The Jim Bakker Show

China says cyber rules no cause for foreign business concern

BEIJING (Reuters) – China’s pending cyber security law will not create obstacles for foreign business, China’s Foreign Ministry said, responding to concerns by international business lobbies over the planned rules.

More than 40 global business groups last week petitioned Premier Li Keqiang, according to a copy of a letter seen by Reuters, urging China to revise draft cyber rules they believe are vague and discriminate against foreign enterprises.

The groups say the pending rules, including a cyber security law that could be passed this year, include provisions for invasive government security reviews and onerous requirements to keep data in China.

They say the regulations would impede China’s economic growth, create barriers to market entry and impair the country’s security by isolating it technologically.

The ministry, in a faxed statement to Reuters late on Tuesday night, said the law will not be used to “carry out differential treatment and will not create obstacles and barriers for international trade and foreign businesses investing in China.”

It said companies would be able to transfer data required for business purposes outside China’s borders after passing a security evaluation.

“These evaluations are for supervising and guaranteeing that the security of this data accords with China’s security standards,” the ministry said.

“As for the legal requirement for internet operators to provide relevant data in the course of enforcement agencies’ counter-terrorism and criminal investigations, this is necessary for safeguarding national security and investigating crimes. All countries do this,” the ministry said.

‘UNNECESSARY’ CONCERNS

“The concerns of foreign investors and businesses invested in China are unnecessary,” it said.

Some foreign businesses in China are becoming increasingly pessimistic, in part due to rules companies think could make it harder to operate there.

The cyber rules have added to tensions between China and its trade partners, who have been concerned about Beijing’s Made in China 2025 plan. The proposal calls for a progressive increase in domestic components in sectors such as advanced information technology and robotics.

Business lobbies also say requirements to hand over sensitive data or source code to the government could put business secrets at risk and boost the capabilities of domestic competitors.

How much technology firms should cooperate with governments has been a contentious issue in many countries, not just in China.

Apple Inc <AAPL.O> was asked by Chinese authorities within the past two years to hand over its source code but refused, the company’s top lawyer said this year, even as U.S. law enforcement tried to get the company to unlock encrypted data from an iPhone linked to a mass shooting.

(Reporting by Michael Martina; Editing by Richard Borsuk)

New hacking group detected targeting firms in Russia, China

A padlock is displayed at the Alert Logic booth during the 2016 Black Hat cyber-

By Eric Auchard

FRANKFURT (Reuters) – A previously unknown hacking group variously dubbed “Strider” or “ProjectSauron” has carried out cyber-espionage attacks against select targets in Russia, China, Iran, Sweden, Belgium and Rwanda, security researchers said on Monday.

The group, which has been active since at least 2011 and could have links to a national intelligence agency, uses Remsec, an advanced piece of hidden malware, Symantec researchers said in a blog post (http://symc.ly/2aTHoOm).

Remsec spyware lives within an organization’s network rather than being installed on individual computers, giving attackers complete control over infected machines, researchers said. It enables keystroke logging and the theft of files and other data.

Its code also contains references to Sauron, the all-seeing title character in The Lord of the Rings, Symantec said. Strider is the nickname of the fantasy trilogy’s widely traveled main character Aragorn.

Separately, Moscow-based Kaspersky Lab has labeled the same group using the Remsec spyware as “ProjectSauron”.

The newly discovered group’s targets include four organizations and individuals located in Russia, an airline in China, an organization in Sweden and an embassy in Belgium, Symantec said.

Kasperksy said it had found 30 organizations hit so far in Russia, Iran and Rwanda, and possibly additional victims in Italian-speaking countries. Remsec targets included government agencies, scientific research centers, military entities, telecoms providers and financial institutions, Kasperksy said.

“Based on the espionage capabilities of its malware and the nature of its known targets, it is possible that the group is a nation state-level attacker,” Symantec said, but it did not speculate about which government might be behind the software.

Despite headlines that suggest an endless stream of new types of cyber-spying attacks, Orla Fox, Symantec’s director of security response said the discovery of a new class of spyware like Remsec is a relatively rare event, with the industry uncovering no more than one or two such campaigns per year.

Remsec shares certain unusual coding similarities with another older piece of nation state-grade malware known as Flamer, or Flame, according to Symantec.

Kaspersky agreed that the same group it calls ProjectSauron appears to have adopted the tools and techniques of other better-known spyware, including Flame, but said it does not believe that ProjectSauron and Flame are directly connected.

