Tag Archives: Cyber Attacks

U.S. initiative warns firms of hacking by China, other countries

FILE PHOTO: A Chinese flag flutters at Tiananmen Square in central Beijing, China June 8, 2018. REUTERS/Jason Lee

By Jonathan Landay

WASHINGTON (Reuters) – The Trump administration on Monday launched a drive to push U.S. firms to better protect their trade secrets from foreign hackers, following a slew of cases accusing individuals and companies of economic espionage for China.

U.S. companies hit by recent attacks included Hewlett Packard Enterprise Co and International Business Machines Corp

The National Counter-Intelligence and Security Center, which coordinates counter-intelligence efforts within the U.S. government, launched the outreach campaign to address persistent concerns that many companies are not doing enough to guard against cyber theft.

The Center is worried about cyber attacks on U.S. government agencies and the private sector from China, Russia, North Korea and Iran.

“Top corporate executives and directors should know the intent of our adversaries and what they are trying to do economically to gain the upper hand,” William Evanina, a veteran FBI agent who oversees the center, said in an interview. “We are not saying don’t invest in China or with China, but know the risk.”

The drive targets trade associations across the United States and their members. Videos, brochures and online informational materials describe the threat posed by cyber espionage and other methods used by foreign intelligence services.

One brochure details methods hackers use to break into computer networks and how they create fake social media accounts to deceive people into revealing work or personal details. It outlines ways to protect information, such as researching apps before downloading them and updating anti-virus software.

The first parts of this administration outreach effort called,”Know the Risk, Raise Your Shield,” focused mainly on federal workers. The new phase follows a series of cases announced by the U.S. government against individuals and firms for allegedly stealing government secrets and proprietary information from U.S. companies for China’s benefit.

Nine cases announced since July 2018 included the unsealing last month of an indictment of two alleged hackers linked to China’s main spy agency on charges that they stole confidential government and corporate data. The pair allegedly belonged to a hacking ring known as APT 10.

Evanina said the new campaign also focuses on what he called Moscow’s aggressive, persistent attacks on computer networks of critical U.S. infrastructure, which includes power grids and communications, financial and transportation systems.

China and Russia have repeatedly denied conducting such attacks.

The most serious threats now facing companies, Evanina said, are efforts to plant malicious software in components purchased from suppliers or to substitute counterfeit parts for genuine products.

Companies need to take greater care to counter those efforts and in vetting new hires because of the growing danger of employing people acting for foreign powers, he said.

(Reporting by Jonathan Landay; Editing by David Gregorio)

Mystery hacker steals data on 1,000 North Korean defectors in South

FILE PHOTO: A North Korean flag flutters on top of a 160-metre tower in North Korea's propaganda village of Gijungdong, in this picture taken from the Tae Sung freedom village near the Military Demarcation Line (MDL), inside the demilitarised zone separating the two Koreas, in Paju, South Korea, April 24, 2018. REUTERS/Kim Hong-Ji

By Hyonhee Shin

SEOUL (Reuters) – The personal information of nearly 1,000 North Koreans who defected to South Korea has been leaked after unknown hackers got access to a resettlement agency’s database, the South Korean Unification Ministry said on Friday.

The ministry said it discovered last week that the names, birth dates and addresses of 997 defectors had been stolen through a computer infected with malicious software at an agency called the Hana center, in the southern city of Gumi.

“The malware was planted through emails sent by an internal address,” a ministry official told reporters on condition of anonymity, due to the sensitivity of the issue, referring to a Hana center email account.

The Hana center is among 25 institutes the ministry runs around the country to help some 32,000 defectors adjust to life in the richer, democratic South by providing jobs, medical and legal support.

Defectors, most of whom risked their lives to flee poverty and political oppression, are a source of shame for North Korea. Its state media often denounces them as “human scum” and accuses South Korean spies of kidnapping some of them.

The ministry official declined to say if North Korea was believed to have been behind the hack, or what the motive might have been, saying a police investigation was under way to determine who did it.

