Posts Tagged ‘cybersecurity’

UK hacker who halted ‘WannaCry’ cyber attack pleads not guilty in US court

August 14, 2017

AFP and the Associated Press

© Joshua Lott, AFP | Marcus Hutchins (R) the British cyber security expert accused of creating malware that steals banking passwords, arrives at a US Federal Courthouse in Milwaukee on August 14.

Text by NEWS WIRES

Latest update : 2017-08-14

A British cybersecurity researcher credited with helping curb a recent worldwide ransomware attack pleaded not guilty Monday to federal charges accusing him of creating malicious software to steal banking information three years ago.

Marcus Hutchins entered his plea in Wisconsin federal court, where prosecutors charged him and an unnamed co-defendant with conspiring to commit computer fraud in the state and elsewhere. Authorities arrested the 23-year-old man on Aug. 2 at McCarran International Airport in Las Vegas, where he was going to board a flight to his home in Ilfracombe, England. He had been in Las Vegas for a cybersecurity convention.

Hutchins is free on $30,000 bail, but with strict conditions. His bond has been modified so that he can stay in Los Angeles near his attorney and travel anywhere in the U.S., but Hutchins is not allowed to leave the country. He is currently staying at a hotel in Milwaukee.

He was also granted access to use a computer for work, a change from an earlier judge’s order barring him from using any device with access to the internet. Hutchins’ current work wasn’t detailed at Monday’s hearing. The next hearing in the case was set for Oct. 17.

Hutchins’ attorney, Adrian Lobo, hasn’t responded to several phone messages left by The Associated Press over the last week.

>> Read more: How vulnerable are we to cyberattacks?

The legal troubles Hutchins faces are a dramatic turnaround from the status of cybercrime-fighting hero he enjoyed four months ago when he found a “kill switch” to slow the outbreak of the WannaCry virus. It crippled computers worldwide, encrypting files and making them inaccessible unless people paid a ransom ranging from $300 to $600.

Prosecutors allege that before Hutchins won acclaim he created and distributed a malicious software called Kronos to steal banking passwords from unsuspecting computer users. In addition to computer fraud, the indictment lists five other charges, including attempting to intercept electronic communications and trying to access a computer without authorization.

UK HEALTH CARE HIT BY CYBER ATTACK: ‘THIS IS VERY SERIOUS’

The indictment says the crimes happened between July 2014 and July 2015, but the court document doesn’t offer any details about the number of victims. Prosecutors have not said why the case was filed in Wisconsin. The name of Hutchins’ co-defendant is redacted from the indictment.

Hutchins faces decades in prison if convicted on all the charges.

(AP)

British cybersecurity researcher Marcus Hutchins given computer access to perform work while his case is pending

August 14, 2017

The Associated Press

August 14, 2017

MILWAUKEE (AP) — The Latest on the U.S. case against a British cybersecurity researcher accused of creating a malware program (all times local):

10:30 a.m.

A British cybersecurity researcher accused of creating malicious software to steal banking information has been granted computer access while his case is pending.

Marcus Hutchins pleaded not guilty on Monday during a brief hearing in Wisconsin federal court.

He and an unnamed co-defendant face charges of conspiring to commit computer fraud in the state and elsewhere. Authorities arrested the 23-year-old man Aug. 2 in the Las Vegas airport on his way home to Ilfracombe, England, after a cybersecurity convention.

The legal troubles Hutchins faces are a dramatic turnaround from the status of cybercrime-fighting hero he enjoyed four months ago when he found a “kill switch” that slowed the outbreak of WannaCry virus.

Hutchins has been granted computer access to perform work while his case is pending. It wasn’t clear from Monday’s brief hearing what that work would be.

A pre-trial hearing has been set for Oct. 17.

___

10:15 a.m.

A British cybersecurity researcher credited with helping curb a recent worldwide ransomware attack has pleaded not guilty to federal charges accusing him of creating malicious software to steal banking information in 2014.

Marcus Hutchins entered the plea Monday during a hearing in Wisconsin federal court. He and an unnamed co-defendant face charges of conspiring to commit computer fraud in the state and elsewhere. Authorities arrested the 23-year-old man Aug. 2 in the Las Vegas airport on his way home to Ilfracombe, England, after a cybersecurity convention.

The legal troubles Hutchins faces are a dramatic turnaround from the status of cybercrime-fighting hero he enjoyed four months ago when he found a “kill switch” that slowed the outbreak of WannaCry virus.

The indictment says the crimes happened from July 2014 to July 2015.

___

6:25 a.m.

A British cybersecurity researcher credited with helping curb a recent worldwide ransomware attack is expected in court to hear federal charges accusing him of creating malicious software to steal banking information in 2014.

Marcus Hutchins could enter a plea during Monday’s hearing in Wisconsin federal court. Prosecutors have charged him and an unnamed co-defendant with conspiring to commit computer fraud in the state and elsewhere. Authorities arrested the 23-year-old man on Aug. 2 in the Las Vegas airport on his way home to Ilfracombe, England, after a cybersecurity convention.

The legal troubles Hutchins faces are a dramatic turnaround from the status of cybercrime-fighting hero he enjoyed four months ago when he found a “kill switch” that slowed the outbreak of WannaCry virus.

HBO’s Hack: ‘Hollywood Is Under Siege’

August 11, 2017

The recent breach at the network highlights vulnerabilities unique to the entertainment industry

Image may contain: 2 people, ocean and outdoor

Aug. 11, 2017 5:30 a.m. ET

At a time when HBO should be relishing the record ratings of its hit drama “Game of Thrones,” executives there are instead are grappling with a hacker shakedown that could be a plot point on the network’s “Silicon Valley.”

