Posts Tagged ‘NSA’

Former CIA Chief Brennan Says Russians Were in Contact With Trump Campaign Associates

May 23, 2017

Brennan said Russia ‘brazenly’ interfered in the presidential election despite a direct warning to a top Kremlin official

 Former CIA director John Brennan

WASHINGTON—Former CIA director John Brennan testified Tuesday that contacts by Donald Trump campaign associates with Russian officials last year raised concerns that the Kremlin could try to cultivate people close to Mr. Trump, shedding light on why federal agents began a full investigation.

Mr. Brennan also disclosed that the intelligence community’s alarm about Russia “brazenly” interfering in the 2016 presidential election prompted him to warn his Russian intelligence counterpart last summer to stop meddling in U.S. politics.

In testimony before the House Intelligence Committee, Mr. Brennan explained the basis for the Federal Bureau of Investigation counterintelligence investigation that was opened after the election, which is looking at potential collusion between the campaign and Russia.

“I encountered and I’m aware of information and intelligence that revealed contacts and interactions between Russian officials and U.S. persons involved in the Trump campaign,” said Mr. Brennan, the head of the Central Intelligence Agency under former President Barack Obama.

Mr. Brennan said he didn’t know if these contacts by people tied to the campaign amounted to “collusion” with Russian officials, but said that a common Russian intelligence technique involved cultivating Americans as either witting or unwitting intelligence assets.

Mr. Brennan said he was concerned because of “known Russian efforts to suborn such individuals.”

He said that the contacts picked up by U.S. intelligence justified the opening of an FBI investigation that has overshadowed Mr. Trump’s presidency.

“I know that there was a sufficient basis of information and intelligence that required further investigation by the bureau to determine whether or not U.S. persons were actively conspiring, colluding with Russian officials,” said Mr. Brennan.

Mr. Brennan declined to discuss the specific information that his assessments were based on in the open hearing, saying that much of the information was classified. The House Intelligence Committee subsequently continued the hearing with Mr. Brennan in a classified, closed-door setting.

Mr. Trump has denied that he or his campaign coordinated with any foreign entity, and Russia has denied meddling in the election. Mr. Trump has said continuing questions about his campaign’s Russia contacts amount to a “witch hunt.”

Image may contain: 1 person, suit

Director of National Intelligence Dan Coats

The FBI investigation is now being overseen by a special counsel, Robert Mueller, after Mr. Trump’s firing of FBI Director James Comey raised questions about whether the president was trying to quash the probe into whether his associates had contacts with Russians.

Mr. Trump asked Mr. Comey to end an investigation into his former national security adviser, Mike Flynn, according to people close to Mr. Comey. Mr. Trump has denied he made the request.

In a separate hearing Tuesday morning, Director of National Intelligence Dan Coats declined to confirm or deny that Mr. Trump had asked him to publicly state there was no collusion between the Trump presidential campaign and the Russian government in response to a Washington Post report.

The Post reported that the president asked Mr. Coats and the National Security Agency director, Adm. Mike Rogers, to publicly deny the existence of any evidence of collusion between the campaign and Russia.

Mr. Coats said it wasn’t appropriate to comment about the topic in his public testimony before the Senate Armed Services Committee.

“We discuss a number of topics on a very regular basis,” Mr. Coats said. “On this topic, as well as other topics, I don’t feel it’s appropriate to characterize discussions, conversations with the president.”

Mr. Coats was asked if he had discussed with Adm. Rogers any request from Mr. Trump regarding collusion. Mr. Coats responded: “That is something that I would like to withhold, that question, at this particular point in time.”

Mr. Coats was also asked if he knew of any efforts by the White House to interfere in other aspects of the Russia inquiry, including allegations the president asked Mr. Comey to ease off investigating Mr. Flynn. “I am not aware of that,” Mr. Coats said.

Mr. Brennan, the former CIA chief, said in his testimony that the intelligence community determined by last August that there was a “very aggressive” effort by Russia to intervene in the 2016 election.

Mr. Brennan described a previously undisclosed warning he made to his counterpart in Russian intelligence, Alexander Bortnikov, the head of the Russian FSB service, not to interfere in the U.S. election in an August phone call. According to Mr. Brennan’s account, Mr. Bortnikov denied any attempt to intervene and said Moscow is routinely and falsely blamed for such efforts by the U.S. government.

Write to Byron Tau at and Joshua Jamerson at

Trump asked intelligence chiefs to push back against FBI collusion probe after Comey revealed its existence

May 23, 2017
The Washington Post
May 22 at 6:23 PM
President Trump asked two of the nation’s top intelligence officials in March to help him push back against an FBI investigation into possible coordination between his campaign and the Russian government, according to current and former officials.Trump made separate appeals to the director of national intelligence, Daniel Coats, and to Adm. Michael S. Rogers, the director of the National Security Agency, urging them to publicly deny the existence of any evidence of collusion during the 2016 election.

Coats and Rogers refused to comply with the requests, which they both deemed to be inappropriate, according to two current and two former officials, who spoke on the condition of anonymity to discuss private communications with the president.

Trump sought the assistance of Coats and Rogers after FBI Director James B. Comey told the House Intelligence Committee on March 20 that the FBI was investigating “the nature of any links between individuals associated with the Trump campaign and the Russian government and whether there was any coordination between the campaign and Russia’s efforts.”

Trump’s conversation with Rogers was documented contemporaneously in an internal memo written by a senior NSA official, according to the officials. It is unclear if a similar memo was prepared by the Office of the Director of National Intelligence to document Trump’s conversation with Coats. Officials said such memos could be made available to both the special counsel now overseeing the Russia investigation and congressional investigators, who might explore whether Trump sought to impede the FBI’s work.

White House officials say Comey’s testimony about the scope of the FBI investigation upset Trump, who has dismissed the FBI and congressional investigations as a “witch hunt.” The president has repeatedly said there was no collusion.

Current and former senior intelligence officials viewed Trump’s requests as an attempt by the president to tarnish the credibility of the agency leading the Russia investigation.