North Korean hackers have in the past been accused of cyber attacks on South Korean state agencies and businesses.

North Korea stole classified documents from the South’s defense ministry and a shipbuilder last year, while a cryptocurrency exchange filed for bankruptcy following a cyber attack linked to the North.

North Korean state media has denied those cyber attacks.

The latest data breach comes at a delicate time for the two Koreas which have been rapidly improving their relations after years of confrontation.

The Unification Ministry said it was notifying the affected defectors and there were no reports of any negative impact of the data breach.

“We’re sorry this has happened and will make efforts to prevent it from recurring,” the ministry official said.

Several defectors, including one who became a South Korean television celebrity, have disappeared in recent years only to turn up later in North Korean state media, criticizing South Korea and the fate of defectors.

(Reporting by Hyonhee Shin; Editing by Robert Birsel)

Chinese hacking against U.S. on the rise: U.S. intelligence official

A staff member sets up Chinese and U.S. flags for a meeting in Beijing, China April 27, 2018. REUTERS/Jason Lee

By Jim Finkle and Christopher Bing

NEW YORK (Reuters) – A senior U.S. intelligence official warned on Tuesday that Chinese cyber activity in the United States had risen in recent months, and the targeting of critical infrastructure in such operations suggested an attempt to lay the groundwork for future disruptive attacks.

”You worry they are prepositioning against critical infrastructure and trying to be able to do the types of disruptive operations that would be the most concern,” National Security Agency official Rob Joyce said in response to a question about Chinese hacking at a Wall Street Journal conference.

Joyce, a former White House cyber advisor for President Donald Trump, did not elaborate or provide an explanation of what he meant by critical infrastructure, a term the U.S. government uses to describe industries from energy and chemicals to financial services and manufacturing.

In the past, the U.S. government has openly blamed hackers from Iran, Russia or North Korea for disruptive cyberattacks against U.S. companies, but not China. Historically, Chinese hacking operations have been more covert and focused on espionage and intellectual property theft, according to charges filed by the Justice Department in recent years.

A spokesperson for Joyce said he was specifically referring to digital attacks against the U.S. energy, financial, transportation, and healthcare sectors in his speech on Tuesday.

The comments follow the arrest by Canadian authorities of Meng Wanzhou, chief financial officer of Chinese telecommunications giant Huawei Technologies, at the request of the United States on Dec. 1. Wanzhou was extradited and faces charges in the U.S. related to sanctions violations.

(Reporting by Jim Finkle and Christopher Bing; Editing by Bernadette Baum)

What is Russia’s GRU military intelligence agency?

A general view shows the headquarters of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation, formerly known as the Main Intelligence Directorate (GRU), in Moscow, Russia October 4, 2018. REUTERS/Stringer

By Guy Faulconbridge

LONDON (Reuters) – The West has accused Russia’s military intelligence agency (GRU) of running what it described as a global hacking campaign, targeting institutions from sports anti-doping bodies to a nuclear power company and the chemical weapons watchdog.

What is GRU and what does it do?

What is the GRU?

Russia’s military intelligence service is commonly known by the Russian acronym GRU, which stands for the Main Intelligence Directorate. Its name was formally changed in 2010 to the Main Directorate (or just GU) of the general staff, but its old acronym – GRU – is still more widely used.

Its published aims are the supply of military intelligence to the Russian president and government. Additional aims include ensuring Russia’s military, economic and technological security.

The GRU answers directly to the chief of the general staff, Valery Gerasimov, and the Russian defense minister, Sergei Shoigu, each of whom are thought to have access to Russia’s portable nuclear briefcase.

Russia’s two other main intelligence and security services were both created from the Soviet-era KGB: the Foreign Intelligence Service, or SVR, and the Federal Security Service, or FSB.

What are the GRU’s capabilities?