The breach of the network’s systems that was disclosed last month is developing into a prolonged crisis. Hanging over HBO now is the daily threat of leaks of sensitive information, ranging from show content to actors’ and executives’ personal information.

The hack at HBO comes almost three years after a high-profile one at Sony Corp. and highlights persistent vulnerabilities unique to the entertainment industry. The pressing issue isn’t safeguarding credit-card numbers and account details. Instead, executives are worried about potential damage to intellectual property if television-show spoilers are made available before episodes are officially aired.

“Hollywood is under siege,” said Jeremiah Grossman, chief of security strategy for cybersecurity company Sentinel One. “It seems easy to hack a network, and they perceive that they can make money doing so.”

Already, scripts of “Game of Thrones” episodes have been leaked by the hackers, whose leader calls himself “Mr. Smith.” Also made public were episodes of other shows, including comedies “Ballers” and “Insecure,” and a month’s worth of emails from an executive.

When the hackers came forward late last month, an HBO technology-department employee sent them a letter offering $250,000 to participate in the company’s “bug bounty” program, in which technology professionals are compensated for finding vulnerabilities, according to a person familiar with the matter.

HBO was buying time with that response and isn’t in negotiations with the hackers, the person said. The hacker has demanded a ransom of around $6 million.

The network has also been working with the Federal Bureau of Investigation and other law-enforcement agencies and cybersecurity firms to address the matter, people familiar with the matter say.

Meanwhile, the cable network is playing Whac-A-Mole. It managed to take down the website and digital locker the hacker initially used to distribute show material after sending takedown notices to internet-service providers, according to the person familiar with the matter. It alerted potentially exposed “Game of Thrones” cast members of the hack before Mr. Smith posted material that includes some of their phone numbers.

In a statement, HBO Chairman and Chief Executive Richard Plepler said, “The consensus here was a path to transparency. When something like this happens, the best you can do is try to protect the people you work with inside and outside the company. That’s what our focus has been.”

Unlike retailers, entertainment firms usually don’t shoulder the burden of protecting customer-account details, because that is handled by cable, satellite and web-TV distributors.

The urgent worry is that fewer viewers will watch episodes that can cost several million dollars each if hackers supply a stream of spoilers. That hasn’t happened yet. The last “Game of Thrones” episode, which aired on Aug. 6 attracted a record 10.2 million viewers.

The fear also relates to the chance of emails emerging that could hurt relations with talent or other companies. In the Sony hack, then-studio chief Amy Pascal was embarrassed by emails in which she made a joke about President Barack Obama’s taste in movies as well as disparaging remarks about actors, including Adam Sandler.

“Leakage will be your worst nightmare; your competitors will know about current & future strategies, your inner circle inside HBO & senior staff will be thrown into chaos,” the hackers promised in a video note to Mr. Plepler they posted earlier this week.

HBO has said it expects more information to leak out but said its review of the matter “has not given us a reason to believe that our email system as a whole has been compromised.”

After the Sony hack, many entertainment companies, including HBO’s parent Time Warner Inc., beefed up their own security.

Around the same time, though, in a cost-saving move, Time Warner centralized much of the technology operations that previously existed in the individual units, which also include Turner and Warner Bros.

Now that strategy is being rethought, and the individual units are being encouraged to take on more autonomy and responsibility for their own technology infrastructure, the person familiar with the matter said.

Prior to the HBO hack, sister unit Turner Broadcasting had already begun the process of overhauling some of its information technology after an assessment revealed that a hack into one network, such as Cartoon Network, could easily be a gateway into CNN.

The HBO hack also comes as Time Warner is in the process of being acquired by AT&T Inc. However, the hack isn’t expected to have any effect on the sale or the terms of the deal, according to media analyst Michael Nathanson of MoffettNathanson Research. An AT&T spokesman declined to comment.

Cybersecurity expert Mr. Grossman, who has tested security networks for Hollywood TV and movie companies, said these firms are vulnerable because they work with so many partners that “their data is all over the place.”

Write to Joe Flint at joe.flint@wsj.com and Tripp Mickle at Tripp.Mickle@wsj.com

https://www.wsj.com/articles/hbos-hack-hollywood-is-under-siege-1502443802

Related:

HBO hackers demand millions in ransom note

August 8, 2017

AFP

© AFP/File | Hackers claiming to have breached HBO are demanding a ransom, threatening to leak more content from the popular show “Game of Thrones” if the network refuses to pay

WASHINGTON (AFP) – Hackers claiming to have breached HBO were demanding millions of dollars in ransom payments from the television group, while threatening to release more files from what is claimed to be a massive data breach.A video circulating online directs a message to HBO chief Richard Plepler claiming that the group “obtained valuable information” in an attack that yielded a whopping 1.5 terabytes of data.

The message was authored by someone identified only as “Mr. Smith.”

The website Databreaches.net reported that 10 files were leaked Monday as part of the demand including what may be another script of the popular fantasy series “Game of Thrones.”

The video revealed a letter stating the hackers obtained “highly confidential” documents and data including scripts, contracts and personnel files.

“We want XXX dollars to stop leaking your data,” the letter said, later alluding to a figure of half the group’s annual budget of $12 million to $15 million.

It went on to say, “HBO spends 12 million for Market Research and 5 million for GOT7 advertisements. So consider us another budget for your advertisements!”

The message comes a week after a leak of one script of “Games of Thrones” and content from other productions.

