void that the Social Democrats left behind,” he told the Financial Times.

Rhetoric from Mr Lofven on immigration has become harsher since he abruptly closed the Swedish border in late 2015 after a surge in the number of asylum seekers. The government has tightened immigration rules and after a high watermark of 163,000 asylum seekers in 2015, just 23,000 are expected this year.

Mr Sjostedt believes the Social Democrats toughened up in large part to try to stop voters defecting to the populist Sweden Democrats, who have become the second-largest party among blue-collar workers.

At the Social Democrat offices in Trollhattan, the mood is far from upbeat. Jonas Nilsson, a 30-year-old candidate for the party, said he disagreed with the decision to close the border. He argued that the Sweden Democrats offer “easy answers: if you throw out all the immigrants all the problems will be solved. If you keep saying it, some people will start believing it.”

Bucking traditional election wisdom, the party is set to do poorly despite strong economic growth. Sweden’s economy came out of the financial crisis quickly and unemployment is low — but the government gets little credit for that as it struggles to move the agenda to its own priorities.

Malin Stal, a 20-year-old Social Democrat candidate, said of the recent car fires: “If they had not happened, we would have had an easier time winning. Fighting crime, immigration — those are not our strong suits. Labour rights, equality — that is where we are better.”

Prof Bjereld said this was where the Social Democrats had failed. “You must not adapt to the agenda of the Sweden Democrats, but instead you need to change the political agenda. The Social Democrats have been afraid to change the agenda.”


Image result for sweden, burning cars, photos

See also:

Sweden’s parties fight for immigrant vote at ‘Malmedalen’ festival


Sweden’s Social Democrats’ website hacked in attack linked to Russia and North Korea

The website of Sweden’s centre-left Social Democrats has been hacked for a second time, and the IP address responsible was linked to Russia and North Korea, according to the party’s IT provider.

The hack was a distributed denial-of-service (DDoS) attack, meaning those responsible disrupted the site to make it unavailable to users.

“This is serious. Citizens don’t have access to our site, the heart of our election campaign, where the information about our policies is,” the party’s head of communications, Helena Salomonson, told TT.

The site was attacked at around 9pm on Monday, and was down for around six minutes in total, Salomonson said. The party has reported the incident to police.

READ ALSO: How Sweden’s getting ready for the election-year information war

It’s the second time in around a week that the Social Democrats, currently part of the ruling coalition with the Green Party, have experienced an online attack, after a similar hack when they first launched their election campaign. On that occasion, the site remained down for several hours.

“Denial-of-service attacks are quite hard to prevent,” Salomonson said. “Now we need to look over our preventative measures again.”

The IP addresses behind the attack were linked to Russia and North Korea, according to information from the party’s IP provider, but Salomonson said: “It feels difficult to speculate about possible participants and motives.”

Trump, Seeking to Relax Rules on U.S. Cyberattacks, Reverses Obama Directive

August 16, 2018

Administration has faced pressure to show that it is taking seriously national-security cyberthreats

President Trump on Wednesday signed an order reversing a directive that had mapped out an elaborate interagency process that must be followed before U.S. use of cyberattacks.
President Trump on Wednesday signed an order reversing a directive that had mapped out an elaborate interagency process that must be followed before U.S. use of cyberattacks. PHOTO: MANDEL NGAN/AGENCE FRANCE-PRESSE/GETTY IMAGES

President Trump has reversed an Obama-era memorandum dictating how and when the U.S. government can deploy cyberweapons against its adversaries, in an effort to loosen restrictions on such operations, according to people familiar with the action.

Mr. Trump signed an order on Wednesday reversing the classified rules, known as Presidential Policy Directive 20, that had mapped out an elaborate interagency process that must be followed before U.S. use of cyberattacks, particularly those geared at foreign adversaries.

The change was described as an “offensive step forward” by an administration official briefed on the decision, one intended to help support military operations, deter foreign election influence and thwart intellectual property theft by meeting such threats with more forceful responses.

The Trump administration has faced pressure to show that it is taking seriously national-security cyberthreats—particularly those that intelligence officials say are posed by Moscow.

Top administration officials are also devising new penalties that would allow stronger responses to state-sponsored hacks of U.S. critical infrastructure, The Wall Street Journal reported earlier this month, a mounting worry due to Russia’s efforts to penetrate American electric utilities.

Although the Obama-era policy was classified, its contents were made public when it was leaked in 2013 by former intelligence contractor Edward Snowden. It was signed by Mr. Trump’s predecessor, President Obama, in 2012.

It wasn’t clear what rules the administration is adopting to replace the Obama directive. A number of current U.S. officials confirmed the directive had been replaced but declined to comment further, citing the classified nature of the process.

Some lawmakers have raised questions in recent months about whether U.S. Cyber Command, the chief agency responsible for conducting offensive cyber missions, has been limited in its ability to respond to alleged Russian efforts to interfere in U.S. elections due to layers of bureaucratic hurdles.

