The Jim Bakker Show

China urges cooperation in governance of global internet

Attendees listen to a speech by China's President Xi Jinping shown on a screen during the opening ceremony of the third annual World Internet Conference in Wuzhen town of Jiaxing, Zhejiang province, China

By Catherine Cadell

WUZHEN, China (Reuters) – Chinese President Xi Jinping on Wednesday called for greater cooperation among nations in developing and governing the internet, while reiterating the need to respect so-called “cyber sovereignty”.

Speaking at an internet conference in Wuzhen, in the eastern province of Zhejiang, Xi and propaganda chief Liu Yunshan signaled a willingness to step up China’s role in global internet governance, seeking to rectify “imbalances” in the way standards across cyberspace are set.

“The development of the internet knows no international boundaries. The sound use, development and governance of the internet thus calls for closer cooperation,” Xi said in a video message at the start of China’s third World Internet Conference.

While China’s influence in global technology has grown, its ruling Communist Party led by Xi has presided over broader and more vigorous efforts to control, and often censor, the flow of information online.

China infamously operates the so-called “Great Firewall”, the world’s most sophisticated online censorship system, to block and attack Internet services the government deems unsavory.

Xi repeated China’s pledge to “promote equitable global internet governance” while upholding “cyber sovereignty”, or the right of countries to determine how they want to manage the internet.

China’s rubber stamp parliament adopted a controversial cybersecurity law this month that overseas critics say could shut foreign businesses out of various sectors in China.

More than 40 international groups and technology organizations have condemned the law, which introduces sweeping surveillance measures and local data storage requirements.

Beijing says the law was designed to root out cybercecurity threats in “critical” industries, and not to target foreign businesses.

China hopes to cooperate with other countries to develop international rules and standards for the internet “in a more balanced way”, said Liu, a member of the Party’s leading Politburo Standing Committee.

Insecurity in one corner of the internet was a risk to all, he warned.

“There can’t be national security for one country while there is insecurity in another. (Countries) can’t seek their own so-called ‘absolute security’ while sacrificing the security of another country,” Liu said.

(Editing by John Ruwitch and Clarence Fernandez)

Hired experts support claims St. Jude heart devices can be hacked

By Jim Finkle

(Reuters) – Short-selling firm Muddy Waters said in a legal brief filed on Monday that outside cyber security experts it hired have validated its claim that St. Jude Medical Inc cardiac implants are vulnerable to potentially life-threatening cyber attacks.

Boutique cyber security firm Bishop Fox disclosed its findings in a 53-page report that was attached to a legal brief filed on Monday in U.S. district court in Minnesota on behalf of the short-sellers, who hired the firm to perform the work as they defend themselves in a lawsuit filed by St. Jude.

A representative for St. Jude was not immediately available for comment.

St. Jude filed the suit on Sept. 7 against Muddy Waters, cyber research firm MedSec Holdings and individuals affiliated with those companies. The suit accused the group of intentionally disseminating false information about St. Jude heart devices to manipulate its stock price, which fell 5 percent on the day they revealed their claims.

The defendants said in a filing released on Monday that the lawsuit is without merit, reiterating their claim that St. Jude Medical’s heart devices have “significant security vulnerabilities.”

The report from Bishop Fox said the firm was able to validate those claims.

“I found that Muddy Waters’ and MedSec’s statements regarding security issues in the St. Jude Medical implant ecosystem were, by and large, accurate,” Bishop Fox Partner Carl Livit said in an introduction to the report.

The report said that the wireless communications protocol used in St. Jude cardiac devices is vulnerable to hacking, making it possible for hackers to convert the company’s Merlin@home patient monitoring devices into “weapons” that can cause cardiac implants to stop providing care and deliver shocks to patients.

Bishop Fox tested the attacks from 10 feet (3 meters) away, but said that might be extended to 45 feet (13.7 meters) with an antenna, or 100 feet (30.5 meters) with a transmitting device known as a software defined radio.

