Posts Tagged ‘hackers’

Suspected Russia hackers ‘targeted Macron campaign’

April 25, 2017

Researchers say the hacker group Pawn Storm tried to interfere in the campaign of French presidential front-runner Emmanuel Macron. US spy agencies suspect the group of having links to Russia’s intelligence apparatus.

Symbolbild Cyberangriff (picture-alliance/dpa/MAXPPP/A. Marchi)

French presidential candidate Emmanuel Macron’s political campaign was targeted by a hacker group with suspected Russian connections, a report by a cybersecurity research group said on Tuesday, bolstering previous suggestions that the Kremlin has been trying to interfere in the French elections.

Researchers with the Japan-based anti-virus firm Trend Micro said the Pawn Storm group, which is alleged to have carried out a number of high-profile hacking attacks in the West, used so-called “phishing” techniques in an attempt to steal personal data from Macron and his campaign staffers.

“Phishing” employs lookalike websites designed to fool victims into entering sensitive information such as usernames, passwords and credit card details. Trend Micro said it had recently detected four Macron-themed fake domains being created on digital infrastructure used by Pawn Storm, which is also known as Fancy Bear or APT28.

Trend Micro researcher Feike Hacquebord said that determining who was behind a spying campaign was a difficult challenge in the world of cybersecurity, but that he was almost certain.

“This is not a 100 percent confirmation, but it’s very, very likely,” he said.

Read more: France warns Russia

The Kremlin at work?

Trend Micro did not name any country as being behind Pawn Storm’s activities, but the group is widely suspected of having links to Russia’s security services.

The Kremlin is seen as a keen backer of Macron’s rival in the presidential race, Marine Le Pen, who espouses policies considered as likely to be favored by Moscow, such as France’s exit from the European Union. Macron has always staunchly advocated strengthening, rather than weakening, the bloc.

Russia has repeatedly denied accusations of trying to interfere in the French – or other – elections. On Monday, Kremlin spokesman Dmitry Peskov was quoted as saying that claims of the Kremlin’s attempting to influence the election outcome in France were “completely incorrect.”

Pawn Storm is also thought to be behind cyberattacks last summer on the US Democratic National Committee that were suspected to be aimed at undermining Hillary Clinton’s bid for the White House. Other suspected targets in recent months include media groups such as “The New York Times” and Al-Jazeera.
Read more: ‘Election cyberattacks threat in Germany’

Präsidentschaftswahl in Frankreich Emmanuel Macron (Getty Images/V. Isore/IP3)Macron is widely seen as likely to win the second round of elections on May 7

Attempted intrusions

The head of Macron’s digital campaign, Mounir Mahjoubi, confirmed to The Associated Press that there had been attempted intrusions, but said they had all been foiled.

Mahjoubi also confirmed that at least one of the fake sites identified by Trend Micro had been recently used as part of an attempt to steal sensitive information from campaign staffers.

An internal campaign report lists thousands of attempted cyberattacks since Macron launched his campaign last year. In February, the campaign’s secretary-general, Richard Ferrand, said the scale and nature of the intrusions indicated that they were the work of a structured group and not individual hackers.

Macron, who won the first round of France’s presidential election on Sunday, will face Le Pen in a runoff on May 7.

The French elections were carefully monitored for digital interference following suspicions that hackers backed by Moscow had attempted to influence the US electoral contest in 2016.

http://www.dw.com/en/suspected-russia-hackers-targeted-macron-campaign/a-38580848

Related:

Germany’s Federal Office for Information Security: Cyber Spies Target Germany Ahead of Election, Party Think Tanks Say

April 25, 2017

FRANKFURT — Two foundations tied to Germany’s ruling coalition parties were attacked by the same cyber spy group that targeted the campaign of French presidential favourite Emmanuel Macron, a leading cyber security expert said on Tuesday.

The group, dubbed “Pawn Storm” by security firm Trend Micro, used email phishing tricks and attempted to install malware at think tanks tied to Chancellor Angela Merkel’s Christian Democratic Union (CDU) party and coalition partner, the Social Democratic Party (SPD), Feike Hacquebord said.

Hacquebord and other experts said the attacks, which took place in March and April, suggest Pawn Storm is seeking to influence the national elections in the two European Union powerhouses.

“I am not sure whether those foundations are the actual target. It could be that they used it as a stepping stone to target, for example, the CDU or the SPD,” Hacquebord said.

The mysterious cyber spying group, also known as Fancy Bear and APT 28, was behind data breaches of U.S. Presidential candidate Hillary Clinton and Merkel’s party last year, Hacquebord said.

Other security experts and former U.S. government officials link it to the Russian military intelligence directorate GRU. Hacquebord and Trend Micro have stopped short of making that connection.

No automatic alt text available.

Russia has denied any involvement in the cyber attacks.

Since 2014, Merkel has pushed the European Union to maintain sanctions on Russia over its actions in eastern Ukraine and Crimea. Her coalition partners, the Social Democrats, back a more conciliatory stance towards Moscow.

“What we are seeing is kind of a replication of what happened in the United States,” David Grout, a Paris-based technical director of U.S. cyber security firm FireEye, said of technical attacks and efforts to spread fake news in Europe.

No automatic alt text available.

Hacquebord said on Monday he had found new evidence that Macron’s campaign was targeted by Pawn Storm. (https://goo.gl/8Ja2Bq)

German officials have told Reuters that politicians fear sensitive emails stolen from senior lawmakers by Russian hackers in 2015 could be released before the election to damage Merkel, who is seeking a fourth term, and her conservative party.

Trend Micro uncovered efforts to break into the accounts of CDU politicians in April and May, 2016. The BSI, Germany’s federal cyber security agency confirmed these attempts but said they were unsuccessful. New attacks in 2017 suggest renewed efforts to gain comprising data is underway, Hacquebord said.

Pawn Storm set up a fake computer server located based in Germany at kasapp.de to mount email phishing attacks against the CDU party’s Konrad Adenauer Foundation (KAS) and a server located in the Ukraine at intern-fes.de to target the SPD’s Friedrich Ebert Foundation (FES).

A KAS spokesman said BSI warned KAS in early March of “peculiarities” but that a subsequent network scan by the government cyber security agency found “nothing suspicious”.

The BSI declined to comment, as did the Friedrich Ebert Foundation.

Kremlin spokesman Dmitry Peskov dismissed allegations of Russian involvement.

“We would be pleased if this investigative group sent us the information, and then we could check it,” Peskov told reporters on Tuesday. “Because for now it does not go beyond the boundaries of some anonymous people.”

Trend Micro published a 41-page report charting Pawn Storm attacks over the past two years, building on a dozen previous technical reports (https://goo.gl/WvjuLv). A timeline can be downloaded here (https://goo.gl/npY0OJ).

(Additional reporting by Peter Maushagen in Frankfurt, Andreas Rinke and Andrea Shalal in Berlin and Maria Tsvetkova in Moscow; Editing by Richard Lough)

*********************************************

“We are noticing attacks against government networks on a daily basis,” Arne Schoenbohm, president of Germany’s Federal Office for Information Security (BSI), told the newspaper Welt am Sonntag.

BSI is in close contact with election officials, political parties and German federal states to discuss how to guard against cyber attacks and stands ready to react to potential attacks ahead of the elections, Mr Schoenbohm said.

http://www.telegraph.co.uk/news/2017/03/19/german-cybersecurity-watchdog-raises-attack-alert-level/

Qatar Pays Ransomes To Gain Release of 26 Hostages, Some From Royal Family, in Caper Apparently Involving Syrian Refugee Releases

April 22, 2017

AFP and the Associated Press

© HO, Iraqi Interior Ministry, AFP | Image grab from a handout video released by the Iraqi Interior Ministry on April 21, 2017, shows released Qatari hunters boarding a plane at Baghdad airport.

Qatar has secured the release of 26 hostages after nearly a year and a half in captivity, including members of its ruling family, in what became possibly the region’s most complex and sensitive hostage negotiation deal in recent years.

Several people with knowledge of the talks and a person involved in the negotiations said the hostage deal was linked to one of the largest population transfers in Syria‘s six-year-long civil war, and was delayed for several days due to an explosion one week ago that killed at least 130 people, most of them children and government supporters, waiting to be transferred.

The transfer of thousands of Syrian civilians was also tied to another deal involving 750 political prisoners to be released by the Syrian government.

The complexity of the talks highlights Qatar‘s role as an experienced and shrewd facilitator in hostage negotiations – this time involving members of the Gulf Arab state’s ruling family.

It also raised allegations that the tiny energy rich nation paid millions of dollars to an al-Qaida-linked group to facilitate the population transfer in Syria that led to the hostages’ release in Iraq on Friday.

Qatar is home to Centcom’s regional headquarters and is where the U.S. has its largest military base in the Middle East. It is also a member of the U.S.-led coalition fighting the Islamic State group in Iraq and Syria.

The incident was sparked when the group was kidnapped Dec. 16, 2015 from a desert camp for falcon hunters in southern Iraq. They had legally entered Iraq to hunt inside Muthanna province, some 370 kilometers (230 miles) southeast of the Iraqi capital, Baghdad. Shiite militias are active in that area and work closely with the neighboring Shiite power Iran.

A person involved in the negotiations told the AP that 11 of the captives were members of Qatar’s Al Thani ruling family. He also said Qatar paid tens of millions of dollars to Shiite groups, and to the al-Qaida-linked Levant Liberation Committee and Ahrar al-Sham, which are involved in the population transfers underway in Syria. Both groups were part of an armed opposition alliance that swept through Syria’s Idlib province, seizing it from government control in 2015 and laying siege to two pro-government villages now being evacuated.

Speaking on condition of anonymity due to the sensitivity of the situation, the negotiator said the Qatari group was being held by Iraqi Shiite militia Kata’eb Hezbollah. The group officially denies it was behind the kidnapping and no other group has publicly claimed responsibility for the abduction.

He said Qatari officials were given assurances about the well-being of the hostages during negotiations.

Two Iraqi officials- a government and a security official – also confirmed details of the release to the AP.

The abduction of the Qatari group drew Iran, Qatar and the Lebanese Shiite militant group Hezbollah into negotiations, resulting in millions of dollars in payments to Sunni and Shiite factions, according to Iraqi officials and a person involved in the negotiations. They say the talks took place in Beirut.

The negotiator said the ongoing evacuation and transfer of thousands of Syrians from four besieged areas was central to the release of the Qataris. The two pro-government villages, Foua and Kfarya, had been besieged by rebel fighters and under a steady barrage of rockets and mortars for years. The two opposition-held towns, Zabadani and Madaya, were under government siege for joining the 2011 uprising against Syrian President Bashar Assad.

The opposition-run Britain-based Syrian Observatory for Human Rights, which monitors the Syrian conflict through a network of on-the-ground activists, says the transfer included 800 armed men from both sides. Rami Abdurrahman, who heads the group, told the AP that the population swap in Syria was directly tied to the issue of the kidnapped Qataris.

Abdurrahman, citing information from negotiators he’d spoken with, said the Qataris first proposed bringing the fate of the hunting group into the talks about the besieged four areas in Syria.

The population exchange has been criticized by rights groups, which say it rewards siege tactics and amounts to forcible displacement along sectarian lines.

Iraqi Interior Ministry official Wahhab al-Taie told The Associated Press the hostages had been released into the custody of the Iraqi Interior Ministry. The group departed Friday afternoon on a private Qatari jet from Baghdad.

Qatar’s state TV showed the arrival of the group from Iraq as ruler Sheikh Tamim bin Hamad Al Thani waited to receive them on the tarmac. A short statement published on the state-run Qatar News Agency said the 26 Qatari citizens had arrived in the capital, Doha, after being kidnapped in Iraq while they were on a hunting trip.

Qataris on social media shared their elation at the release. With a population of around 2.6 million people, the crisis reverberated across the small country.

Their release was a priority of Qatar’s foreign policy for more than a year, said David Weinberg, a senior fellow at the Foundation for Defense of Democracies.

The AP reported last week that a Qatari ruling family member paid $2 million, in an effort involving hackers, to secure the release of the hostages.

Weinberg, who has testified before Congress about Qatar’s role in hostage negotiations, said alleged enormous payments paid to a group with ties to al-Qaida creates incentive for future hostage taking. He said Qatar continues to “punch above its weight” in ways that concern some people in Washington.

“This is going to confront the new (Trump) administration in Washington with a serious question … Is the U.S. administration going to push Qatar to ensure that it does not pay ransom to terrorist organizations in the future,” he said.

Defense Secretary James Mattis is due to arrive in Qatar on Saturday as part of his first region-wide official visit since President Donald Trump took office.

Qatar says it does not support extremist groups in Syria or elsewhere, despite aggressive efforts to back Sunni rebel groups fighting to oust the Syrian government, which is backed by Iran and Russia.

The country’s ambitious foreign policy efforts haven’t always succeeded. Gulf neighbors withdrew their ambassadors in 2014 over Qatar’s support for the Muslim Brotherhood group in Egypt, where the group was ousted.

Still, Qatar plays an important role by talking to groups that many governments want to distance themselves from, said Ayham Kamel of political risk consultancy Eurasia Group.

For example, Qatar’s capital city of Doha has hosted talks between the Taliban and Afghan government. Qatar has also secured the release of hostages in Syria’s civil war, including 13 Greek Orthodox nuns held by an al-Qaida affiliate there.

Kamel says the deal struck to release the Qatari nationals shows that Doha’s politics have become more nuanced.

(AP)

China’s Secret Weapon in South Korea Missile Fight: Hackers

April 21, 2017

China denies it is retaliating over the Thaad missile system, but a U.S. cybersecurity firm says they are

This 2015 handout photo from the U.S. Department of Defense shows a terminal High Altitude Area Defense interceptor being test launched on Wake Island in the Pacific Ocean.

This 2015 handout photo from the U.S. Department of Defense shows a terminal High Altitude Area Defense interceptor being test launched on Wake Island in the Pacific Ocean. PHOTO: AFP PHOTO / DOD / BEN LISTERMAN
.

April 21, 2017 5:20 a.m. ET

Chinese state-backed hackers have recently targeted South Korean entities involved in deploying a U.S. missile-defense system, says an American cybersecurity firm, despite Beijing’s denial of retaliation against Seoul over the issue.

In recent weeks, two cyberespionage groups that the firm linked to Beijing’s military and intelligence agencies have launched a variety of attacks against South Korea’s government, military, defense companies and a big conglomerate, John Hultquist, director of cyberespionage analysis at FireEye Inc., said in an interview.

No automatic alt text available.

The California-based firm, which counts South Korean agencies as clients, including one that oversees internet security, wouldn’t name the targets.

While FireEye and other cybersecurity experts say Chinese hackers have long targeted South Korea, they note a rise in the number and intensity of attacks in the weeks since South Korea said it would deploy Terminal High-Altitude Area Defense, or Thaad, a sophisticated missile-defense system aimed at defending South Korea from a North Korean missile threat.

China opposes Thaad, saying its radar system can reach deep into its own territory and compromise its security. South Korea and the U.S. say Thaad is purely defensive. The first components of the system arrived in South Korea last month and have been a key issue in the current presidential campaign there.

One of the two hacker groups, which FireEye dubbed Tonto Team, is tied to China’s military and based out of the northeastern Chinese city of Shenyang, where North Korean hackers are also known to be active, said Mr. Hultquist, a former senior U.S. intelligence analyst. FireEye believes the other, known as APT10, may be linked to other Chinese military or intelligence units.

China’s Ministry of Defense said this week Beijing has consistently opposed hacking, and that the People’s Liberation Army “has never supported any hacking activity.” China has said it is itself a major hacking victim but has declined to offer specifics.

Mr. Hultquist said the two hacking groups gained access to their targets’ systems by using web-based intrusions, and by inducing people to click on weaponized email attachments or compromised websites. He declined to offer more specific details.

HACK ATTACKS

Recent cyberattacks attributed to Chinese state-backed groups.

  • Since February Spear-phishing* and watering hole** attacks were conducted against South Korean government, military and commercial targets connected to a U.S. missile defense system.
  • February, March Attendees of a board meeting at the National Foreign Trade Council were targeted with malware through the U.S. lobby group’s website.
  • Since 2016 Mining, technology, engineering and other companies in Japan, Europe and North America were intruded on through third-party IT service providers.
  • 2014-2015 Hackers penetrated a network of U.S. Office of Personnel Management to steal records connected to millions of government employees and contractors.
  • 2011-2012 South Korean targets, including government, media, military and think tanks were targeted with spear-phishing attacks.
  • *Sending fraudulent emails made to look as if they come from a trusted party in order to trick a target into downloading malicious software.
  • **A strategy in which the attacker guesses or observes which websites a targeted group often uses and infects them with malware to infect the group’s network..
  • Sources: FireEye, Trend Micro, Fidelis, PricewaterhouseCoopers and BAE Systems, WSJ reporting

Mr. Hultquist added that an error in one of the group’s operational security provided FireEye’s analysts with new information about the group’s origins.

South Korea’s Ministry of Foreign Affairs said last month that its website was targeted in a denial-of-service attack—one in which a flood of hacker-directed computers cripple a website—that originated in China.

A spokesman said that “prompt defensive measures” ensured that the attacks weren’t effective, adding that it was maintaining an “emergency service system” to repel Chinese hackers.

The ministry this week declined to comment further, or to say which cybersecurity firm it had employed or whether he thought the attacks were related to Thaad.

Another cybersecurity company, Russia’s Kaspersky Lab ZAO, said it observed a new wave of attacks on South Korean targets using malicious software that appeared to have been developed by Chinese speakers starting in February.

The attackers used so-called spear-phishing emails armed with malware hidden in documents related to national security, aerospace and other topics of strategic interest, said Park Seong-su, a senior global researcher for Kaspersky. The company typically declines to attribute cyberattacks and said it couldn’t say if the recent ones were related to Thaad.

The two hacking groups with alleged ties to Beijing have been joined by other so-called hacktivists—patriotic Chinese hackers acting independently of the government and using names like the “Panda Intelligence Bureau” and the “Denounce Lotte Group,” Mr. Hultquist said.

South Korea’s Lotte Group has become a particular focus of Chinese ire after the conglomerate approved a land swap this year that allowed the government to deploy a Thaad battery on a company golf course.

Last month, just after the land swap was approved, a Lotte duty-free shopping website was crippled by a denial-of-service attack, said a company spokeswoman, who added that its Chinese website had been disrupted with a virus in February. She declined to comment on its source.

China’s Ministry of Foreign Affairs didn’t respond to questions about the website attacks. The ministry has previously addressed Lotte’s recent troubles in China by saying that the country welcomes foreign companies as long as they abide by Chinese law.

The U.S. has also accused Chinese state-backed hacking groups of breaking into government and commercial networks, though cybersecurity firms say such activity has dropped since the two nations struck a cybersecurity deal in 2015.

The two Chinese hacking groups named by FireEye are suspected of previous cyberattacks.

FireEye linked Tonto Team to an earlier state-backed Chinese hacking campaign, identified by Tokyo-based cybersecurity firm Trend Micro Inc. in 2012, which focused on South Korea’s government, media and military. Trend Micro declined to comment.

Two cybersecurity reports this month accused APT10 of launching a spate of recent attacks around the globe, including on a prominent U.S. trade lobbying group. One of those reports, jointly published by PricewaterhouseCoopers LLP and British weapons maker BAE Systems, said the Chinese hacker collective has recently grown more sophisticated, using custom-designed malware and accessing its targets’ systems by first hacking into trusted third-party IT service providers.

Because of the new scrutiny from that report, FireEye said in a recent blog post that APT10 was likely to lay low, though in the longer run, it added, “we believe they will return to their large-scale operations, potentially employing new tactics, techniques and procedures.”

Write to Jonathan Cheng at jonathan.cheng@wsj.com and Josh Chin at josh.chin@wsj.com

 

.

US cyber‑attack ‘may have thwarted North Korean missile test’

April 16, 2017

Launch failed within seconds ● Intercontinental missile unveiled at Pyongyang parade ● Pence in South Korea as Washington piles pressure on China

A soldier salutes at a military show of strength staged by the North Korean government in central PyongyangDAMIR SAGOLJ/REUTERS

A missile test by North Korea that failed seconds after launch may have been sabotaged by a US cyber-attack, a former foreign secretary has said.

The US said a ballistic missile “blew up immediately” after firing near the port of Sinpo on the east coast early today.

“It could have failed because the system is not competent enough to make it work, but there is a very strong belief that the US through cyber methods has been successful on several occasions in interrupting these sorts of tests and making them fail,” Sir Malcolm Rifkind, the former foreign and defence secretary, told the BBC.

The test was described as a provocation by the US vice-president Mike Pence, who is on a visit to South Korea amid…

Want to read more?
Register with a few details to continue reading this article.
.
.
Related:
.

Did US hackers sabotage North Korea’s missile test?

April 16, 2017
COMPUTER hackers working for the US security services could have been behind Kim Jong-un’s disastrous missile test failure, according to a former British foreign secretary.

PUBLISHED: 11:27, Sun, Apr 16, 2017 | UPDATED: 11:54, Sun, Apr 16, 2017

Hackers/Kim Jong-unGETTY/AFP

Was Kim Jong-un’s missile test sabotaged by a US cyber attack?

The US Pacific Co

The US Pacific Command said the North Korean missile “blew up almost immediately” on its test launch which came a a day after a grand military parade to show off what appeared to be new long-range ballistic missiles.

And former Conservative foreign secretary Sir Malcolm Rifkind said it was possible the missile’s operating system had been sabotaged by a US cyber attack.

Pence speaks in South Korea after North Korea failed missile launch

 

Sir Malcolm RifkindGETTY

Former foreign secretary Sir Malcolm Rifkind suggested hackers may have sabotaged the missile test

There is a very strong belief that the US through cyber methods has been successful on several occasions in interrupting these sorts of tests

Sir Malcolm Rifkind

Sir Malcolm told the BBC: “It could have failed because the system is not competent enough to make it work.

“But there is a very strong belief that the US through cyber methods has been successful on several occasions in interrupting these sorts of tests and making them fail.

“But don’t get too excited by that, they’ve also had quite a lot of successful tests.

“They are an advanced country when it comes to their nuclear weapons programme. That still remains a fact – a hard fact.”

MissilesGETTY

Kim Jong-un used a military parade to show off his latest missiles

The failed launch appeared to defuse some of the rising tensions in the region with US military officials saying the botched test of what was believed to be a medium-range missile had come as no surprise.

The official said: “It’s a failed test. It follows another failed test. So really no need to reinforce their failure. We don’t need to expend any resources against that.”

He said the missile’s flight lasted no more than four or five seconds before it crashed into the sea.

“It wasn’t a matter of if, it was a matter of when. The good news is that after five seconds it fizzled out.”

MissilesGETTY

North Korea’s Day of Sun parade was seen as a show of defiance to the US

North Korea launched a ballistic missile from the same region earlier this month ahead of a summit between the US and China to discuss Pyongyang’s arms programme.

But that missile, which US officials said appeared to be a liquid-fuelled extended-range Scud, only flew about 40 miles – a fraction of its range – before spinning out of control.

Tensions had escalated sharply amid concern the North may conduct a sixth nuclear test or a ballistic missile test launch around Saturday’s 105th birth anniversary of founding father Kim Il Sung that it calls the “Day of the Sun”.

The White House has said President Donald Trump has put North Korea “on notice”.

Cybertheft Attempt on Indian Bank Resembles Bangladesh Heist

April 10, 2017

Similarities between hacks underscore concerns about rash of recent cyberattacks on financial institutions world-wide

A Union Bank service point in the eastern Indian city of Bhubaneswar.

A Union Bank service point in the eastern Indian city of Bhubaneswar. PHOTO: NURPHOTO/ZUMA PRESS

Cyberthieves who attempted to steal $170 million from an Indian bank last July used methods that strongly resemble those of an earlier, successful $81 million heist targeting Bangladesh’s central bank, according to people familiar with the matter.

The similarities between the Indian and Bangladeshi hacks underscore concerns about a rash of cyberattacks in recent months on financial institutions around the world, including banks in the U.S., Mexico, Poland and the U.K. Some of these hacks have been linked to groups affiliated with North Korea, cybersecurity specialists said earlier this year.

State-owned Union Bank of India Ltd.’s EQUNIONBANK 1.69% computer system was infected with malware that allowed thieves to authorize the transfer of around $170 million from the bank’s account in New York to private accounts in five locations, people familiar with the matter said. Fast detection by bankers allowed the Indian lender to prevent the money’s release.

Investigators studying the Indian hack said similar tactics and coding were used by computer criminals who attempted to steal nearly $1 billion from Bangladesh’s account at the Federal Reserve Bank of New York in February of last year. Many orders had been filled with misspellings and formatting errors, and the Fed blocked some of the withdrawal—but the thieves were able to move about $81 million to accounts in the Philippines.

U.S. prosecutors are building cases that would accuse North Korea of directing the Bangladeshi attack. North Korea’s mission to the United Nations didn’t respond to requests for comment.

This account of the Union Bank of India hack is based on interviews with Arun Tiwari, the bank’s chairman, and several other people familiar with the incident.

The attack on Union Bank began in late July last year when an employee opened an attachment on an email that appeared to have come from India’s central bank, Mr. Tiwari said. That action activated a piece of malware that allowed the hackers to steal Union Bank’s access codes for the international messaging system banks use to authorize cross-border transactions, known as the Society for Worldwide Interbank Financial Telecommunication, or Swift.

The hackers then used those codes to send authentic-looking instructions to a Union Bank account at Citigroup Inc. in New York, which handles processing of wire transfers and clears dollar transactions. The instructions ordered around $170 million to be sent to accounts in Thailand, Cambodia, Australia, Hong Kong and Taiwan.

The money went to several shell companies associated with Asian—in particular Chinese—organized crime syndicates, according to a person familiar with the matter.

Image result for Arun Tiwari, Union Bank’s chairman, picture
Arun Tiwari, Union Bank’s chairman PHOTO: DHIRAJ SINGH/BLOOMBERG NEWS
.

The cybercriminals behind the Bangladesh heist similarly stole bank codes to place fake transfer orders. Swift in November said banks using its network had sustained fresh attacks from hackers since the Bangladesh heist. Swift declined to comment on whether Union Bank of India was one of those banks, although Mr. Tiwari said Swift officials have been working with Union Bank since the day of the hack.

Swift generally creates two reports per transaction: one sent to the originating bank, in this case, Union Bank, and another to the so-called correspondent bank handling the overseas transactions, which was Citigroup. The correspondent bank then forwards its report to the originating bank the next day, so it can cross-check the transactions.

On July 21, an employee in Union Bank’s treasury department who was comparing the reports found that Citigroup had executed six transactions that Union Bank hadn’t intended to authorize. He notified senior executives of the mismatch, and the bank immediately began trying to get the money back.

“This was a war room that day,” Mr. Tiwari said.

Union Bank recovered the money sent to Thailand, Cambodia, and Australia—more than half of the total—within 24 hours. It got a court order in Hong Kong to retrieve the rest of the funds, and had gotten all of its money back by July 24.

Employees on Citigroup’s cybersecurity team observed similarities in how the malware behaved in the Union Bank attack and that used in the attack on Bangladesh’s central bank. Citigroup is an intermediary bank for the New York Fed, which gives it visibility into certain transactions.

Ernst & Young LLP, which was hired by Union Bank to investigate the hack and its aftermath, also concluded it had been executed similarly to the attack on the Bangladesh central bank, according to Mr. Tiwari. In both cases the malware reached the target banks by emails addressed to employees, and took control of Swift functions at the originating bank, a person familiar with the attack said.

Both hacks also disabled computer systems that create automatic logs of the transactions, another person familiar with the matter said.

Write to Julie Steinberg at julie.steinberg@wsj.com and Gabriele Parussini at gabriele.parussini@wsj.com

.

https://www.wsj.com/articles/cybertheft-attempt-on-indian-bank-resembles-bangladesh-heist-1491816614

Related:

 (Contains links to several related articles)

Keywords:

, , , , , , , , , , ,

Showtime to air documentary on WikiLeaks founder Assange

April 10, 2017

AFP

© AFP/File | Filmed over six years and taking in the 2016 US presidential election, the Showtime documentary “Risk” claims to take viewers closer than any previous film crew into Julian Assange’s inner circle
LOS ANGELES (AFP) –  US cable network Showtime said on Sunday it is to release “Risk,” a documentary from Oscar-winning filmmaker Laura Poitras about controversial WikiLeaks founder Julian Assange.The network announced in a statement it would partner with distributor Neon on a theatrical release before premiering the movie on television in a few months.

Filmed over six years and taking in the 2016 US presidential election, “Risk” claims to take viewers closer than any previous film crew into Assange’s inner circle.

“With unprecedented access, Poitras gives us the WikiLeaks story from the inside, allowing viewers to understand our current era of massive leaks, headline-grabbing news, and the revolutionary impact of the internet on global politics,” Showtime said in a statement.

“‘Risk’ is a portrait of power, principles, betrayal, and sacrifice when the stakes could not be any higher. It is a first-person geopolitical thriller told from the perspective of a filmmaker immersed in the worlds of state surveillance and the cypherpunk movement.”

Assange, 45, has been at the Ecuadoran embassy in London since 2012, having taken refuge to avoid being sent to Sweden, where he faces a rape allegation.

He fears Sweden would extradite him to the United States over his website’s leaking of diplomatic cables and other classified documents.

The Australian was questioned at the embassy on November 14 and 15 on the rape allegation which dates back to August 2010.

Poitras’s profile of Assange, who denies any wrongdoing, is a follow-up to her Academy Award-winning “Citizenfour” (2014), about fugitive leaker Edward Snowden and the NSA spying scandal.

“It is an exciting time to be working with Showtime and Neon,” the 53-year-old said.

“Both organizations are thinking outside the box about how to bring complex stories to a wide audience. I am thrilled to team up with them on ‘RisK.'”

An unfinished version of “Risk” screened to critical acclaim at the 2016 Cannes Film Festival.

FBI investigating ties between Russia and Trump campaign

March 20, 2017

AFP and The Associated Press

© Nicholas Kamm, AFP | FBI Director James Comey (pictured left) and NSA Director Mike Rogers on Capitol Hill in Washington D.C. on March 20, 2017

Text by NEWS WIRES

Latest update : 2017-03-20

FBI Director James Comey confirmed Monday that the bureau is investigating possible links and coordination between Russia and associates of President Donald Trump as part of a probe of Russian interference in last year’s presidential election.

The extraordinary revelation came at the outset of Comey’s opening statement in a congressional hearing examining Russian meddling and possible connections between Moscow and Trump‘s campaign. He acknowledged that the FBI does not ordinarily discuss ongoing investigations, but said he’d been authorized to do so given the extreme public interest in this case.

“This work is very complex, and there is no way for me to give you a timetable for when it will be done,” Comey told the House Intelligence Committee.

Earlier in the hearing, the chairman of the committee contradicted an assertion from Trump by saying that there had been no wiretap of Trump Tower. But Rep. Devin Nunes, a California Republican whose committee is one of several investigating, said that other forms of surveillance of Trump and his associates have not been ruled out.

Comey was testifying at Monday’s hearing along with National Security Agency Director Michael Rogers.

Trump, who recently accused President Barack Obama of wiretapping his New York skyscraper during the campaign, took to Twitter before the hearing began, accusing Democrats of making up allegations about his campaign associates’ contact with Russia during the election. He said Congress and the FBI should be going after media leaks and maybe even Hillary Clinton instead.

“The real story that Congress, the FBI and others should be looking into is the leaking of Classified information. Must find leaker now!” Trump tweeted early Monday as news coverage on the Russia allegations dominated the morning’s cable news.

Trump also suggested, without evidence, that Clinton’s campaign was in contact with Russia and had possibly thwarted a federal investigation. U.S. intelligence officials have not publicly raised the possibility of contacts between the Clintons and Moscow. Officials investigating the matter have said they believe Moscow had hacked into Democrats’ computers in a bid to help Trump’s election bid.

The real story that Congress, the FBI and all others should be looking into is the leaking of Classified information. Must find leaker now!

Monday’s hearing, one of several by congressional panels probing allegations of Russian meddling, could allow for the greatest public accounting to date of investigations that have shadowed the Trump administration in its first two months.

The top two lawmakers on the committee said Sunday that documents the Justice Department and FBI delivered late last week offered no evidence that the Obama administration had wiretapped Trump Tower, the president’s New York City headquarters. But the panel’s ranking Democrat said the material offered circumstantial evidence that American citizens colluded with Russians in Moscow’s efforts to interfere in the presidential election.

“There was circumstantial evidence of collusion; there is direct evidence, I think, of deception,” Rep. Adam Schiff, D-Calif., said on NBC’s “Meet the Press.” ”There’s certainly enough for us to conduct an investigation.”

The Democrats made up and pushed the Russian story as an excuse for running a terrible campaign. Big advantage in Electoral College & lost!

Nunes said: “For the first time the American people, and all the political parties now, are paying attention to the threat that Russia poses.”

“We know that the Russians were trying to get involved in our campaign, like they have for many decades. They’re also trying to get involved in campaigns around the globe and over in Europe,” he said on “Fox News Sunday.”

The Senate Intelligence Committee has scheduled a similar hearing for later in the month.

It is not clear how much new information will emerge Monday, and the hearing’s open setting unquestionably puts Comey in a difficult situation if he’s asked to discuss an ongoing investigation tied to the campaign of the president.

At a hearing in January, Comey refused to confirm or deny the existence of any investigation exploring possible connections between Trump associates and Russia, consistent with the FBI’s longstanding policy of not publicly discussing its work. His appearances on Capitol Hill since then have occurred in classified settings, often with small groups of lawmakers, and he has made no public statements connected to the Trump campaign or Russia.

Any lack of detail from Comey on Monday would likely be contrasted with public comments he made last year when closing out an investigation into Clinton’s email practices and then, shortly before Election Day, announcing that the probe would be revived following the discovery of additional emails.

(AP)

Related:

FBI Director Comey: Justice Dept. has no information that supports President Trump’s tweets alleging he was wiretapped by Obama

March 20, 2017

James Comey. Photo by Win McNamee/Getty Images (File Photo)

.

The Washington Post
March 20 at 11:27 AM
.
FBI Director James B. Comey acknowledged on Monday the existence of a counterintelligence investigation into the Russian government’s efforts to interfere in the 2016 election, and said that probe extends to the nature of any links between Trump campaign associates and the Russian government.
.
Testifying before the House Intelligence Committee, Comey said the investigation is also exploring whether there was any coordination between the campaign and the Kremlin, and “whether any crimes were committed.”
.The acknowledgment was an unusual move, given that the FBI’s practice is not to confirm the existence of ongoing investigations. “But in unusual circumstances, where it is in the public interest,” Comey said, “it may be appropriate to do so.”

Comey said he had been authorized by the Justice Department to confirm the wide-ranging probe’s existence.

He spoke at the first intelligence committee public hearing on alleged Russian interference in the 2016 election, along with National Security Agency head Michael S. Rogers.

Comey: No information to support Trump’s wiretapping tweets

FBI Director James B. Comey said at a House Intelligence Committee hearing that he has no information that Trump Tower was wiretapped by former president Barack Obama. (Reuters)

The hearing comes amid the controversy fired up by President Trump two weeks ago when he tweeted, without providing evidence, that President Barack Obama ordered his phones tapped at Trump Tower.

Comey says there is “no information’’ that supports Trump’s claims that his predecessor Barack Obama ordered surveillance of Trump Tower during the election campaign.

“I have no information that supports those tweets,’’ said Comey. “We have looked carefully inside the FBI,’’ and agents found nothing to support those claims, he said. He added the Justice Department had asked him to also tell the committee that that agency has no such information, either.

Under questioning from the top Democrat on the House Intelligence Committee, Rep. Adam Schiff (D-Calif,), Comey said no president could order such surveillance.

Committee chairman, Rep. Devin Nunes (R-Calif.) said in his opening statement, “The fact that Russia hacked U.S. election-related databases comes as no shock to this committee. We have been closely monitoring Russia’s aggressions for years…However, while the indications of Russian measures targeting the U.S. presidential election are deeply troubling, one benefit is already clear – it has focused wide attention on the pressing threats posed by the Russian autocrat. In recent years, Committee members have issued repeated and forceful pleas for stronger action against Russian belligerence. But the Obama administration was committed to the notion, against all evidence, that we could ‘reset’ relations with Putin, and it routinely ignored our warnings.”

Nunes said he hoped the hearing would focus on several key questions, including what actions Russia undertook against the United States during the 2016 election and did anyone from a political campaign conspire in these activities? He also wants to know if the communications of any campaign officials or associates were subject to any improper surveillance.

“Let me be clear,” he said. “We know there was not a wiretap on Trump Tower. However, it’s still possible that other surveillance activities were used against President Trump and his associates.”

Finally, Nunes said he is focused on leaks of classified information to the media. “We aim to determine who has leaked or facilitated leaks of classified information so these individuals can be brought to justice,” he said.

In his opening statement, Schiff said, “We will never know whether the Russian intervention was determinative in such a close election. Indeed it is unknowable in a campaign in which so many small changes could have dictated a different result. More importantly, and for the purposes of our investigation, it simply does not matter. What does matter is this: the Russians successfully meddled in our democracy, and our intelligence agencies have concluded that they will do so again.”

He added: “Most important, we do not yet know whether the Russians had the help of U.S. citizens, including people associated with the Trump campaign. Many of Trump’s campaign personnel, including the president himself, have ties to Russia and Russian interests. This is, of course, no crime. On the other hand, if the Trump campaign, or anybody associated with it, aided or abetted the Russians, it would not only be a serious crime, it would also represent one of the most shocking betrayals of our democracy in history.”

Just hours before the start of the hearing, Trump posted a series of tweets claiming Democrats “made up” the allegations of Russian contacts in an attempt to discredit the GOP during the presidential campaign. Trump also urged federal investigators to shift their focus to probe disclosures of classified material.

“The real story that Congress, the FBI and all others should be looking into is the leaking of Classified information,” Trump wrote early Monday. “Must find leaker now!”

Republican members pressed hard on the subject of leaks to the media that resulted in news stories about contacts between Russian officials and the Trump campaign or administration officials. Nunes sought an admission from the officials that the leaks were illegal under the Foreign Intelligence Surveillance Court act, the law that governs foreign intelligence-gathering on U.S. soil or of U.S. persons overseas.

“Yes,” Comey answered. “In addition to being a breach of our trust with the FISA court.”

One story in particular that apparently upset the Republicans was a Feb. 9 story by The Washington Post reporting that Trump’s national security advisor, Michael Flynn, discussed the subject of sanctions with the Russian ambassador, Sergey Kislyak, in the month before Trump took office. The Post reported that the discussions were monitored under routine, court-approved monitoring of Kislyak’s calls.

Rep. Tom Rooney (R-Fla.) pressed Rogers to clarify under what circumstances it would be legitimate for Americans caught on tape speaking with people under surveillance to have their identities disclosed publicly, and whether leaking those identities would “hurt or help” intelligence collection.

“Hurt,” Rogers noted.

Rogers stressed that the identities of U.S. persons picked up through “incidental collection” – that being the way intelligence officials picked up on Flynn’s phone calls with Kislyak – are disclosed only on a “valid, need to know” basis, and usually only when there is a criminal activity or potential threat to the United States at play.

Rogers added that there are a total of 20 people in the NSA he has delegated to make decisions about when someone’s identity can be unmasked.

The FBI probe combines an investigation into hacking operations by Russian spy agencies with efforts to understand how the Kremlin sought to manipulate public opinion and influence the election’s outcome.

In January, the intelligence community released a report concluding that Russian President Vladi­mir Putin wanted to not only undermine the legitimacy of the election process but also harm the campaign of Hillary Clinton and boost Trump’s chances of winning.

Hackers working for Russian spy agencies penetrated the computers of the Democratic National Committee in 2015 and 2016 as well as the email accounts of Democratic officials, intelligence official said in the report. The material was relayed to WikiLeaks, the officials said, and the anti-secrecy group began a series of damaging email releases just before the Democratic National Convention that continued through the fall.

On Friday, the Justice Department delivered documents to the committee in response to a request for copies of intelligence and criminal wiretap orders and applications. Nunes, speaking Sunday, said the material provided “no evidence of collusion” to sway the election toward Trump and repeated previous statements that there is no credible proof of any active coordination.

But Schiff, also speaking Sunday, said there was “circumstantial evidence of collusion” at the outset of the congressional investigations into purported Russian election meddling, as well as “direct evidence” that Trump campaign figures sought to deceive the public about their interactions with Russian figures.

The concerns about Moscow’s meddling are also being felt in Europe, where France and Germany hold elections this year. “Our allies,” Schiff said, “are facing the same Russian onslaught.”

https://www.washingtonpost.com/world/national-security/fbi-director-to-testify-on-russian-interference-in-the-presidential-election/2017/03/20/cdea86ca-0ce2-11e7-9d5a-a83e627dc120_story.html?utm_term=.2b44421224ec

*******************************

The Associated Press

WASHINGTON – FBI Director James Comey confirmed Monday that the bureau is investigating possible links and coordination between Russia and associates of President Donald Trump as part of a broader probe of Russian interference in last year’s presidential election.

The extraordinary revelation came at the outset of Comey’s opening statement in a congressional hearing examining Russian meddling and possible connections between Moscow and Trump’s campaign. He acknowledged that the FBI does not ordinarily discuss ongoing investigations, but said he’d been authorized to do so given the extreme public interest in this case.

“This work is very complex, and there is no way for me to give you a timetable for when it will be done,” Comey told the House Intelligence Committee.

Earlier in the hearing, the chairman of the committee contradicted an assertion from Trump by saying that there had been no wiretap of Trump Tower. But Rep. Devin Nunes, a California Republican whose committee is one of several investigating, said that other forms of surveillance of Trump and his associates have not been ruled out.

Comey was testifying at Monday’s hearing along with National Security Agency Director Michael Rogers.

Trump, who recently accused President Barack Obama of wiretapping his New York skyscraper during the campaign, took to Twitter before the hearing began, accusing Democrats of making up allegations about his campaign associates’ contact with Russia during the election. He said Congress and the FBI should be going after media leaks and maybe even Hillary Clinton instead.

“The real story that Congress, the FBI and others should be looking into is the leaking of Classified information. Must find leaker now!” Trump tweeted early Monday as news coverage on the Russia allegations dominated the morning’s cable news.

Trump also suggested, without evidence, that Clinton’s campaign was in contact with Russia and had possibly thwarted a federal investigation. U.S. intelligence officials have not publicly raised the possibility of contacts between the Clintons and Moscow. Officials investigating the matter have said they believe Moscow had hacked into Democrats’ computers in a bid to help Trump’s election bid.

Monday’s hearing, one of several by congressional panels probing allegations of Russian meddling, could allow for the greatest public accounting to date of investigations that have shadowed the Trump administration in its first two months.

The top two lawmakers on the committee said Sunday that documents the Justice Department and FBI delivered late last week offered no evidence that the Obama administration had wiretapped Trump Tower, the president’s New York City headquarters. But the panel’s ranking Democrat said the material offered circumstantial evidence that American citizens colluded with Russians in Moscow’s efforts to interfere in the presidential election.

“There was circumstantial evidence of collusion; there is direct evidence, I think, of deception,” Rep. Adam Schiff, D-Calif., said on NBC’s “Meet the Press.” `’There’s certainly enough for us to conduct an investigation.”

Nunes said: “For the first time the American people, and all the political parties now, are paying attention to the threat that Russia poses.”

“We know that the Russians were trying to get involved in our campaign, like they have for many decades. They’re also trying to get involved in campaigns around the globe and over in Europe,” he said on “Fox News Sunday.”

The Senate Intelligence Committee has scheduled a similar hearing for later in the month.

It is not clear how much new information will emerge Monday, and the hearing’s open setting unquestionably puts Comey in a difficult situation if he’s asked to discuss an ongoing investigation tied to the campaign of the president.

At a hearing in January, Comey refused to confirm or deny the existence of any investigation exploring possible connections between Trump associates and Russia, consistent with the FBI’s longstanding policy of not publicly discussing its work. His appearances on Capitol Hill since then have occurred in classified settings, often with small groups of lawmakers, and he has made no public statements connected to the Trump campaign or Russia.

Any lack of detail from Comey on Monday would likely be contrasted with public comments he made last year when closing out an investigation into Clinton’s email practices and then, shortly before Election Day, announcing that the probe would be revived following the discovery of additional emails.


PUBLISHED: MARCH 20, 2017, 8:01 A.M.