The letter said HBO was the 17th target for the hacking group and that “only 3 of our past targets refused to pay and were punished very badly and 2 of them collapsed entirely.”

HBO said in a statement that it believed that further leaks might emerge from the breach and that “the forensic review is ongoing.”

“While it has been reported that a number of emails have been made public, the review to date has not given us a reason to believe that our email system as a whole has been compromised,” the statement from the Time Warner unit said.

“We continue to work around the clock with outside cybersecurity firms and law enforcement to resolve the incident.”

U.S., Russia Must ‘Deal With’ Conflict, Tillerson Says

August 7, 2017

Secretary of state says U.S. will respond to expulsion of diplomats by Sept. 1

U.S. Secretary of State Rex Tillerson, left, meets Russian Foreign Minister Sergei Lavrov, second from right, on the sidelines of the ASEAN Foreign Ministers’ Meeting on Sunday.
U.S. Secretary of State Rex Tillerson, left, meets Russian Foreign Minister Sergei Lavrov, second from right, on the sidelines of the ASEAN Foreign Ministers’ Meeting on Sunday. PHOTO: US DEPARTMENT OF STATE HANDOUT/EUROPEAN PRESSPHOTO AGENCY
.

Updated Aug. 7, 2017 5:09 a.m. ET

MANILA—U.S. Secretary of State Rex Tillerson told Russia’s foreign minister that the U.S. would respond to that country’s recent expulsion of American diplomats by Sept. 1 and that the nations must confront the distrust created by Moscow’s meddling in the U.S. presidential election.

Mr. Tillerson, speaking with journalists Monday at an Asian regional security conference in the Philippines, said that he told his Russian counterpart in a meeting a day earlier that he wanted Russia to “understand just how serious this incident had been and how seriously it had damaged the relationship between…the American people and the Russian people.”

He told Russia that “We simply have to find some way to deal with that,” Mr. Tillerson said.

Mr. Tillerson and Foreign Minister Sergei Lavrov got together Sunday for an hour in a much-anticipated meeting on the sidelines of the conference following a spell of increasing acrimony over sanctions against Russia adopted by the U.S. Congress and reluctantly signed into law by President Donald Trump.

The Russian Foreign Ministry said the meeting began with Mr. Lavrov explaining the reasoning behind Russia’s decision to expel U.S. diplomats. The decision came “after a long wait for the U.S. not to go down the path of confrontation. But, unfortunately, Russophobic members of Congress prevented that from happening,” the ministry said.

The ministers discussed a range of global issues, including cybersecurity, North Korea, Syria and Ukraine, the ministry said.

The sanctions were intended to punish Russia after the U.S. intelligence community concluded that Moscow had sought to interfere in the election, which Mr. Trump won. Russian President Vladimir Putin responded by saying the U.S. would have to cut 755 diplomats and staff in the country by September.

Mr. Tillerson said Monday that he asked Mr. Lavrov several clarifying questions about that move, and promised a U.S. response by Sept. 1.

Mr. Trump, who has said that relations between the powers are at “an all-time low,” has publicly questioned the intelligence findings on the election and dismissed investigations by Congress and a Justice Department special prosecutor into the matter. Russia has denied meddling in the election.

Mr. Tillerson said Mr. Lavrov indicated “some willingness” to resolve tensions over Ukraine. The countries have been in conflict since 2014, when Moscow annexed the Black Sea peninsula of Crimea and Russian-backed separatists started a war in the eastern part of the country.

After the territory grab, the U.S. and the European Union imposed sanctions on Mosow, which Russia has tried unsuccessfully to have lifted. Mr. Trump, who has spoken favorably of the Russian leader, has called for the two countries to make peace.

Mr. Tillerson said the administration viewed the relationship with Russia with pragmatism.

“We want to work with them on areas that are of serious national security interest to us while at the same time having this extraordinary issue of mistrust that divides us,” Mr. Tillerson said. “That’s just what we in the diplomatic part of our relationship are required to do.”

.

Write to Ben Otto at ben.otto@wsj.com

.

 

https://www.wsj.com/articles/u-s-russia-must-deal-with-conflict-tillerson-says-1502093045

WannaCry ‘hero’ Marcus Hutchins admits he wrote banking malware

August 5, 2017

US prosecutors claim Marcus Hutchins, hailed as ‘accidental hero’ for stopping major ransomware attack, admitted to creating Kronos malware targeting banks

 FILE - In this Monday, May 15, 2017,

FILE – In this Monday, May 15, 2017, file photo, British IT expert Marcus Hutchins speaks during an interview in Ilfracombe, England. Hutchins, a young British researcher credited with derailing a global cyberattack in May, has been arrested for allegedly creating and distributing banking malware, U.S. authorities say. Hutchins was detained in Las Vegas on Wednesday, Aug. 2, 2017, while flying back to Britain from Defcon, an annual gathering of hackers of IT security gurus. A grand jury indictment charges Hutchins with “creating and distributing” malware known as the Kronos banking Trojan. (AP Photo/Frank Augstein, File) Photo Credit: AP

Play Video
 The British security researcher who stopped a global ransomware attack admitted to police that he wrote the code of a malware that targeted bank accounts, US prosecutors said during a hearing on Friday, but his attorneys said that he planned to plead not guilty.

Marcus Hutchins, the 23-year-old hailed as a hero for stopping the WannaCry ransomware attack, is accused of helping to create, spread and maintain the banking trojan Kronos between 2014 and 2015 and is facing six counts of hacking-related charges from the US Department of Justice (DoJ), according to a recently unsealed indictment.