A senior intelligence official said Trump’s goal was to “muddy the waters” about the scope of the FBI probe at a time when Democrats were ramping up their calls for the Justice Department to appoint a special counsel, a step announced last week.

Senior intelligence officials also saw the March requests as a threat to the independence of U.S. spy agencies, which are supposed to remain insulated from partisan issues.

“The problem wasn’t so much asking them to issue statements, it was asking them to issue false statements about an ongoing investigation,” a former senior intelligence official said of the request to Coats.

The NSA and Brian Hale, a spokesman for Coats, declined to comment, citing the ongoing investigation.

The turmoil surrounding former FBI Director James Comey and President Trump started long before Comey was fired on May 9. Here are the pivotal moments in Comey’s time as head of the agency. (Jenny Starrs,Julio Negron/The Washington Post)

“The White House does not confirm or deny unsubstantiated claims based on illegal leaks from anonymous individuals,” a White House spokesman said. “The president will continue to focus on his agenda that he was elected to pursue by the American people.”

In addition to the requests to Coats and Rogers, senior White House officials sounded out top intelligence officials about the possibility of intervening directly with Comey to encourage the FBI to drop its probe of Michael Flynn, Trump’s former national security adviser, according to people familiar with the matter. The officials said the White House appeared uncertain about its power to influence the FBI.

“Can we ask him to shut down the investigation? Are you able to assist in this matter?” one official said of the line of questioning from the White House.

Rep. Adam B. Schiff (Calif.), the ranking Democrat on the House intelligence committee, said the report is “yet another disturbing allegation that the President was interfering in the FBI probe.” Schiff said in a statement that Congress “will need to bring the relevant officials back to testify on these matters, and obtain any memoranda that reflect such conversations.”

The new revelations add to a growing body of evidence that Trump sought to co-opt and then undermine Comey before he fired him May 9. According to notes kept by Comey, Trump first asked for his loyalty at a dinner in January and then, at a meeting the next month, asked him to drop the probe into Flynn. Trump disputes those accounts.

Current and former officials said that Trump either lacks an understanding of the FBI’s role as an independent law enforcement agency or does not care about maintaining such boundaries.

Trump’s effort to use the director of national intelligence and the NSA director to dispute Comey’s statement and to say there was no evidence of collusion echoes President Richard Nixon’s “unsuccessful efforts to use the CIA to shut down the FBI’s investigation of the Watergate break-in on national security grounds,” said Jeffrey H. Smith, a former general counsel at the CIA. Smith called Trump’s actions “an appalling abuse of power.”

Trump made his appeal to Coats days after Comey’s testimony, according to officials.

That same week, Trump telephoned Rogers to make a similar appeal.

In his call with Rogers, Trump urged the NSA director to speak out publicly if there was no evidence of collusion, according to officials briefed on the exchange.

Rogers was taken aback but tried to respectfully explain why he could not do so, the officials said. For one thing, he could not comment on an ongoing investigation. Rogers added that he would not talk about classified matters in public.

While relations between Trump and Comey were strained by the Russia probe, ties between the president and the other intelligence chiefs, including Rogers, Coats and CIA Director Mike Pompeo, appear to be less contentious, according to officials.

Rogers met with Trump in New York shortly after the election, and Trump’s advisers at the time held him out as the leading candidate to be the next director of national intelligence.

The Washington Post subsequently reported that President Barack Obama’s defense secretary and director of national intelligence had recommended that Rogers be removed as head of the NSA.

Ultimately, Trump decided to nominate Coats, rather than Rogers. Coats was sworn in just days before the president made his request.

In February, the Trump White House also sought to enlist senior members of the intelligence community and Congress to push back against suggestions that Trump associates were in frequent contact with Russian officials. But in that case, the White House effort was designed to refute news accounts, not the testimony of a sitting FBI director who was leading an open investigation.

Trump and his allies in Congress have similarly sought to deflect scrutiny over Russia by attempting to pit U.S. intelligence agencies against one another.

In December, Trump’s congressional allies falsely claimed that the FBI did not concur with a CIA assessment that Russia intervened in the 2016 election to help Trump win the White House. Comey and then-CIA Director John Brennan later said that the bureau and the agency were in full agreement on Moscow’s intentions.

As the director of national intelligence, Coats leads the vast U.S. intelligence community, which includes the FBI. But that does not mean he has full visibility into the FBI probe. Coats’s predecessor in the job, James R. Clapper Jr., recently acknowledged that Comey did not brief him on the scope of the Russia investigation. Similarly, it is unclear to what extent the FBI has brought Coats up to speed on the probe’s most sensitive findings.


See also:

Trump asked DNI, NSA to deny evidence of Russia collusion

The ‘WannaCry’ Cyber Warning — Another harbinger of the world’s exposure to hackers and digital terrorists

May 16, 2017

The NSA followed protocol but it still wasn’t enough.

Image may contain: screen

The Wall Street Journal
May 15, 2017 7:02 p.m. ET

At least 150 countries are still working to contain a malicious computer worm that emerged on Friday. The unprecedented planet-wide attack is another harbinger of the world’s exposure to hackers and digital terrorists.

From London to Beijing to Moscow, hundreds of thousands of users were infected with a new variant of so-called ransomware, known as “WannaCry,” which encrypted their data and then solicited a blackmail payment to resume normal operations. This sophisticated, self-propagating malware was designed to spread to all other computers on the same network after infecting one machine. The culprits are unknown and could take years to track down, if ever.

WannaCry has renewed a debate about the obligations of defense departments to the private sector. The virus was developed by taking advantage of a software flaw in Microsoft ’s Windows operating system that the U.S. National Security Agency identified last August. The NSA develops libraries of such exploits, and an online group named Shadow Brokers infiltrated the database last year and published the material that led to WannaCry.

Microsoft blames the NSA for researching such hacking methods, but in this case the NSA followed the protocol known as the Vulnerabilities Equities Process that determines which flaws should be reserved for intelligence gathering and which should be disclosed to protect consumers. The NSA alerted Microsoft.