According to a Western assessment of GRU seen by Reuters, the GRU has a long-running program to run ‘illegal’ spies – those who work without diplomatic cover and who live under an assumed identity for years until orders from Moscow.

“It has a long-running program of ‘illegals’ reserved for the most sensitive or deniable tasks across the spectrum of GRU operations,” the assessment said.

The GRU is seen as a major Russian cyber player.

“It plays an increasingly important role in Russia’s development of Information Warfare (both defensive and offensive),” according to the Western assessment.

“It is an aggressive and well-funded organization which has the direct support of – and access to – [Russian President Vladimir] Putin, allowing freedom in its activities and leniency with regards to diplomatic and legislative scrutiny,” according to the assessment.

The GRU also has a considerable special forces unit. They are the elite of the Russian military.

“I don’t like rankings but the GRU is in the top levels of this business,” Onno Eichelsheim, director of the Netherlands Defence Intelligence and Security Service, told Reuters. “They are a very real threat.”

What are Western claims about GRU?

– The United States sanctioned GRU officers including its chief, Igor Korobov, for cyber attempts to interfere in the 2016 presidential election. Russia denied meddling in the election.

– Britain said two GRU officers attempted to murder former GRU double agent Sergei Skripal with Novichok. Russia denied any involvement.

– Britain said GRU was behind the BadRabbit attack of 2017, the hack of the Democratic National Committee in 2016, and attacks on the computer systems of both the Foreign Office and the Defence Science and Technology Laboratory in 2018. Russia said the accusations were fiction.

– The Netherlands said it caught four GRU cyberspies trying to hack into the Organization for the Prohibition of Chemical Weapons. It said the same group, known as unit 26165, had targeted the investigation into the downing of Malaysia Airlines flight MH-17.

– The United States charged seven GRU officers with plots to hack the World Anti-Doping Agency which had exposed a Russian doping program.

– GRU played a significant role in the 2014 annexation of Crimea, the conflict in Ukraine and the 2008 conflict with Georgia.

Note: The GRU does not have its own public web site and does not comment publicly on its actions. Its structure, staff numbers and financing are state secrets.

What is GRU’s history?

Russian spies trace their history back to at least the reign of Ivan the Terrible in the 16th Century, who established a feared espionage service.

The GRU was founded as the Registration Directorate in 1918 after the Bolshevik Revolution. Soviet state founder Vladimir Lenin insisted on its independence from other secret services, which saw it as a rival.

While the once mighty KGB was broken up during the 1991 collapse of the Soviet Union, the GRU remained intact.

GRU officers played a significant role in some of the key junctures of the Cold War and post-Soviet history – from the Cuban Missile crisis to Afghan war and the annexation of Crimea.

The public was given a rare chance to see parts of the GRU’s Moscow headquarters when Putin visited it in 2006. He was shown taking part in shooting practice.

(Editing by Richard Balmforth)

Britain says Russian military intelligence behind host of global cyber attacks

FILE PHOTO: Russian President Vladimir Putin and a masked security officer stand at a shooting gallery of the new GRU military intelligence headquarters building as he visits it in Moscow, Russia November 8, 2006.REUTERS/ITAR-TASS/PRESIDENTIAL PRESS SERVICE/File Photo

By Guy Faulconbridge and Anthony Deutsch

THE HAGUE (Reuters) – Britain accused Russian military intelligence on Thursday of directing a host of cyber attacks aimed at undermining Western democracies by sowing confusion in everything from the 2016 U.S. presidential election to the global chemical weapons watchdog.

In a British assessment based on work by its National Cyber Security Centre (NCSC), Russian military intelligence (GRU) was cast as a pernicious cyber aggressor which used a network of hackers to spread discord across the world.

GRU, Britain said, was almost certainly behind the BadRabbit and World Anti-Doping Agency attacks of 2017, the hack of the Democratic National Committee (DNC) in 2016 and the theft of emails from a UK-based TV station in 2015.