A judge ruled on Friday that Hutchins – who had been in Las Vegas for the annual Def Con hacking conference – could be released on $30,000 bail. The judge said the defendant was not a danger to the community nor a flight risk and ordered him to remain in the US with GPS monitoring.

Dan Cowhig, the prosecutor, argued in federal court that Hutchins should not be freed because he is a “danger to the public”, adding: “He admitted he was the author of the code of Kronos malware and indicated he sold it.”

As part of a sting operation, undercover officers had bought the code from Hutchins and his co-defendant, who is still at large, Cowhig said in court. The prosecutor said there is also evidence from chat logs between Hutchins and the co-defendant, revealing that Hutchins complained about the money he received for the sale.

After the hearing, Adrian Lobo, Hutchins’ defense attorney, said: “We intend to fight the case.”

She added: “He has dedicated his life to researching malware, not to trying to harm people.”

The attorney also told reporters that Hutchins’ supporters were raising money for his bond and that he should be released on Monday.

“He has tremendous community support, local and abroad and in the computer world.”

She declined to comment on the specifics of the charges, but said he was “completely shocked” by the indictment and that he was “in good spirits”.

The DoJ charges relate to the Kronos malware, which is a type of malicious software used to steal people’s credentials, such as internet banking passwords.

According to the indictment, Hutchins’ co-defendant advertised the malware for sale on AlphaBay, a darknet marketplace, and sold it two months later. The indictment did not make clear if the malware was actually sold through AlphaBay.

US and European police eventually seized servers for the marketplace, which was shut down on 20 July.

Hutchins, known on Twitter as @MalwareTechBlog, gained a reputation as an “accidental hero” in May for halting the global spread of the WannaCry ransomware attack. WannaCry infected hundreds of thousands of computers worldwide in less than a day, encrypting their hard drives and asking for a ransom of $300 in bitcoin to unlock the files. The cyberattack wreaked havoc on organisations including the UK’s National Health Service, FedEx and Telefónica.

The cybersecurity researcher, working with Darien Huss from security firm Proofpoint, found and inadvertently activated a “kill switch” in the malicious software.

The kill switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading.

Read the rest:

https://www.theguardian.com/technology/2017/aug/04/wannacry-marcus-hutchins-kronos-malware-arrest

See also:

http://www.telegraph.co.uk/technology/2017/08/03/fbi-arrests-wannacry-hero-marcus-hutchins-las-vegas-reports/

http://www.telegraph.co.uk/news/2017/08/05/wannacry-hero-marcus-hutchins-admitted-creating-code-harvest/

The British security expert hailed a hero for helping shut down a global cyber attack admitted in a police interview he created a code which harvests bank details and “indicated” that he sold it, a prosecutor told his US court hearing.

But Marcus Hutchins, from Ilfracombe, Devon, plans to plead not guilty to all six counts of creating and distributing the Kronos malware, his lawyer said after his hearing in Las Vegas on Friday.

The 23-year-old, who found a “kill-switch” that derailed the attack that crippled the NHS in May, was granted bail under strict conditions that he pay 30,000 dollars (£23,000) and remain in the US.

Dan Cowhig, prosecuting, told the federal court Hutchins should not be freed because he is a “danger to the public”.

“He admitted he was the author of the code of Kronos malware and indicated he sold it,” Mr Cowhig said.

Hutchins and his unnamed co-defendant, who is still at large, were caught in a sting operation when undercover officers brought the code, the prosecutor added.

Other evidence comes from chat logs between him and a co-defendant during which Hutchins complains about the money he received for the sale, Mr Cowhig said.

After the hearing, Hutchins’ lawyer Adrian Lobo denied he is the author and said he would be pleading not guilty to all of the charges, which date between July 2014 and July 2015.

She said: “He fights the charges and we intend to fight the case.

“He has dedicated his life to researching malware, not trying to harm people. Use the internet for good is what he has done.”

Hutchins spoke softly as he answered procedural questions and confirmed his identity while wearing a prison-issued yellow jumpsuit with “detainee” stamped on the back, and bright orange Crocs shoes.

District judge Nancy Koppe ordered his release on bail considering he has no criminal history and because the allegations date back to two years ago.

Marcus Hutchins
Marcus Hutchins CREDIT: FRANK AUGSTEIN/AP

He cannot access the internet, must be monitored by GPS, surrender his passport and only reside in Clark County, Nevada, and within the Eastern District of Wisconsin where he will appear in court on Tuesday.

At that hearing he is expected to formally enter his pleas.

Hutchins, also known as MalwareTech, was indicted alongside an unidentified co-defendant by a grand jury over allegations unrelated to his work halting the attack by the WannaCry ransomware that hit more than 300,000 computers in 150 countries.

The indictment claims Hutchins created the malware that can side-step anti-virus software to steal banking usernames and passwords before conspiring with the co-defendant to sell it on internet forums.

Prosecutors claim the co-defendant successfully sold the software for 2,000 dollars (£1,522) in digital currency in June 2015.

Janet Hutchins, the researcher’s mother, has said it is “hugely unlikely” he is involved because he has dedicated “enormous amounts of time and even his free time” combating such software.

The FBI arrested on Hutchins at McCarran International Airport where he was trying to fly back to Briton from the Def Con hacking conference, a friend said.

Hutchins, who works for Los Angeles-based computer security firm Kryptos Logic, was expected to be released later on Friday.

Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con

August 3, 2017
.

