Tag Archives: Cyber Security

White House pledges to step up cyber offense on hackers

FILE PHOTO: A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

By Christopher Bing

WASHINGTON (Reuters) – The White House warned foreign hackers on Thursday it will increase offensive measures as part of a new national cyber security strategy.

The move comes as U.S. intelligence officials expect a flurry of digital attacks ahead of the Nov. 6 congressional elections.

The strategy provides federal agencies with new guidance for how to protect themselves and the private data of Americans, White House National Security Adviser John Bolton told reporters.

Bolton said the policy change was needed “not because we want more offensive operations in cyberspace but precisely to create the structures of deterrence that will demonstrate to adversaries that the cost of their engaging in operations against us is higher than they want to bear.”

The new policy also outlines a series of broad priorities, including the need to develop global internet policies and a competent domestic cybersecurity workforce.

It follows a recent Trump administration decision to reverse an Obama-era directive, known as PPD-20, which established an exhaustive approval process for the military to navigate in order to launch hacking operations. Bolton said the removal provided more leeway to respond to foreign cyber threats.

“In general, I think there is new tone in the policy but not much new policy other than the revocation of PPD-20, which had already been announced,” Ari Schwartz, White House National Security Council cybersecurity director under President Barack Obama, told Reuters.

“In my experience it has not been deterrence policies that held back response, but the inability of agencies to execute,” he said.

“I guess we will see what happens if this strategy really leads to less oversight, but a lack of oversight will likely lead to a lot of confusing finger-pointing in the wake of any failure.”

(Reporting by Christopher Bing; editing by Lisa Shumaker and Dan Grebler)

Exclusive: Iran-based political influence operation – bigger, persistent, global

FILE PHOTO: Silhouettes of mobile users are seen next to a screen projection of Instagram logo in this picture illustration taken March 28, 2018. REUTERS/Dado Ruvic/Illustration

By Jack Stubbs and Christopher Bing

LONDON/WASHINGTON (Reuters) – An apparent Iranian influence operation targeting internet users worldwide is significantly bigger than previously identified, Reuters has found, encompassing a sprawling network of anonymous websites and social media accounts in 11 different languages.

Facebook and other companies said last week that multiple social media accounts and websites were part of an Iranian project to covertly influence public opinion in other countries. A Reuters analysis has identified 10 more sites and dozens of social media accounts across Facebook, Instagram, Twitter and YouTube.

U.S.-based cybersecurity firm FireEye Inc and Israeli firm ClearSky reviewed Reuters’ findings and said technical indicators showed the web of newly-identified sites and social media accounts – called the International Union of Virtual Media, or IUVM – was a piece of the same campaign, parts of which were taken down last week by Facebook Inc, Twitter Inc and Alphabet Inc.

IUVM pushes content from Iranian state media and other outlets aligned with the government in Tehran across the internet, often obscuring the original source of the information such as Iran’s PressTV, FARS news agency and al-Manar TV run by the Iran-backed Shi’ite Muslim group Hezbollah.

PressTV, FARS, al-Manar TV and representatives for the Iranian government did not respond to requests for comment. The Iranian mission to the United Nations last week dismissed accusations of an Iranian influence campaign as “ridiculous.”

The extended network of disinformation highlights how multiple state-affiliated groups are exploiting social media to manipulate users and further their geopolitical agendas, and how difficult it is for tech companies to guard against political interference on their platforms.

In July, a U.S. grand jury indicted 12 Russians whom prosecutors said were intelligence officers, on charges of hacking political groups in the 2016 U.S. presidential election. U.S. officials have said Russia, which has denied the allegations, could also attempt to disrupt congressional elections in November.

Ben Nimmo, a senior fellow at the Atlantic Council’s Digital Forensic Research Lab who has previously analyzed disinformation campaigns for Facebook, said the IUVM network displayed the extent and scale of the Iranian operation.

“It’s a large-scale amplifier for Iranian state messaging,” Nimmo said. “This shows how easy it is to run an influence operation online, even when the level of skill is low. The Iranian operation relied on quantity, not quality, but it stayed undetected for years.”