The policy applies to the Defense Department as well as other federal agencies, the administration official said, while declining to specify which specific agencies would be affected. John Bolton, Mr. Trump’s national security adviser, began an effort to remove the Obama directive when he arrived at the White House in April, the official said.

As designed, the Obama policy required U.S. agencies to gain approval for offensive operations from an array of stakeholders across the federal government, in part to avoid interfering with existing operations such as digital espionage.

Critics for years have seen Presidential Policy Directive 20 as a particular source of inertia, arguing that it handicaps or prevents important operations by involving too many federal agencies in potential attack plans. But some current and former U.S. officials have expressed concern that removing or replacing the order could sow further uncertainty about what offensive cyber operations are allowed.

One former senior U.S. official who worked on cybersecurity issues said there were also concerns that Mr. Trump’s decision will grant the military new authority “which may allow them to have a domestic mission.”

The Obama directive, which replaced an earlier framework adopted during the George W. Bush administration, was “designed to ensure that all the appropriate equities got considered when you thought about doing an offensive cyber operation,” said Michael Daniel, who served as the White House cybersecurity coordinator during the Obama administration. “The idea that this is a simple problem is a naive one.”

“If you don’t have good coordination mechanisms, you could end up having an operation wreck a carefully crafted multiyear espionage operation to gain access to a foreign computer system,” added Mr. Daniel, now president and CEO of the Cyber Threat Alliance, a cybersecurity nonprofit.

Several U.S. officials familiar with the Obama-era directive conceded the rules had flaws, but said that rescinding them could create more problems, especially because the administration hasn’t spelled out a replacement.

“I am sympathetic to trying to make our cyber capabilities more nimble in their use,” said Joshua Geltzer, who was senior director of counterterrorism at the National Security Council until March of last year. “On the other hand, there were some very real and hard legal questions associated with cyber about what operations the government would take that still have not been resolved.”

Appeared in the August 16, 2018, print edition as ‘Cyberattack Rules Go on the Offensive.’


Iran To Blame for Attacks on Saudi Oil Tankers, Unceasing War In Yemen, Saudis say

August 11, 2018

Prince Khalid bin Salman, Saudi Arabia’s ambassador to the US, has reiterated his condemnation of the Iranian regime’s “menacing role” in Yemen.

Image result for Prince Khalid bin Salman, photos

Prince Khalid bin Salman

His remarks on Twitter on Friday came days after Saudi Arabia resumed shipping through the Bab Al-Mandeb.

Maritime activity had been temporarily halted following Houthi attacks on two of the Kingdom’s oil tankers.

Image result for Nasser Shabani, photos, Iran, IRGC

Nasser Shabani

“There should be no doubt about the Iranian regime’s ‘menacing role’ in Yemen,” the prince said, referring to Iranian Revolutionary Guards (IRGC) Commander Nasser Shabani’s admission that the regime was behind recent attacks on the two oil tankers.

Khalid bin Salman خالد بن سلمان


IRGC General Shabani admits his regime was behind the July 25th attack on Saudi oil tankers in the Red Sea saying “We told the Yemenis to hit Saudi tankers, and they did it, Lebanese Hezbollah and Yemeni Ansar Allah [Houthis] are our followers.” The post was later deleted.

Image result for saudi oil tankers, photos

According to the Iranian news agency Fars, Shabani said: “We asked the Yemenis to attack the two Saudi oil tankers, and they did.

The article has since been removed from the agency’s website.


Main pillars

Shabani has also said that Hezbollah in Lebanon and the Houthis in Yemen were Iran’s main pillars in the region.

“There should be no further doubt of the Iranian regime’s menacing role in Yemen and its disregard for human suffering and the environment,” Prince Khalid tweeted.

He attached a screenshot of the original article in which Shabani made the statements to another of his own tweets: “IRGC General Shabani admits his regime was behind the July 25 attack on Saudi oil tankers in the Red Sea saying ‘We told the Yemenis to hit Saudi tankers, and they did. Lebanese Hezbollah and Yemeni Ansar Allah (Houthis) are our followers.’”

The Iranian post was later deleted.

The Arab coalition announced on July 25 it had prevented a Houthi attack targeting two Saudi oil tankers in the Bab Al-Mandeb, off Yemen’s west coast. One of the tankers suffered minor damage.



Meanwhile, experts said the US was bracing for cyberattacks Iran might launch in retaliation for the reimposition of sanctions by President Donald Trump. Concern over a possible cyber threat has been growing since May when Trump pulled out of the 2015 nuclear deal.

Experts said the threat would intensify following Washington’s move on Tuesday to reimpose economic sanctions on Tehran.

“We have seen an increase in chatter related to Iranian threat activity over the past several weeks,” said Priscilla Moriuchi, director of strategic threat development at Recorded Future, a global cyber threat intelligence company.

The US says it re-imposed sanctions on Iran to prevent its aggression — denying it the funds it needs to finance terrorism, its missile program and forces in conflicts in Yemen and Syria.