The Jim Bakker Show

Yahoo to provide details on massive data breach

(Reuters) – Yahoo Inc will disclose details this week of a data breach that compromised the data of several hundred million users, technology news site Recode reported on Thursday, citing unnamed sources familiar with the company’s plan.

Reuters was not able to immediately confirm the report.

It was not clear how such a disclosure might affect Yahoo’s plan to sell its email service and other core internet properties to Verizon Communications Inc for $4.8 billion.

Yahoo might have to force users to reset their passwords, the Recode report said, citing unnamed sources.

The report follows an Aug. 1 story in the technology news site, Motherboard, that said a cyber criminal known as Peace was selling the data of about 200 million Yahoo users, but did not confirm its authenticity.

The Motherboard report was published a week after Verizon announced its deal with Yahoo.

Peace was selling that batch of data on the 200 million Yahoo users for 3 bitcoin, or around $1,860, according to Motherboard. The possibly compromised data includes user names, birth dates, some backup email addresses and scrambled passwords, Motherboard said.

(Reporting by Jim Finkle in Boston and Aishwarya Venugopal in Bengaluru; Editing by Ted Kerr and Bernadette Baum)

McCain vows to block proposed separation of NSA, cyber command

U.S. Senator John McCain speaks at the Munich Security Conference in Munich, Germany,

By Patricia Zengerle

WASHINGTON (Reuters) – U.S. Senator John McCain said on Tuesday he would use his power to block the confirmation of a key cybersecurity official if necessary to prevent any Obama administration move to separate the U.S. Cyber Command from the National Security Agency.

“I do not believe rushing to separate the ‘dual hat’ in the final months of an administration is appropriate, given the very serious challenges we face in cyberspace,” McCain, the Republican chairman of the Senate Armed Services Committee, said at a hearing.

“Dual hat” refers to one individual holding both positions.

Current and former U.S. officials told Reuters in August that President Barack Obama’s administration was preparing to elevate the stature of the Department of Defense’s Cyber Command, including separating it from the NSA.

Officials argued that the focus of the NSA, a spy agency responsible for electronic eavesdropping, is gathering intelligence, often favoring the monitoring of an enemy’s cyber activities.

Cyber Command’s mission is geared more to shutting down cyber attacks – and, if ordered, counter attacking.

McCain said the two agencies must work closely together to protect U.S. national security and he would block any nominee if that person was not nominated both to run the NSA and lead Cyber Command.

He also said he wanted the administration to provide his panel with detailed plans of its proposed reorganization.

“This committee does not take well to being stonewalled while their colleagues in the administration leak information to the press,” McCain said.

Admiral Mike Rogers, the current NSA director and head of Cyber Command, told the hearing that he did not think it was in the best U.S. national security interest at this point to separate the two functions.

(Reporting by Patricia Zengerle; Editing by Bill Trott)

White House names retired Air Force general as first cyber security chief

By Dustin Volz

WASHINGTON (Reuters) – The White House on Thursday named a retired U.S. Air Force brigadier general as the government’s first federal cyber security chief, a position announced eight months ago that is intended to improve defenses against hackers.

Gregory Touhill’s job will be to protect government networks and critical infrastructure from cyber threats as federal chief information security officer, according to a statement.

The administration of President Barack Obama has made bolstering federal cyber security a top priority in his last year in office. The issue has gained more attention because of high-profile breaches in recent years of government and private sector computers.

U.S. intelligence officials suspect Russia was responsible for breaches of Democratic political organizations and state election systems to exert influence on the Nov. 8 presidential election. Russia has dismissed the allegations as absurd.

Obama announced the new position in February alongside a budget proposal to Congress asking for $19 billion for cyber security across the U.S. government. The job is a political appointment, meaning Obama’s successor can choose to replace Touhill after being sworn in next January.

Touhill is currently a deputy assistant secretary for cyber security and communications at the Department of Homeland Security.

He will begin his new role later this month, a source familiar with the matter said. Touhill’s responsibilities will include creating and implementing policy for best security practices across federal agencies and conducting periodic audits to test for weaknesses, according to the announcement.

Grant Schneider, who is the director of cyber security policy at the White House’s National Security Council, will be acting deputy to Touhill, according to the announcement.

(Reporting by Dustin Volz; editing by Cynthia Osterman and Grant McCool)

Hacking group claims to offer cyber-weapons in online auction

By Joseph Menn

(Reuters) – Hackers going by the name Shadow Brokers said on Monday they will auction stolen surveillance tools they say were used by a cyber group linked to the U.S. National Security Agency.

To arouse interest in the auction, the hackers released samples of programs they said could break into popular firewall software made by companies including Cisco Systems Inc, Juniper Networks Inc and Fortinet Inc.

The companies did not respond to request for comment, nor did the NSA.

Writing in imperfect English, the Shadow Brokers promised in postings on a Tumblr blog that the auctioned material would contain “cyber weapons” developed by the Equation Group, a hacking group that cyber security experts widely believe to be an arm of the NSA. [http://reut.rs/2aVA7LD]

The Shadow Brokers said the programs they will auction will be “better than Stuxnet,” a malicious computer worm widely attributed to the United States and Israel that sabotaged Iran’s nuclear program.

Reuters could not contact the Shadow Brokers or verify their assertions. Some experts who looked at the samples posted on Tumblr said they included programs that had previously been described and therefore were unlikely to cause major damage.

“The data [released so far] appears to be relatively old; some of the programs have already been known for years,” said researcher Claudio Guarnieri, and are unlikely “to cause any significant operational damage.”

Still, they appeared to be genuine tools that might work if flaws have not been addressed. After examining the code released Monday, Matt Suiche, founder of UAE-based security startup Comae Technologies, concluded they looked like “could be used.”

Other security experts warned the posting could prove to be a hoax. The group said interested parties had to send funds in advance of winning the auction via Bitcoin currency and would not get their money back if they lost.

The auction will end at an unspecified time, Shadow Brokers said, encouraging bidders to “keep bidding until we announce winner.”

(Editing by Cynthia Osterman)

U.S. offers states help to fight election hacking

By Doina Chiacu

WASHINGTON (Reuters) – The government is offering to help states protect the Nov. 8 U.S. election from hacking or other tampering, in the face of allegations by Republican Party presidential candidate Donald Trump that the system is open to fraud.

Homeland Security Secretary Jeh Johnson told state officials in a phone call on Monday that federal cyber security experts could scan for vulnerabilities in voting systems and provide other resources to help protect against infiltration, his office said in a statement.

Trump has questioned the integrity of U.S. election systems in recent weeks, but his allegations have been vague and unsubstantiated.

The attempts to sow doubts about the 2016 election results coincided with Trump’s slide in opinion polls against Democratic Party candidate Hillary Clinton and missteps in his campaign. His complaints have focused on fears of voter fraud – that people will vote more than once – rather than election rigging.

“I mean people are going to walk in, they’re going to vote 10 times maybe. Who knows? They’re going to vote 10 times. So I am very concerned and I hope the Republicans are going to be very watchful,” Trump said in an Aug. 3 interview.

President Barack Obama dismissed the claims as “ridiculous.” “Of course the elections will not be rigged. What does that mean?” Obama said at a news conference the next day.

In his phone call, Johnson encouraged the state officials to comply with federal cyber recommendations, such as making sure electronic voting machines are not connected to the internet while voting is taking place, the department said.

Concerns in both parties about manipulation of electronic electoral systems are not new. Hackers can wreak havoc in myriad ways, from hijacking a candidate’s website to hacking voting machines or deleting or changing election records.

An Electronic Privacy Information Center report this week said 32 of the 50 states would allow voting by insecure email, fax and internet portals in this election cycle.

(Reporting by Doina Chiacu; Editing by Jonathan Oatis and Grant McCool)

China says cyber rules no cause for foreign business concern

BEIJING (Reuters) – China’s pending cyber security law will not create obstacles for foreign business, China’s Foreign Ministry said, responding to concerns by international business lobbies over the planned rules.

More than 40 global business groups last week petitioned Premier Li Keqiang, according to a copy of a letter seen by Reuters, urging China to revise draft cyber rules they believe are vague and discriminate against foreign enterprises.