FURTHER INVESTIGATIONS

Facebook spokesman Jay Nancarrow said the company is still investigating accounts and pages linked to Iran and had taken more down on Tuesday.

“This is an ongoing investigation and we will continue to find out more,” he said. “We’re also glad to see that the information we and others shared last week has prompted additional attention on this kind of inauthentic behavior.”

Twitter referred to a statement it tweeted on Monday shortly after receiving a request for comment from Reuters. The statement said the company had removed a further 486 accounts for violating its terms of use since last week, bringing the total number of suspended accounts to 770.

“Fewer than 100 of the 770 suspended accounts claimed to be located in the U.S. and many of these were sharing divisive social commentary,” Twitter said.

Google declined to comment but took down the IUVM TV YouTube account after Reuters contacted the company with questions about it. A message on the page on Tuesday said the account had been “terminated for a violation of YouTube’s Terms of Service.”

IUVM did not respond to multiple emails or social media messages requesting comment.

The organization does not conceal its aims, however. Documents on the main IUVM website  said its headquarters are in Tehran and its objectives include “confronting with remarkable arrogance, western governments, and Zionism front activities.”

APP STORE AND SATIRICAL CARTOONS

IUVM uses its network of websites – including a YouTube channel, breaking news service, mobile phone app store, and a hub for satirical cartoons mocking Israel and Iran’s regional rival Saudi Arabia – to distribute content taken from Iranian state media and other outlets which support Tehran’s position on geopolitical issues.

Reuters recorded the IUVM network operating in English, French, Arabic, Farsi, Urdu, Pashto, Russian, Hindi, Azerbaijani, Turkish and Spanish.

Much of the content is then reproduced by a range of alternative media sites, including some of those identified by FireEye last week as being run by Iran while purporting to be domestic American or British news outlets.

For example, an article run by in January by Liberty Front Press – one of the pseudo-U.S. news sites exposed by FireEye – reported on the battlefield gains made by the army of Iranian ally Syrian President Bashar al-Assad. That article was sourced to IUVM but actually lifted from two FARS news agency stories.

FireEye analyst Lee Foster said iuvmpress.com, one of the biggest IUVM websites, was registered in January 2015 with the same email address used to register two sites already identified as being run by Iran. ClearSky said multiple IUVM sites were hosted on the same server as another website used in the Iranian operation.

(Reporting by Jack Stubbs in LONDON, Christopher Bing in WASHINGTON; Additional reporting by Bozorgmehr Sharafedin in LONDON; Editing by Damon Darlin and Grant McCool)

Russian hackers targeted U.S. Senate, think tanks: Microsoft

FILE PHOTO: A Microsoft logo is seen in Los Angeles, California U.S. November 7, 2017. REUTERS/Lucy Nicholson/File Phot

By Brendan O’Brien

(Reuters) – Microsoft Corp charged that hackers linked to Russia’s government sought to launch cyber attacks on the U.S. Senate and conservative American think tanks, warning that Moscow is broadening attacks ahead of November’s congressional elections.

The world’s biggest software company said late on Monday that it last week took control of six web domains that hackers had created to mimic sites belonging to the Senate and the think tanks. Users who visited the fake sites were asked to enter login credentials.

It is the latest in a string of actions Microsoft has taken to thwart what it charges are Russian government hacking attempts. The company said it has shut down 84 fake websites in 12 court-approved actions over the past two years.

“We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections,” Microsoft President Brad Smith said in a blog post.

Microsoft said it had no evidence that the hackers had succeeded in compromising any user credentials before it took control of the malicious sites.

The Kremlin rejected the Microsoft allegations and said there was no evidence to support them.

“We don’t know what hackers they are talking about,” Kremlin spokesman Dmitry Peskov told reporters. “Who exactly are they talking about? We don’t understand what the proof and the basis is for them drawing these kind of conclusions. Such information (proof) is lacking.”

Moscow has repeatedly dismissed allegations that it has used hackers to influence U.S. elections and political opinion.

The targets, Microsoft said, included the International Republican Institute, whose high-profile Republican board members include Senator John McCain of Arizona, who has criticized U.S. President Donald Trump’s interactions with Russia and Moscow’s rights record.