The company fixed the problem with a software patch in March, but users who failed to upgrade their OS remained vulnerable. Too many corporate and government information technology departments are behind the curve.

The episode underscores the folly of the U.S. law enforcement demand that tech companies install backdoors into their devices and services. Defrocked FBI Director James Comey ran a public pressure campaign against Apple in 2015 and 2016 when his agents couldn’t break the encryption of the iPhones of the San Bernardino killers, and asked Congress to mandate dedicated built-in decryption keys. WannaCry takes advantage of a coding error. An intentional outside entry point that leaked or fell into the wrong hands could lead to even larger havoc.

Witness the WannaCry meltdown at Britain’s National Health Service, where 45% of hospitals, doctors offices and ambulances were crippled. Even emergency room services had to be curtailed. The Russian Interior Ministry was also compromised. A successful cyber-attack on the banking system, the electric grid, traffic lights or electronic medical records could do far more economic and security damage.

Read the rest:

Global pushback curbs cyberattacks but disruption goes on

May 15, 2017


The world’s biggest ransomware attack levelled off in Europe on Monday thanks to a pushback by cyber security officials after causing havoc in 150 countries, as Microsoft urged governments to heed the “wake-up call”.

The cross-border police agency Europol said the situation was “stable”, easing fears that attacks that struck computers in British hospital wards, European car factories and Russian banks would spread further at the start of the working week.

“The number of victims appears not to have gone up and so far the situation seems stable in Europe, which is a success,” senior spokesman for Europol, Jan Op Gen Oorth, told AFP.

“It seems that a lot of internet security guys over the weekend did their homework and ran the security software updates,” he said.

The indiscriminate attack was unleashed Friday, striking hundreds of thousands of computers worldwide by exploiting known vulnerabilities in older Microsoft computer operating systems.

– Like stealing missiles –

Brad Smith, Microsoft’s president and chief legal officer, said in a blog post Sunday that it was in fact the NSA that developed the code being used in the attack.

He warned governments against stockpiling such vulnerabilities and said instead they should report them to manufacturers — not sell, store or exploit them, lest they fall into the wrong hands.

“An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen,” Smith wrote.

“The governments of the world should treat this attack as a wake up call.”

AFP / Jonathan JACOBSEN, Valentina BRESCHIThe ‘Wannacry’ ransomware attack

US package delivery giant FedEx, Spanish telecoms giant Telefonica and Germany’s Deutsche Bahn rail network were among those hit in the attacks, which demanded money to allow users to unblock their computers.

In China, “hundreds of thousands” of computers were affected, including petrol stations, cash machines and universities, according to Qihoo 360, one of China’s largest providers of antivirus software.

French carmaker Renault said its Douai plant, one of its biggest sites in France employing 5,500 people, would be shut on Monday as systems were upgraded.

Europol executive director Rob Wainwright told Britain’s ITV television on Sunday that the attack had been “unprecedented”.

“We’ve never seen anything like this,” he said.

– ‘Ooops’ message, $300 ransom –

The attack blocks computers and puts up images on victims’ screens demanding payment of $300 (275 euros) in the virtual currency Bitcoin, saying: “Ooops, your files have been encrypted!”

AFP/File / Peter PARKSThe attack blocks computers and puts up images on victims’ screens demanding payment of $300 (275 euros) in the virtual currency Bitcoin, saying: “Ooops, your files have been encrypted!”

Payment is demanded within three days or the price is doubled, and if none is received within seven days the locked files will be deleted, according to the screen message.

Bitcoin, the world’s most-used virtual currency, allows anonymous transactions via heavily encrypted codes.

Experts and governments alike warn against ceding to the demands and Wainwright said few victims so far had been paying up.

Security firm Digital Shadows said on Sunday that transactions totalling $32,000 had taken place through Bitcoin addresses used by the ransomware.

The culprits used a digital code believed to have been developed by the US National Security Agency — and subsequently leaked as part of a document dump, according to researchers at the Moscow-based computer security firm Kaspersky Lab.

A hacking group called Shadow Brokers released the malware in April, claiming to have discovered the flaw from the NSA, Kaspersky said.

AFP/File / Andrew CABALLERO-REYNOLDSEuropol says more than 200,000 computers around the world were affected over the weekend in what it describes as “an unprecedented attack” 

The attack is unique, according to Europol, because it combines ransomware with a worm function, meaning once one machine is infected, the entire internal network is scanned and other vulnerable machines are infected.

The attack therefore spread faster than previous, smaller-scale ransomware attacks.

– Banks, trains and automobiles –

Anti-virus experts Symantec said the majority of organisations affected were in Europe.

Europol said few banks in Europe had been affected, having learned through the “painful experience of being the number one target of cyber crime” the value of having the latest cyber security in place.

Russia said its banking system was among the victims of the attacks, along with the railway system, although it added that no problems were detected.

French carmaker Renault was forced to stop production at sites in France, Slovenia and Romania, while FedEx said it was “implementing remediation steps as quickly as possible”.

Dozens of hospitals in Britain’s National Health Service were affected and several still had to cancel appointments on Monday, as doctors warned of delays as they cannot access medical records.



 Image result for NSA, photos

Putin Blames U.S. for WannaCry Computer Virus

May 15, 2017

.Putin, NHS hack

Putin blamed the US for creating tools to exploit Microsoft flaw and denies Russian involvement in the hack

By Max Seddon
FT (Financial Times)

Russian president Vladimir Putin says US intelligence services are to blame for the WannaCry virus that affected tens of thousands of computers worldwide last week.

Speaking in Beijing on Monday, Mr Putin said:

“Microsoft said it directly: the initial source of this virus is the United States security agencies, Russia’s got absolutely nothing to do with it. Given that, it’s strange to hear anything else.”

Russia was the country most affected by the attack, which hit its interior ministry, mobile provider MegaFon, Sberbank, as well as a number of other ministries and state-run firms.

Image may contain: 1 person, closeup

“There was no significant damage for us or for our institutions – whether it’s banking, healthcare, or anything else. But in general it’s worrying, there’s nothing good about it, it’s concerning,” Mr Putin said.