(Reporting by Jim Finkle; Editing by Will Dunham)

U.S. vote authorities warned to be alert to Russian hacks faking fraud: officials

By David Rohde and Mark Hosenball

(Reuters) – U.S. intelligence and law enforcement officials are warning that hackers with ties to Russia’s intelligence services could try to undermine the credibility of the presidential election by posting documents online purporting to show evidence of voter fraud.

The officials, who spoke on condition of anonymity, said however, that the U.S. election system is so large, diffuse and antiquated that hackers would not be able to change the outcome of the Nov. 8 election.

But hackers could post documents, some of which might be falsified, that are designed to create public perceptions of widespread voter fraud, the officials said.

They said that they did not have specific evidence of such a plan, but state and local election authorities had been warned to be vigilant for hacking attempts.

On Oct. 7, the U.S. government formally accused Russia for the first time of a campaign of cyber attacks against Democratic Party organizations to interfere with the election process.

U.S. officials familiar with hacking directed against American voting systems said evidence indicates that suspected Russian government-backed hackers have so far tried to attack voter registration databases operated by more than 20 states. Tracing the attacks can be difficult but breaches of only two such databases have been confirmed, they said.

The officials said there is no evidence that any hackers have succeeded in accessing equipment or databases used to record votes. Many states use systems that would be difficult to hack or defraud, including paper ballots which initially are tallied by machines.

U.S. elections are run by state and local officials, not the federal government. On Nov. 8, votes will be cast in hundreds of thousands of polling stations in 9,000 different jurisdictions, according to the National Association of Secretaries of State.

The U.S. officials declined to comment on Republican candidate Donald Trump’s contention that the election is being “rigged.” Trump said in the third and final presidential debate with Democratic candidate Hillary Clinton on Wednesday night that he would not say until the election results were known whether or not he would accept the outcome.

Trump and his campaign officials have repeatedly said that the potential for voter fraud remains high but they have not provided any evidence.

On Thursday, Trump said he would accept the results of the election “if I win.” He said he reserved the “right to contest or file a legal challenge in the case of a questionable result.”

Clinton supporters said Trump is unwittingly aiding an effort by Russian President Vladimir Putin to undercut the credibility of the vote. Washington and Moscow are at odds over several issues, from Russian involvement in the Ukraine conflict, the war in Syria and cyber attacks.

“Trump does not even know he is being manipulated,” said Michael Morell, a former deputy CIA director who has endorsed Clinton. “Trump is an unwitting agent of Putin.”

(Reporting By David Rohde in New York and Mark Hosenball; in Washington; editing by Grant McCool)

British banks keep cyber attacks under wraps to protect image

By Lawrence White

LONDON (Reuters) – Britain’s banks are not reporting the full extent of cyber attacks to regulators for fear of punishment or bad publicity, bank executives and providers of security systems say.

Reported attacks on financial institutions in Britain have risen from just 5 in 2014 to 75 so far this year, data from Britain’s Financial Conduct Authority (FCA) show.

However, bankers and experts in cyber-security say many more attacks are taking place. In fact, banks are under almost constant attack, Shlomo Touboul, Chief Executive of Israeli-based cyber security firm Illusive Networks said.

Touboul cites the example of one large global financial institution he works with which experiences more than two billion such “events” a month, ranging from an employee receiving a malicious email to user or system-generated alerts of attacks or glitches.

Machine defenses filter those down to 200,000, before a human team cuts that to 200 “real” events a month, he added.

Banks are not obliged to reveal every such instance as cyber attacks fall under the FCA’s provision for companies to report any event that could have a material impact, unlike in the U.S. where forced disclosure makes reporting more consistent.

“There is a gray area…Banks are in general fulfilling their legal obligations but there is also a moral requirement to warn customers of potential losses and to share information with the industry,” Ryan Rubin, UK Managing Director, Security & Privacy at consultant Protiviti, said.