The Hudson Institute, another target, has hosted discussions on topics including cyber security, according to Microsoft. It has also examined the rise of kleptocracy, especially in Russia, and has been critical of the Russian government.

Other malicious domains were used to mimic legitimate sites used by the U.S. Senate and Microsoft’s Office software suite, the company said.

CYBER TENSIONS

Microsoft’s report came amid increasing tensions between Moscow and Washington ahead of midterm elections in November.

A U.S. federal grand jury indicted 12 Russian intelligence officers in July on charges of hacking the computer networks of 2016 Democratic presidential candidate Hillary Clinton and the Democratic Party.

Special Counsel Robert Mueller is investigating Russia’s role in the 2016 election and whether Trump’s campaign worked with Russians to sway the vote. Russia denies interfering in the elections and Trump has denied any collusion.

The type of attack is known as “spear fishing,” in which the hackers trick victims into entering their username and password into a fake site in order to steal their credentials.

Facebook Inc said late last month it had removed 32 pages and fake accounts from its platforms in a bid to combat foreign meddling ahead of the U.S. votes.

The company stopped short of identifying the source of the misinformation. But members of Congress who had been briefed by Facebook on the matter said the methodology of the influence campaign suggested Russian involvement.

(Reporting by Brendan O’Brien; Additional reporting by Andrew Osborn and Tom Balmforth in Moscow; Editing by Jim Finkle and Steve Orlofsky)

More U.S. states deploy technology to track election hacking attempts

FILE PHOTO: A man types into a keyboard during the Def Con hacker convention in Las Vegas, Nevada, U.S. on July 29, 2017. REUTERS/Steve Marcus/File Photo

By Christopher Bing

WASHINGTON (Reuters) – A majority of U.S. states has adopted technology that allows the federal government to see inside state computer systems managing voter data or voting devices in order to root out hackers.

Two years after Russian hackers breached voter registration databases in Illinois and Arizona, most states have begun using the government-approved equipment, according to three sources with knowledge of the deployment. Voter registration databases are used to verify the identity of voters when they visit polling stations.

The rapid adoption of the so-called Albert sensors, a $5,000 piece of hardware developed by the Center for Internet Security https://www.cisecurity.org, illustrates the broad concern shared by state government officials ahead of the 2018 midterm elections, government cybersecurity experts told Reuters.

CIS is a nonprofit organization based in East Greenbush, N.Y., that helps governments, businesses and organization fight computer intrusions.

“We’ve recently added Albert sensors to our system because I believe voting systems have tremendous vulnerabilities that we need to plug; but also the voter registration systems are a concern,” said Neal Kelley, chief of elections for Orange County, California.

“That’s one of the things I lose sleep about: It’s what can we do to protect voter registration systems?”

As of August 7, 36 of 50 states had installed Albert at the “elections infrastructure level,” according to a Department of Homeland Security official. The official said that 74 individual sensors across 38 counties and other local government offices have been installed. Only 14 such sensors were installed before the U.S. presidential election in 2016.

“We have more than quadrupled the number of sensors on state and county networks since 2016, giving the election community as a whole far greater visibility into potential threats than we’ve ever had in the past,” said Matthew Masterson, a senior adviser on election security for DHS.

The 14 states that do not have a sensor installed ahead of the 2018 midterm elections have either opted for another solution, are planning to do so shortly or have refused the offer because of concerns about federal government overreach. Those 14 states were not identified by officials.

But enough have installed them that cybersecurity experts can begin to track intrusions and share that information with all states. The technology directly feeds data about cyber incidents through a non-profit cyber intelligence data exchange and then to DHS.

“When you start to get dozens, hundreds of sensors, like we have now, you get real value,” said John Gilligan, the chief executive of CIS.

“As we move forward, there are new sensors that are being installed literally almost every day. Our collective objective is that all voter infrastructure in states has a sensor.”

Top U.S. intelligence officials have predicted that hackers working for foreign governments will target the 2018 and 2020 elections.

Maria Benson, a spokesperson for the National Association of Secretaries of States, said that in some cases installations have been delayed because of the time spent working out “technical and contractual arrangements.”