President Putin repeated Russia’s calls to sign a legal memorandum with the US on cybersecurity, which was rejected by Barack Obama’s White House last year.

“Genies let out of bottles like these, especially if they’ve been created by the secret services, can then harm even their own authors and creators. We need to discuss this issue without delay at a serious political level and develop a defense system against events like this.”

See also:

“The governments of the world should treat this attack as a wake-up call,” In a statement, Microsoft president Brad Smith said. “Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.”

Microsoft released a patch over the weekend for the Eternal Blue vulnerability that defends against it even with older versions of Windows.


 Image result for NSA, photos

Edward Snowden says NSA should have prevented cyber attack

May 15, 2017

The malicious software was developed by the National Security Council and funded by American taxpayers before being leaked

By Chloe Farand
The Independent



Edward Snowden said the NSA had been warned it attack tools could be used to target western softwares

Edward Snowden has blamed the National Security Agency for not preventing a cyber attack which infiltrated the computer systems of organisations in 74 countries around the world.

In a tweet, the National Security Agency (NSA) whistleblower said: “Despite warnings, @NSAGov built dangerous attack tools that could target Western software. Today we see the cost.”

Dozens of hospital trusts across the UK have been hit by a huge cyber attack, believed to be the biggest of its kind ever recorded, which plunged the NHS into chaos.

 Image result for NSA, photos

The malicious software, which locked up computers and held users’ files for ransom, is believed to have been stolen from the NSA and leaked.

Reports say the ransomware is taking advantage of EternalBlue, an exploit used by NSA spies to secretly break into Windows machines.

According to the New York Times, a group calling itself the “Shadow Brokers” began to post software tools that came from the US government’s stockpile of hacking weapons last summer.

The malware, called Wanna Detector, is also believed to have been leaked in WikiLeaks’ Vault 7 release earlier this year.

If NSA builds a weapon to attack Windows XP—which Microsoft refuses to patches—and it falls into enemy hands, should NSA write a patch? 

Mr Snowden said the US Congress should be asking the NSA if it is aware of any vulnerabilities of the software that could be exploited.

“If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened,” he tweeted.

The whistleblower pointed the finger of blame at the NSA and said that if it had disclosed system vulnerabilities, “hospitals would have had years – not months – to prepare”.

The Times reported this was the first time a cyber weapon developed by the NSA, which was funded by American taxpayers, had been stolen and unleashed against patients, hospitals, businesses and governments.

The US never acknowledged the cyber weapons posted by “Shadow Brokers” belonged to the NSA but it was reportedly confirmed by former intelligence officials.

Mr Snowden said the NSA had been warned of the dangers of building these cyber weapons but now the attack will raise questions over countries’ intelligence services’ ability to prevent the tools from being stolen and turned against them.

Hackers seemingly took advantage of the fact hospitals had not updated their IT systems.

Dr Krishna Chinthapalli, a doctor who predicted a cyber attack on the NHS in an article published just two days ago, has said hackers had been targeting hospitals for a couple of years.

His article, ‘The hackers holding hospitals to ransom’, published in the British Medical Journal (BMJ) on Wednesday, described NHS organisations as the “ideal victims” of cyber attacks, and said dozens of smaller hacks had happened in the past.

Earlier this week, the BMJ said up to 90 per cent of NHS computers still ran Windows XP and previous reports found public health organisations were using an outdated version of Microsoft Windows that was not equipped with security updates.

Britain’s National Cyber Security Centre said teams were working “round the clock” to restore hospital computer systems. The cost of the cyber attack is not yet known.

The attack has been reported in 74 countries, including Ukraine, India, Taiwan, Japan and Spain, with Russia believed to have been hit the hardest.

Businesses brace for Monday as ransomware threat lingers

May 14, 2017

A projection of cyber code on a hooded man is pictured in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration
By Jeremy Wagstaff and Jim Finkle | SINGAPORE/TORONTO

Technical staff scrambled on Sunday to patch computers and restore infected ones, amid fears that the ransomware worm that stopped car factories, hospitals, shops and schools could wreak fresh havoc on Monday when employees log back on.

The spread of the virus dubbed WannaCry – “ransomware” which locked up more than 100,000 computers – had slowed, cybersecurity experts said, but they warned that the respite may be brief.

New versions of the worm were expected, and the extent of the damage from Friday’s attack was still unclear.


A worker is seen completing final checks on the production line at Nissan car plant in Sunderland, northern England, June 24, 2010. REUTERS/Nigel Roddis/File photo

Marin Ivezic, cybersecurity partner at PwC, said that some clients had been “working around the clock since the story broke” to restore systems and install software updates, or patches, or restore systems from backups.

Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.

Code for exploiting that bug, which is known as “Eternal Blue,” was released on the internet in March by a hacking group known as the Shadow Brokers.

The group claimed it was stolen from a repository of National Security Agency hacking tools. The agency has not responded to requests for comment.

Hong Kong-based Ivezic said that the ransomware was forcing some more “mature” clients affected by the worm to abandon their usual cautious testing of patches “to do unscheduled downtime and urgent patching which is causing some inconvenience.”

He declined to identify which clients had been affected.


Monday was expected to be a busy day, especially in Asia which may not have seen the worst of the impact yet, as companies and organisations turned on their computers.

“Expect to hear a lot more about this tomorrow morning when users are back in their offices and might fall for phishing emails” or other as yet unconfirmed ways the worm may propagate, said Christian Karam, a Singapore-based security researcher.

Targets both large and small have been hit.

Renault on Saturday said it had halted manufacturing at plants in Sandouville, France, and Romania to prevent the spread of ransomware in its systems.

Among the other victims is a Nissan manufacturing plant in Sunderland, northeast England.

Hundreds of hospitals and clinics in the British National Health Service were infected on Friday, forcing them to send patients to other facilities.

German rail operator Deutsche Bahn said some electronic signs at stations announcing arrivals and departures were infected.

In Asia, some hospitals, schools, universities and other institutions were affected. International shipper FedEx Corp said some of its Windows computers were also breached.

Telecommunications company Telefonica was among the targets in Spain. Portugal Telecom and Telefonica Argentina both said they were also targeted.

A Jakarta hospital said on Sunday that the cyber virus had infected 400 computers, disrupting the registration of patients and finding records. The hospital said it expected big queues on Monday when about 500 people were due to register.

In Singapore, a company that supplies digital signage, MediaOnline, was rushing to fix its systems after a technician’s error had led to 12 kiosks being infected in two of the island’s malls. Director Dennis So said the systems were not connected to the malls’ or tenants’ networks.

Symantec, a cybersecurity company, predicted infections so far would cost tens of millions of dollars, mostly from cleaning corporate networks. Ransoms paid amount to tens of thousands of dollars, one analyst said, but he predicted they would rise.

Governments and private security firms on Saturday said that they expected hackers to tweak the malicious code used in Friday’s attack, restoring the ability to self-replicate.

“This particular attack was relatively easy to shut down,” said Bryce Boland, Asia Pacific chief technology officer for FireEye, a cybersecurity company.

But he said it would be straightforward for the existing attackers to launch new releases or for other ransomware authors to start copying the way the malware replicated.

The U.S. government on Saturday issued a technical alert with advice on how to protect against the attacks, asking victims to report attacks to the Federal Bureau of Investigation or Department of Homeland Security.

(Additional reporting by Additional reporting by Neil Jerome Morales, Masayuki Kitano, Kiyoshi Takenaka, Jose Rodriguez, Emmanuel Jarry, Orathai Sriring, Jemima Kelly, Alistair Smout, Andrea Shalal, Jack Stubbs, Antonella Cinelli, Dustin Volz, Kate Holton, Andy Bruce, Michael Holden, David Milliken, Tim Hepher, Luiza Ilie, Patricia Rua, Axel Bugge, Sabine Siebold and Eric Walsh, Engen Tham, Fransiska Nangoy, Soyoung Kim, Mai Nguyen; Editing by Mike Collett-White)


More Cyberattack Victims Emerge as Agencies Search for Clues

May 13, 2017

List of those affected grows to include Deutsche Bahn, Russian banks

A programmer shows a sample of a ransomware cyberattack on a laptop in Taipei.

A programmer shows a sample of a ransomware cyberattack on a laptop in Taipei. PHOTO: RITCHIE B. TONGO/EUROPEAN PRESSPHOTO AGENCY

Updated May 13, 2017 8:12 a.m. ET

Governments and executives scrambled Saturday to recover from a cyberattack that wreaked havoc on computer systems around the world, as the list of victims grew to include Germany’s main rail operator and a swath of the Russian banking system.

Deutsche Bahn AG said the attack had affected its digital display panels​ at stations across Germany, and it expects the disruptions to last​some time.

The state-owned company, which operates roughly 40,000 trains a day, said rail services were unaffected.

A number of Russian banks were also hit but had successfully defended against the attack, state news agency RIA cited the country’s central bank as saying. News agency Interfax reported that Sberbank , Russia’s largest lender, had said it was among those affected. Russia’s main rail operator, too, said it had been hit but services hadn’t been affected, Interfax reported.

The China News Service reported that some gas stations belonging to China National Petroleum Corp. in Beijing, Shanghai, Chongqing and elsewhere had their networks disrupted and could only accept cash as payment. The state media also reported that some Chinese universities appeared to have been hit.

The attacks ricocheted around the world Friday as companies and others reported their computer systems had been disrupted by malicious software that encrypted files and asked for ransom money. FedEx Corp. in the U.S. and Britain’s National Health Service were among the highest-profile organizations hit Friday.

U.K. Home Secretary Amber Rudd said Saturday that authorities hadn’t yet determined who was responsible for the attack on the country’s health service, and that the National Cyber Security Centre was working to contain the disruption.

She said 45 NHS facilities in England and Scotland have been disrupted. The U.K. government said no patient data had been accessed or transferred. Ciaran Martin, head of the National Cyber Security Centre, said experts were working around the clock to restore NHS systems.

“We’re not able to tell you who’s behind the attack,” Ms. Rudd said. “That work is still ongoing…It feels random in terms of where it’s gone to and where it’s been opened.”

She said Britain was coordinating with other nations affected.

Europol, the European Union’s police agency, said its cybercrime center was working closely with units in the affected countries and industry partners to mitigate the threat and assist victims.

“The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits,” Europol said in a statement, adding that its specialist international cyber investigators would play an important role in that probe.

Computer security incident response teams from all 28 EU member states have exchanged information about the attack through a previously established mailing list also monitored by the EU’s cybersecurity agency, Enisa. Experts at Enisa specialized in health-care and other affected areas are also closely monitoring the situation, the EU said.

The head of Germany’s BSI Office for Information Security said the agency was in touch with German companies and its international partners and France and the U.K.

“The current attacks show how vulnerable our digitized society is. They are a wake-up call for companies to finally take IT security seriously and to take lasting protectionism measures,” said BSI President Arne Schönbohm in a statement.

German Interior Minister Thomas de Maizière said the government’s network wasn’t affected.

​”This attack isn’t the first of its kind,” he said in a statement. “Even though it’s particularly serious, it fits into the very tense cyberthreat situation to which the BSI and the German Interior Ministry have repeatedly pointed out.”

U.S. authorities have said cyberattacks via ransomware are a growing problem, having previously hit entire computer networks at universities, businesses and hospitals. Last year, Hollywood Presbyterian Medical Center in Los Angeles paid $17,000 to unlock files after an attack crippled a large part of its computer systems.

Friday’s attack appears to have exploited a vulnerability in Windows for which Microsoft Corp. issued a patch in March. Several cybersecurity specialists said the same vulnerability was targeted in software released in April by a hacking group calling itself “Shadow Brokers,” which said it had stolen the attack code from the National Security Agency.

Former U.S. intelligence contractor Edward Snowden pointed the finger at the NSA, implying the agency was responsible for exploiting a weakness in Windows.

Ransomware attacks are surging, claiming victims like Dave Winston, crew chief with Circle Sport-Leavine Family Racing. What are these digital attacks and why are hackers using them to hold data hostage? Photo: Joe Chisholm for Circle Sport-Leavine Family Racing (Originally published Aug. 19, 2016)

“If NSA builds a weapon to attack Windows XP—which Microsoft refuses to patch—and it falls into enemy hands, should NSA write a patch?” he wrote on Twitter late Friday.

The NSA has declined to comment on the authenticity of the Shadow Brokers documents.

A Microsoft spokeswoman said that in addition to the March patch, the company added new protections Friday to shield users from the malicious software. Anyone running Microsoft’s antivirus software with Windows updates enabled is protected, and the company is providing assistance to customers, the spokeswoman said.

Write to Andrea Thomas at and Thomas Grove at


Mysterious hacking collective called ‘The Shadow Brokers’ stole NSA superweapon and caused global cyber attack that has shut hospitals, hit FedEx and is causing chaos in 99 countries

May 13, 2017

The NHS has been hit by a major cyber attack hitting computers, phones and emergency bleepers in hospitals and GP surgeries - and pop-ups like this one have appeared demanding a ransom
  • Hackers hit dozens of countries on Friday by exploiting a stolen tool used by the US National Security Agency  
  • The cyber attack rapidly spread and infected computers across the globe 
  • Hackers are believed to have exploited the NSA tool, which was stolen and released to the world by a group known as the Shadow Brokers last month
  • British hospitals, the Russian government and German railways were among those affected by the cyber attack 
  • Victims have been reported in 99 countries including Germany, Spain and USA

A global cyber attack using hacking tools widely believed to have been developed by the US National Security Agency and leaked online by a group called the Shadow Brokers has caused chaos around the world.

British hospitals, the Russian government, German railways and big companies like FedEx were among those affected on Friday when they were crippled by the ‘ransomware’ that rapidly spread across the globe and infected tens of thousands of computers in 99 countries.

Security experts say the malicious software behind the onslaught appeared to exploit a vulnerability in Microsoft Windows that was identified by the US National Security Agency for its own intelligence-gathering purposes.

The NSA documents were stolen and then released to the world last month by a mysterious group known as the Shadow Brokers.

The hackers, who have not come forward to claim responsibility, likely made it a ‘worm’, or self spread malware, by exploiting a piece of NSA code known as Eternal Blue, according to several security experts.

The Shadow Brokers released Eternal Blue last month as part of a trove of hacking tools that they said belonged to the US spy agency. It has stoked fears that the spy agency’s powerful cyber weapons had been stolen and repurposed by hackers with nefarious goals.

The malicious software was blocking access to computers and demanding payments of as much as $600 to restore access and scrambling data. It is thought to have impacted at least 75,000 computers, including machines in the Russian government.

Scroll down for video

This map released by cybersecurity experts, shows the impact of the ransomware around the world - with affected countries shown in orange and red. Russia is thought to be the worst affected

This map released by cybersecurity experts, shows the impact of the ransomware around the world – with affected countries shown in orange and red. Russia is thought to be the worst affected

The NHS has been hit by a major cyber attack hitting computers, phones and emergency bleepers in hospitals and GP surgeries - and pop-ups like this one have appeared demanding a ransom

The NHS has been hit by a major cyber attack hitting computers, phones and emergency bleepers in hospitals and GP surgeries – and pop-ups like this one have appeared demanding a ransom

The technological meltdown began earlier on Friday afternoon in Britain when more than 40 NHS organisations including hospitals and GP surgeries were hit by the virus.

But with the virus spreading at a rate of five million emails per hour, tens of thousands of victims have now been reported in 99 countries including the US, Australia, Belgium, France,Germany, Italy and Mexico.

Russia is thought to have been among the worst hit by the ransomware amid reports that 1,000 computers in the country’s Interior Ministry were affected, but sources say no information was leaked.

Ministry spokeswoman Irina Volk told Russian news agencies it had ‘recorded a virus attack on the ministry’s personal computers controlled by a Windows operating system.’


The UK’s National Health Service: British hospitals and clinics were forced to send patients away and cancel appointments.

Russia: The country was believed to be among the worst hit when computers in the interior ministry were hit. Megafon – Russia’s second largest phone network – had also been affected.

German railway stations: Photos surfaced on social media appeared to show ticketing computers at train stations having been affected by the cyber attack.

Spanish companies: Telecoms giant Telefonica, power firm Iberdrola and utility provider Gas Natural all suffered from the virus.

FedEx: The shipping company confirmed they were affected and were implementing remediation steps.

Leading international shipper FedEx Corp was among the companies whose Microsoft Corp Windows systems were affected. They said they were ‘implementing remediation steps’.

The German rail system was also experiencing issues due to the ransomware. Photos surfaced on social media appeared to show ticketing computers at train stations having been affected by the cyber attack.

In Spain, the Telefonica mobile phone network, power firm Iberdrola and utility provider Gas Natural all suffered from the virus.

Some big firms in Spain took pre-emptive steps to thwart ransomware attacks following a warning from the National Cryptology Centre of ‘a massive ransomware attack’.

Iberdrola and Gas Natural, along with Vodafone’s unit in Spain, asked staff to turn off computers or cut off internet access in case they had been compromised.

Security teams at large financial services firms and businesses were reviewing plans for defending against cyber attacks, according to executives with private cyber security firms.

Chris Wysopal, chief technology officer with cyber security firm Veracode, said: ‘Seeing a large telco like Telefonica get hit is going to get everybody worried.

‘Now ransomware is affecting larger companies with more sophisticated security operations.’

A cybersecurity researcher told AFP they appeared to have discovered a ‘kill switch’ that could prevent the spread of the ransomware for now.

The researcher, tweeting as @MalwareTechBlog, said the discovery was accidental, but that registering a domain name used by the malware stops it from spreading.

‘Essentially they relied on a domain not being registered and by registering it, we stopped their malware spreading,’ @MalwareTechBlog told AFP in a private message on Twitter.

The researcher warned however that people ‘need to update their systems ASAP’ to avoid attack: ‘The crisis isn’t over, they can always change the code and try again.’

The German rail system was also experiencing issues due to the ransomware. Photos surfaced on social media showing ticket machines at train stations having been affected

The German rail system was also experiencing issues due to the ransomware. Photos surfaced on social media showing ticket machines at train stations having been affected

Medics have claimed that messages are flashing up on screens saying they must pay cash or terminals are down completely

Medics have claimed that messages are flashing up on screens saying they must pay cash or terminals are down completely

Some hospitals said they were forced to divert emergencies on Friday after a suspected national cyber attack.

Some hospitals said they were forced to divert emergencies on Friday after a suspected national cyber attack.

Several computers at a university in Italy were also randomly targeted in the cyber attack

Several computers at a university in Italy were also randomly targeted in the cyber attack

Computer expert Lauri Love, who is facing extradition to the US over the alleged theft of data from government computers, said the attack is being powered by a ‘top of the range cyber weapon’ used by spies in the US.

‘It appears the cyber attack affected so many computers in the UK in the NHS and in Spain by taking advantage of a very nasty vulnerability in Microsoft Windows, which was dumped by hacking group Shadow Brokers who obtained it from the NSA in America.’


What is ransomware?

Ransomware is a type of malicious software that criminals use to attack computer systems.

Hackers often demand the victim to pay ransom money to access their files or remove harmful programs.

The aggressive attacks dupe users into clicking on a fake link – whether it’s in an email or on a fake website, causing an infection to corrupt the computer.

In some instances, adverts for pornographic website will repeatedly appear on your screen, while in others, a pop-up will state that a piece of your data will be destroyed if you don’t pay.

In the case of the NHS attack, the ransomware used was called Wanna Decryptor or ‘WannaCry’ Virus.

What is the WannaCry virus?

The WannaCry virus targets Microsoft’s widely used Windows operating system.

The virus encrypts certain files on the computer and then blackmails the user for money in exchange for the access to the files.

It leaves the user with only two files: Instructions on what to do next and the Wanna Decryptor program itself.

When opened the software tells users that their files have been encrypted and gives them a few days to pay up or their files will be deleted.

It can quickly spread through an entire network of computers in a business or hospital, encrypting files on every PC.

How to protect yourself from ransomware

Thankfully, there are ways to avoid ransomware attacks, and Norton Antivirus has compiled a list of prevention methods:

1. Use reputable antivirus software and a firewall

2. Back up your computer often

3. Set up a popup blocker

4. Be cautious about clicking links inside emails or on suspicious websites

5. If you do receive a ransom note, disconnect from the Internet

6. Alert authorities

In December last year it was revealed about 90 per cent of NHS Trusts were still running Windows XP, two and a half years after Microsoft stopped supporting the system.

Citrix, an American software company, sent a Freedom of Information request to 63 NHS Trusts, 42 of which responded. It revealed that 24 Trusts were unsure when they would even upgrade, The Inquirer reported.

Windows XP was released more than 15 years ago and is now particularly vulnerable to viruses. Microsoft stopped providing virus warnings for the ageing Windows XP in 2015.

A number of UK hospitals continue to run the outdated software, including East Sussex, Sheffield’s Children’s hospital and Guy’s and St Thomas’ NHS Trust.

Hours after news of the cyber attacks broke, a Microsoft spokesman revealed that customers who were running the company’s free antivirus software and who had enabled Windows updates were ‘protected’ from the attack.

It raises questions about why NHS computers using the operating system were not shielded from the ransomware.

The spokesman said: ‘Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt.

‘In March, we provided a security update which provides additional protections against this potential attack.

‘Those who are running our free antivirus software and have Windows updates enabled, are protected.

‘We are working with customers to provide additional assistance.’

One message circulated online claims the hackers demand 300 US dollars (£230) in the virtual currency bitcoins to relinquish control of their IT systems.

The pop-up contains a countdown clock with a deadline of next Friday. At least 10 payments of around USD$ 300 have been made to Bitcoin accounts that the hackers have asked to be paid on Friday.

But, although all Bitcoin transactions are public, we cannot see who made the payments so cannot know if they have been made by anyone in the NHS.

‘Non urgent’ appointments and operations were postponed across the UK and some hospitals diverted ambulances to neighbouring ones to ensure patient safety.

Computer systems were switched off or immobilised and key services including the bleeper system for doctors were also believed to be down.

In the minutes after the attack one doctor in the UK tweeted: ‘Massive NHS hack cyber attack today. Hospital in shut down. Thanks for delaying emergency patient care & endangering lives. A******s’.

NHS Digital, which is responsible for the health service’s cyber security, says computer systems are believed to have been hit by a ransomware cyber attack using malware called ‘Wanna Decryptor’.  Three hospitals in America were hit in the same way last year.

Ransomware: How do hackers take your data hostage?

Ransomware: How do hackers take your data hostage?

The National Cyber Security Centre is investigating and is working with Britain’s FBI – the National Crime Agency. 

GP surgeries hit in the attack say their phones went down and patients should avoid calling unless ‘absolutely necessary’ and doctors were back to using pen and paper in some areas.

Explaining the fallout, one doctor said in a message shared on Twitter: ‘So our hospital is down. We got a message saying your computers are now under their control and pay a certain amount of money. And now everything is gone.’

A screenshot obtained by the Health Service Journal (HSJ) purported to show the pop-up that appeared on at least one of the computers affected.

It said: ‘Your important files are encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time.

‘Nobody can recover your files without our decryption service.’

It goes on to demand payment, otherwise the files will be deleted. It gives a deadline of next Friday afternoon, May 19, to pay.

The HSJ said services affected were thought include archiving systems for X-rays, pathology test results, phone and bleep systems, and patient admin systems.


A shocked worker at Colchester General Hospital described how her office’s computers were ‘wiped out, one by one’.

She said: ‘My computer locked at about 3pm and I couldn’t get anything to work. Then my colleague sat next to me said her computer was down.