Image: Lisa Brewster/Flickr

Marcus Hutchins, AKA MalwareTech, previously registered a specific domain included in the ransomware’s code, which stopped the malware from spreading

On Wednesday, US authorities detained a researcher who goes by the handle MalwareTech, best known for stopping the spread of the WannaCry ransomware virus.

In May, WannaCry infected hospitals in the UK, a Spanish telecommunications company, and other targets in Russia, Turkey, Germany, Vietnam, and more. Marcus Hutchins, a researcher from cybersecurity firm Kryptos Logic, inadvertently stopped WannaCry in its tracks by registering a specific website domain included in the malware’s code.

At the time of writing it is not clear what charges, if any, Hutchins may face.

Motherboard verified that a detainee called Marcus Hutchins, 23, was being held at the Henderson Detention Center in Nevada early on Thursday. A few hours after, Hutchins was moved to another facility, according to a close personal friend.

The friend told Motherboard they “tried to visit him as soon as the detention centre opened but he had already been transferred out.” Motherboard granted the source anonymity due to privacy concerns.

“I’ve spoken to the US Marshals again and they say they have no record of Marcus being in the system. At this point we’ve been trying to get in contact with Marcus for 18 hours and nobody knows where he’s been taken,” the person added. “We still don’t know why Marcus has been arrested and now we have no idea where in the US he’s been taken to and we’re extremely concerned for his welfare.”

A US Marshals spokesperson told Motherboard in an email, “my colleague in Las Vegas says this was an FBI arrest. Mr. Hutchins is not in U.S. Marshals custody.”

The FBI acknowledged a request for comment but did not provide one in time for publication.

Shortly before his arrest, Hutchins was in Las Vegas during Black Hat and Def Con, two annual hacking conferences.

“We are aware a UK national has been arrested but it’s a matter for the authorities in the US,” a spokesperson for the UK’s National Crime Agency told Motherboard in an email.

A spokesperson from the UK’s National Cyber Security Centre told Motherboard in an email, “We are aware of the situation. This is a law enforcement matter and it would be inappropriate to comment further.”

This story is developing…

Related:

Marcus Hutchins, pictured, prevented more than 100,000 computers across the globe from being infected by registering a website domain name that unexpectedly stopped the spread of the virus

Marcus Hutchins, pictured, prevented more than 100,000 computers across the globe from being infected by registering a website domain name that unexpectedly stopped the spread of the virus

Read more: http://www.dailymail.co.uk/news/article-4505692/Pizza-loving-surfer-Marcus-Hutchins-beat-global-virus.html#ixzz4h8RdofeS
Follow us: @MailOnline on Twitter | DailyMail on Facebook

Self-taught Marcus Hutchins stopped virus wreaking havoc on Britain’s hospitals by triggering £8.29 ‘kill switch’

A recent ransomware attack that some analysts attribute to Russia and that may have been aimed at Ukraine resulted in computer-system shutdowns at businesses around the world. Russia has denied involvement in the attack. Shown, an infected laptop displays a ransomware message on June 27.
A recent ransomware attack that some analysts attribute to Russia and that may have been aimed at Ukraine resulted in computer-system shutdowns at businesses around the world. Russia has denied involvement in the attack. Shown, an infected laptop displays a ransomware message on June 27. PHOTO: ROB ENGELAAR/EUROPEAN PRESSPHOTO AGENCY
.

Image may contain: 1 person, smiling, suit and closeup

.
.
.
.

Ten Years of Russian Cyber Attacks on Other Nations

http://www.nbcnews.com/storyline/hacking-in-america/timeline-ten-years-russian-cyber-attacks-other-nations-n697111

President Barack Obama announced the lifting of economic sanctions on Iran, a prisoner swap and the $1.7 billion settlement with Iran in the Cabinet Room of the White House on Jan. 17.
President Barack Obama  PHOTO: JIM LO SCALZO/EUROPEAN PRESSPHOTO AGENCY

 (October 2013)

 (October 2013)

John Emerson, Washington's man in Berlin, to meet with Guido Westerwelle, German foreign minister, over claims Angela Merkel's phone was tapped by US

Chancellor Merkel called President Obama demanding answers after reports emerged that the US may have been monitoring her phone Photo: YVES HERMAN/REUTERS
.

 (October 2013)

James Clapper talking to a group of people
James Clapper
.

 (October 2013)

 (November 2013)

 (November 2013)

 (January 2014)

  (January 2014)

 (February 2014)

 (February 2014)

 (March 2014)

   (December 2014)

U.S. Ambassador to the United Nations Samantha Power speaks at the Center for American Progress’ 2014 Making Progress Policy Conference in Washington November 19, 2014.  Credit: Reuters/Gary Cameron

.

  (December 2014)

 (January 2015)

  (February 2015)

 (February 2015)

  (March 2015)

  (Apeil 2015)

  (May 2015)

  (May 2015)

 

 (May 2015)

  (June 2015)

 (June 2015)

 (June 2015)

  (June 2015)

 (June 2015)

 (July 2015)

 (2 Juky 2015)

 (July 2015)

 (July 2015)

  (July 2015)

 (July 2015)

 (July 2015)

 (1 August 2015)

 (August 2015)

 (August 2015)

 (August 2015)

 (September 2015)

 (September 2015)

 (September 2015)

Chinese President Xi Jinping and U.S. President Barack Obama at a joint news conference in Washington, D.C. on Sept. 25.
Chinese President Xi Jinping and U.S. President Barack Obama at a joint news conference in Washington, D.C. on Sept. 25. Photo: Pete Marovich/Bloomberg News
.