South Dakota and Wyoming are among the states without Albert fully deployed to protect election systems, a source with knowledge of the matter told Reuters.

The South Dakota Secretary of State’s office did not respond to a request for comment. The Wyoming Secretary of State’s office said it is currently considering expanding use of the sensors.

(Reporting by Chris Bing; Editing by Damon Darlin and Dan Grebler)

Chinese hackers targeted U.S. firms, government after trade mission: researchers

A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

By Christopher Bing and Jack Stubbs

WASHINGTON/LONDON (Reuters) – Hackers operating from an elite Chinese university probed American companies and government departments for espionage opportunities following a U.S. trade delegation visit to China earlier this year, security researchers told Reuters.

Cybersecurity firm Recorded Future said the group used computers at China’s Tsinghua University to target U.S. energy and communications companies, and the Alaskan state government, in the weeks before and after Alaska’s trade mission to China. Led by Governor Bill Walker, companies and economic development agencies spent a week in China in May.

Organizations involved in the trade mission were subject to focused attention from Chinese hackers, underscoring the tensions around an escalating tit-for-tat trade war between Washington and Beijing.

China was Alaska’s largest foreign trading partner in 2017 with over $1.32 billion in exports.

Recorded Future said in a report to be released later on Thursday that the websites of Alaskan internet service providers and government offices were closely inspected in May by university computers searching for security flaws, which can be used by hackers to break into normally locked and confidential systems.

The Alaskan government was again scanned for software vulnerabilities in June, just 24 hours after Walker said he would raise concerns in Washington about the economic damage caused by the U.S.-China trade dispute.

A Tsinghua University official, reached by telephone, said the allegations were false.

“This is baseless. I’ve never heard of this, so I have no way to give a response,” said the official, who declined to give his name.

Tsinghua University, known as “China’s MIT,” is closely connected to Tsinghua Holdings, a state-backed company focused on the development of various technologies, including artificial intelligence and robotics.

China’s Defense Ministry did not respond to a request for comment.

Recorded Future gave a copy of its report to law enforcement. The FBI declined to comment.

It is unclear whether the targeted systems were compromised, but the highly focused, extensive and peculiar scanning activity indicates a “serious interest” in hacking them, said Priscilla Moriuchi, director of strategic threat development at Recorded Future and former head of the National Security Agency’s East Asia and Pacific cyber threats office.

“The spike in scanning activity at the conclusion of trade discussions on related topics indicates that the activity was likely an attempt to gain insight into the Alaskan perspective on the trip and strategic advantage in the post-visit negotiations,” Recorded Future said in the report.

The targeted organizations included Alaska Communications Systems Group In, Ensco Atwood Oceanics, the Alaska Department of Natural Resources, the Alaska governor’s office and regional internet service provider TelAlaska.

Alaska Communications declined to comment. The others did not respond to requests for comment.

U.S.-China trade tensions have escalated in recent months with both sides imposing a series of punitive tariffs and restrictions across multiple industries, and threatening more.

The economic conflict has also damaged cooperation in cyberspace following a 2015 agreement by Beijing and Washington to stop cyber-enabled industrial espionage, Moriuchi said.

“In the fall of 2015, cybersecurity cooperation was seen as a bright spot in the U.S.-China relationship,” she said.

“It was seen as a topic that the U.S. and China could actually have substantive discussions on. That’s not really the case anymore, especially with this trade war that both sides have vowed not to lose.”

(Reporting by Christopher Bing in Washington and Jack Stubbs in London; Additional reporting by Gao Liangping and Ben Blanchard in Beijing; Editing by Lisa Shumaker)

Boy, 11, hacks into replica U.S. vote website in minutes at convention

FILE PHOTO: A man takes part in a hacking contest during the Def Con hacker convention in Las Vegas, Nevada, U.S. on July 29, 2017. REUTERS/Steve Marcus/File Photo

(Reuters) – An 11-year-old boy managed to hack into a replica of Florida’s election results website in 10 minutes and change names and tallies during a hackers convention, organizers said, stoking concerns about security ahead of nationwide votes.

The boy was the quickest of 35 children, ages 6 to 17, who all eventually hacked into copies of the websites of six swing states during the three-day Def Con security convention over the weekend, the event said on Twitter on Tuesday.

The event was meant to test the strength of U.S. election infrastructure and details of the vulnerabilities would be passed onto the states, it added.

The National Association of Secretaries of State – who are responsible for tallying votes – said it welcomed the convention’s efforts. But it said the actual systems used by states would have additional protections.

“It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols,” the association said.

The hacking demonstration came as concerns swirl about election system vulnerabilities before mid-term state and federal elections.

U.S President Donald Trump’s national security team warned two weeks ago that Russia had launched “pervasive” efforts to interfere in the November polls.

Participants at the convention changed party names and added as many as 12 billion votes to candidates, the event said.

“Candidate names were changed to ‘Bob Da Builder’ and ‘Richard Nixon’s head’,” the convention tweeted.

The convention linked to what it said was the Twitter account of the winning boy – named there as Emmett Brewer from Austin, Texas.

A screenshot posted on the account showed he had managed to change the name of the winning candidate on the replica Florida website to his own and gave himself billions of votes.

The convention’s “Voting Village” also aimed to expose security issues in other systems such as digital poll books and memory-card readers.

(Reporting by Brendan O’Brien in Milwaukee; Editing by Andrew Heavens)

New genre of artificial intelligence programs take computer hacking to another level

FILE PHOTO: Servers for data storage are seen at Advania's Thor Data Center in Hafnarfjordur, Iceland August 7, 2015. REUTERS/Sigtryggur Ari

By Joseph Menn

SAN FRANCISCO (Reuters) – The nightmare scenario for computer security – artificial intelligence programs that can learn how to evade even the best defenses – may already have arrived.

That warning from security researchers is driven home by a team from IBM Corp. who have used the artificial intelligence technique known as machine learning to build hacking programs that could slip past top-tier defensive measures. The group will unveil details of its experiment at the Black Hat security conference in Las Vegas on Wednesday.

State-of-the-art defenses generally rely on examining what the attack software is doing, rather than the more commonplace technique of analyzing software code for danger signs. But the new genre of AI-driven programs can be trained to stay dormant until they reach a very specific target, making them exceptionally hard to stop.

No one has yet boasted of catching any malicious software that clearly relied on machine learning or other variants of artificial intelligence, but that may just be because the attack programs are too good to be caught.

Researchers say that, at best, it’s only a matter of time. Free artificial intelligence building blocks for training programs are readily available from Alphabet Inc’s Google and others, and the ideas work all too well in practice.

“I absolutely do believe we’re going there,” said Jon DiMaggio, a senior threat analyst at cybersecurity firm Symantec Corp. “It’s going to make it a lot harder to detect.”

The most advanced nation-state hackers have already shown that they can build attack programs that activate only when they have reached a target. The best-known example is Stuxnet, which was deployed by U.S. and Israeli intelligence agencies against a uranium enrichment facility in Iran.

The IBM effort, named DeepLocker, showed that a similar level of precision can be available to those with far fewer resources than a national government.

In a demonstration using publicly available photos of a sample target, the team used a hacked version of video conferencing software that swung into action only when it detected the face of a target.

“We have a lot of reason to believe this is the next big thing,” said lead IBM researcher Marc Ph. Stoecklin. “This may have happened already, and we will see it two or three years from now.”

At a recent New York conference, Hackers on Planet Earth, defense researcher Kevin Hodges showed off an “entry-level” automated program he made with open-source training tools that tried multiple attack approaches in succession.

“We need to start looking at this stuff now,” said Hodges. “Whoever you personally consider evil is already working on this.”

(Reporting by Joseph Menn; Editing by Jonathan Weber and Susan Fenton)

Facebook fakers get better at covering tracks, security experts say

FILE PHOTO: People are silhouetted as they pose with mobile devices in front of a screen projected with a Facebook logo, in this picture illustration taken in Zenica, October 29, 2014. REUTERS/Dado Ruvic/File Photo

By Christopher Bing

WASHINGTON (Reuters) – Creators of fake accounts and news pages on Facebook are learning from their past mistakes and making themselves harder to track and identify, posing new challenges in preventing the platform from being used for political misinformation, cybersecurity experts say.

This was apparent as Facebook tried to determine who created pages it said were aimed at sowing dissension among U.S. voters ahead of congressional elections in November. The company said on Tuesday it had removed 32 fake pages and accounts from Facebook and Instagram involved in what it called “coordinated inauthentic behavior.”

While the United States improves its efforts to monitor and root out such intrusions, the intruders keep getting better at it, said cyber security experts interviewed over the past two days.

Ben Nimmo, a senior fellow at the Washington-based Digital Forensic Research Lab, said he had noticed the latest pages used less original language, rather cribbing from copy already on the internet.

“Linguistic mistakes would give them away before, between 2014 and 2017,” Nimmo told Reuters. “In some of these newer cases it seems they’ve caught on to that by writing less (original material) when posting things. With their longer posts sometimes it’s just pirated, copy and pasted from some American website. That makes them less suspicious.”

Facebook’s prior announcement on the topic of fake accounts, in April, directly connected a Russian group known as the Internet Research Agency to a myriad of posts, events and propaganda that were placed on Facebook leading up to the 2016 U.S. presidential election.

This time, Facebook did not identify the source of the misinformation.

“It’s clear that whoever set up these accounts went to much greater lengths to obscure their true identities than the Russian-based Internet Research Agency (IRA) has in the past,” the company said in a blog post on Tuesday announcing the removal of the pages. “Our technical forensics are insufficient to provide high confidence attribution at this time.”

Facebook said it had shared evidence connected to the latest flagged posts with several private sector partners, including the Digital Forensic Research Lab, an organization founded by the Atlantic Council, a Washington think tank.

Facebook also said the use of virtual private networks, internet phone services, and domestic currency to pay for advertisements helped obfuscate the source of the accounts and pages. The perpetrators also used a third party, which Facebook declined to name, to post content.

Facebook declined to comment further, referring back to its blog post.

U.S. President Donald Trump’s top national security aides said on Thursday that Russia is behind “pervasive” attempts to interfere in November’s elections and that they expect attempts by Russia, and others, will continue into the 2020 elections.

They say they are concerned that attempts will be made to foment confusion and anger among various political groups in the United States and cause a distrust of the electoral process.

Two U.S. intelligence officials who requested anonymity told Reuters this week there was insufficient evidence to conclude that Russia was behind the latest Facebook campaign. However, one said, “the similarities, aims and methodology relative to the 2016 Russian campaign are quite striking.”

‘PREVIOUS MISTAKES’

Experts who track online disinformation campaigns said the groups who launch such efforts have changed how they post content and create posts.

“These actors are learning from previous mistakes,” said John Kelly, chief executive of social media intelligence firm Graphika, adding they do not use the same internet addresses or pay in foreign currency.

“And as more players in the world learn these dark arts, it’s easier for them to hide among the multiple actors deploying the same playbook,” he said.

Philip Howard, an Oxford University professor of internet studies and director of the Oxford Internet Institute, said that suspicious social media accounts like those taken down this week were once more easily identifiable because they shared the same information from high-profile publications like RT, the Russian English-language news service, or Breitbart News Network.

But now, the content they often share is more diverse and less discernible, coming from lesser known sites, including internet forums that mix political news with other topics, he said.

“The junk news they’re sharing is using better quality images, for example, more believable domains, less-known websites, smaller blogs,” Howard added.

U.S. intelligence agencies have concluded that Russia meddled in the 2016 presidential campaign using tactics including fake Facebook accounts. The Internet Research Agency was one of three Russian companies charged in February by U.S. Special Counsel Robert Mueller with conspiracy to tamper with the 2016 election.

Moscow has denied any election interference.

(Reporting by Christopher Bing in Washington; Additional reporting by John Walcott; Editing by Damon Darlin and Frances Kerry)

Pentagon creating software ‘do not buy’ list to keep out Russia, China

FILE PHOTO: An aerial view of the Pentagon building in Washington, June 15, 2005. REUTERS/Jason Reed

By Mike Stone

WASHINGTON (Reuters) – The Pentagon is working on a software “do not buy” list to block vendors who use software code originating from Russia and China, a top Defense Department acquisitions official said on Friday.