SWIFT ACTION

Banks are not alone in their reluctance to disclose every cyber attack. Of the five million fraud and 2.5 million cyber-related crimes occurring annually in the UK, only 250,000 are being reported, government data show.

But while saving them from bad publicity or worried customers, failure to report more serious incidents, even when they are unsuccessful, deprives regulators of information that could help prevent further attacks, the sources said.

A report published in May by Marsh and industry lobby group TheCityUK concluded that Britain’s financial sector should create a cyber forum comprising bank board members and risk officers to promote better information sharing.

Security experts said that while reporting all low level attacks such as email “phishing” attempts would overload authorities with unnecessary information, some banks are not sharing data on more harmful intrusions because of concerns about regulatory action or damage to their brand.

The most serious recent known attack was on the global SWIFT messaging network in February, but staff from five firms that provide cyber security products and advice to banks in Britain told Reuters they have seen first-hand examples of banks choosing not to report breaches, despite the FCA making public pleas for them to do so, the most recent in September.

“When I moved from law enforcement to banking and saw what banks knew, the amount of information at their disposal, I thought ‘wow’, I never had that before,” Troels Oerting, Group Chief Information Security Officer at Barclays and former head of Europol’s Cyber Crime Unit, said.

Oerting, who joined Barclays in February last year, said since then banks’ sharing of information with authorities has improved dramatically and Barclays shares all its relevant information on attacks with regulators.

Staff from five firms that provide cyber security products and advice to banks in Britain told Reuters they have seen first-hand examples of banks choosing not to report breaches.

“Banks are dramatically under-reporting attacks, they do what’s legally required but out of embarrassment or fear of punishment they aren’t giving the whole picture,” one of the sources, who declined to be named because he did not want to be identified criticizing his firm’s customers, said.

Apart from Barclays, the other major British banks all declined to comment on their disclosures.

The Bank of England declined to comment and the FCA did not respond to requests for comment.

KEEPING SECRETS

Companies that use external security systems also do not always inform them of attacks, the sources said.

“Our customers sometimes detect attacks but don’t tell us,” Touboul, whose firm helps protect banks’ SWIFT payment networks by luring attackers to decoy systems, said.

Hackers used the bank messaging system that helps transmit billions of dollars around the world every day to steal $81 million in one of the largest reported cyber-heists.

Targeted attacks, in which organized criminals penetrate bank systems and then lurk for months to identify and profile key executives and accounts, are becoming more common, David Ferbrache, technical director Cybersecurity at KPMG and former head of cyber and space at the UK Ministry of Defended, said.

“The lesson of the SWIFT attack is that the global banking system is heavily interconnected and dependent on the trust and security of component members, so more diligence in controls and more information sharing is vital,” Ferbrache said.

“Big banks are spending enormous amounts of money, $400-500 million a year, but there are still vulnerabilities in their supply chains and in executives’ home networks, and organized crime groups are shifting their focus accordingly,” Yuri Frayman, CEO of Los Angeles-based cyber security provider Zenedge, said.

BRAND DAMAGE

Banks are increasingly sensitive to the brand damage caused by IT failings, perceiving customers to care just as deeply about security and stable service as loan or deposit rates.

Former RBS Chief Executive Stephen Hester waived his bonus in 2012 over a failed software update which caused chaos for thousands of bank customers.

And HSBC issued multiple apologies to customers after its UK personal banking websites were shuttered by a distributed denial of service (DDoS) attack, following earlier unrelated IT glitches.

“People don’t care about a 0.1 percent interest rate change but ‘will this bank do the utmost to keep my money and information safe?'” Oerting said.

(Editing by Sinead Cruise and Alexander Smith)

Dozens of U.S. lawmakers request briefing on Yahoo email scanning

By Dustin Volz

WASHINGTON (Reuters) – A bipartisan group of 48 lawmakers in the U.S. House of Representatives on Friday asked the Obama administration to brief Congress “as soon as possible” about a 2015 Yahoo <YHOO.O> program to scan all of its users’ incoming email at the behest of the government.