Flamer malware has been linked to Stuxnet, a military-grade computer virus alleged by security experts to have been used by the United States and Israel to attack Iran’s nuclear program late in the last decade (http://reut.rs/2b2FA8z).

(Editing by Greg Mahlich)

FBI took months to warn Democrats of suspected Russian role in hack

A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris April

By Mark Hosenball, John Walcott and Joseph Menn

WASHINGTON/SAN FRANCISCO (Reuters) – The FBI did not tell the Democratic National Committee that U.S officials suspected it was the target of a Russian government-backed cyber attack when agents first contacted the party last fall, three people with knowledge of the discussions told Reuters.

And in months of follow-up conversations about the DNC’s network security, the FBI did not warn party officials that the attack was being investigated as Russian espionage, the sources said.

The lack of full disclosure by the FBI prevented DNC staffers from taking steps that could have reduced the number of confidential emails and documents stolen, one of the sources said. Instead, Russian hackers whom security experts believe are affiliated with the Russian government continued to have access to Democratic Party computers for months during a crucial phase in the U.S. presidential campaign, the source said.

As late as June, hackers had access to DNC systems and the network used by the Democratic Congressional Campaign Committee, a group that raises money for Democratic candidates and shares an office with the DNC in Washington, people with knowledge of the cases have said.

A spokeswoman for the FBI said she could not comment on a current investigation. The DNC did not respond to requests for comment.

In its initial contact with the DNC last fall, the FBI instructed DNC personnel to look for signs of unusual activity on the group’s computer network, one person familiar with the matter said. DNC staff examined their logs and files without finding anything suspicious, that person said.

When DNC staffers requested further information from the FBI to help them track the incursion, they said the agency declined to provide it. In the months that followed, FBI officials spoke with DNC staffers on several other occasions but did not mention the suspicion of Russian involvement in an attack, sources said.

The DNC’s information technology team did not realize the seriousness of the incursion until late March, the sources said. It was unclear what prompted the IT team’s realization.

Emails captured in the DNC hack were leaked on the eve of the July 25-28 Democratic Party convention to name Hillary Clinton as the party’s presidential candidate in the Nov. 8 election against Republican Party nominee Donald Trump.

Those emails exposed bias in favor of Clinton on the part of DNC officials at a time when she was engaged in a close campaign against U.S. Senator Bernie Sanders for the party’s nomination.

The DNC said on Tuesday that three senior officials had resigned after the email embarrassment.

Last week, Debbie Wasserman Schultz stepped down as DNC chairwoman as criticism mounted of her management of the party committee, which is supposed to be neutral.

U.S. officials and private cyber security experts said last week they believed Russian hackers were behind the cyber attack on the DNC. The Obama administration has not yet publicly declared who it believes is responsible.

Director of National Intelligence James Clapper said last week the U.S. intelligence community was not ready to “make the call on attribution.”

It was not immediately clear how the FBI had learned of the hack against the DNC. One U.S. official with knowledge of the investigation said the agency had withheld information about details of the hacking to protect classified intelligence operations.

“There is a fine line between warning people or companies or even other government agencies that they’re being hacked – especially if the intrusions are ongoing – and protecting intelligence operations that concern national security,” said the official, who spoke on condition of anonymity.

The first internal DNC emails alerting party officials to the seriousness of the suspected hacking were sent in late March, one person said. In May, the DNC contacted California-based cyber security firm CrowdStrike to analyze unusual activity on the group’s network.

The Brooklyn-based Clinton campaign operation was also the target of hacking, people with knowledge of the situation have said. The Clinton campaign has confirmed that a DNC-linked system the campaign used to analyze voter data was compromised.

Yahoo News reported last week that the FBI had warned the Clinton campaign that it was the target of a hack in March, just before the DNC discovered it had been hacked.

Glen Caplin, a Clinton campaign spokesman, said it had taken steps to safeguard its internal information systems.

“Multiple Democratic party organizations, including our campaign and staff, have been the subject of attempted cyber attacks that experts say are Russian intelligence agencies, which enlist some of the most sophisticated hackers in the world,” Caplin said.

(Reporting By Mark Hosenball amd John Walcott in Washington and Joseph Menn in San Francisco; Editing by David Rohde and Grant McCool)

Exclusive: Hackers accessed Telegram messaging accounts in Iran – researchers

Guy working with those whose accounts were hacked

By Joseph Menn and Yeganeh Torbati

SAN FRANCISCO/WASHINGTON (Reuters) – Iranian hackers have compromised more than a dozen accounts on the Telegram instant messaging service and identified the phone numbers of 15 million Iranian users, the largest known breach of the encrypted communications system, cyber researchers told Reuters.

The attacks, which took place this year and have not been previously reported, jeopardized the communications of activists, journalists and other people in sensitive positions in Iran, where Telegram is used by some 20 million people, said independent cyber researcher Collin Anderson and Amnesty International technologist Claudio Guarnieri, who have been studying Iranian hacking groups for three years.

Telegram promotes itself as an ultra secure instant messaging system because all data is encrypted from start to finish, known in the industry as end-to-end encryption. A number of other messaging services, including Facebook Inc’s <FB.O> WhatsApp, say they have similar capabilities.

Headquartered in Berlin, Telegram says it has 100 million active subscribers and is widely used in the Middle East, including by the Islamic State militant group, as well as in Central and Southeast Asia, and Latin America.

Telegram’s vulnerability, according to Anderson and Guarnieri, lies in its use of SMS text messages to activate new devices. When users want to log on to Telegram from a new phone, the company sends them authorization codes via SMS, which can be intercepted by the phone company and shared with the hackers, the researchers said.

Armed with the codes, the hackers can add new devices to a person’s Telegram account, enabling them to read chat histories as well as new messages.

“We have over a dozen cases in which Telegram accounts have been compromised, through ways that sound like basically coordination with the cellphone company,” Anderson said in an interview.

Telegram’s reliance on SMS verification makes it vulnerable in any country where cellphone companies are owned or heavily influenced by the government, the researchers said.

A spokesman for Telegram said customers can defend against such attacks by not just relying on SMS verification. Telegram allows – though it does not require – customers to create passwords, which can be reset with so-called “recovery” emails.

“If you have a strong Telegram password and your recovery email is secure, there’s nothing an attacker can do,” said Markus Ra, the spokesman.

Iranian officials were not available to comment. Iran has in the past denied government links to hacking.

ROCKET KITTEN

The Telegram hackers, the researchers said, belonged to a group known as Rocket Kitten, which used Persian-language references in their code and carried out “a common pattern of spearphishing campaigns reflecting the interests and activities of the Iranian security apparatus.”

Anderson and Guarnieri declined to comment on whether the hackers were employed by the Iranian government. Other cyber experts have said Rocket Kitten’s attacks were similar to ones attributed to Iran’s powerful Revolutionary Guards.

The researchers said the Telegram victims included political activists involved in reformist movements and opposition organizations. They declined to name the targets, citing concerns for their safety.

“We see instances in which people … are targeted prior to their arrest,” Anderson said. “We see a continuous alignment across these actions.”

The researchers said they also found evidence that the hackers took advantage of a programing interface built into Telegram to identify at least 15 million Iranian phone numbers with Telegram accounts registered to them, as well as the associated user IDs. That information could provide a map of the Iranian user base that could be useful for future attacks and investigations, they said.

“A systematic de-anonymization and classification of people who employ encryption tools (of some sort, at least) for an entire nation” has never been exposed before, Guarnieri said.

Ra said Telegram has blocked similar “mapping” attempts in the past and was trying to improve its detection and blocking strategies.

Cyber experts say Iranian hackers have become increasingly sophisticated, able to adapt to evolving social media habits. Rocket Kitten’s targets included members of the Saudi royal family, Israeli nuclear scientists, NATO officials and Iranian dissidents, U.S.-Israeli security firm Check Point said last November.

POPULAR IN THE MIDDLE EAST

Telegram was founded in 2013 by Pavel Durov, known for starting VKontakte, Russia’s version of Facebook, before fleeing the country under pressure from the government.

While Facebook and Twitter are banned in Iran, Telegram is widely used by groups across the political spectrum. They shared content on Telegram “channels” and urged followers to vote ahead of Iran’s parliamentary elections in February 2016.

Last October, Durov wrote in a post on Twitter that Iranian authorities had demanded the company provide them with “spying and censorship tools.” He said Telegram ignored the request and was blocked for two hours on Oct. 20, 2015.

Ra said the company has not changed its stance on censorship and does not maintain any servers in Iran.

After complaints from Iranian activists, Durov wrote on Twitter in April that people in “troubled countries” should set passwords for added security.

Amir Rashidi, an internet security researcher at the New York-based International Campaign for Human Rights in Iran, has worked with Iranian hacking victims. He said he knew of Telegram users who were spied on even after they had set passwords.

Ra said that in those cases the recovery email had likely been hacked.

Anderson and Guarnieri will present their findings at the Black Hat security conference in Las Vegas on Thursday. Their complete research is set to be published by the Carnegie Endowment for International Peace, a Washington-based think tank, later this year.

(Reporting by Joseph Menn in San Francisco and Yeganeh Torbati in Washington; Additional reporting by Michelle Nichols at the United Nations and Parisa Hafezi in Ankara; Editing by Jonathan Weber and Tiffany Wu)

U.S. weighs dangers, benefits of naming Russia in cyber hack

By Warren Strobel and John Walcott

WASHINGTON (Reuters) – Wary of a global confrontation with Russia, U.S. President Barack Obama must carefully weigh how to respond to what security experts believe was Moscow’s involvement in the hacking of Democratic Party organizations, U.S. officials said.

Publicly blaming Russian President Vladimir Putin’s intelligence services would bring instant pressure on Washington to divulge its evidence, which relies on highly classified sources and methods, U.S. intelligence officials said.

One option for Washington is to retaliate against Russia in cyberspace. But the intelligence officials said they fear a rapid escalation in which, under a worst-case scenario, Moscow’s sophisticated cyber warriors could attack power grids, financial systems and other critical infrastructure.

Washington also has diplomacy to manage with Russia in Secretary of State John Kerry’s long-shot attempt to enlist Moscow’s help in ending the Syrian civil war and sustaining the Iran nuclear deal, as well as Russia-NATO tensions over Ukraine and Eastern Europe to manage.

“Despite how outrageous it is to interfere with a democratic election, the costs of coming out and saying the Russians did it would far outweigh the benefits, if there would be any benefits,” said one intelligence official, speaking on condition of anonymity to discuss a sensitive matter.

Russia has denied responsibility for hacking the emails of the Democratic National Committee. Also attacked were a computer network used by Democratic presidential nominee Hillary Clinton’s campaign and the party’s fundraising committee for House of Representative candidates in the Nov. 8 election.

Other current and former officials are arguing for a firm response, however. They said the hack was the latest in a series of aggressive moves by Putin, including Russia’s annexation of Crimea, military intervention to rescue Syrian President Bashar al-Assad, and funding of right-wing and anti-European Union groups in Europe.

Columbia University cyber security expert Jason Healey said at an annual security forum in Aspen, Colorado, on Saturday that the Russians had been very aggressive in cyberspace too.

“I think the president needs to start looking at brush-back pitches,” Healey said, referring to a baseball thrown near the batter as a warning.

NAME AND SHAME?

Intelligence officials and cyber experts said the intrusions themselves were not that unusual. American spy agencies conduct similar electronic espionage outside U.S. borders.

What made this hack a game-changer, they said, was the public release of the DNC emails, via the pro-transparency group WikiLeaks, in an apparent attempt to affect the election.

Government and party officials said they were unaware of any evidence that WikiLeaks had received the hacked materials directly from Russians or that WikiLeaks’ release of the materials was in any way directed by Russians.

The Justice Department’s National Security Division, which is overseeing the investigation, has publicly charged U.S. adversaries – known as “naming and shaming” – before.

The U.S. government blamed North Korea for a damaging attack on Sony Pictures, and in 2014 indicted five members of the Chinese military for computer hacking and economic espionage.

Among adversary nations with significant cyber capabilities, a list that also includes Iran, the Russian government is the only one the Justice Department has not yet charged.

Obama’s homeland security and counter-terrorism advisor Lisa Monaco said the government has developed “best practices” to investigate cyber attacks and decide when to make the results public.

Monaco, also speaking at the Aspen forum, said that in the Sony case, FBI investigators had high confidence North Korea was responsible. The attack was deemed destructive, as well as coercive, because it was retaliation for a movie parodying North Korean leader Kim Jong Un.

“Those two things, along with our confidence in the attribution and the ability to talk about it in a way that would not disclose sources and methods and hinder our ability to make such attribution in the future all combined to say, ‘We’re going to call this out’,” she said.

Elissa Slotkin, an acting assistant secretary of defense, said that for the next decade, the U.S. government faced a fundamental question in dealing with Russia: “How do you get the balance right?”

“Are we being too charitable and giving them too many opportunities to come back to the table, or are we providing such a high level of deterrence that we’re potentially provoking them?” Slotkin asked.