 (October 2015)

 (November 2015)

 (December 2015)

 (February 2016)

 (August 2016)

 (September 2016)

 (December 2016)

 

Russia used Facebook to try to spy on Macron campaign – sources

July 27, 2017

Reuters

By Joseph Menn

July 27, 2017

SAN FRANCISCO (Reuters) – Russian intelligence agents attempted to spy on President Emmanuel Macron’s election campaign earlier this year by creating phony Facebook personas, according to a U.S. congressman and two other people briefed on the effort.

About two dozen Facebook accounts were created to conduct surveillance on Macron campaign officials and others close to the centrist former financier as he sought to defeat far-right nationalist Marine Le Pen and other opponents in the two-round election, the sources said. Macron won in a landslide in May.

Facebook said in April it had taken action against fake accounts that were spreading misinformation about the French election. But the effort to infiltrate the social networks of Macron officials has not previously been reported.

Image may contain: 2 people, closeup

Russia has repeatedly denied interfering in the French election by hacking and leaking emails and documents. U.S. intelligence agencies told Reuters in May that hackers with connections to the Russian government were involved, but they did not have conclusive evidence that the Kremlin ordered the hacking.

Facebook confirmed to Reuters that it had detected spying accounts in France and deactivated them. It credited a combination of improved automated detection and stepped-up human efforts to find sophisticated attacks.

Company officials briefed congressional committee members and staff, among others, about their findings. People involved in the conversations also said the number of Facebook accounts suspended in France for promoting propaganda or spam – much of it related to the election – had climbed to 70,000, a big jump from the 30,000 account closures the company disclosed in April.

Facebook did not dispute the figure.

No automatic alt text available.

Seeking Friends of Friends

The spying campaign included Russian agents posing as friends of friends of Macron associates and trying to glean personal information from them, according to the U.S. congressman and two others briefed on the matter.

Facebook employees noticed the efforts during the first round of the presidential election and traced them to tools used in the past by Russia’s GRU military intelligence unit, said the people, who spoke on condition they not be named because they were discussing sensitive government and private intelligence.

Facebook told American officials that it did not believe the spies burrowed deep enough to get the targets to download malicious software or give away their login information, which they believe may have been the goal of the operation.

The same GRU unit, dubbed Fancy Bear or APT 28 in the cybersecurity industry, has been blamed for hacking the Democratic National Committee during the 2016 U.S. presidential election and many other political targets. The GRU did not respond to a request for comment.

Image may contain: 1 person, closeup

Fancy Bear

Email accounts belonging to Macron campaign officials were hacked and their contents dumped online in the final days of the runoff between Macron and Le Pen.

French law enforcement and intelligence officials have not publicly accused anyone of the campaign attacks.

Mounir Mahjoubi, who was digital director of Macron’s political movement, En Marche, and is now a junior minister for digital issues in his government, told Reuters in May that some security experts blamed the GRU specifically, though they had no proof.

Mahjoubi and En Marche declined to comment.

There are few publicly known examples of sophisticated social media spying efforts. In 2015, Britain’s domestic security service, MI5, warned that hostile powers were using LinkedIn to connect with and try to recruit government workers.

The social media and networking companies themselves rarely comment on such operations when discovered.

Facebook, facing mounting pressure from governments around the world to control “fake news’ and propaganda on the service, took a step toward openness with a report in April on what it termed “information operations.”

The bulk of that document discussed so-called influence operations, which included “amplifier” accounts that spread links to slanted or false news stories in order to influence public opinion.

Reporting by Joseph Menn in San Francisco; Additional reporting by Michel Rose in Paris and Jack Stubbs in Moscow.; Editing by Jonathan Weber and Ross Colvin

How Cyberwarfare Makes Cold Wars Hotter

July 23, 2017

In the war taking place across the global internet, everyone is a combatant—and a target

Employees at the Korea Internet and Security Agency in Seoul monitor for possible ransomware cyberattacks on May 15, in the aftermath of the WannaCry attack.
Employees at the Korea Internet and Security Agency in Seoul monitor for possible ransomware cyberattacks on May 15, in the aftermath of the WannaCry attack. PHOTO: YUN DONG-JIN/ASSOCIATED PRESS

This is already a banner year for hacks, breaches and cyberwarfare, but the past week was exceptional.

South Carolina reported hackers attempted to access the state’s voter registration system 150,000 times on Election Day last November—part of what former Homeland Security Secretary Jeh Johnson alleges is a 21-state attack perpetrated by Russia. And U.S. intelligence officials alleged that agents working for the United Arab Emirates planted false information in Qatari news outlets and social media, leading to sanctions and a rift with Qatar’s allies. Meanwhile, Lloyd’s of London declared that the takedown of a major cloud service could lead to monetary damages on par with those of Hurricane Katrina.

Threats to the real world from the cyberworld are worse than ever, and the situation continues to deteriorate. A new kind of war is upon us, one characterized by coercion rather than the use of force, says former State Department official James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies.

Businesses and individuals now are directly affected in ways that were impossible in the first Cold War. In another age, the threat of nuclear annihilation loomed over everyone’s heads, but the cloak-and-dagger doings of global powers remained distinct from the day-to-day operations of businesses. Now, they are hopelessly entangled. The often-unfathomable priorities of terrorists, cybercriminals and state-affiliated hackers only makes things worse.