The Netherlands said it had caught four GRU officers red-handed as they tried to hack into the Organization for the Prohibition of Chemical Weapons from a hotel next door in April.

“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries,” said British Foreign Secretary Jeremy Hunt.

“Our message is clear – together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability,” Hunt said. Britain believes the Russian government is responsible for the attacks.

Maria Zakharova, a spokeswoman for the Russian Ministry of Foreign Affairs, told a news briefing that the British accusations were the product of someone with a “rich imagination”.

“It’s some kind of a diabolical perfume cocktail (of allegations),” TASS quoted Zakharova as telling reporters.

Though less well known than the Soviet Union’s once mighty KGB, Russia’s military intelligence service played a major role in some of the biggest events of the past century, from the Cuban missile crisis to the annexation of Crimea.

RUSSIAN CYBER POWER?

Though commonly known by the acronym GRU, which stands for the Main Intelligence Directorate, its name was formally changed in 2010 to the Main Directorate of the General Staff (or just GU). Its old acronym – GRU – is still more widely used.

It has agents across the globe and answers directly to the chief of the general staff and the Russian defense minister. The GRU does not comment publicly on its actions. Its structure, staff numbers and financing are Russian state secrets.

The GRU traces its history back to the times of Ivan the Terrible, though it was founded as the Registration Directorate in 1918 after the Bolshevik Revolution. Vladimir Lenin insisted on its independence from other secret services.

British Prime Minister Theresa May has said GRU officers used a nerve agent to try to kill former double agent Sergei Skripal, who was found unconscious in the English city of Salisbury in March. Russia has repeatedly denied the charges.

After the Skripal poisoning, the West agreed with Britain’s assessment that Russian military intelligence was to blame and launched the biggest expulsion of Russian spies working under diplomatic cover since the height of the Cold War.

According to a presentation by the head of the Netherlands’ military intelligence agency, four Russians arrived in the Netherlands on April 10 and were caught with spying equipment at a hotel located next to the OPCW headquarters.

At the time, the OPCW was working to verify the identity of the substance used in the Salisbury attack. It was also seeking to verify the identity of a substance used in an attack in Douma, Syria.

Russian President Vladimir Putin, himself a former KGB spy, said on Wednesday that Skripal, a GRU officer who betrayed dozens of agents to Britain’s MI6 foreign spy service, was a “scumbag” who had betrayed Russia.

Britain said the GRU was associated with a host of hackers including APT 28, Fancy Bear, Sofacy, Pawnstorm, Sednit, CyberCaliphate, Cyber Berkut, Voodoo Bear and BlackEnergy Actors.

“This pattern of behavior demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences,” Foreign Secretary Hunt said.

The United States sanctioned GRU officers including its chief, Igor Korobov, in 2016 and 2018 for attempted interference in the 2016 U.S. election and cyber attacks.

Australia and New Zealand backed the United Kingdom’s findings on the GRU.

“Cyberspace is not the Wild West. The International Community – including Russia – has agreed that international law and norms of responsible state behavior apply in cyberspace,” Australia’s Prime Minister Scott Morrison said.

“By embarking on a pattern of malicious cyber behavior, Russia has shown a total disregard for the agreements it helped to negotiate,” Morrison said.

(Additional reporting by Stephanie van den Berg and Colin Packham; Editing by Stephen Addison)

U.S. warns again on hacks it blames on North Korea

A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

(Reuters) – The U.S. government on Tuesday released an alert with technical details about a series of cyber attacks it blamed on the North Korean government that stretch back to at least 2009.

The warning is the latest from the Department of Homeland Security and the Federal Bureau of Investigation about hacks that the United States charges were launched by the North Korean government.

A representative with Pyongyang’s mission to the United Nations declined comment. North Korea has routinely denied involvement in cyber attacks against other countries.

The report was published as U.S. and North Korean negotiators work to resuscitate plans for a possible June 12 summit between leaders of the two nations. The FBI and DHS released a similar report in June 2017, when relations were tense between Washington and Pyongyang due to North Korea’s missile tests.

The U.S. government uses the nickname “Hidden Cobra” to describe cyber operations by the North Korean government, which it says target the media, aerospace and financial sectors and critical infrastructure in the United States and around the globe.

Tuesday’s report did not identify specific victims, though it cited a February 2016 report from several security firms that blamed the same group for a 2014 cyber attack on Sony Pictures Entertainment.

The alert provided a list of 87 IP addresses, four malicious files and two email addresses it said were associated with “Hidden Cobra.”

Last year’s alert was published on the same day that North Korea released American university student Otto Warmbier, who died days after his return to the United States following 17 months of captivity by Pyongyang

(Reporting by Jim Finkle in Toronto; Additional reporting by Rodrigo Campos in New York; Editing by Leslie Adler)

Tech firms, including Microsoft, Facebook, vow not to aid government cyber attacks

Silhouettes of mobile users are seen next to a screen projection of Microsoft logo in this picture illustration taken March 28, 2018. REUTERS/Dado Ruvic/Illustration

By Dustin Volz

SAN FRANCISCO (Reuters) – Microsoft, Facebook and more than 30 other global technology companies on Tuesday announced a joint pledge not to assist any government in offensive cyber attacks.

The Cybersecurity Tech Accord, which vows to protect all customers from attacks regardless of geopolitical or criminal motive, follows a year that witnessed an unprecedented level of destructive cyber attacks, including the global WannaCry worm and the devastating NotPetya attack.

“The devastating attacks from the past year demonstrate that cyber security is not just about what any single company can do but also about what we can all do together,” Microsoft President Brad Smith said in a statement. “This tech sector accord will help us take a principled path toward more effective steps to work together and defend customers around the world.”

Smith, who helped lead efforts to organize the accord, was expected to discuss the alliance in a speech on Tuesday at the RSA cyber security conference in San Francisco.

The accord also promised to establish new formal and informal partnerships within the industry and with security researchers to share threats and coordinate vulnerability disclosures.

The pledge builds on an idea for a so-called Digital Geneva Convention Smith rolled out at least year’s RSA conference, a proposal to create an international body to protect civilians from state-sponsored hacking.

Countries, Smith said then, should develop global rules for cyber attacks similar to those established for armed conflict at the 1949 Geneva Convention that followed World War Two.

In addition to Microsoft and Facebook, 32 other companies signed the pledge, including Cisco, Juniper Networks, Oracle, Nokia, SAP, Dell and cyber security firms Symantec, FireEye and Trend Micro.

The list of companies does not include any from Russia, China, Iran or North Korea, widely viewed as the most active in launching destructive cyber attacks against their foes.

Major U.S. technology companies Amazon, Apple, Alphabet and Twitter also did not sign the pledge.

(Reporting by Dustin Volz; Editing by Dan Grebler)

U.S., Britain blame Russia for global cyber attack

A man poses inside a server room at an IT company in this June 19, 2017 illustration photo. REUTERS/Athit Perawongmetha/Illustration

By Jim Finkle and Doina Chiacu

(Reuters) – The United States and Britain on Monday accused Russia of launching cyber attacks on computer routers, firewalls and other networking equipment used by government agencies, businesses and critical infrastructure operators around the globe.

Washington and London issued a joint alert saying the campaign by Russian government-backed hackers was intended to advance spying, intellectual property theft and other “malicious” activities and could be escalated to launch offensive attacks.

It followed a series of warnings by Western governments that Moscow is behind a string of cyber attacks. The United States, Britain and other nations in February accused Russia of releasing the “NotPetya” virus, which in 2017 crippled parts of Ukraine’s infrastructure and damaged computers across the globe, costing companies billions of dollars.

The Kremlin did not immediately respond to a request for comment. But Russia’s embassy in London issued a statement citing British accusations of cyber threats from Moscow as “striking examples of a reckless, provocative and unfounded policy against Russia.”

Moscow has denied previous accusations that it carried out cyber attacks on the United States and other countries.

U.S. intelligence agencies last year accused Russia of interfering in the 2016 election with a hacking and propaganda campaign supporting Donald Trump’s campaign for president. Last month the Trump administration blamed Russia for a campaign of cyber attacks that targeted the U.S. power grid.

American and British officials said that the attacks disclosed on Monday affected a wide range of organizations including internet service providers, private businesses and critical infrastructure providers. They did not identify victims or provide details on the impact of the attacks.

“When we see malicious cyber activity, whether it be from the Kremlin or other malicious nation-state actors, we are going to push back,” said Rob Joyce, the White House cyber security coordinator.

Relations between Russia and Britain were already on edge after Prime Minister Theresa May blamed Moscow for the March 4 nerve agent poisoning of former Russian spy Sergei Skripal and his daughter Yulia in the city of Salisbury.

“This is yet another example of Russia’s disregard for international norms and global order – this time through a campaign of cyber espionage and aggression, which attempts to disrupt governments and destabilize business,” a British government spokesman said in London.

Britain and the United States said they issued the new alert to help targets protect themselves and persuade victims to share information with government investigators so they can better understand the threat.

“We don’t have full insight into the scope of the compromise,” said U.S. Department of Homeland Security cyber security official Jeanette Manfra.

The alert is not related to the suspected chemical weapons attack in a town in Syria that prompted a U.S.-led military strike over the weekend targeting facilities of the Russian-backed Syrian government, Joyce said.

Shortly after the announcement, the White House said Joyce would leave his post and return to the U.S. National Security Agency.

U.S. and British officials warned that infected routers could be used to launch future offensive cyber operations.

“They could be pre-positioning for use in times of tension,” said Ciaran Martin, chief executive of the British government’s National Cyber Security Centre cyber defense agency, who added that “millions of machines” were targeted.

(Reporting by Jim Finkle and Doina Chiacu; Additional reporting by Estelle Shirbon in London, John Walcott and Makini Brice in Washington and Jack Stubbs and Maxim Rodionov in Moscow; Writing by Will Dunham; Editing by James Dalgleish)

After nerve agent attack, NATO sees pattern of Russian interference

NATO Secretary-General Jens Stoltenberg addresses a news conference at the Alliance headquarters in Brussels, Belgium, March 15, 2018. REUTERS/Yves Herma

By Robin Emmott

BRUSSELS (Reuters) – NATO accused Russia on Thursday of trying to destabilize the West with new nuclear weapons, cyber attacks and covert action, including the poisoning of a Russian former double agent in Britain, that blurred the line between peace and war.

NATO Secretary-General Jens Stoltenberg told reporters the use of the Novichok nerve agent against Sergei Skripal and his daughter “happened against a backdrop of a reckless pattern of Russian behavior over many years”.

Russia denies any involvement and says it is the U.S.-led Atlantic alliance that is a risk to peace in Europe.

Stoltenberg, who will meet British Foreign Secretary Boris Johnson on Monday in Brussels, said Russia was mixing nuclear and conventional weapons in military doctrine and exercises, which lowered the threshold for launching nuclear attacks, and increasingly deploying “hybrid tactics” such as soldiers without insignia.

Stoltenberg listed Russia’s 2014 annexation of Crimea, its direct support for separatists in Ukraine, its military presence in Moldova and Georgia, meddling in Western elections and its involvement in the war in Syria as evidence of Russia’s threat.

He cited the development of new nuclear weapons, which President Vladimir Putin unveiled in a bellicose speech on March 1, as another worrying development.

“BLURRING THE LINE”

He also accused Moscow of a “blurring of the line between peace, crisis and war”, which he said was “destabilizing and dangerous”.

Britain’s ambassador to the alliance briefed NATO envoys in the North Atlantic Council on Wednesday, and Stoltenberg said Britain’s National Security Adviser Mark Sedwill would address the Council later on Thursday.