The groups say the pending rules, including a cyber security law that could be passed this year, include provisions for invasive government security reviews and onerous requirements to keep data in China.

They say the regulations would impede China’s economic growth, create barriers to market entry and impair the country’s security by isolating it technologically.

The ministry, in a faxed statement to Reuters late on Tuesday night, said the law will not be used to “carry out differential treatment and will not create obstacles and barriers for international trade and foreign businesses investing in China.”

It said companies would be able to transfer data required for business purposes outside China’s borders after passing a security evaluation.

“These evaluations are for supervising and guaranteeing that the security of this data accords with China’s security standards,” the ministry said.

“As for the legal requirement for internet operators to provide relevant data in the course of enforcement agencies’ counter-terrorism and criminal investigations, this is necessary for safeguarding national security and investigating crimes. All countries do this,” the ministry said.

‘UNNECESSARY’ CONCERNS

“The concerns of foreign investors and businesses invested in China are unnecessary,” it said.

Some foreign businesses in China are becoming increasingly pessimistic, in part due to rules companies think could make it harder to operate there.

The cyber rules have added to tensions between China and its trade partners, who have been concerned about Beijing’s Made in China 2025 plan. The proposal calls for a progressive increase in domestic components in sectors such as advanced information technology and robotics.

Business lobbies also say requirements to hand over sensitive data or source code to the government could put business secrets at risk and boost the capabilities of domestic competitors.

How much technology firms should cooperate with governments has been a contentious issue in many countries, not just in China.

Apple Inc <AAPL.O> was asked by Chinese authorities within the past two years to hand over its source code but refused, the company’s top lawyer said this year, even as U.S. law enforcement tried to get the company to unlock encrypted data from an iPhone linked to a mass shooting.

(Reporting by Michael Martina; Editing by Richard Borsuk)

Exclusive: Hackers accessed Telegram messaging accounts in Iran – researchers

Guy working with those whose accounts were hacked

By Joseph Menn and Yeganeh Torbati

SAN FRANCISCO/WASHINGTON (Reuters) – Iranian hackers have compromised more than a dozen accounts on the Telegram instant messaging service and identified the phone numbers of 15 million Iranian users, the largest known breach of the encrypted communications system, cyber researchers told Reuters.

The attacks, which took place this year and have not been previously reported, jeopardized the communications of activists, journalists and other people in sensitive positions in Iran, where Telegram is used by some 20 million people, said independent cyber researcher Collin Anderson and Amnesty International technologist Claudio Guarnieri, who have been studying Iranian hacking groups for three years.

Telegram promotes itself as an ultra secure instant messaging system because all data is encrypted from start to finish, known in the industry as end-to-end encryption. A number of other messaging services, including Facebook Inc’s <FB.O> WhatsApp, say they have similar capabilities.

Headquartered in Berlin, Telegram says it has 100 million active subscribers and is widely used in the Middle East, including by the Islamic State militant group, as well as in Central and Southeast Asia, and Latin America.

Telegram’s vulnerability, according to Anderson and Guarnieri, lies in its use of SMS text messages to activate new devices. When users want to log on to Telegram from a new phone, the company sends them authorization codes via SMS, which can be intercepted by the phone company and shared with the hackers, the researchers said.

Armed with the codes, the hackers can add new devices to a person’s Telegram account, enabling them to read chat histories as well as new messages.

“We have over a dozen cases in which Telegram accounts have been compromised, through ways that sound like basically coordination with the cellphone company,” Anderson said in an interview.

Telegram’s reliance on SMS verification makes it vulnerable in any country where cellphone companies are owned or heavily influenced by the government, the researchers said.

A spokesman for Telegram said customers can defend against such attacks by not just relying on SMS verification. Telegram allows – though it does not require – customers to create passwords, which can be reset with so-called “recovery” emails.

“If you have a strong Telegram password and your recovery email is secure, there’s nothing an attacker can do,” said Markus Ra, the spokesman.

Iranian officials were not available to comment. Iran has in the past denied government links to hacking.

ROCKET KITTEN

The Telegram hackers, the researchers said, belonged to a group known as Rocket Kitten, which used Persian-language references in their code and carried out “a common pattern of spearphishing campaigns reflecting the interests and activities of the Iranian security apparatus.”