The request comes amid scrutiny by privacy advocates and civil liberties groups about the legal authority and technical nature of the surveillance program, first revealed by Reuters last week. Custom software was installed to search messages to hundreds of millions of accounts under an order issued by the secretive Foreign Intelligence Surveillance Court.

“As legislators, it is our responsibility to have accurate information about the intelligence activities conducted by the federal government,” according to the letter, organized by Republican Representative Justin Amash of Michigan and Democratic Representative Ted Lieu of California.

“Accordingly, we request information and a briefing as soon as possible for all members of Congress to resolve the issues raised by these reports.”

Investigators searched for messages that contained a single piece of digital content linked to a foreign state sponsor of terrorism, sources have told Reuters, though the nature of the content remains unclear.

Intelligence officials said Yahoo modified existing systems used to stop child pornography and filter spam messages on its email service.

But three former Yahoo employees told Reuters the court-ordered search was done by a module buried deep near the core of the company’s email server operation system, far below where mail sorting was handled.

The Senate and House intelligence committees were given a copy of the order when it was issued last year, sources said, but other members of Congress have express concern at the scope of the email scanning.

Some legal experts have questioned the breadth of the court order and whether it runs afoul of the U.S. Constitution’s Fourth Amendment protections against unreasonable searches.

Half of registered U.S. voters believe the Yahoo program violated the privacy of customers, according to a poll of 1,989 people conducted last week by Morning Consult, a polling and media company.

Twenty-five percent were supportive of the program because of its potential to stop criminal acts, the survey found, while another quarter did not know or had no opinion.

The congressional letter is addressed to Attorney General Loretta Lynch and Director of National Intelligence James Clapper.

(Additional reporting by Mark Hosenball and Joseph Menn; Editing by Jeffrey Benkoe)

Putin says U.S. hacking scandal not in Russia’s interests

Russian President Vladimir Putin delivers a speech during the annual VTB Capital "Russia Calling!" Investment Forum in Moscow, Russia,

MOSCOW (Reuters) – The scandal that erupted in the United States over allegations Russia hacked Democratic Party emails has not been in Moscow’s interests and both sides in the U.S. election campaign are just using Russia to score points, Vladimir Putin said on Wednesday.

The U.S. government on Friday formally accused Russia for the first time of a campaign of cyber attacks against Democratic Party organizations ahead of the Nov. 8 presidential election.

And the White House said on Tuesday it would consider a variety of responses to the alleged hacks.

“They started this hysteria, saying that this (hacking) is in Russia’s interests. But this has nothing to do with Russia’s interests,” President Putin told a business forum in Moscow.

Putin said the accusations were a ploy to divert U.S. voters’ attention at a time when public opinion was being manipulated.

“Everyone is talking about ‘who did it’ (the hacking),” said Putin. “But is it that important? The most important thing is what is inside this information.”

The Kremlin said earlier on Wednesday it took a negative view of White House statements about a planned “proportional” response to the alleged cyber attacks.

Putin complained that all sides in the U.S. presidential race were misusing rhetoric about Russia for their own ends, but said Moscow would work with whoever won the election “if, of course, the new U.S. leader wishes to work with our country”.

“About a decade ago, they wouldn’t mention Russia at all, because it was not even worth talking about, such a third-rate regional power and not interesting at all. Now Russia is problem number one in the entire election campaign,” said Putin.

“All they do is keep talking about us. Of course it’s pleasant for us, but only partly because all participants are misusing anti-Russian rhetoric and poisoning our bilateral relations.”