(Additional reporting by Mark Hosenball, Jonathan Landay and Arshad Mohammed; editing by Grant McCool)

U.S. theory on Democratic Party breach: Hackers meant to leave Russia’s mark

By John Walcott, Joseph Menn and Mark Hosenball

WASHINGTON (Reuters) – Some U.S. intelligence officials suspect that Russian hackers who broke into Democratic Party computers may have deliberately left digital fingerprints to show Moscow is a “cyberpower” that Washington should respect.

Three officials, all speaking on condition of anonymity, said the breaches of the Democratic National Committee (DNC) were less sophisticated than other cyber intrusions that have been traced to Russian intelligence agencies or criminals.

For example, said one official, the hackers used some Cyrillic characters, worked during Russian government business hours but not on Russian religious or political holidays.”Either these guys were incredibly sloppy, in which case it’s not clear that they could have gotten as far as they did without being detected, or they wanted us to know they were Russian,” said the official.

Private sector cyber security experts agreed that the evidence clearly points to Russian hackers but dismissed the idea that they intentionally left evidence of their identities.

These experts – who said they have examined the breach in detail – said the Cyrillic characters were buried in metadata and in an error message. Other giveaways, such as a tainted Internet protocol address, also were difficult to find.

Russian hacking campaigns have traditionally been harder to track than China’s but not impossible to decipher, private sector experts said. But the Russians have become more aggressive and easier to detect in the past two years, security experts said, especially when they are trying to move quickly.

False flags have grown more common, but the government and private experts do not believe that is involved in the DNC case.

The two groups of hackers involved are adept at concealing their intrusions, said Laura Galante, head of global threat intelligence at FireEye, whose Mandiant subsidiary conducted forensic analysis of the attack and corroborated the findings of another cyber company, CrowdStrike.

Russian officials have dismissed the allegations of Moscow’s involvement as absurd. Russian Foreign Minister Sergei Lavrov, in his only response to reporters, said: “I don’t want to use four-letter words.”

EMBARRASSING EMAILS

While private cyber experts and the government were aware of the political party’s hacking months ago, embarrassing emails were leaked last weekend by the WikiLeaks anti-secrecy group just as the Democratic Party prepared to anoint Hillary Clinton as its presidential candidate for the Nov. 8 election.

DNC chairwoman, Debbie Wasserman Schultz, resigned after the leaked emails showed party leaders favoring Clinton over her rival in the campaign for the nomination, U.S. Senator Bernie Sanders of Vermont. The committee is supposed to be neutral.

The U.S. intelligence officials conceded that they had based their views on deductive reasoning and not conclusive evidence, but suggested Russia’s aim probably was much broader than simply undermining Clinton’s campaign.

They said the hack fit a pattern of Russian President Vladimir Putin pushing back on what he sees as the United States and its European allies trying to weaken Russia.

“Call it the cyber equivalent of buzzing NATO ships and planes using fighters with Russian flags on their tails,” said one official.

Two sources familiar with Democratic Party investigations into the hacking said the private email accounts of Democratic Party officials were targeted as well as servers.

They said that the FBI had advised the DNC that it was looking into the hacking of the individual officials’ private accounts. They also said the FBI also requested additional information identifying the personal email accounts of certain party officials.

The DNC hired CrowdStrike to investigate the hack. It spent about six weeks, from late April to about June 11 or 12, monitoring the systems and watching while the hackers – who they believed were Russian – operated inside the systems, one of the sources said.

What actions, if any, the Obama administration will take are unclear and could depend on what diplomatic considerations may ultimately be involved, a former White House cyber security official said.

In past cases, administration officials have decided to publicly blame North Korea and indict members of China’s military for hacking because the administration decided that the net benefit of public shaming – and increased awareness brought to cyber security – outweighed potential risks, the former official said.

But “the Russia calculation is far more difficult and precarious,” the former official said. “Russia is a much more aggressive, capable foreign actor both in the traditional military sense and in the cyber realm” and that made public attribution or covert retaliation much less likely.

The former official, and a source familiar with the Democratic Party investigations, said that they also were unaware of any U.S. intelligence clearly demonstrating that WikiLeaks had received the hacked materials directly from Russians or that WikiLeaks’ release of the materials was in any way directed by Russians.

(Reporting By John Walcott, Joseph Menn and Mark Hosenball; Additional reporting by Dustin Volz; Editing by David Rohde and Grant McCool)

Likely hack of U.S. banking regulator by China covered up: probe

By Jason Lange and Dustin Volz

WASHINGTON (Reuters) – The Chinese government likely hacked computers at the Federal Deposit Insurance Corporation in 2010, 2011 and 2013 and employees at the U.S. banking regulator covered up the intrusions, according to a congressional report on Wednesday.