Anderson and Guarnieri declined to comment on whether the hackers were employed by the Iranian government. Other cyber experts have said Rocket Kitten’s attacks were similar to ones attributed to Iran’s powerful Revolutionary Guards.

The researchers said the Telegram victims included political activists involved in reformist movements and opposition organizations. They declined to name the targets, citing concerns for their safety.

“We see instances in which people … are targeted prior to their arrest,” Anderson said. “We see a continuous alignment across these actions.”

The researchers said they also found evidence that the hackers took advantage of a programing interface built into Telegram to identify at least 15 million Iranian phone numbers with Telegram accounts registered to them, as well as the associated user IDs. That information could provide a map of the Iranian user base that could be useful for future attacks and investigations, they said.

“A systematic de-anonymization and classification of people who employ encryption tools (of some sort, at least) for an entire nation” has never been exposed before, Guarnieri said.

Ra said Telegram has blocked similar “mapping” attempts in the past and was trying to improve its detection and blocking strategies.

Cyber experts say Iranian hackers have become increasingly sophisticated, able to adapt to evolving social media habits. Rocket Kitten’s targets included members of the Saudi royal family, Israeli nuclear scientists, NATO officials and Iranian dissidents, U.S.-Israeli security firm Check Point said last November.

POPULAR IN THE MIDDLE EAST

Telegram was founded in 2013 by Pavel Durov, known for starting VKontakte, Russia’s version of Facebook, before fleeing the country under pressure from the government.

While Facebook and Twitter are banned in Iran, Telegram is widely used by groups across the political spectrum. They shared content on Telegram “channels” and urged followers to vote ahead of Iran’s parliamentary elections in February 2016.

Last October, Durov wrote in a post on Twitter that Iranian authorities had demanded the company provide them with “spying and censorship tools.” He said Telegram ignored the request and was blocked for two hours on Oct. 20, 2015.

Ra said the company has not changed its stance on censorship and does not maintain any servers in Iran.

After complaints from Iranian activists, Durov wrote on Twitter in April that people in “troubled countries” should set passwords for added security.

Amir Rashidi, an internet security researcher at the New York-based International Campaign for Human Rights in Iran, has worked with Iranian hacking victims. He said he knew of Telegram users who were spied on even after they had set passwords.

Ra said that in those cases the recovery email had likely been hacked.

Anderson and Guarnieri will present their findings at the Black Hat security conference in Las Vegas on Thursday. Their complete research is set to be published by the Carnegie Endowment for International Peace, a Washington-based think tank, later this year.

(Reporting by Joseph Menn in San Francisco and Yeganeh Torbati in Washington; Additional reporting by Michelle Nichols at the United Nations and Parisa Hafezi in Ankara; Editing by Jonathan Weber and Tiffany Wu)

U.S. weighs dangers, benefits of naming Russia in cyber hack

By Warren Strobel and John Walcott

WASHINGTON (Reuters) – Wary of a global confrontation with Russia, U.S. President Barack Obama must carefully weigh how to respond to what security experts believe was Moscow’s involvement in the hacking of Democratic Party organizations, U.S. officials said.

Publicly blaming Russian President Vladimir Putin’s intelligence services would bring instant pressure on Washington to divulge its evidence, which relies on highly classified sources and methods, U.S. intelligence officials said.

One option for Washington is to retaliate against Russia in cyberspace. But the intelligence officials said they fear a rapid escalation in which, under a worst-case scenario, Moscow’s sophisticated cyber warriors could attack power grids, financial systems and other critical infrastructure.

Washington also has diplomacy to manage with Russia in Secretary of State John Kerry’s long-shot attempt to enlist Moscow’s help in ending the Syrian civil war and sustaining the Iran nuclear deal, as well as Russia-NATO tensions over Ukraine and Eastern Europe to manage.

“Despite how outrageous it is to interfere with a democratic election, the costs of coming out and saying the Russians did it would far outweigh the benefits, if there would be any benefits,” said one intelligence official, speaking on condition of anonymity to discuss a sensitive matter.

