Tag Archives: Cyber Security

U.S. to sanction cyber attackers, cites Russia, China

US sanctioning cyber attackers

WASHINGTON (Reuters) – The United States will use sanctions against those behind cyber attacks that target transportation systems or the power grid, the White House said on Tuesday, citing Russia and China as increasingly assertive and sophisticated cyber operators.

The sanctions will be used “when the conditions are right and when actions will further U.S. policy,” White House counter terrorism adviser Lisa Monaco said in prepared remarks to a cyber security conference.

Monaco cited an “increasingly diverse and dangerous” global landscape in which Iran has launched denial-of-service attacks on U.S. banks and North Korea has shown it would conduct destructive attacks.

“To put it bluntly, we are in the midst of a revolution of the cyber threat – one that is growing more persistent, more diverse, more frequent and more dangerous every day,” she said.

The United States is working with other countries to adopt voluntary norms of responsible cyber behavior and work to reduce malicious activity, she said. At the same time, it will use an executive order authorizing sanctions against those who attack U.S. critical infrastructure.

Monaco introduced a new directive from President Barack Obama that establishes a “clear framework” to coordinate the government’s response to cyber incidents.

“It will help answer a question heard too often from corporations and citizens alike – ‘In the wake of an attack, who do I call for help?'” she said.

(Reporting by Doina Chiacu; Editing by Jonathan Oatis)

Behind Democrats’ email leak, U.S. experts see a Russian subplot

By Mark Hosenball and Arshad Mohammed

WASHINGTON (Reuters) – If the Russian government is behind the theft and release of embarrassing emails from the Democratic Party, as U.S. officials have suggested, it may reflect less a love of Donald Trump or enmity for Hillary Clinton than a desire to discredit the U.S. political system.

A U.S. official who is taking part in the investigation said that intelligence collected on the hacking of Democratic National Committee (DNC) emails released by Wikileaks on Friday “indicates beyond a reasonable doubt that it originated in Russia.”

The timing on the eve of Clinton’s formal nomination this week for the Nov. 8 presidential election has raised questions about whether Russia may have been trying to hurt her, to help Trump, her Republican rival, or to fan populist sentiment against establishment politicians as it has sought to do across Europe in recent years.

“Certainly Russia has become a master at manipulating information for their strategic goals: Witness the information bubble they have created for their threatening behavior in the Crimea, the Ukraine and elsewhere,” said former CIA and National Security Agency director Michael Hayden. “A step like this, however, would be really upping their game.”

The emails showed that DNC officials explored ways to undermine U.S. Senator Bernie Sanders’ presidential campaign against Clinton and raised questions about whether Sanders, who is Jewish, was really an atheist.

The disclosures confirmed Sanders’ frequent charge that the party played favorites against him and clouded a party convention Clinton hoped would signal unity, not division.

PUTIN’S COUNTERPUNCH?

Two U.S. intelligence officials, speaking on condition of anonymity, said the hack could be part of a broader campaign by Russian President Vladimir Putin to push back against what he thinks is an effort by the European Union and NATO, a military alliance of European and North American democracies, to encircle and weaken Russia.

One of the officials called the fear “a hangover” from Putin’s service in the KGB, the Soviet intelligence agency.

“Time and again, we’re seeing Russia push back at what Putin considers Russia’s mortal enemies,” said the other official. “He’s been actively attacking the U.S.-backed rebels in Syria, buzzing ships and planes in the Black Sea and the Baltic, not to mention invading Ukraine and seizing Crimea. This fits the pattern.”

Despite Clinton’s short-lived attempt as secretary of state to “reset” U.S.-Russian relations after U.S. President Barack Obama took office in 2009, the leaked emails could damage a candidate the Kremlin may consider hostile and benefit her opponent, who has been friendlier.

Putin accused Clinton of stirring up protests against his rule after a December 2011 Russian parliamentary election that was marred by allegations of fraud, saying she had encouraged “mercenary” Kremlin foes by criticizing the vote.

“She set the tone for some opposition activists, gave them a signal, they heard this signal and started active work,” Putin told supporters.

Asked about claims that Russian intelligence had hacked the DNC to obtain the emails, Wikileaks founder Julian Assange told NBC News’ Richard Engel “there is no proof of that whatsoever” and said “this is a diversion” pushed by the Clinton campaign.

TRUMP’S WARMER TONEAnalysts said Russia’s goal may be much broader than simply meddling in the U.S. presidential election.

“It’s a gross oversimplification to suggest that the Russian government is all-in for Donald Trump,” said Andrew Weiss, a Russia analyst at the Carnegie Endowment for International Peace, a Washington-based think tank.