‘It swept through the office and everyone was effected and didn’t know what was going on. One by one the computers were wiped out.

‘Nothing was working and switching them off and on did not solve the problems.

The NHS has been hit by a major cyber attack and criminals have taken control of computers and cut off phone lines across England, leaving some departments working with pen and paper

The NHS has been hit by a major cyber attack and criminals have taken control of computers and cut off phone lines across England, leaving some departments working with pen and paper

‘Some of our colleagues from a neighbouring department came in and they’d been told to unplug their internet cables and await further instruction.’

The health worker said the effect of such a hack on modern hospitals would be catastrophic because ‘all the doctors’ notes’ are kept on the computers now.

‘They record their notes to a dictaphone during a consultation but that’s only so the the notes can be typed up and stored on the computer.

‘It’s very worrying that the impact has been so far-reaching in such a short space of time.’

A Colchester Hospital University NHS Foundation Trust spokesman, which runs Colchester General, confirmed patients are being warned to told to avoid A&E where possible.

According to a hospital official statement patients are being warned that all non-urgent activity is being postponed.

Hackers demand ransom money in major NHS cyber attack
East and North Herts NHS Trust issued this warning to patients on their website

East and North Herts NHS Trust issued this warning to patients on their website

Blackpool Victoria Hospital is one of many across the country hit - operations have been cancelled and ambulances diverted 

Blackpool Victoria Hospital is one of many across the country hit – operations have been cancelled and ambulances diverted

Ambulances outside the accident and emergency department (stock image)

Ambulances outside the accident and emergency department (stock image)

Fylde and Wyre NHS Trust and Blackpool Hospitals in Lancashire, East and North Hertfordshire NHS Trust and Derbyshire Community Health Services NHS Trust have admitted having problems.

Fylde and Wyre NHS Trust and Blackpool Hospitals in Lancashire, East and North Hertfordshire NHS Trust and Derbyshire Community Health Services NHS Trust have admitted having problems.

Barts NHS Trust in east London said they are treating it as a ‘major incident’ to ensure they can ‘maintain the safety and welfare of patients’.

A spokesman said: ‘We are experiencing a major IT disruption and there are delays at all of our hospitals.

‘Ambulances are being diverted to neighbouring hospitals. The problem is also affecting the switchboard at Newham hospital but direct line phones are working. All our staff are working hard to minimise the impact and we will post regular updates on the website’.

Fylde and Wyre NHS Trust and Blackpool Hospitals in Lancashire, East and North Hertfordshire NHS Trust and Derbyshire Community Health Services NHS Trust have admitted having problems. Colchester University Hospitals Trust is also a victim as is neighbouring Chelmsford in Essex.

York Teaching Hospital NHS Foundation Trust which runs York and Scarborough hospitals has confirmed its computers have been affected by the widespread attack.

They have urged people to be patient and avoid calling GP surgeries and hospitals unless ‘absolutely necessary’.

NHS Merseyside said: ‘Following a suspected national cyber attack we are taking all precautionary measures possible to protect our local NHS systems and services’.

Read more:
Follow us: @MailOnline on Twitter | DailyMail on Facebook


NSA collected 151 million phone records in 2016 despite only having 42 court orders

May 4, 2017

The amount of surveillance activity appears lower than in recent years, but privacy activists are still concerned

By Emily Shugerman New York

The Independent

The US National Security Agency (NSA) collected records of more than 151 million American phone calls last year, despite only receiving permission from the Foreign Intelligence Surveillance Court (FISC) to collect records from 42 people.

The NSA revealed the breadth of its US data collection in its annual statistical transparency report. While statistics showed a reduction in activity from previous years, the numbers still sparked concern with privacy activists.

Previous policies allowed the NSA to collect so-called “call detail records” of US citizens in bulk. These detail records can include the originating or terminating telephone numbers and the time or duration of the call. Studies show the NSA may have been collecting billions of phone records per day in past years.

When former NSA employee Edward Snowden revealed the extent of NSA’s data collection in 2013, the shocking disclosure spurred several reforms. The NSA is now prohibited from collecting call detail records in bulk, and must request court orders from the FISC to collect detail records. Data collection is restricted exclusively to those suspected of being linked to terrorism.

Last year, the NSA received orders to collect records from 42 terrorism suspects in 2016 – as well as a handful from the year before – but still collected records of more than 151 million calls.

The NSA explained that this number includes multiple calls made to or from the same phone numbers. A single phone call logged by two telecom companies is also counted as two records.

The NSA also increases the number of calls it can record by using “second-hop collection,” according to Electronic Frontier Foundation staff attorney Andrew Crocker. This collection method allows the agency to collect information on the phone numbers with which their targets have been in contact.

“Imagine each [target] is in contact with 100 numbers and each of those numbers is in contact with 100 more numbers. That would allow the NSA to collect records belonging to 10,000 numbers,” Mr Crocker told The Independent.

“Depending on how many calls each of these numbers make, you can see how the number of total records could get very large, very quickly,” he added.

New NYT article: Program shrinking because NSA violating privacy rules for years on 702. Again, ignored court imposed limits for YEARS.

Privacy advocates also point to Section 702 of the Foreign Intelligence Surveillance Act (FISA) as allowing the NSA to collect intelligence on Americans without express permission. The acts allows the agency to collect messages of foreigners abroad without a specific court order – even if they are communicating with Americans.

“There’s no probable cause or criminal activity necessary [in these cases],” Michelle Richardson of the Centre for Democracy & Technology told The Independent. “These people fall general classification that their communications may include foreign intelligence.”

The NSA distributed almost 4,000 reports last year containing information about Americans gathered using this warrantless surveillance programme.

The government also reported making fewer surveillance requests for “pen register/trap-and-trace” orders and fewer requests using national security letters than in years prior. They did not explain this reduction in the report.

The Director of National Intelligence began releasing statistics on its surveillance measures in 2014. Congress added to the statistics required to be released in the 2015 USA Freedom Act, This is the first report issued using USA Freedom Act standards.