Russia has denied responsibility for hacking the emails of the Democratic National Committee. Also attacked were a computer network used by Democratic presidential nominee Hillary Clinton’s campaign and the party’s fundraising committee for House of Representative candidates in the Nov. 8 election.

Other current and former officials are arguing for a firm response, however. They said the hack was the latest in a series of aggressive moves by Putin, including Russia’s annexation of Crimea, military intervention to rescue Syrian President Bashar al-Assad, and funding of right-wing and anti-European Union groups in Europe.

Columbia University cyber security expert Jason Healey said at an annual security forum in Aspen, Colorado, on Saturday that the Russians had been very aggressive in cyberspace too.

“I think the president needs to start looking at brush-back pitches,” Healey said, referring to a baseball thrown near the batter as a warning.

NAME AND SHAME?

Intelligence officials and cyber experts said the intrusions themselves were not that unusual. American spy agencies conduct similar electronic espionage outside U.S. borders.

What made this hack a game-changer, they said, was the public release of the DNC emails, via the pro-transparency group WikiLeaks, in an apparent attempt to affect the election.

Government and party officials said they were unaware of any evidence that WikiLeaks had received the hacked materials directly from Russians or that WikiLeaks’ release of the materials was in any way directed by Russians.

The Justice Department’s National Security Division, which is overseeing the investigation, has publicly charged U.S. adversaries – known as “naming and shaming” – before.

The U.S. government blamed North Korea for a damaging attack on Sony Pictures, and in 2014 indicted five members of the Chinese military for computer hacking and economic espionage.

Among adversary nations with significant cyber capabilities, a list that also includes Iran, the Russian government is the only one the Justice Department has not yet charged.

Obama’s homeland security and counter-terrorism advisor Lisa Monaco said the government has developed “best practices” to investigate cyber attacks and decide when to make the results public.

Monaco, also speaking at the Aspen forum, said that in the Sony case, FBI investigators had high confidence North Korea was responsible. The attack was deemed destructive, as well as coercive, because it was retaliation for a movie parodying North Korean leader Kim Jong Un.

“Those two things, along with our confidence in the attribution and the ability to talk about it in a way that would not disclose sources and methods and hinder our ability to make such attribution in the future all combined to say, ‘We’re going to call this out’,” she said.

Elissa Slotkin, an acting assistant secretary of defense, said that for the next decade, the U.S. government faced a fundamental question in dealing with Russia: “How do you get the balance right?”

“Are we being too charitable and giving them too many opportunities to come back to the table, or are we providing such a high level of deterrence that we’re potentially provoking them?” Slotkin asked.

(Additional reporting by Mark Hosenball, Jonathan Landay and Arshad Mohammed; editing by Grant McCool)

U.S. Democratic congressional group confirms it was hacked

The headquarters of the Democratic National Committee is seen in Washington,

WASHINGTON (Reuters) – The U.S. Democratic Congressional Campaign Committee confirmed on Friday that it had been the target of a cyber security incident similar to other recent attacks, including the theft of documents from the Democratic National Committee.

The DCCC said in a statement that it took immediate action and engaged forensic investigator CrowdStrike to investigate the breach of its systems. The probe is ongoing, it added.

“The DCCC takes this matter very seriously. With the assistance of leading experts we have taken and are continuing to take steps to enhance the security of our network in the face of these recent events,” the committee said in the statement.

“We are cooperating with the federal law enforcement with respect to their ongoing investigation,” it said.

Reuters reported on Thursday that the FBI was investigating a cyber attack against the DCCC that may be related to an earlier hack against the Democratic National Committee.

The potential link to Russian hackers is likely to heighten accusations, so far unproven, that Moscow is trying to meddle in the U.S. presidential election campaign to help Republican nominee Donald Trump.

The Kremlin denied involvement in the DCCC cyber attack.

Hacking of the DNC’s emails caused discord among Democrats at the party’s convention in Philadelphia to nominate Hillary Clinton as its presidential candidate.

(Reporting by Dustin Volz; Writing by David Alexander; Editing by Susan Heavey and Frances Kerry)

U.S. theory on Democratic Party breach: Hackers meant to leave Russia’s mark

By John Walcott, Joseph Menn and Mark Hosenball

WASHINGTON (Reuters) – Some U.S. intelligence officials suspect that Russian hackers who broke into Democratic Party computers may have deliberately left digital fingerprints to show Moscow is a “cyberpower” that Washington should respect.