The report cited an internal FDIC investigation as identifying Beijing as the likely perpetrator of the attacks, which the probe said were covered up to protect the job of FDIC Chairman Martin Gruenberg, who was nominated for his post in 2011.

“The committee’s interim report sheds light on the FDIC’s lax cyber security efforts,” said Lamar Smith, a Republican representative from Texas who chairs the House of Representatives Committee on Science, Space and Technology.

“The FDIC’s intent to evade congressional oversight is a serious offense.”

The report was released amid growing concern about the vulnerability of the international banking system to hackers and the latest example of how deeply Washington believes Beijing has penetrated U.S. government computers.

The report did not provide specific evidence that China was behind the hack.

Shane Shook, a cyber security expert who has helped investigate some of the breaches uncovered to date, said he did not see convincing evidence in the report that the Chinese government was behind the FDIC hack.

“As with all government agencies, there are management issues stemming from leadership ignorance of technology oversight,” Shook said.

Speaking in Beijing, Chinese Foreign Ministry spokesman Lu Kang repeated that China opposed hacking and acted against it.

People should provide evidence for their accusations and not wave around speculative words like “maybe” and “perhaps”, he told reporters.

“This is extremely irresponsible.”

The FDIC, a major U.S. banking regulator which keeps confidential data on America’s biggest banks, declined to comment. Gruenberg is scheduled to testify on Thursday before the committee on the regulator’s cyber security practices.

Washington has accused China of hacking computers at a range of federal agencies in recent years, including the theft of more than 21 million background check records from the federal Office of Personnel Management beginning in 2014.

WATCHDOG MEMO

The compromise of the FDIC computers by a foreign government had been previously reported in May and some lawmakers had mentioned China as a possible suspect, but the report on Wednesday for the first time cited a 2013 memo by the FDIC’s inspector general, an internal watchdog, as pointing toward China.

“Even the former Chairwoman’s computer had been hacked by a foreign government, likely the Chinese,” the congressional report said, referring to Gruenberg’s predecessor, Sheila Bair, who headed the FDIC from 2006 until 2011 when Gruenberg took over as acting chairman.

Bair could not be immediately reached for comment.

A redacted copy of the 2013 FDIC inspector general’s memo seen by Reuters said investigators were unable to determine exactly which files had been extracted from agency computers.

But a source familiar with the FDIC’s internal investigation said the areas of the regulator’s network that were hacked suggested the intruders were seeking “economic intelligence.”

In all, hackers compromised 12 FDIC workstations, including those of other executives such as the regulator’s former chief of staff and former general counsel, and 10 servers, the congressional report said.

It accused the FDIC of trying to cover up the hacks so as not to endanger the congressional approval of Gruenberg, who was nominated by President Barack Obama and confirmed by the U.S. Senate in November 2012.

A witness interviewed by congressional staff said the FDIC’s current head of its technology division, Russ Pittman, instructed employees not to disclose information about the foreign government’s hack, the report said.

The witness said the hush order was to “avoid effecting the outcome of Chairman Gruenberg’s confirmation,” according to the report. Pittman could not immediately be contacted for comment.

The report also provided details of data breaches in which FDIC employees leaving the regulator took sensitive documents with them. It said current FDIC officials have purposely concealed information about breaches that had been requested by Congress.

U.S. intelligence officials believe Beijing has decreased its hacking activity since signing a pledge with Washington last September to refrain from breaking into computer systems for the purposes of commercial espionage.

At the same time, Obama has acknowledged difficulties in keeping government information secure. In addition, Republican opponents have said that Democratic presidential candidate Hillary Clinton’s use of a private email server when she was secretary of state could have exposed classified information to foreign governments.

(Reporting by Jason Lange and Dustin Volz; Additional reporting by Jim Finkle in Boston, and Ben Blanchard in BEIJING; Editing by Grant McCool)

Chinese economic cyber-espionage plummets in U.S.: experts

By Joseph Menn and Jim Finkle

SAN FRANCISCO (Reuters) – The Chinese government appears to be abiding by its September pledge to stop supporting the hacking of American trade secrets to help companies there compete, private U.S. security executives and government advisors said on Monday.

FireEye Inc, the U.S. network security company best known for fighting sophisticated Chinese hacking, said in a report released late Monday that breaches attributed to China-based groups had plunged by 90 percent in the past two years. The most dramatic drop came during last summer’s run-up to the bilateral agreement, it added.