(Reporting by Katya Golubkova and Alexander Winning; Writing by Christian Lowe; Editing by Andrew Osborn)

St. Jude warns of heart device battery issue linked to two deaths

The ticker and trading information for St. Jude Medical is displayed where the stock is traded on the floor of the New York Stock Exchange (NYSE) in New York City, U.S

By Jim Finkle

(Reuters) – St. Jude Medical Inc warned on Tuesday that some of its implanted heart devices were at risk of premature battery depletion, a condition it said had been linked to two deaths.

News of the issue surfaced late on Monday when short-selling firm Muddy Waters tweeted a copy of a physician advisory on the matter from St. Jude, which agreed in April to sell itself for $25 billion to Abbott Laboratories.

The letter said problems with the lithium batteries that power the devices were rare and could be identified by patients using tools for monitoring battery levels at home.

Patients should seek immediate medical attention as soon as they get a low-battery alert from the monitoring devices, the U.S. Food and Drug Administration said, adding that St. Jude Medical had initiated a recall of the defibrillators.

St. Jude’s shares were down 2.4 percent at $79.35 in premarket trading on Tuesday, while Abbott’s were down 1.7 percent at $42.75. A spokesman for the drugmaker said it still expected to close the St. Jude deal by the end of the year.

The advisory comes as St. Jude is defending itself against unrelated allegations that its heart devices are riddled with defects that make them vulnerable to fatal cyber hacks.

Those claims were made by Muddy Waters and research firm MedSec Holdings. St. Jude has denied the allegations and sued both firms.

The FDA said on Tuesday its investigation into the cyber security vulnerabilities of the devices, including the Merlin@Home monitoring system, was continuing.

“Despite the allegations, at this time, the FDA strongly recommends that the Merlin@Home device be used to monitor the battery for these affected devices because the benefits of continued patient monitoring and the life-saving therapy these devices provide greatly outweighs any potential cybersecurity vulnerabilities,” the FDA said in a statement.

SMALL RISK

St. Jude said that out of nearly 400,000 devices manufactured through May last year, it had identified 841 failed implanted cardioverter defibrillators with lithium clusters, which can form after a device delivers electricity to the heart.

Lithium clusters sometimes cause battery power to deplete quickly, rendering devices unable to deliver doses of electricity when needed, St. Jude’s vice president of quality control, Jeff Fecho, said in a physician advisory.

“There have been two deaths that have been associated with the loss of defibrillation therapy as a result of premature battery depletion,” Fecho wrote in the letter.

Cowen & Co analysts said in a note that while such letters were never a positive, they were common in the industry and there was little risk to St. Jude’s business.

St. Jude advised physicians to replace devices with damaged batteries immediately, but cautioned against swapping out devices that were operating normally because of the potential for complications.

“While this risk is very small, we have provided doctors with information so that they can discuss the most appropriate course of action for each individual patient,” St. Jude’s chief medical officer, Mark Carlson, said in a statement.

St. Jude advised patients to check its website for details on which devices were affected. (http://www.sjm.com/batteryadvisory).

The site tells patients how they can monitor battery activity, look for vibrating alerts when batteries are low and connect to the Merlin.net remote monitoring service.

Battery-depletion advisories have issued in the past by Boston Scientific Corp and Medtronic Plc .

(Reporting by Jim Finkle in Boston and Ankur Banerjee and Natalie Grover in Bengaluru; Editing by Paul Tait and Ted Kerr)

Exclusive: Yahoo secretly scanned customer emails for U.S. intelligence – sources

By Joseph Menn

SAN FRANCISCO (Reuters) – Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.

The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.

Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to an intelligence agency’s request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified.

Reuters was unable to determine what data Yahoo may have handed over, if any, and if intelligence officials had approached other email providers besides Yahoo with this kind of request.

According to two of the former employees, Yahoo Chief Executive Marissa Mayer’s decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc.

“Yahoo is a law abiding company, and complies with the laws of the United States,” the company said in a brief statement in response to Reuters questions about the demand. Yahoo declined any further comment.