While Stoltenberg stressed there had been no request from London to activate the Western military alliance’s mutual defense clause, he said Russia must be deterred.

“The UK will respond and is responding in a proportionate and measured way … I fully support there is a need for a response, because there must be consequences when we see actions like those in Salisbury,” he said.

NATO has deployed significant ground forces to the Baltic countries and Poland to dissuade Russia from repeating any Crimea-like seizures. But Stoltenberg said there was little for NATO as an alliance to do immediately in response to the nerve agent attack, beyond giving Britain strong political support.

(Reporting by Robin Emmott; editing by Philip Blenkinsop and Kevin Liffey)

Russia looms large as U.S. election officials prep for 2018

People walk by the U.S. Capitol building in Washington, U.S., February 8, 2018. REUTERS/ Leah Millis

By Dustin Volz

WASHINGTON (Reuters) – Ten months before the United States votes in its first major election since the 2016 presidential contest, U.S. state election officials huddled in Washington this weekend to swap strategies on dealing with an uninvited guest: Russia.

A pair of conferences usually devoted to staid topics about election administration were instead packed with sessions dedicated to fending off election cyber attacks from Russia or others, as federal authorities tried to portray confidence while pleading with some states to take the threat more seriously.

“Everyone in this room understands that what we are facing from foreign adversaries, particularly Russia, is real,” Chris Krebs, a senior cybersecurity official at the Department of Homeland Security (DHS), told an audience of secretaries of state, who in many states oversee elections. Russia, he added, is “using a range of tools against us.”

The department said last year that 21 states had experienced initial probing of their systems from Russian hackers and that a small number of networks were compromised. Voting machines were not directly affected and there remains no evidence any vote was altered, officials say.

While virtually all 50 states have taken steps since the 2016 election to purchase more secure equipment, expand the use of paper ballots, improve cyber training or seek federal assistance, according to groups that track election security, some officials at the conferences expressed an added sense of urgency.

That is because the meetings came immediately after U.S. Special Counsel Robert Mueller unsealed an indictment accusing 13 Russians and three Russian companies of conducting a criminal conspiracy to interfere in the 2016 election.

The charges alleged a sophisticated multi-year operation carried out by a Russian propaganda factory to use false personas on social media to boost Donald Trump’s campaign. Russia has repeatedly denied it attempted to meddle.

“Loud and clear I hear that the biggest threat is this campaign of disinformation as opposed to the election process itself,” said Denise Merrill, Connecticut’s secretary of state, a Democrat.

DHS has taken the lead on working with states to improve voting machine security, but no federal agency is specifically responsible for combating online propaganda.

Several secretaries of state said they needed more rapid notification from federal partners about not just attempts to breach voting systems but disinformation campaigns as well.

“I don’t want to find out about propaganda two years later, after I elect my congressman,” said Mississippi Secretary of State Delbert Hosemann, a Republican, in an interview while clutching his own printed copy of the 37-page indictment.

Frustration boiled over at times among the secretaries of state, some of whom criticized a classified briefings U.S. intelligence agencies held with them over the weekend as largely unhelpful.

Federal officials, they said, continued to provide inadequate information to states about the nature of the Russian cyber threat and how to protect against it.

“I would have thought that behind closed doors, I would have heard, ‘This is why this has to be classified.’ And I heard none of it,” said West Virginia Secretary of State Mac Warner, a Republican. Still, other secretaries of state and election directors said relationships with DHS had improved dramatically compared with a year ago.

Speaking on a panel and attempting to quell frustration, Robert Kolasky, another DHS cybersecurity official, stressed that U.S. intelligence officials were genuinely worried about how Russia or others may attempt to interfere in 2018.

“There are reasons we are worried that things could become more serious,” Kolasky said. “The Russians got close enough, and we anticipate it could be different, or worse, the next time around,” he said.

(Reporting by Dustin Volz; Editing by Daniel Wallis)