FireEye’s Mandiant unit in 2013 famously blamed a specific unit of China’s Peoples Liberation Army for a major campaign of economic espionage.

Kevin Mandia, the Mandiant founder who took over last week as FireEye chief executive, said in an interview that several factors seemed to be behind the shift. He cited embarrassment from Mandiant’s 2013 report and the following year’s indictment of five PLA officers from the same unit Mandiant uncovered.

Prosecutors said the victims included U.S. Steel, Alcoa Inc and Westinghouse Electric. Mandia also cited the threat just before the agreement that the United States could impose sanctions on Chinese officials and companies.

“They all contributed to a positive result,” Mandia said.

A senior Obama administration official said the government was not yet ready to proclaim that China was fully complying with the agreement but said the new report would factor into its monitoring. “We are still doing an assessment,” said the official, speaking on condition he not be named.

The official added that a just-concluded second round of talks with China on the finer points of the agreement had gone well. He noted that China had sent senior leaders even after the U.S. Secretary of Homeland Security pulled out because of the Orlando shootings.

China’s Foreign Ministry, the only government department to regularly answer questions from foreign reporters on the hacking issue, said China aimed to maintain dialogue on preventing and combating cyber-spying.

“We’ve expressed our principled position on many occasions,” ministry spokeswoman Hua Chunying told a daily news briefing on Tuesday. “We oppose and crack down on commercial cyber-espionage activities in all forms.”

FireEye said that Chinese intrusions into some U.S. firms have continued, with at least two hacked in 2016. But while the hackers installed “back doors” to enable future spying, FireEye said it had seen no evidence that data was stolen.

Both hacked companies had government contracts, said FireEye analyst Laura Galante, noting that it was plausible that the intrusions were stepping stones toward gathering information on government or military people or projects, which remain fair game under the September accord.

FireEye and other security companies said that as the Chinese government-backed hackers dropped wholesale theft of U.S. intellectual property, they increased spying on political and military targets in other countries and regions, including Russia, the Middle East, Japan and South Korea.

Another security firm, CrowdStrike, has observed more Chinese state-supported hackers spying outside of the United States over the past year, company Vice President Adam Meyers said in an interview.

Targets include Russian and Ukrainian military targets, Indian political groups and the Mongolian mining industry, Meyers said.

FireEye and CrowdStrike said they were confident that the attacks are being carried out either directly by the Chinese government or on its behalf by hired contractors.

Since late last year there has been a flurry of new espionage activity against Russian government agencies and technology firms, as well as other targets in India, Japan and South Korea, said Kurt Baumgartner, a researcher with Russian security software maker Kaspersky Lab.

He said those groups use tools and infrastructure that depend on Chinese-language characters.

One of those groups, known as Mirage or APT 15, appears to have ended a spree of attacks on the U.S. energy sector and is now focusing on government and diplomatic targets in Russia and former Soviet republics, Baumgartner said.

(Reporting by Joseph Menn in San Francisco and Jim Finkle in Boston; Additional reporting by; Megha Rajagopalan in Beijing; Editing by Jonathan Weber and Richard Chang)

Keyboard warriors: South Korea trains new frontline in decades-old war with North

By Ju-min Park

SEOUL (Reuters) – In one college major at Seoul’s elite Korea University, the courses are known only by number, and students keep their identities a secret from outsiders.

The Cyber Defense curriculum, funded by the defense ministry, trains young keyboard warriors who get a free education in exchange for a seven-year commitment as officers in the army’s cyber warfare unit – and its ongoing conflict with North Korea.

North and South Korea remain in a technical state of war since the 1950-53 Korean War ended in an armed truce. Besides Pyongyang’s nuclear and rocket program, South Korea says the North has a strong cyber army which it has blamed for a series of attacks in the past three years.

The cyber defense program at the university in Seoul was founded in 2011, with the first students enrolled the following year.

One 21-year-old student, who allowed himself to be identified only by his surname Noh, said he had long been interested in computing and cyber security and was urged by his father to join the program. All South Korean males are required to serve in the military, usually for up to two years.

“It’s not a time burden but part of a process to build my career,” Noh said.

“Becoming a cyber warrior means devoting myself to serve my country,” he said in a war room packed with computers and wall-mounted flat screens at the school’s science library.

South Korea, a key U.S. ally, is one of the world’s most technologically advanced countries.

That makes its networks that control everything from electrical power grids to the banking system vulnerable against an enemy that has relatively primitive infrastructure and thus few targets against which the South can retaliate.

“In relative terms, it looks unfavorable because our country has more places to defend, while North Korea barely uses or provides internet,” said Noh.

Last year, South Korea estimated that the North’s “cyber army” had doubled in size over two years to 6,000 troops, and the South has been scrambling to ramp up its capability to meet what it considers to be a rising threat.

The United States and South Korea announced efforts to strengthen cooperation on cyber security, including “deepening military-to-military cyber cooperation,” the White House said during President Park Geun-hye’s visit to Washington in October.

In addition to the course at Korea University, the national police has been expanding its cyber defense capabilities, while the Ministry of Science, ICT and Future Planning started a one-year program in 2012 to train so-called “white hat” – or ethical – computer hackers.

NORTH’S CYBER OFFENSIVES

Still, the North appears to have notched up successes in the cyber war against both the South and the United States.

Last week, South Korean police said the North hacked into more than 140,000 computers at 160 South Korean companies and government agencies, planting malicious code under a long-term plan laying groundwork for a massive cyber attack against its rival.

In 2013, Seoul blamed the North for a cyber attack on banks and broadcasters that froze computer systems for over a week.

North Korea denied responsibility.

The U.S. Federal Bureau of Investigation has blamed Pyongyang for a 2014 cyber attack on Sony Pictures’ network as the company prepared to release “The Interview,” a comedy about a fictional plot to assassinate North Korean leader Kim Jong Un. The attack was followed by online leaks of unreleased movies and emails that caused embarrassment to executives and Hollywood personalities.

North Korea described the accusation as “groundless slander.”

South Korea’s university cyber defense program selects a maximum of 30 students each year, almost all of them men. On top of free tuition, the school provides 500,000 won ($427) per month support for each student for living expenses, according to Korea University Professor Jeong Ik-rae.

The course trains pupils in disciplines including hacking, mathematics, law and cryptography, with students staging mock hacking attacks or playing defense, using simulation programs donated by security firms, he said.

The admission to the selective program entails three days of interviews including physical examinations, attended by military officials along with the school’s professors, he said.

While North Korea’s cyber army outnumbers the South’s roughly 500-strong force, Jeong said a small group of talented and well-trained cadets can be groomed to beat the enemy.

Jeong, an information security expert who has taught in the cyber defense curriculum since 2012, said the school benchmarks itself on Israel’s elite Talpiot program, which trains gifted students in areas like technology and applied sciences as well as combat. After graduating, they focus on areas like cybersecurity and missile defense.

“It’s very important to have skills to respond when attacks happen – not only to defend,” Jeong said.

(Editing by Tony Munroe and Raju Gopalakrishnan)

Massive cyber attack could trigger NATO response: Stoltenberg

BERLIN (Reuters) – A major cyber attack could trigger a collective response by NATO, NATO Secretary General Jens Stoltenberg said in an interview published by Germany’s Bild newspaper on Thursday.

“A severe cyber attack may be classified as a case for the alliance. Then NATO can and must react,” the newspaper quoted Stoltenberg as saying. “How, that will depend on the severity of the attack.”

He spoke after a decision this week by NATO ministers to designate cyber as an official operational domain of warfare, along with air, sea, and land.

In 2014 the U.S.-led alliance assessed that cyber attacks could potentially trigger NATO’S mutual defense guarantee, or Article 5. That means NATO could potentially respond to a cyber attack with conventional weapons, although the response would be decided by consensus.

The NATO chief told Bild that the alliance needed to adjust to the increasingly complex series of threats it faces, which is why NATO members have agreed to defend against attacks in cyberspace just as they do against attacks launched against targets on land, in the air and at sea.

The United States and other NATO states have become increasingly vocal about cyber attacks launched from Russia, China and Iran, but officials say it remains hard to determine if such attacks stem from government bodies or private groups.

Recognizing cyber as an official domain of warfare will allow NATO to improve planning and better manage resources, training and personnel needs for cyber defense operations, said a NATO official, speaking on condition of anonymity.

The official stressed that NATO’s cyber activities would remain purely defensive. “We have no offensive cyber doctrine or offensive cyber capability. And there are no plans for NATO as a body to use such capabilities. NATO’s core cyber defense task is to defend NATO’s own networks,” said the official.

Individual members have already declared cyber an operational warfare domain, including the United States, which said in 2011 that it would respond to hostile attacks in cyberspace as it would to any other threat.

(Reporting by Andrea Shalal; Editing by Dan Grebler and Mark Heinrich)

Sign up for Jim Bakker Show