Through a Facebook spokesman, Stamos declined a request for an interview.

The NSA referred questions to the Office of the Director of National Intelligence, which declined to comment.

The request to search Yahoo Mail accounts came in the form of a classified edict sent to the company’s legal team, according to the three people familiar with the matter.

U.S. phone and Internet companies are known to have handed over bulk customer data to intelligence agencies. But some former government officials and private surveillance experts said they had not previously seen either such a broad demand for real-time Web collection or one that required the creation of a new computer program.

“I’ve never seen that, a wiretap in real time on a ‘selector,'” said Albert Gidari, a lawyer who represented phone and Internet companies on surveillance issues for 20 years before moving to Stanford University this year. A selector refers to a type of search term used to zero in on specific information.

“It would be really difficult for a provider to do that,” he added.

Experts said it was likely that the NSA or FBI had approached other Internet companies with the same demand, since they evidently did not know what email accounts were being used by the target. The NSA usually makes requests for domestic surveillance through the FBI, so it is hard to know which agency is seeking the information.

Alphabet Inc’s Google and Microsoft Corp, two major U.S. email service providers, separately said on Tuesday that they had not conducted such email searches.

“We’ve never received such a request, but if we did, our response would be simple: ‘No way’,” a spokesman for Google said in a statement.

A Microsoft spokesperson said in a statement, “We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.” The company declined to comment on whether it had received such a request.

CHALLENGING THE NSA

Under laws including the 2008 amendments to the Foreign Intelligence Surveillance Act, intelligence agencies can ask U.S. phone and Internet companies to provide customer data to aid foreign intelligence-gathering efforts for a variety of reasons, including prevention of terrorist attacks.

Disclosures by former NSA contractor Edward Snowden and others have exposed the extent of electronic surveillance and led U.S. authorities to modestly scale back some of the programs, in part to protect privacy rights.

Companies including Yahoo have challenged some classified surveillance before the Foreign Intelligence Surveillance Court, a secret tribunal.

Some FISA experts said Yahoo could have tried to fight last year’s demand on at least two grounds: the breadth of the directive and the necessity of writing a special program to search all customers’ emails in transit.

Apple Inc made a similar argument earlier this year when it refused to create a special program to break into an encrypted iPhone used in the 2015 San Bernardino massacre. The FBI dropped the case after it unlocked the phone with the help of a third party, so no precedent was set.

“It is deeply disappointing that Yahoo declined to challenge this sweeping surveillance order, because customers are counting on technology companies to stand up to novel spying demands in court,” Patrick Toomey, an attorney with the American Civil Liberties Union, said in a statement.

Some FISA experts defended Yahoo’s decision to comply, saying nothing prohibited the surveillance court from ordering a search for a specific term instead of a specific account. So-called “upstream” bulk collection from phone carriers based on content was found to be legal, they said, and the same logic could apply to Web companies’ mail.

As tech companies become better at encrypting data, they are likely to face more such requests from spy agencies.

Former NSA General Counsel Stewart Baker said email providers “have the power to encrypt it all, and with that comes added responsibility to do some of the work that had been done by the intelligence agencies.”

SECRET SIPHONING PROGRAM

Mayer and other executives ultimately decided to comply with the directive last year rather than fight it, in part because they thought they would lose, said the people familiar with the matter.

Yahoo in 2007 had fought a FISA demand that it conduct searches on specific email accounts without a court-approved warrant. Details of the case remain sealed, but a partially redacted published opinion showed Yahoo’s challenge was unsuccessful.

Some Yahoo employees were upset about the decision not to contest the more recent edict and thought the company could have prevailed, the sources said.

They were also upset that Mayer and Yahoo General Counsel Ron Bell did not involve the company’s security team in the process, instead asking Yahoo’s email engineers to write a program to siphon off messages containing the character string the spies sought and store them for remote retrieval, according to the sources.