President Donald Trump spoke with Russian President Vladimir Putin at the G-20 summit in Hamburg, Germany, on July 7. Mr. Trump said they discussed cooperation on a cybersecurity unit.
President Donald Trump spoke with Russian President Vladimir Putin at the G-20 summit in Hamburg, Germany, on July 7. Mr. Trump said they discussed cooperation on a cybersecurity unit. PHOTO: EVAN VUCCI/ASSOCIATED PRESS

The current climate of cyberattacks is “crazy,” says Christopher Ahlberg of Recorded Future, a private intelligence firm that specializes in cyberthreats. “It’s like a science fiction book. If you told anybody 10 years ago about what’s going on now, they wouldn’t believe it.”

In the first Cold War, the U.S., China and the Soviet Union fought proxy wars rather than confront one another directly. In Cold War 2.0, we still have those—Syria and whatever is brewing in North Korea come to mind—but much of the proxy fighting now happens online.

The result is significant collateral damage for businesses that aren’t even a party to the conflicts, says Corey Thomas, chief executive of cybersecurity firm Rapid 7. Recent ransomware attacks that some analysts attribute to Russia may have been aimed at Ukraine but resulted in the shutdown of computer systems at businesses and governments around the world. Russia has denied involvement in these attacks. Botnets made of internet-connected devices, stitched together by an unknown hacker for unknown reasons, caused countless internet services and websites to become unavailable in October 2016.

A recent ransomware attack that some analysts attribute to Russia and that may have been aimed at Ukraine resulted in computer-system shutdowns at businesses around the world. Russia has denied involvement in the attack. Shown, an infected laptop displays a ransomware message on June 27.
A recent ransomware attack that some analysts attribute to Russia and that may have been aimed at Ukraine resulted in computer-system shutdowns at businesses around the world. Russia has denied involvement in the attack. Shown, an infected laptop displays a ransomware message on June 27. PHOTO: ROB ENGELAAR/EUROPEAN PRESSPHOTO AGENCY

The U.S. has, notably, contributed to the situation. The Stuxnet computer worm, in development by what analysts believe was a joint U.S. and Israeli team since at least 2005, physically damaged Iran’s nuclear enrichment plant in 2009. Stuxnet was discovered a year later. In 2012, U.S. Air Force General Michael Hayden lamented that its use had legitimized sophisticated cyberattacks that do physical damage. Its source code can now be downloaded, studied—and reused.

You can think of cyberweapons as akin to biological weapons. They often spread beyond their original targets, and once they are stolen or used, their DNA—the underlying code—can be endlessly repurposed. Exploits stolen from the U.S. National Security Agency have subsequently been used in attacks like WannaCry, which hit businesses in the U.S. and around the world. Microsoft has made this point and called for a “digital Geneva Convention.”

Attacks on businesses and individuals are often quite deliberate, says Milena Rodban, a geopolitical risk consultant who helps companies practice for cyberattacks and other crises. That’s because, more than ever, companies hold information that could be leveraged in a cyberwar.

“The information that Amazon is holding”—for example, data from financial institutions and government agencies stored on Amazon’s cloud—“could give someone a clear path into something really terrible that could upset national security,” Ms. Rodban says.

Patients in the reception area of a private medical clinic in Kiev, Ukraine, shown in a July 5 photo. The clinic was one of many institutions disrupted by a June 27 cyberattack that paralyzed computers across the globe.
Patients in the reception area of a private medical clinic in Kiev, Ukraine, shown in a July 5 photo. The clinic was one of many institutions disrupted by a June 27 cyberattack that paralyzed computers across the globe.PHOTO: EFREM LUKATSKY/ASSOCIATED PRESS
.

As a result, she adds, anyone who thinks about how to protect national security in the cyber arena must expand their definition of a national security asset. While U.S. Cyber Command might be tasked with defending government assets, it must also consider how it will cope with the takedown of a major cloud service provider, which in some ways is no less important than, say, the power grid.

Fixing this vulnerability could mean a great many things, from increased cooperation between government and private enterprise, to a broader role for U.S. Cyber Command in protecting U.S. businesses. The head of Cyber Command has said that government will need access to private firms’ networks if it is to help them defend against threats. The Trump administration is considering an Obama-era proposal to split Cyber Command from the NSA, so its offensive capability can be kept apart from the NSA’s mandate to gather intelligence.

In the first Cold War, the doctrine of mutually assured destruction kept nuclear-armed states from using their weapons. In the same way, China, the U.S. and Russia are held back from taking out critical infrastructure in each others’ countries, a capability experts widely believe all three have. (Look at attempts by Russian hackers to do just that in Ukraine.)

“What’s happened over the past year or two is nation-state capabilities have gotten into the hands of criminals,” says Mr. Ahlberg. “The bad guys picking up on these tool sets are not holding back.”

At their most dire, experts claim it is only a matter of time before America is hit by a “Cyber 9/11.” Terrorists haven’t yet shut down our power grid, but how long until that capability leaks into the hands of actors who aren’t restrained by the threat of retaliation? “It’s like a suicide bomber,” says Ms. Rodban. “It’s not hard to believe this could happen on the cyber level.”

https://www.wsj.com/articles/how-cyberwarfare-makes-cold-wars-hotter-1500811201?mod=e2fb

Related:

Image may contain: 1 person, smiling, suit and closeup

.
.
.
.

Ten Years of Russian Cyber Attacks on Other Nations

http://www.nbcnews.com/storyline/hacking-in-america/timeline-ten-years-russian-cyber-attacks-other-nations-n697111

President Barack Obama announced the lifting of economic sanctions on Iran, a prisoner swap and the $1.7 billion settlement with Iran in the Cabinet Room of the White House on Jan. 17.
President Barack Obama  PHOTO: JIM LO SCALZO/EUROPEAN PRESSPHOTO AGENCY

 (October 2013)

 (October 2013)

John Emerson, Washington's man in Berlin, to meet with Guido Westerwelle, German foreign minister, over claims Angela Merkel's phone was tapped by US

Chancellor Merkel called President Obama demanding answers after reports emerged that the US may have been monitoring her phone Photo: YVES HERMAN/REUTERS
.