Three officials, all speaking on condition of anonymity, said the breaches of the Democratic National Committee (DNC) were less sophisticated than other cyber intrusions that have been traced to Russian intelligence agencies or criminals.

For example, said one official, the hackers used some Cyrillic characters, worked during Russian government business hours but not on Russian religious or political holidays.”Either these guys were incredibly sloppy, in which case it’s not clear that they could have gotten as far as they did without being detected, or they wanted us to know they were Russian,” said the official.

Private sector cyber security experts agreed that the evidence clearly points to Russian hackers but dismissed the idea that they intentionally left evidence of their identities.

These experts – who said they have examined the breach in detail – said the Cyrillic characters were buried in metadata and in an error message. Other giveaways, such as a tainted Internet protocol address, also were difficult to find.

Russian hacking campaigns have traditionally been harder to track than China’s but not impossible to decipher, private sector experts said. But the Russians have become more aggressive and easier to detect in the past two years, security experts said, especially when they are trying to move quickly.

False flags have grown more common, but the government and private experts do not believe that is involved in the DNC case.

The two groups of hackers involved are adept at concealing their intrusions, said Laura Galante, head of global threat intelligence at FireEye, whose Mandiant subsidiary conducted forensic analysis of the attack and corroborated the findings of another cyber company, CrowdStrike.

Russian officials have dismissed the allegations of Moscow’s involvement as absurd. Russian Foreign Minister Sergei Lavrov, in his only response to reporters, said: “I don’t want to use four-letter words.”

EMBARRASSING EMAILS

While private cyber experts and the government were aware of the political party’s hacking months ago, embarrassing emails were leaked last weekend by the WikiLeaks anti-secrecy group just as the Democratic Party prepared to anoint Hillary Clinton as its presidential candidate for the Nov. 8 election.

DNC chairwoman, Debbie Wasserman Schultz, resigned after the leaked emails showed party leaders favoring Clinton over her rival in the campaign for the nomination, U.S. Senator Bernie Sanders of Vermont. The committee is supposed to be neutral.

The U.S. intelligence officials conceded that they had based their views on deductive reasoning and not conclusive evidence, but suggested Russia’s aim probably was much broader than simply undermining Clinton’s campaign.

They said the hack fit a pattern of Russian President Vladimir Putin pushing back on what he sees as the United States and its European allies trying to weaken Russia.

“Call it the cyber equivalent of buzzing NATO ships and planes using fighters with Russian flags on their tails,” said one official.

Two sources familiar with Democratic Party investigations into the hacking said the private email accounts of Democratic Party officials were targeted as well as servers.

They said that the FBI had advised the DNC that it was looking into the hacking of the individual officials’ private accounts. They also said the FBI also requested additional information identifying the personal email accounts of certain party officials.

The DNC hired CrowdStrike to investigate the hack. It spent about six weeks, from late April to about June 11 or 12, monitoring the systems and watching while the hackers – who they believed were Russian – operated inside the systems, one of the sources said.

What actions, if any, the Obama administration will take are unclear and could depend on what diplomatic considerations may ultimately be involved, a former White House cyber security official said.

In past cases, administration officials have decided to publicly blame North Korea and indict members of China’s military for hacking because the administration decided that the net benefit of public shaming – and increased awareness brought to cyber security – outweighed potential risks, the former official said.

But “the Russia calculation is far more difficult and precarious,” the former official said. “Russia is a much more aggressive, capable foreign actor both in the traditional military sense and in the cyber realm” and that made public attribution or covert retaliation much less likely.

The former official, and a source familiar with the Democratic Party investigations, said that they also were unaware of any U.S. intelligence clearly demonstrating that WikiLeaks had received the hacked materials directly from Russians or that WikiLeaks’ release of the materials was in any way directed by Russians.

(Reporting By John Walcott, Joseph Menn and Mark Hosenball; Additional reporting by Dustin Volz; Editing by David Rohde and Grant McCool)

Sign up for Jim Bakker Show