Ellen Lord, the undersecretary of defense for acquisition and sustainment, told reporters the Pentagon had been working for six months on a “do not buy” list of software vendors. The list is meant to help the Department of Defense’s acquisitions staff and industry partners avoid buying problematic code for the Pentagon and suppliers.

“What we are doing is making sure that we do not buy software that has Russian or Chinese provenance, for instance, and quite often that’s difficult to tell at first glance because of holding companies,” she told reporters gathered in a conference room near her Pentagon office.

The Pentagon has worked closely with the intelligence community, she said, adding “we have identified certain companies that do not operate in a way consistent with what we have for defense standards.”

Lord did not provide any further details on the list.

Lord’s comments were made ahead of the likely passage of the Pentagon’s spending bill by Congress as early as next week. The bill contains provisions that would force technology companies to disclose if they allowed countries like China and Russia to examine the inner workings of software sold to the U.S. military.

The legislation was drafted after a Reuters investigation found that software makers allowed a Russian defense agency to hunt for vulnerabilities in software used by some agencies of the U.S. government, including the Pentagon and intelligence agencies.

Security experts said allowing Russian authorities to look into the internal workings of software, known as source code, could help adversaries like Moscow or Beijing to discover vulnerabilities they could exploit to more easily attack U.S. government systems.

Lord added an upcoming report on the U.S. military supply chain will show that the Pentagon depends on foreign suppliers, including Chinese firms, for components in some military equipment.

She said the Pentagon also wants to strengthen its suppliers’ ability to withstand cyber attacks and will test their cybersecurity defenses by attempting to hack them.

The Pentagon disclosed the measures as the federal government looks to bolster cyber defenses following attacks on the United States that the government has blamed on Russia, North Korea, Iran, and China.

The Department of Homeland Security this week disclosed details about a string of cyber attacks that officials said put hackers working on behalf of the Russian government in a position where they could manipulate some industrial systems used to control infrastructure, including at least one power generator.

(Reporting by Mike Stone; Editing by Chris Sanders, Bernadette Baum and Jonathan Oatis)

Tech firms, including Microsoft, Facebook, vow not to aid government cyber attacks

Silhouettes of mobile users are seen next to a screen projection of Microsoft logo in this picture illustration taken March 28, 2018. REUTERS/Dado Ruvic/Illustration

By Dustin Volz

SAN FRANCISCO (Reuters) – Microsoft, Facebook and more than 30 other global technology companies on Tuesday announced a joint pledge not to assist any government in offensive cyber attacks.

The Cybersecurity Tech Accord, which vows to protect all customers from attacks regardless of geopolitical or criminal motive, follows a year that witnessed an unprecedented level of destructive cyber attacks, including the global WannaCry worm and the devastating NotPetya attack.

“The devastating attacks from the past year demonstrate that cyber security is not just about what any single company can do but also about what we can all do together,” Microsoft President Brad Smith said in a statement. “This tech sector accord will help us take a principled path toward more effective steps to work together and defend customers around the world.”

Smith, who helped lead efforts to organize the accord, was expected to discuss the alliance in a speech on Tuesday at the RSA cyber security conference in San Francisco.

The accord also promised to establish new formal and informal partnerships within the industry and with security researchers to share threats and coordinate vulnerability disclosures.

The pledge builds on an idea for a so-called Digital Geneva Convention Smith rolled out at least year’s RSA conference, a proposal to create an international body to protect civilians from state-sponsored hacking.

Countries, Smith said then, should develop global rules for cyber attacks similar to those established for armed conflict at the 1949 Geneva Convention that followed World War Two.

In addition to Microsoft and Facebook, 32 other companies signed the pledge, including Cisco, Juniper Networks, Oracle, Nokia, SAP, Dell and cyber security firms Symantec, FireEye and Trend Micro.

The list of companies does not include any from Russia, China, Iran or North Korea, widely viewed as the most active in launching destructive cyber attacks against their foes.

Major U.S. technology companies Amazon, Apple, Alphabet and Twitter also did not sign the pledge.

(Reporting by Dustin Volz; Editing by Dan Grebler)