 (October 2013)

James Clapper talking to a group of people
James Clapper
.

 (October 2013)

 (November 2013)

 (November 2013)

 (January 2014)

  (January 2014)

 (February 2014)

 (February 2014)

 (March 2014)

   (December 2014)

U.S. Ambassador to the United Nations Samantha Power speaks at the Center for American Progress’ 2014 Making Progress Policy Conference in Washington November 19, 2014.  Credit: Reuters/Gary Cameron

.

  (December 2014)

 (January 2015)

  (February 2015)

 (February 2015)

  (March 2015)

  (Apeil 2015)

  (May 2015)

  (May 2015)

 

 (May 2015)

  (June 2015)

 (June 2015)

 (June 2015)

  (June 2015)

 (June 2015)

 (July 2015)

 (2 Juky 2015)

 (July 2015)

 (July 2015)

  (July 2015)

 (July 2015)

 (July 2015)

 (1 August 2015)

 (August 2015)

 (August 2015)

 (August 2015)

 (September 2015)

 (September 2015)

 (September 2015)

Chinese President Xi Jinping and U.S. President Barack Obama at a joint news conference in Washington, D.C. on Sept. 25.
Chinese President Xi Jinping and U.S. President Barack Obama at a joint news conference in Washington, D.C. on Sept. 25. Photo: Pete Marovich/Bloomberg News
.

 (October 2015)

 (November 2015)

 (December 2015)

 (February 2016)

 (August 2016)

 (September 2016)

 (December 2016)

Trump says time to work ‘constructively’ with Russia — Progress starting already in Syria and Ukraine — “Everybody knows that Russia meddled in our elections.”

July 9, 2017

AFP

© AFP/File | Russian President Vladimir Putin and US President Donald Trump meeting Friday in Hamburg, Germany

WASHINGTON (AFP) – US President Donald Trump pledged Sunday to work “constructively” with Russia but ruled out an immediate easing of sanctions while the countries remain at odds over the conflicts in Syria and Ukraine.

.

In a series of tweets on his return from Europe, Trump said he had confronted his Russian counterpart Vladimir Putin over evidence from the US intelligence agencies that Moscow meddled in the 2016 election when the two leaders met for the first time in Germany on Friday.

And while he welcomed an agreement for the start of a ceasefire in Syria, Trump said it was too early to consider any easing of US sanctions on Russia “until the Ukrainian & Syrian problems are solved.”

“I strongly pressed President Putin twice about Russian meddling in our election,” Trump said of their meeting on the sidelines of the G20 summit. “He vehemently denied it. I’ve already given my opinion…..”

Trump said he and Putin had talked about the idea of setting up what he called “an impenetrable cyber security unit” to prevent hacking in future elections, without giving details.

He also said the two men had discussed the implementation of a ceasefire in Syria which began on Sunday, saying “it will save lives.”

“Now it is time to move forward in working constructively with Russia!”

– Friction over Syria –

Syria has been a particular source of friction between the two countries, as Russia is a close ally of President Bashar al-Assad.

Moscow was furious when the Trump administration launched a cruise missile strike against Syrian forces in April, in retaliation for what Washington said was a chemical weapons attack by Assad’s regime against civilians.

Moscow has warned that a program of sanctions imposed by the US, which was tightened last month, threatens their whole relationship.

Trump’s predecessor Barack Obama ordered the seizure of two Russian diplomatic compounds in the US last December after accusing Russia of trying to influence the outcome of the 2016 presidential election.

And last month, the United States added 38 individuals and entities to its sanctions list targeting Russians and pro-Russian rebels it blames for the fighting in Ukraine and the occupation of Crimea.

“Sanctions were not discussed at my meeting with President Putin. Nothing will be done until the Ukrainian & Syrian problems are solved,” said Trump.

The US president has previously equivocated over whether Russia did try to tilt the outcome of last November’s election contest against Hillary Clinton in his favor, amid an investigation into whether members of Trump’s campaign team actively colluded with Moscow.

– ‘Strategic alliance’ –

So his public assessment that Russia did meddle has triggered questions over whether his administration planned to bring in more sanctions.

Asked on Sunday whether new sanctions were in the pipeline, US Treasury Secretary Steve Mnuchin told ABC television: “We have sanctions that are already on the table and we expect to enforce those sanctions.”

Mnuchin also insisted that Russia and the US could work together on cyber security, despite criticism in some quarters that the two sides had diametrically opposing goals.

“What we want to make sure is that we coordinate with Russia, that we’re focused on cybersecurity together, that we make sure that they never interfere in any democratic elections,” he said.

“This is like any other strategic alliance, whether we’re doing military exercises with our allies or anything else. This is about having capabilities to make sure we both fight cyber (crime) together which I think is a very significant accomplishment for President Trump.”

The US and Russian sides have issued sharply conflicting accounts of Friday’s meeting, with Putin saying on Saturday that Trump had been “satisfied” by his denials of any Russian interference in the polls.

Image may contain: 1 person

Nikki Haley

Nikki Haley, the US ambassador to the United Nations, said the Russian denials had been expected but cut no ice.

“This is Russia trying to save face,” she told CNN. “And they can’t. They can’t.

“Everybody knows that Russia meddled in our elections.”

Related: