Posts Tagged ‘National Security Agency’

REUTERS: Trump campaign had at least 18 undisclosed contacts with Russians

May 18, 2017


Thu May 18, 2017 | 6:01am EDT

By Ned Parker, Jonathan Landay and Warren Strobel | WASHINGTON

Michael Flynn and other advisers to Donald Trump’s campaign were in contact with Russian officials and others with Kremlin ties in at least 18 calls and emails during the last seven months of the 2016 presidential race, current and former U.S. officials familiar with the exchanges told Reuters.

The previously undisclosed interactions form part of the record now being reviewed by FBI and congressional investigators probing Russian interference in the U.S. presidential election and contacts between Trump’s campaign and Russia.

Six of the previously undisclosed contacts described to Reuters were phone calls between Sergei Kislyak, Russia’s ambassador to the United States, and Trump advisers, including Flynn, Trump’s first national security adviser, three current and former officials said.

Conversations between Flynn and Kislyak accelerated after the Nov. 8 vote as the two discussed establishing a back channel for communication between Trump and Russian President Vladimir Putin that could bypass the U.S. national security bureaucracy, which both sides considered hostile to improved relations, four current U.S. officials said.

In January, the Trump White House initially denied any contacts with Russian officials during the 2016 campaign. The White House and advisers to the campaign have since confirmed four meetings between Kislyak and Trump advisers during that time.

The people who described the contacts to Reuters said they had seen no evidence of wrongdoing or collusion between the campaign and Russia in the communications reviewed so far. But the disclosure could increase the pressure on Trump and his aides to provide the FBI and Congress with a full account of interactions with Russian officials and others with links to the Kremlin during and immediately after the 2016 election.

The White House did not respond to requests for comment. Flynn’s lawyer declined to comment. In Moscow, a Russian foreign ministry official declined to comment on the contacts and referred Reuters to the Trump administration.

Separately, a spokesman for the Russian embassy in Washington said: “We do not comment on our daily contacts with the local interlocutors.”

The 18 calls and electronic messages took place between April and November 2016 as hackers engaged in what U.S. intelligence concluded in January was part of a Kremlin campaign to discredit the vote and influence the outcome of the election in favor of Trump over his Democratic challenger, former secretary of state Hillary Clinton.

FILE PHOTO: – U.S. President Donald Trump (L-R), joined by Chief of Staff Reince Priebus, Vice President Mike Pence, senior advisor Steve Bannon, Communications Director Sean Spicer and then National Security Advisor Michael Flynn, speaks by phone with Russia’s President Vladimir Putin in the Oval Office at the White House in Washington, U.S. on January 28, 2017. REUTERS/Jonathan Ernst/File Photo

Those discussions focused on mending U.S.-Russian economic relations strained by sanctions imposed on Moscow, cooperating in fighting Islamic State in Syria and containing a more assertive China, the sources said.

Members of the Senate and House intelligence committees have gone to the CIA and the National Security Agency to review transcripts and other documents related to contacts between Trump campaign advisers and associates and Russian officials and others with links to Putin, people with knowledge of those investigations told Reuters.

The U.S. Justice Department said on Wednesday it had appointed former FBI Director Robert Mueller as special counsel to investigate alleged Russian meddling in the U.S. presidential campaign and possible collusion between Trump’s campaign and Russia. Mueller will now take charge of the FBI investigation that began last July. Trump and his aides have repeatedly denied any collusion with Russia.


In addition to the six phone calls involving Kislyak, the communications described to Reuters involved another 12 calls, emails or text messages between Russian officials or people considered to be close to Putin and Trump campaign advisers.

One of those contacts was by Viktor Medvedchuk, a Ukrainian oligarch and politician, according to one person with detailed knowledge of the exchange and two others familiar with the issue.

It was not clear with whom Medvedchuk was in contact within the Trump campaign but the themes included U.S.-Russia cooperation, the sources said. Putin is godfather to Medvedchuk’s daughter.

Medvedchuk denied having any contact with anyone in the Trump campaign.

“I am not acquainted with any of Donald Trump’s close associates, therefore no such conversation could have taken place,” he said in an email to Reuters.

In the conversations during the campaign, Russian officials emphasized a pragmatic, business-style approach and stressed to Trump associates that they could make deals by focusing on common economic and other interests and leaving contentious issues aside, the sources said.

Veterans of previous election campaigns said some contact with foreign officials during a campaign was not unusual, but the number of interactions between Trump aides and Russian officials and others with links to Putin was exceptional.

“It’s rare to have that many phone calls to foreign officials, especially to a country we consider an adversary or a hostile power,” Richard Armitage, a Republican and former deputy secretary of state, told Reuters.


Beyond Medvedchuk and Kislyak, the identities of the other Putin-linked participants in the contacts remain classified and the names of Trump advisers other than Flynn have been “masked” in intelligence reports on the contacts because of legal protections on their privacy as American citizens. However, officials can request that they be revealed for intelligence purposes.

U.S. and allied intelligence and law enforcement agencies routinely monitor communications and movements of Russian officials.

After Vice President Mike Pence and others had denied in January that Trump campaign representatives had any contact with Russian officials, the White House later confirmed that Kislyak had met twice with then-Senator Jeff Sessions, who later became attorney general.

Kislyak also attended an event in April where Trump said he would seek better relations with Russia. Senior White House adviser Jared Kushner, Trump’s son-in-law, also attended that event in Washington. In addition, Kislyak met with two other Trump campaign advisers in July on the sidelines of the Republican convention.

Trump fired Flynn in February after it became clear that he had falsely characterized the nature of phone conversations with Kislyak in late December – after the Nov. 8 election and just after the Obama administration announced new sanctions on Russia. Flynn offered to testify to Congress in return for immunity from prosecution but his offer was turned down by the House intelligence committee.

(Additional reporting by John Walcott in Washington, Natalia Zinets and Alessandra Prentice in Kiev and Christian Lowe in Moscow; Editing by Kevin Krolicki and Ross Colvin)

New Threats Fuel Fears of Another Global Cyberattack

May 18, 2017

A new attack hit thousands of computers and a hacking group said it would release more attack software

Staff monitor the spread of ransomware cyberattacks at the Korea Internet and Security Agency in Seoul on May 15. Businesses and security experts fear more cyberattacks could be in the pipeline.

Staff monitor the spread of ransomware cyberattacks at the Korea Internet and Security Agency in Seoul on May 15. Businesses and security experts fear more cyberattacks could be in the pipeline. PHOTO: YONHAP/AGENCE FRANCE-PRESSE/GETTY IMAGES

Updated May 17, 2017 8:01 p.m. ET

A new fast-spreading computer attack and a hacking group’s threat to release a fresh trove of stolen cyberweapons are fueling fears among businesses and security experts of another global technology assault.


The new attack, called Adylkuzz, follows last week’s WannaCry outbreak, which crippled computers in more than 100 countries over the weekend. Both attacks rely on a Windows bug that was patched on March 14 and only affect PCs that haven’t installed the latest version of Microsoft’s software updates. Unlike its predecessor, Adylkuzz doesn’t lock up computer screens; it slows down systems as it quietly steals processing power to generate a little-known digital currency called Monero.

Adylkuzz began spreading about two weeks ago and by Wednesday had infected more than 150,000 machines around the globe, according to Ryan Kalember, senior vice president with the security intelligence firm Proofpoint Inc. PFPT -5.80% That is nearly the same count as WannaCry, which has largely stopped spreading, security experts said. Security company Kaspersky Lab ZAO pegged the number of Adylkuzz infections at just several thousand by Wednesday.

The news comes a day after a hacking group called the Shadow Brokers separately posted an internet message saying it would release a new trove of cyberattack tools next month. The group claimed to have software that would affect web browsers, routers, mobile phones and Microsoft Corp.’s Windows 10 operating system. Its first trove, which it and Microsoft said was stolen from the National Security Agency, was dumped last month and used by WannaCry.

The spread of the ransom malware that wreaked global havoc over the weekend appears to be slowing down, but how bad was the damage, and who’s to blame? WSJ’s Tanya Rivero has four things you need to know. Photo: European Pressphoto Agency

A Microsoft spokeswoman said the company is aware of the new Shadow Brokers claim and that its security teams actively monitor for emerging threats. The NSA has declined to comment on the authenticity of the Shadow Brokers documents or the WannaCry attack.

The threats highlight the growing risks of global assaults for businesses and governments posed by a nexus of mysterious hackers and powerful, government-crafted cyberweapons.

“In a few years we’re going to be looking back and saying that 2017 was clearly a turning point,” said Edward Amoroso, the former security chief at AT&T Inc. “That’s when we started to see businesses affected. If your employees are coming in and they can’t work, that’s a big deal.”

For companies looking to protect their systems, security experts agree on one piece of advice: install patches to Windows software now.

Still, that may not be enough to stop the next attack. “There’s no wall you can build that’s high enough or deep enough to keep a dedicated adversary out,” said John Carlin, a former cybercrimes prosecutor at the Justice Department.

Larger companies will need to step up their security training, patching and planning, he says. Smaller mom-and-pop businesses may need to hand over security to companies that specialize in these services. “It’s crazy to expect a mom-and-pop to on their own have to deal with cybersecurity issues,“ said Mr. Carlin, now the chair of the law firm Morrison & Foerster LLP’s global risk and crisis management practice.

A programmer shows a sample of decrypting source code in Taipei on May 13.

A programmer shows a sample of decrypting source code in Taipei on May 13. PHOTO: RITCHIE B. TONGO/EPA

The scope and intensity of the WannaCry cyberattack will bring staffing, investment and policy under review, security chiefs and CIOs have said. Corporate computer security spending is expected to hit $90 billion world-wide this year, an increase of 7.6% from a year earlier, according to research firm Gartner Inc.

That increased spending has helped drive up share prices at security companies such asRapid7 Inc., FireEye Inc. and Symantec Corp. , all of whom have seen shares rise by more than 25% this year.

The recent attacks were much more widespread in Russia, India, Ukraine and Taiwan, Kaspersky said. And while that may have prevented many U.S. companies from feeling the full brunt of the latest attacks, that comes as small consolation for local governments and small- or medium-size businesses that must defend against these threats with limited budgets. The attacks “just keep ratcheting up year after year,” said Dan Lohrmann, chief security officer with the training company Security Mentor Inc. and Michigan’s former chief security officer. “You think it can’t go any higher but every year it does.”

The Shadow Brokers’ release of what it says are U.S. government hacking tools comes after WikiLeaks in March published a cache of alleged Central Intelligence Agency cybersecrets, offering a window into a world where the research and development of computer attacks has become increasingly professionalized.

The stage for today’s cyberattacks was set more than a decade ago. In the mid-2000s, Microsoft, embarrassed by a series of computer worm and virus outbreaks, began to comb through its software for bugs and develop new coding techniques designed to thwart hackers. At the same time, hackers discovered they could command large fees for their work. Apple Inc., for example, pays $200,000 for details on the most severe bugs affecting its software. Government agencies and private corporations often pay more, especially if the research includes “exploit code” that can be used in an attack. Last year, the Federal Bureau of Investigation paid more than $1 million for a hacking tool that gave it access to the iPhone used by the gunman in the San Bernardino, Calif., attack.

These factors have slowed the flow of bugs and the tools that exploit them on public venues, where they were once freely—and more frequently—disclosed, said David Aitel, chief executive at Immunity Inc., a computer-security services company. “There’s a scarcity of high-quality attack tools,” he said.

But if companies thought the risk of attacks had evaporated, WannaCry served as a wake-up call. And the attack could have been much worse if it had made sensitive corporate information public, said Mr. Aitel, a former NSA analyst.

Recent events are “a taste of the kind of threats we may be facing going forward,” said Virginia Sen. Mark Warner, the top Democrat on the Senate Intelligence Committee, which oversees the nation’s spy agencies. “I’m not sure if the whole of government—or for that matter, the whole of society—is fully prepared.”

While few victims appear to have paid the $300 ransom WannaCry demanded from affected users, the software affected hundreds of thousands of systems, including networks at Renault SA and Britain’s public health service. It not only rendered computers unusable but deployed encryption to make data stored on them unreadable.

Another computer worm may soon appear, either based on the Shadow Brokers’ code used by WannaCry or similarly devastating code released by Shadow Brokers in April that was used on Microsoft’s Remote Desktop Protocol software, said Robert M. Lee, chief executive of security consultancy Dragos Inc.

There’s no wall you can build that’s high enough or deep enough to keep a dedicated adversary out.

—John Carlin

And while it isn’t known yet how dangerous any new releases might be, “everything the Shadow Brokers have talked about leaking so far has been legitimate,” he said.

Microsoft, whose Windows software is the most frequent target of attacks, is calling on governments to report software flaws rather than stockpiling or exploiting them.

“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage,” Brad Smith, the company’s top lawyer, wrote in a blog post Sunday.

Given the widespread use of these attacks, and the fact that nations such as North Korea are unlikely to abide by international cybersecurity conventions akin to those proposed by Microsoft, Immunity’s Mr. Aitel says such suggestions aren’t likely to be adopted. “No country on earth thinks this is a good idea,” he said.

Write to Robert McMillan at

Appeared in the May. 18, 2017, print edition as ‘Cyberthreats Breed Deep Unease.’

Donald Trump Defends Himself Over Reports He Shared Classified Information With Russia

May 16, 2017

On Twitter, president says he had ‘absolute right’ to share terrorism facts, cites ‘humanitarian reasons’

 Image may contain: 1 person, suit
National Security Adviser Denies Trump Gave Russians Secrets
In a brief statement to reporters, National Security Adviser Lt. Gen. H.R. McMaster responded to a Washington Post article that claims President Trump revealed highly classified information to Russian officials during a meeting in the Oval Office last week. Photo: AP

Updated May 16, 2017 10:58 a.m. ET

WASHINGTON—President Donald Trump took to Twitter on Tuesday morning to defend himself over reports he shared counterterrorism intelligence obtained from a U.S. ally at an Oval Office meeting with senior Russian officials last week.

“I have the absolute right” as president to share “facts pertaining to terrorism and airline safety,” Mr. Trump wrote on Twitter, before offering an explanation for why: “Humanitarian reasons, plus I want Russia to greatly step up their fight against ISIS & terrorism.”

The tweets offered little to mollify some lawmakers on Capitol Hill, where one leading Senate Republican said the president appeared to be changing the story in a way that was confusing and concerning, and that the allegations were problematic.

The Wall Street Journal reported late Monday that Mr. Trump divulged details about Islamic State to the Russian foreign minister and ambassador in his meeting last week in a way that revealed enough information for them to potentially compromise the source of the intelligence, according to officials, who said the intelligence came from the U.S. ally.

As President I wanted to share with Russia (at an openly scheduled W.H. meeting) which I have the absolute right to do, facts pertaining….

The Washington Post had earlier reported Mr. Trump’s disclosure, and said White House officials called the Central Intelligence Agency and National Security Agency to warn of Mr. Trump’s disclosure and its possible consequences.

Mr. Trump’s Tuesday tweets were a departure from a hastily assembled but circumspect White House response Monday night, when officials including national security adviser H.R. McMaster said the Post article “as reported is false.”

Mr. McMaster said that Mr. Trump hadn’t shared information about intelligence sources or methods, but stopped short of denying the president had shared any intelligence or other secrets with the Russians.

…to terrorism and airline flight safety. Humanitarian reasons, plus I want Russia to greatly step up their fight against ISIS & terrorism.

An administration official said Tuesday that Mr. Trump’s tweet Tuesday didn’t confirm the Post article and that it didn’t address the question of whether classified information had been shared by Mr. Trump one way or the other.

According to one U.S. official, the information shared was highly sensitive and difficult to acquire and was considered extraordinarily valuable. The Journal agreed not to identify the ally because another U.S. official said it could jeopardize the source.

Mr. McMaster will speak with reporters in an on-camera briefing from the White House at 11:30 a.m. EDT.

The White House didn’t provide a detailed statement about Mr. Trump’s meeting last week with Sergei Lavrov, the Russian foreign minister, and Sergei Kislyak, the Russian ambassador, which was closed to the press. A photographer from the Russian news agency TASS was in the room and published photographs.

I have been asking Director Comey & others, from the beginning of my administration, to find the LEAKERS in the intelligence community…..

Mr. Trump noted on Twitter that the meeting was “openly scheduled.” The meeting with Mr. Lavrov was on the president’s public schedule, but the schedule didn’t state that Mr. Kislyak would attend as well.

Later Tuesday morning, Mr. Trump wrote on Twitter that he had asked former FBI Director James Comey, whom he fired last week the day before the meeting with the Russians, and others “to find the LEAKERS in the intelligence community…..”

Trump’s Tweets Intensify Interest in Russia Investigation
President Donald Trump’s provocative tweets about former FBI Director James Comey and the ongoing Russia investigation are drawing more attention to a probe that continues to disrupt the Trump administration. WSJ’s Shelby Holliday has the story. Photo: Getty

Presidents have the legal right to declassify intelligence as they see fit. But doing so can put intelligence sources abroad in danger and make them less willing to work with the U.S., several defense officials said, and the latest disclosures stunned Washington’s national-security veterans on both sides of the political divide.

South Dakota Republican Sen. John Thune called it “concerning” that “information that reveals classified national security information is shared with the Russians,” although he added that there was “conflicting information.”

Sen. Amy Klobuchar (D., Minn.) said the Trump administration’s initial pushback on the reports indicates the White House has a recording of the meeting.

“Clearly if there is some kind of a readout or a transcript from that meeting that means there is a tape,” Ms. Klobuchar said. “We need to get a hold of that” in the Senate.

Senate Majority Leader Mitch McConnell, for his part, said in a Bloomberg interview that he hoped to see fewer distractions coming out of the White House.

Mr. Trump’s Tuesday morning tweets came after a late, tense night at the White House.

After the first report in the Post, White House aides compiled statements from Secretary of State Rex Tillerson, national security aide Dina Powell and Mr. McMaster denying it.

But the statements were sent only to a single reporter, 90 minutes after the story had appeared. Others obtained the statements because the reporter agreed to distribute them through the White House press corps “pool” system.

Mr. McMaster then appeared outside the White House, read another brief statement and took no questions.

“There is nothing that the president takes more seriously than the safety of the American people,” he said.

He also said that he had been in the room and that he believed that public statements from people like him should outweigh allegations from anonymous sources.

Write to Louise Radnofsky at




BBC News

Trump defends ‘absolute right’ to share ‘facts’ with Russia


US National Security Adviser McMaster challenged reporting of the Oval Office meeting

US President Donald Trump has defended his “absolute right” to share information with Russia, following a row over classified material.

Mr Trump tweeted that he had shared “facts pertaining to terrorism and airline safety” and wanted Russia to do more against so-called Islamic State.

He met Russian Foreign Minister Sergei Lavrov in the Oval Office last week.

US media said Mr Trump had shared material that was passed on by a partner which had not given permission.

A report in the Washington Post said Mr Trump had confided top secret information relating to an IS plot thought to centre on the use of laptop computers on aircraft.

Mr Trump’s move is not illegal, as the US president has the authority to declassify information.

The action drew strong criticism from Democrats and a call for an explanation from his own Republican party.

What was the president’s defence?

In his tweets early on Tuesday, Mr Trump said: “As President I wanted to share with Russia (at an openly scheduled W.H. meeting) which I have the absolute right to do, facts pertaining to terrorism and airline flight safety.

“Humanitarian reasons, plus I want Russia to greatly step up their fight against [IS] & terrorism.”

It is not clear if Mr Trump was acknowledging having shared intelligence secrets with the Russian officials, thus contradicting White House statements, or whether he was simply trying to explain what had been discussed.

The BBC’s Anthony Zurcher in Washington says this was a carefully constructed defence of the meeting, in which President Trump frames any revelation of intelligence information as a calculated move to advance US national security priorities.

After all, the controversy that swirled around the White House on Monday night was never legal, it was political, and this defence may be enough for Republicans to rally around, he adds.

What happened in the Oval Office?

In a conversation with the Russian foreign minister and Russian ambassador Sergei Kislyak in the Oval Office, the president revealed details that could lead to the exposure of a source of information, officials told the Washington Post.

The intelligence disclosed came from a US ally and was considered too sensitive to share with other US allies, the paper reported.

.US President Donald Trump (L) and Russian Foreign Minister Sergei Lavrov (2-L) during a meeting at the White House in Washington DC on 10 MayImage copyrightRUSSIAN FOREIGN MINISTRYImage captionThe comments were made during President Trump’s meeting last week in the Oval Office with the Russian foreign minister (second from left)

Others at the meeting realised the mistake and scrambled to “contain the damage” by informing the Central Intelligence Agency (CIA) and the National Security Agency (NSA), says the Post.

The meeting came a day after Mr Trump fired his FBI chief, James Comey, sparking criticism that he had done so because the FBI was investigating his election campaign’s alleged Russian ties.

How did the White House initially respond?

National Security Adviser HR McMaster told reporters the story, “as reported”, was “false”.

“At no time – at no time – were intelligence sources or methods discussed. And the president did not disclose any military operations that were not already publicly known.”

The statement was echoed by Secretary of State Rex Tillerson.

But the Washington Post said this did not amount to a denial.

Speaking to the BBC, Post reporter Greg Jaffe said the story made it clear the president did not disclose sources or methods.

But he added: “Our story says that the nature of the information provided would have allowed the Russians to ‘reverse engineer’ to discover the sources and methods. He said so much that they could figure it out.”

Golden rule: Frank Gardner, BBC security correspondent

Despite the denials issued by the White House that any actual intelligence sources were revealed to the Russians, whatever was said in that Oval Office meeting was enough to alarm certain officials and, reportedly, to alert the CIA and NSA.

They in turn will have needed to warn the country that supplied the intelligence. There is a golden rule in the world of espionage that when one government supplies intelligence to another it must not be passed on to a third party without permission of the original supplier. The reason is simple: it could put the lives of their human informants at risk.

In this case it appears to relate to the discovery of plans by jihadists in Syria to devise a way of smuggling viable explosive devices on board a plane inside a laptop computer. Given the well-publicised ban on laptops in cabins on certain Middle Eastern routes, whoever revealed that information is unlikely to be still in place.

What has the reaction been?

  • “This is dangerous and reckless” – Dick Durbin, Senate’s second-highest ranked Democrat
  • “Mr President, this isn’t about your ‘rights’, but your responsibilities. You could jeopardise our sources, relationships and security” – Adam Schiff, top Democrat on House Intelligence Committee
  • “We have no way to know what was said, but protecting our nation’s secrets is paramount” – spokesperson for Republican House Speaker Paul Ryan
  • Congress could do with “a little less drama from the White House” – Mitch McConnell, Senate majority leader
  • “We generally do not want to have anything to do with this nonsense” – Dmitry Peskov, Kremlin spokesman
  • “If true, this is not going to instil confidence in allies already wary of sharing the most sensitive information” – senior Nato diplomat quoted by Reuters

Levels of US classification – from lowest to highest

  • Confidential: Information that reasonably could be expected to cause damage to the national security if disclosed to unauthorised sources. Most military personnel have this level of clearance
  • Secret: The same wording in the first sentence above, except it substitutes serious damage
  • Top Secret: Again, the same wording except to substitute exceptionally grave damage
  • Codeword: Adds a second level of clearance to Top Secret, so that only those cleared with the codeword can see it. Administered by the CIA. The material discussed by Mr Trump with the Russians was under a codeword, sources told the Washington Post.

Trump defends ‘absolute right’ to share intel with Russia

May 16, 2017

AFP and The Associated Press

© Saul Loeb, AFP | Donald Trump at the White House on May 15, 2017


Latest update : 2017-05-16

President Donald Trump on Tuesday defended his right to share “facts pertaining to terrorism” and airline safety with Russia, saying in a pair of tweets he has “an absolute right” as president to do so.

Trump’s tweets did not say whether he revealed classified information about the Islamic State group, as published reports have said and as a U.S. official told The Associated Press on Tuesday.

Image may contain: 1 person, suit

The White House has pushed back against those reports, but has not denied that classified information was disclosed in the May 10 meeting between Trump and Russian diplomats.

In a pair of tweets, the president responded to a firestorm of criticism triggered by the reports.

As President I wanted to share with Russia (at an openly scheduled W.H. meeting) which I have the absolute right to do, facts pertaining….

“I wanted to share with Russia (at an openly scheduled W.H. meeting) which I have the absolute right to do, facts pertaining…to terrorism and airline flight safety. Humanitarian reasons, plus I want Russia to greatly step up their fight against ISIS & terrorism,” Trump tweeted.

Trump shared details about an Islamic State terror threat related to the use of laptop computers on aircraft with Russian Foreign Minister Sergey Lavrov and Russian ambassador to the U.S. Sergey Kislyak, a senior U.S official told The Associated Press. The classified information had been shared with the president by an ally, violating the confidentiality of an intelligence-sharing agreement with that country, the official said.

The official, who spoke on condition of anonymity because the official was not authorized to speak publicly, would not say which country’s intelligence was divulged.

The disclosure put a source of intelligence on the Islamic State at risk, according to The Washington Post, which first reported the disclosure on Monday.

Trump later was informed that he had broken protocol and White House officials placed calls to the National Security Agency and the CIA looking to minimize any damage.

Russia’s foreign ministry spokesman denied the report. Maria Zakharova, a spokeswoman for the Russian foreign ministry, on Facebook on Tuesday described the reports as “yet another fake.”

The CIA and the Office of the Director of National Intelligence have declined to comment.

The U.S. official said that Trump boasted about his access to classified intelligence in last week’s meeting with Lavrov and Kislyak. An excerpt to an official transcript of the meeting reveals that Trump told them, “I get great intel. I have people brief me on great intel every day,” he said.

@realDonaldTrump meeting has just started | В Овальном кабинете началась встреча С.Лаврова с Д.Трампом

Kislyak has been a central player in the snowballing controversy surrounding possible coordination between Trump’s campaign and Russia’s election meddling.

The revelations drew strong condemnation from Democrats and a rare rebuke of Trump from some Republican lawmakers. White House officials denounced the report, saying the president did not disclose intelligence sources or methods to the Russians, though officials did not deny that classified information was disclosed in the May 10 meeting.

“The president and the foreign minister reviewed a range of common threats to our two countries including threats to civil aviation,” said H.R. McMaster, Trump’s national security adviser. “At no time, at no time were intelligence sources or methods discussed and the president did not disclose any military operations that were not already publicly known.”

The revelations could further damage Trump’s already fraught relationship with U.S. intelligence agencies. He’s openly questioned the competency of intelligence officials and challenged their high-confidence assessment that Russia meddled in last year’s presidential election to help him win. His criticism has been followed by a steady stream of leaks to the media that have been damaging to Trump and exposed an FBI investigation into his associates’ possible ties to Russia.

The disclosure also risks harming his credibility with U.S. partners around the world ahead of his first overseas trip. The White House was already reeling from its botched handling of Trump’s decision last week to fire James Comey, the FBI director who was overseeing the Russia investigation.

A European security official said sharing sensitive information could dampen the trust between the United States and its intelligence sharing partners. “It wouldn’t likely stop partners from sharing life-saving intelligence with the Americans, but it could impact the trust that has been built, particularly if sharing such information exposes specific intelligence gathering methods,” said the official, who spoke on condition of anonymity because the person was not authorized to speak about such intelligence sharing.

The Royal Court in Jordan said that King Abdullah II was to speak by telephone with Trump later Tuesday. The revelation also prompted cries of hypocrisy. Trump spent the campaign arguing that his opponent, former Secretary of State Hillary Clinton, should be locked up for careless handling of classified information.

Secretary of State Rex Tillerson also disputed the report. He said Trump discussed a range of subjects with the Russians, including “common efforts and threats regarding counter-terrorism.” The nature of specific threats was discussed, he said, but not sources, methods or military operations.

The controversy engulfed the White House. Reporters spent much of the evening camped out adjacent to Press Secretary Sean Spicer’s office, hoping for answers. At one point, an eagle-eyed reporter spotted a handful of staffers, including Spicer and Deputy Press Secretary Sarah Huckabee Sanders, walking toward the Cabinet Room.

Muffled yelling was heard coming from the area near the room, but after a reporter tweeted about the noise, press staffers quickly turned up their television volume, blasting the sound to drown out everything else.



Image may contain: 2 people, people smiling, people standing and suit

President Donald Trump with Russian ambassador to the US Sergey Kislyak, at the White House, May 10, 2017

Donald Trump has defended sharing  classified information with Russian officials, saying he had the “absolute right” to do so for “humanitarian reasons” and because he wants Russia to step up its fight against Isil.

The US president revealed highly classified information to the Russian foreign minister and ambassador during a meeting at the White House last week, it was reported on Monday night.

The US president’s actions jeopardised a critical source of intelligence on the Islamic State of Iraq and the Levant terror group, the Washington Post reported, citing unnamed US officials.

If confirmed, it would also call into question the ability of the US to protect its intelligence sources.

The Trump administration immediately rejected the claims as “false”, while several Republicans and Democrats expressed alarm that a US president could share high-level intelligence with Russia.

Read it all:

The ‘WannaCry’ Cyber Warning — Another harbinger of the world’s exposure to hackers and digital terrorists

May 16, 2017

The NSA followed protocol but it still wasn’t enough.

Image may contain: screen

The Wall Street Journal
May 15, 2017 7:02 p.m. ET

At least 150 countries are still working to contain a malicious computer worm that emerged on Friday. The unprecedented planet-wide attack is another harbinger of the world’s exposure to hackers and digital terrorists.

From London to Beijing to Moscow, hundreds of thousands of users were infected with a new variant of so-called ransomware, known as “WannaCry,” which encrypted their data and then solicited a blackmail payment to resume normal operations. This sophisticated, self-propagating malware was designed to spread to all other computers on the same network after infecting one machine. The culprits are unknown and could take years to track down, if ever.

WannaCry has renewed a debate about the obligations of defense departments to the private sector. The virus was developed by taking advantage of a software flaw in Microsoft ’s Windows operating system that the U.S. National Security Agency identified last August. The NSA develops libraries of such exploits, and an online group named Shadow Brokers infiltrated the database last year and published the material that led to WannaCry.

Microsoft blames the NSA for researching such hacking methods, but in this case the NSA followed the protocol known as the Vulnerabilities Equities Process that determines which flaws should be reserved for intelligence gathering and which should be disclosed to protect consumers. The NSA alerted Microsoft.

The company fixed the problem with a software patch in March, but users who failed to upgrade their OS remained vulnerable. Too many corporate and government information technology departments are behind the curve.

The episode underscores the folly of the U.S. law enforcement demand that tech companies install backdoors into their devices and services. Defrocked FBI Director James Comey ran a public pressure campaign against Apple in 2015 and 2016 when his agents couldn’t break the encryption of the iPhones of the San Bernardino killers, and asked Congress to mandate dedicated built-in decryption keys. WannaCry takes advantage of a coding error. An intentional outside entry point that leaked or fell into the wrong hands could lead to even larger havoc.

Witness the WannaCry meltdown at Britain’s National Health Service, where 45% of hospitals, doctors offices and ambulances were crippled. Even emergency room services had to be curtailed. The Russian Interior Ministry was also compromised. A successful cyber-attack on the banking system, the electric grid, traffic lights or electronic medical records could do far more economic and security damage.

Read the rest:

Seoul cyber experts warn of more attacks as North blamed

May 16, 2017


Image result for kim jong un photos, computer


More cyberattacks could be in the pipeline after the global havoc caused by the Wannacry ransomware, a South Korean cybersecurity expert warned Tuesday as fingers pointed at the North.

More than 200,000 computers in 150 countries were hit by the ransomware attack, described as the largest ever of its kind, over the weekend.

Since Friday, banks, hospitals and state agencies have been among the victims of hackers exploiting vulnerabilities in older versions of Microsoft computer operating systems and demanding payment in the virtual currency Bitcoin.

The code used in the latest attack shared many similarities with past hacks blamed on the North, including the targeting of Sony Pictures and the central bank of Bangladesh, said Simon Choi, director of Seoul internet security firm Hauri.

Choi, known to have vast troves of data on Pyongyang’s hacking activities, has publicly warned against potential ransomware attacks by the North since last year.

“I saw signs last year that the North was preparing ransomware attacks or even already beginning to do so, targetting some South Korean companies,” he told AFP.

He cited a major attack last year that stole the data of over 10 million users of Interpark, a Seoul-based online shopping site, in which hackers demanded bitcoin payments worth about $3 million.

Seoul police blamed the North’s main intelligence agency for the attack.

More attacks were possible, Choi said, “especially given that, unlike missile or nuclear tests, they can deny their involvement in attacks in cyberspace and get away with it”.

Security researchers in the US, Russia and Israel have also reported signs of a potential North Korean link to the latest cyberattack, although there is no conclusive evidence of that.

Google researcher Neel Mehta posted computer code showing similarities between the “WannaCry” malware and a vast hacking effort widely attributed to Pyongyang.

The isolated, nuclear-armed state is known to operate an army of thousands of hackers operating in both the North, and apparently China, and has been blamed for a number of major cyberattacks.

In November 2014, Sony Pictures Entertainment became the target of the biggest cyberattack in US corporate history, linked to its release of North Korea satire “The Interview”, hated by Pyongyang.

Washington blamed Pyongyang for the hacking, a claim it denied — though it had strongly condemned the film, which features a fictional CIA plot to assassinate leader Kim Jong-Un.



In Computer Attacks, Clues Point to Frequent Culprit: North Korea

SAN FRANCISCO — Intelligence officials and private security experts say that new digital clues point to North Korean-linked hackers as likely suspects in the sweeping ransomware attacks that have crippled computer systems around the world.

The indicators are far from conclusive, the researchers warned, and it could be weeks, if not months, before investigators are confident enough in their findings to officially point the finger at Pyongyang’s increasingly bold corps of digital hackers. The attackers based their weapon on vulnerabilities that were stolen from the National Security Agency and published last month.

Security experts at Symantec, which in the past has accurately identified attacks mounted by the United States, Israel and North Korea, found early versions of the ransomware, called WannaCry, that used tools that were also deployed against Sony Pictures Entertainment, the Bangladesh central bank last year and Polish banks in February. American officials said Monday that they had seen the same similarities.

All of those attacks were ultimately linked to North Korea; President Barack Obama formally charged the North in late 2014 with destroying computers at Sony in retaliation for a comedy, “The Interview,” that envisioned a C.I.A. plot to kill Kim Jong-un, the country’s leader.

The computer code used in the ransomware bore some striking similarities to the code used in those three attacks. That code has not been widely used, and has been seen only in attacks by North Korean-linked hackers. Researchers at Google and Kaspersky, a Moscow-based cybersecurity firm, confirmed the coding similarities.


Those clues alone are not definitive, however. Hackers often borrow and retrofit one another’s attack methods, and government agencies are known to plant “false flags” in their code to throw off forensic investigators.

“At this time, all we have is a temporal link,” said Eric Chien, an investigator at Symantec who was among the first to identify the Stuxnet worm, the American- and Israeli-led attacks on Iran’s nuclear program, and North Korea’s effort to steal millions from the Bangladeshi bank. “We want to see more coding similarities,’’ he said, “to give us more confidence.’’

The new leads about the source of the attacks came as technology executives raised an alarm about another feature of the attacks: They were based on vulnerabilities in Microsoft systems that were found by the N.S.A. and apparently stolen from it.


Read the rest:

Global pushback curbs cyberattacks but disruption goes on

May 15, 2017


The world’s biggest ransomware attack levelled off in Europe on Monday thanks to a pushback by cyber security officials after causing havoc in 150 countries, as Microsoft urged governments to heed the “wake-up call”.

The cross-border police agency Europol said the situation was “stable”, easing fears that attacks that struck computers in British hospital wards, European car factories and Russian banks would spread further at the start of the working week.

“The number of victims appears not to have gone up and so far the situation seems stable in Europe, which is a success,” senior spokesman for Europol, Jan Op Gen Oorth, told AFP.

“It seems that a lot of internet security guys over the weekend did their homework and ran the security software updates,” he said.

The indiscriminate attack was unleashed Friday, striking hundreds of thousands of computers worldwide by exploiting known vulnerabilities in older Microsoft computer operating systems.

– Like stealing missiles –

Brad Smith, Microsoft’s president and chief legal officer, said in a blog post Sunday that it was in fact the NSA that developed the code being used in the attack.

He warned governments against stockpiling such vulnerabilities and said instead they should report them to manufacturers — not sell, store or exploit them, lest they fall into the wrong hands.

“An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen,” Smith wrote.

“The governments of the world should treat this attack as a wake up call.”

AFP / Jonathan JACOBSEN, Valentina BRESCHIThe ‘Wannacry’ ransomware attack

US package delivery giant FedEx, Spanish telecoms giant Telefonica and Germany’s Deutsche Bahn rail network were among those hit in the attacks, which demanded money to allow users to unblock their computers.

In China, “hundreds of thousands” of computers were affected, including petrol stations, cash machines and universities, according to Qihoo 360, one of China’s largest providers of antivirus software.

French carmaker Renault said its Douai plant, one of its biggest sites in France employing 5,500 people, would be shut on Monday as systems were upgraded.

Europol executive director Rob Wainwright told Britain’s ITV television on Sunday that the attack had been “unprecedented”.

“We’ve never seen anything like this,” he said.

– ‘Ooops’ message, $300 ransom –

The attack blocks computers and puts up images on victims’ screens demanding payment of $300 (275 euros) in the virtual currency Bitcoin, saying: “Ooops, your files have been encrypted!”

AFP/File / Peter PARKSThe attack blocks computers and puts up images on victims’ screens demanding payment of $300 (275 euros) in the virtual currency Bitcoin, saying: “Ooops, your files have been encrypted!”

Payment is demanded within three days or the price is doubled, and if none is received within seven days the locked files will be deleted, according to the screen message.

Bitcoin, the world’s most-used virtual currency, allows anonymous transactions via heavily encrypted codes.

Experts and governments alike warn against ceding to the demands and Wainwright said few victims so far had been paying up.

Security firm Digital Shadows said on Sunday that transactions totalling $32,000 had taken place through Bitcoin addresses used by the ransomware.

The culprits used a digital code believed to have been developed by the US National Security Agency — and subsequently leaked as part of a document dump, according to researchers at the Moscow-based computer security firm Kaspersky Lab.

A hacking group called Shadow Brokers released the malware in April, claiming to have discovered the flaw from the NSA, Kaspersky said.

AFP/File / Andrew CABALLERO-REYNOLDSEuropol says more than 200,000 computers around the world were affected over the weekend in what it describes as “an unprecedented attack” 

The attack is unique, according to Europol, because it combines ransomware with a worm function, meaning once one machine is infected, the entire internal network is scanned and other vulnerable machines are infected.

The attack therefore spread faster than previous, smaller-scale ransomware attacks.

– Banks, trains and automobiles –

Anti-virus experts Symantec said the majority of organisations affected were in Europe.

Europol said few banks in Europe had been affected, having learned through the “painful experience of being the number one target of cyber crime” the value of having the latest cyber security in place.

Russia said its banking system was among the victims of the attacks, along with the railway system, although it added that no problems were detected.

French carmaker Renault was forced to stop production at sites in France, Slovenia and Romania, while FedEx said it was “implementing remediation steps as quickly as possible”.

Dozens of hospitals in Britain’s National Health Service were affected and several still had to cancel appointments on Monday, as doctors warned of delays as they cannot access medical records.



 Image result for NSA, photos

Putin Blames U.S. for WannaCry Computer Virus

May 15, 2017

.Putin, NHS hack

Putin blamed the US for creating tools to exploit Microsoft flaw and denies Russian involvement in the hack

By Max Seddon
FT (Financial Times)

Russian president Vladimir Putin says US intelligence services are to blame for the WannaCry virus that affected tens of thousands of computers worldwide last week.

Speaking in Beijing on Monday, Mr Putin said:

“Microsoft said it directly: the initial source of this virus is the United States security agencies, Russia’s got absolutely nothing to do with it. Given that, it’s strange to hear anything else.”

Russia was the country most affected by the attack, which hit its interior ministry, mobile provider MegaFon, Sberbank, as well as a number of other ministries and state-run firms.

Image may contain: 1 person, closeup

“There was no significant damage for us or for our institutions – whether it’s banking, healthcare, or anything else. But in general it’s worrying, there’s nothing good about it, it’s concerning,” Mr Putin said.

President Putin repeated Russia’s calls to sign a legal memorandum with the US on cybersecurity, which was rejected by Barack Obama’s White House last year.

“Genies let out of bottles like these, especially if they’ve been created by the secret services, can then harm even their own authors and creators. We need to discuss this issue without delay at a serious political level and develop a defense system against events like this.”

See also:

“The governments of the world should treat this attack as a wake-up call,” In a statement, Microsoft president Brad Smith said. “Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.”

Microsoft released a patch over the weekend for the Eternal Blue vulnerability that defends against it even with older versions of Windows.


 Image result for NSA, photos

Edward Snowden says NSA should have prevented cyber attack

May 15, 2017

The malicious software was developed by the National Security Council and funded by American taxpayers before being leaked

By Chloe Farand
The Independent



Edward Snowden said the NSA had been warned it attack tools could be used to target western softwares

Edward Snowden has blamed the National Security Agency for not preventing a cyber attack which infiltrated the computer systems of organisations in 74 countries around the world.

In a tweet, the National Security Agency (NSA) whistleblower said: “Despite warnings, @NSAGov built dangerous attack tools that could target Western software. Today we see the cost.”

Dozens of hospital trusts across the UK have been hit by a huge cyber attack, believed to be the biggest of its kind ever recorded, which plunged the NHS into chaos.

 Image result for NSA, photos

The malicious software, which locked up computers and held users’ files for ransom, is believed to have been stolen from the NSA and leaked.

Reports say the ransomware is taking advantage of EternalBlue, an exploit used by NSA spies to secretly break into Windows machines.

According to the New York Times, a group calling itself the “Shadow Brokers” began to post software tools that came from the US government’s stockpile of hacking weapons last summer.

The malware, called Wanna Detector, is also believed to have been leaked in WikiLeaks’ Vault 7 release earlier this year.

If NSA builds a weapon to attack Windows XP—which Microsoft refuses to patches—and it falls into enemy hands, should NSA write a patch? 

Mr Snowden said the US Congress should be asking the NSA if it is aware of any vulnerabilities of the software that could be exploited.

“If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened,” he tweeted.

The whistleblower pointed the finger of blame at the NSA and said that if it had disclosed system vulnerabilities, “hospitals would have had years – not months – to prepare”.

The Times reported this was the first time a cyber weapon developed by the NSA, which was funded by American taxpayers, had been stolen and unleashed against patients, hospitals, businesses and governments.

The US never acknowledged the cyber weapons posted by “Shadow Brokers” belonged to the NSA but it was reportedly confirmed by former intelligence officials.

Mr Snowden said the NSA had been warned of the dangers of building these cyber weapons but now the attack will raise questions over countries’ intelligence services’ ability to prevent the tools from being stolen and turned against them.

Hackers seemingly took advantage of the fact hospitals had not updated their IT systems.

Dr Krishna Chinthapalli, a doctor who predicted a cyber attack on the NHS in an article published just two days ago, has said hackers had been targeting hospitals for a couple of years.

His article, ‘The hackers holding hospitals to ransom’, published in the British Medical Journal (BMJ) on Wednesday, described NHS organisations as the “ideal victims” of cyber attacks, and said dozens of smaller hacks had happened in the past.

Earlier this week, the BMJ said up to 90 per cent of NHS computers still ran Windows XP and previous reports found public health organisations were using an outdated version of Microsoft Windows that was not equipped with security updates.

Britain’s National Cyber Security Centre said teams were working “round the clock” to restore hospital computer systems. The cost of the cyber attack is not yet known.

The attack has been reported in 74 countries, including Ukraine, India, Taiwan, Japan and Spain, with Russia believed to have been hit the hardest.

Cyberattack Is Likely to Keep Spreading — Global Manhunt Under Way

May 15, 2017

Security experts warn of possible new woes as systems are used again after weekend

Network cables are seen going into a server in an office building in Washington, D.C., on Saturday.

Network cables are seen going into a server in an office building in Washington, D.C., on Saturday. PHOTO: ANDREW CABALLERO-REYNOLDS/AGENCE FRANCE-PRESSE/GETTY IMAGES

Updated May 15, 2017 3:31 a.m. ET

The cyberattack that spread around the globe over the weekend, hitting businesses, hospitals and government agencies in at least 150 countries, infected more computers as users returned to work early Monday.

Investigators launched a far-reaching hunt for the perpetrator, as institutions around the world worked to mitigate damage from the highest-profile computer-worm outbreak in nearly a decade.

Europe’s police-coordination agency estimated at least 200,000 individual terminals had fallen victim to the attack, while Chinese authorities put the number as high as 1 million world-wide.

The fallout in the early hours of Monday morning appeared limited, with some government agencies in Asia reporting that operations had been affected as employees returned to work after the weekend.

“This is something we haven’t seen before,” Europol director Rob Wainwright told U.K. television channel ITV. “The global reach is unprecedented.”

Among the highest-profile corporate victims was French auto maker Renault SA,RNO -0.63% which was forced to shut down factories across Europe.

When workers arrived at a Renault plant in Sandouville, in northern France, on Saturday morning, TV screens that usually update staff on company productivity had a different message: A demand, in French, for $300 in ransom. The screens also showed two clocks counting down the time Renault had to deliver the payments before the factory’s files were deleted.

“Everyone was running around, saying we’ve been hacked,” said Mohamed Amri, a 41-year-old parts maker. “It spread like wildfire.”

The cyberattack involved a ransomware dubbed WannaCry, designed to spread quickly after infecting computers. Files on affected computers were encrypted, and users were told to pay a ransom with bitcoin, an untraceable online currency, to unscramble them.

So far, the virus hasn’t been blamed for destroying hardware itself. Where users have backed up data, long-term damage likely can be limited. But some targets responding to the attack had to shut down entire systems to help combat or slow the virus.

The computers of dozens of hospitals and health-care facilities in the U.K. were affected, but officials said that—so far—there was no indication patients had been put in grave danger from the outages. They also said patient data hadn’t been stolen. German train operator Deutsche Bahn AG said its trains were running as usual despite the attack, though it was straining to get its computer systems back online. U.S. delivery companyFedEx Corp. was also affected.

Japan’s Hitachi Ltd. said Monday that its email system had been hit. It said system failures had affected it in Japan and overseas, and that the issue hadn’t yet been resolved as of Monday morning.

The police force in Yancheng, a Chinese city 200 miles north of Shanghai, apologized on its official social-media account for being unable to provide certain services because of the virus. A swath of Chinese gasoline stations, run by China National Petroleum Corp., was closed because of the attack.

Russia’s central bank said domestic banks had been targeted, according to state news agency RIA. Sberbank , Russia’s largest lender, said Friday night its cyber infrastructure had been targeted but that it had fended off the attack, news wires reported. The country’s interior ministry said around 1,000 computers had been affected, but that the attack had been localized.

Britain’s National Cyber Security Center, a government agency, said Sunday that there hadn’t been any new attacks similar to Friday’s, but that existing infections from the malware could continue to spread within networks.

“This means that as a new working week begins it is likely, in the U.K. and elsewhere, that further cases of ransomware may come to light, possibly at a significant scale,” the agency said.

The virus was slowed down over the weekend by the identification and activation of a “kill switch” embedded in the virus’ code, computer experts said. But few believe it was halted completely, and one security expert had identified late Sunday at least one new strain, unaffected by the kill switch, though it was spreading slowly.

While the U.S. appears relatively unscathed compared with Europe and Asia, the Federal Bureau of Investigation, the National Security Agency and the Department of Homeland Security all were on the case. Tom Bossert, President Donald Trump’s homeland security and counterterrorism adviser, held emergency meetings with cabinet members Friday night and Saturday morning at the White House, an administration official said Sunday.

Government agencies have started a global manhunt for the perpetrator—a complex international probe that requires the same sort of cooperation and intelligence sharing common in large terrorist attacks.

Security experts have been able to track a small amount of bitcoin transactions they said were likely ransom linked to the attack. It was impossible to say how many companies were paying, or whom they were paying. Unlike bank and other financial accounts, bitcoin accounts are theoretically untraceable to their owners.

The attack took advantage of security vulnerabilities in Microsoft Corp. MSFT -0.12%software that was either too old to be supported by security patches or hadn’t been patched by users. Microsoft on Sunday said that the software tool used in the attack came from code stolen from the National Security Agency. The NSA has declined to comment on the matter.


  • Britain’s National Health Service (up to 48 health care groups in the national system)
  • Renault SA
  • Nissan Motor Co.
  • China National Petroleum Corp.
  • Russian Interior Ministry
  • FedEx Corp.
  • Deutsche Bahn
  • Telefónica SA
  • Indonesian hospitals Rumah Sakit Harapan Kita and Rumah Sakit Dharmai
  • North Caspian Operating Co. (Kazakhstan)
  • Yancheng (China) police department
  • Sberbank (and other Russian banks)
  • Brazil’s social security agency

None of the infected computers had installed a March 14 software patch by Microsoft that stopped the worm, either because they were running older versions of Microsoft Windows that no longer received software updates, or because companies had simply delayed installing the software.

An early sign of trouble at the Renault plant in Sandouville came when the assembly line’s alarm system stopped working early Saturday—right after the demand for ransom appeared on TV screens. Tanguy Deschamps, a 38-year-old who was working at the factory when the virus hit, said the alarms were failing to sound whenever workers tried to alert others to crooked or improperly welded parts.

Management told workers to unplug the machines.

At 1 a.m. French time, Malik Denon was making final alterations on cars that were almost finished when his boss came down to tell him Renault had been hacked. At first, Mr. Denon thought it was a joke, but his boss wasn’t laughing.

“He was panicked,” Mr. Denon said.

Séverin Beuche, a local IT expert, was called to the plant Saturday morning to help restart the site.

“I’ve never seen something of this size,” Mr. Beuche said. He and a crisis unit worked around the clock to rebuild servers that had been crippled.

The auto maker’s cybersecurity team time pored over company computer systems before the factories were due to resume full production on Monday.

The assembly remained dormant much of Saturday. Instead of making car parts, workers were asked to tidy up the factory. Union officials estimated that 100 cars weren’t produced at the plant as a result of the hack.

Write to Nick Kostov at, Jenny Gross at and Stu Woo at