The sources said the program was discovered by Yahoo’s security team in May 2015, within weeks of its installation. The security team initially thought hackers had broken in.

When Stamos found out that Mayer had authorized the program, he resigned as chief information security officer and told his subordinates that he had been left out of a decision that hurt users’ security, the sources said. Due to a programming flaw, he told them hackers could have accessed the stored emails.

Stamos’s announcement in June 2015 that he had joined Facebook did not mention any problems with Yahoo. (http://bit.ly/2dL003k)

In a separate incident, Yahoo last month said “state-sponsored” hackers had gained access to 500 million customer accounts in 2014. The revelations have brought new scrutiny to Yahoo’s security practices as the company tries to complete a deal to sell its core business to Verizon Communications Inc for $4.8 billion.

(Reporting by Joseph Menn; Editing by Jonathan Weber and Tiffany Wu)

FBI Probes Hacks targeting phones of Democratic Party officials

The headquarters of the Democratic National Committee is seen in Washington,

By Mark Hosenball

WASHINGTON (Reuters) – The FBI is investigating suspected attempts to hack mobile phones used by Democratic Party officials as recently as the past month, four people with direct knowledge of the attack and the investigation told Reuters.

The revelation underscores the widening scope of the U.S. criminal inquiry into cyber attacks on Democratic Party organizations, including the presidential campaign of its candidate, former U.S. Secretary of State Hillary Clinton.

U.S. officials have said they believe those attacks were orchestrated by hackers backed by the Russian government, possibly to disrupt the Nov. 8 election in which Clinton faces Republican Party candidate Donald Trump. Russia has dismissed allegations it was involved in cyber attacks on the organizations.

The more recent attempted phone hacking also appears to have been conducted by Russian-backed hackers, two people with knowledge of the situation said.

Federal Bureau of Investigation representatives had no immediate comment, and a Clinton campaign spokesman said they were unaware of the suspected phone hacking.

The Democratic National Committee (DNC) did not respond to a request for comment. An official of the Democratic Congressional Campaign Committee (DCCC) said that nobody at the organization had been contacted by investigators about possible phone hacking.

Interim DNC Chairwoman Donna Brazile told CNN: “Our struggle with the Russian hackers that we announced in June is ongoing – as we knew it would be – and we are choosing not to provide general updates unless personal data or other sensitive information has been accessed or stolen.”

FBI agents had approached a small number of Democratic Party officials to discuss concerns their mobile phones may have been compromised by hackers, people involved said. It was not clear how many people were targeted by the hack or whether they included members of Congress, a possibility that could raise additional security concerns for U.S. officials.

‘OFFICE BRAIN’

If they were successful, hackers could have been able to acquire a wide range of data from targeted cellphones, including call data, text messages, emails, photos and contact lists, one person with knowledge of the situation said.

“In a sense, your phone is your office brain,” said Bruce Schneier, a cyber security expert with Resilient, an IBM company, which is not involved in the investigation. “It’s incredibly intimate.”

“Anything that’s on your phone, if your phone is hacked, the hacker can get it.”

The FBI has asked some of those whose phones were believed to have hacked to turn over their phones so that investigators could “image” them, creating a copy of the device and related data.

U.S. investigators are looking into whether hackers used data stolen from servers run by Democratic organizations or the private emails of their employees to get access to cellphones, one person said.

Hackers previously targeted servers used by the DNC, the body that sets strategy for the party, and the DCCC, which raises money for Democrats running for seats in the House of Representatives, officials have said.

Clinton said during Monday’s presidential debate there was “no doubt” Russia has sponsored hacks against “all kinds of organizations in our country” and mentioned Russian President Vladimir Putin by name.

“Putin is playing a really tough, long game here. And one of the things he’s done is to let loose cyber attackers to hack into government files, to hack into personal files, hack into the Democratic National Committee,” Clinton said.

Trump countered that there was no definitive proof that Russia had sponsored the hacks of Democratic organizations.

“I don’t think anybody knows it was Russia that broke into the DNC,” he said. “It could be Russia, but it could also be China. It could also be lots of other people.”

(Reporting By Mark Hosenball; Editing by Kevin Krolicki and Grant McCool)

Probe of leaked U.S. NSA hacking tools examines operative’s ‘mistake’

By Joseph Menn and John Walcott

SAN FRANCISCO/WASHINGTON (Reuters) – A U.S. investigation into a leak of hacking tools used by the National Security Agency is focusing on a theory that one of its operatives carelessly left them available on a remote computer and Russian hackers found them, four people with direct knowledge of the probe told Reuters.

The tools, which enable hackers to exploit software flaws in computer and communications systems from vendors such as Cisco Systems and Fortinet Inc, were dumped onto public websites last month by a group calling itself Shadow Brokers.

The public release of the tools coincided with U.S. officials saying they had concluded that Russia or its proxies were responsible for hacking political party organizations in the run-up to the Nov. 8 presidential election. On Thursday, lawmakers accused Russia of being responsible.

Various explanations have been floated by officials in Washington as to how the tools were stolen. Some feared it was the work of a leaker similar to former agency contractor Edward Snowden, while others suspected the Russians might have hacked into NSA headquarters in Fort Meade, Maryland.

But officials heading the FBI-led investigation now discount both of those scenarios, the people said in separate interviews.

NSA officials have told investigators that an employee or contractor made the mistake about three years ago during an operation that used the tools, the people said.

That person acknowledged the error shortly afterward, they said. But the NSA did not inform the companies of the danger when it first discovered the exposure of the tools, the sources said. Since the public release of the tools, the companies involved have issued patches in the systems to protect them.

Investigators have not ruled out the possibility that the former NSA person, who has since departed the agency for other reasons, left the tools exposed deliberately. Another possibility, two of the sources said, is that more than one person at the headquarters or a remote location made similar mistakes or compounded each other’s missteps.

Representatives of the NSA, the Federal Bureau of Investigation and the office of the Director of National Intelligence all declined to comment.

After the discovery, the NSA tuned its sensors to detect use of any of the tools by other parties, especially foreign adversaries with strong cyber espionage operations, such as China and Russia.

That could have helped identify rival powers’ hacking targets, potentially leading them to be defended better. It might also have allowed U.S officials to see deeper into rival hacking operations while enabling the NSA itself to continue using the tools for its own operations.

Because the sensors did not detect foreign spies or criminals using the tools on U.S. or allied targets, the NSA did not feel obligated to immediately warn the U.S. manufacturers, an official and one other person familiar with the matter said.

In this case, as in more commonplace discoveries of security flaws, U.S. officials weigh what intelligence they could gather by keeping the flaws secret against the risk to U.S. companies and individuals if adversaries find the same flaws.

Critics of the Obama administration’s policies for making those decisions have cited the Shadow Brokers dump as evidence that the balance has tipped too far toward intelligence gathering.

The investigators have not determined conclusively that the Shadow Brokers group is affiliated with the Russian government, but that is the presumption, said one of the people familiar with the probe and a fifth person.

One reason for suspecting government instead of criminal involvement, officials said, is that the hackers revealed the NSA tools rather than immediately selling them.

The publication of the code, on the heels of leaks of emails by Democratic Party officials and preceding leaks of emails by former U.S. Secretary of State Colin Powell, could be part of a pattern of spreading harmful and occasionally false information to further the Russian agenda, said Jim Lewis, a cybersecurity expert at the Center for Strategic and International Studies.

“The dumping is a tactic they’ve been developing for the last five years or so,” Lewis said. “They try it, and if we don’t respond they go a little further next time.”

(Reporting by Joseph Menn in San Francisco and John Walcott in Washington; Editing by Jonathan Weber and Grant McCool)

Sign up for Jim Bakker Show