“It’s in Russia’s interest … to portray the United States as riven with popular discontent, xenophobia and high-level political corruption,” Weiss said. “It fits nicely with the Kremlin’s standard narrative … that the White House rushes to criticize others without getting its own house in order.”

The Russian leader may well have been encouraged by Trump’s comments to The New York Times last week that with him in the White House, NATO might not automatically defend the Baltic states that were once a part of the Russian-led Soviet Union.

Despite public Trump-Putin exchanges of praise, Eugene Rumer, a former national intelligence officer for Russia and Eurasia, warned against reaching any quick conclusions about Putin’s view of Trump.

“We can say with some degree of confidence that they don’t like Hillary,” Rumer said. “It’s less clear that they like Trump, although over the years the Russians have said they prefer to deal with the Republicans – (that) they are kind of hard-line but they can do deals.”

A diplomat with experience working on Russia said the Kremlin also might be betting that Clinton will win and is sending a shot across her bow.

“Messing with her like this now puts her on notice that these are tough guys that she’s got to be really careful with,” said the diplomat, who spoke on condition of anonymity.

A U.S. intelligence official who is reviewing the emails as part of the investigation into their origin said that those emails describing the privileges the Democratic National Committee showers on its wealthiest donors bolster the Russian narrative of an American political system rigged by the wealthy and riddled with corruption.

“In addition to countering the U.S. narrative that the Russian government is a corrupt oligarchy, leaking these emails fits rather conveniently with Trump’s charges about a rigged system and ‘crooked Hillary’,” said the official, who spoke on condition of anonymity to discuss domestic politics.

(Reporting by Mark Hosenball, Arshad Mohammed and John Walcott.; Additional reporting by Jonathan Landay; Writing by Arshad Mohammed; Editing by John Walcott and Howard Goller)

Keyboard warriors: South Korea trains new frontline in decades-old war with North

Student training to be hacker

By Ju-min Park

SEOUL (Reuters) – In one college major at Seoul’s elite Korea University, the courses are known only by number, and students keep their identities a secret from outsiders.

The Cyber Defense curriculum, funded by the defense ministry, trains young keyboard warriors who get a free education in exchange for a seven-year commitment as officers in the army’s cyber warfare unit – and its ongoing conflict with North Korea.

North and South Korea remain in a technical state of war since the 1950-53 Korean War ended in an armed truce. Besides Pyongyang’s nuclear and rocket program, South Korea says the North has a strong cyber army which it has blamed for a series of attacks in the past three years.

The cyber defense program at the university in Seoul was founded in 2011, with the first students enrolled the following year.

One 21-year-old student, who allowed himself to be identified only by his surname Noh, said he had long been interested in computing and cyber security and was urged by his father to join the program. All South Korean males are required to serve in the military, usually for up to two years.

“It’s not a time burden but part of a process to build my career,” Noh said.

“Becoming a cyber warrior means devoting myself to serve my country,” he said in a war room packed with computers and wall-mounted flat screens at the school’s science library.

South Korea, a key U.S. ally, is one of the world’s most technologically advanced countries.

That makes its networks that control everything from electrical power grids to the banking system vulnerable against an enemy that has relatively primitive infrastructure and thus few targets against which the South can retaliate.

“In relative terms, it looks unfavorable because our country has more places to defend, while North Korea barely uses or provides internet,” said Noh.

Last year, South Korea estimated that the North’s “cyber army” had doubled in size over two years to 6,000 troops, and the South has been scrambling to ramp up its capability to meet what it considers to be a rising threat.

The United States and South Korea announced efforts to strengthen cooperation on cyber security, including “deepening military-to-military cyber cooperation,” the White House said during President Park Geun-hye’s visit to Washington in October.

In addition to the course at Korea University, the national police has been expanding its cyber defense capabilities, while the Ministry of Science, ICT and Future Planning started a one-year program in 2012 to train so-called “white hat” – or ethical – computer hackers.

NORTH’S CYBER OFFENSIVES

Still, the North appears to have notched up successes in the cyber war against both the South and the United States.

Last week, South Korean police said the North hacked into more than 140,000 computers at 160 South Korean companies and government agencies, planting malicious code under a long-term plan laying groundwork for a massive cyber attack against its rival.

In 2013, Seoul blamed the North for a cyber attack on banks and broadcasters that froze computer systems for over a week.

North Korea denied responsibility.

The U.S. Federal Bureau of Investigation has blamed Pyongyang for a 2014 cyber attack on Sony Pictures’ network as the company prepared to release “The Interview,” a comedy about a fictional plot to assassinate North Korean leader Kim Jong Un. The attack was followed by online leaks of unreleased movies and emails that caused embarrassment to executives and Hollywood personalities.

North Korea described the accusation as “groundless slander.”

South Korea’s university cyber defense program selects a maximum of 30 students each year, almost all of them men. On top of free tuition, the school provides 500,000 won ($427) per month support for each student for living expenses, according to Korea University Professor Jeong Ik-rae.

The course trains pupils in disciplines including hacking, mathematics, law and cryptography, with students staging mock hacking attacks or playing defense, using simulation programs donated by security firms, he said.

The admission to the selective program entails three days of interviews including physical examinations, attended by military officials along with the school’s professors, he said.

While North Korea’s cyber army outnumbers the South’s roughly 500-strong force, Jeong said a small group of talented and well-trained cadets can be groomed to beat the enemy.

Jeong, an information security expert who has taught in the cyber defense curriculum since 2012, said the school benchmarks itself on Israel’s elite Talpiot program, which trains gifted students in areas like technology and applied sciences as well as combat. After graduating, they focus on areas like cybersecurity and missile defense.

“It’s very important to have skills to respond when attacks happen – not only to defend,” Jeong said.

(Editing by Tony Munroe and Raju Gopalakrishnan)

Massive cyber attack could trigger NATO response: Stoltenberg

NATO Secretary-General Jens Stoltenberg

BERLIN (Reuters) – A major cyber attack could trigger a collective response by NATO, NATO Secretary General Jens Stoltenberg said in an interview published by Germany’s Bild newspaper on Thursday.

“A severe cyber attack may be classified as a case for the alliance. Then NATO can and must react,” the newspaper quoted Stoltenberg as saying. “How, that will depend on the severity of the attack.”

He spoke after a decision this week by NATO ministers to designate cyber as an official operational domain of warfare, along with air, sea, and land.

In 2014 the U.S.-led alliance assessed that cyber attacks could potentially trigger NATO’S mutual defense guarantee, or Article 5. That means NATO could potentially respond to a cyber attack with conventional weapons, although the response would be decided by consensus.

The NATO chief told Bild that the alliance needed to adjust to the increasingly complex series of threats it faces, which is why NATO members have agreed to defend against attacks in cyberspace just as they do against attacks launched against targets on land, in the air and at sea.

The United States and other NATO states have become increasingly vocal about cyber attacks launched from Russia, China and Iran, but officials say it remains hard to determine if such attacks stem from government bodies or private groups.

Recognizing cyber as an official domain of warfare will allow NATO to improve planning and better manage resources, training and personnel needs for cyber defense operations, said a NATO official, speaking on condition of anonymity.

The official stressed that NATO’s cyber activities would remain purely defensive. “We have no offensive cyber doctrine or offensive cyber capability. And there are no plans for NATO as a body to use such capabilities. NATO’s core cyber defense task is to defend NATO’s own networks,” said the official.

Individual members have already declared cyber an operational warfare domain, including the United States, which said in 2011 that it would respond to hostile attacks in cyberspace as it would to any other threat.

(Reporting by Andrea Shalal; Editing by Dan Grebler and Mark Heinrich)

Wendy’s says it finds more unusual card activity at restaurants

Wendy's

(Reuters) – U.S. burger chain operator Wendy’s Co <WEN.O> said it had discovered additional instances of unusual credit card activity at some of its franchise-operated restaurants, widening the scope of an earlier cyber attack on the company.

The company in January said it was investigating reports of unusual activity with payment cards used at some of its restaurants.

Wendy’s said it recently discovered a variant of a malware that was discovered and reported in May. The new malware was used to target a point-of-sales system that was earlier believed to be unaffected.

The company said the new variant of the malware had been disabled in cases where it was detected.

Wendy’s expects the number of franchise restaurants that will be impacted by the cybersecurity attacks is now “considerably higher” than the 300 restaurants already affected.

“To date, there has been no indication in the ongoing investigation that any company-operated restaurants were impacted by this activity,” Wendy’s said on Thursday.

The new discoveries are a result of the company’s continuing investigation into unusual credit card activity at its restaurants.

Large retailers such as Target Corp <TGT.N> and Home Depot Inc <HD.N> have been victims of security breaches in recent years.

(Reporting by Narottam Medhora in Bengaluru; Editing by Shounak Dasgupta)

Congress has launched investigation into FED’s cyber security

The Federal Reserve building in Washington

By Dustin Volz and Jason Lange

WASHINGTON (Reuters) – A U.S. congressional committee has launched an investigation into the Federal Reserve’s cyber security practices after a Reuters report revealed that the U.S. central bank had been hacked more than 50 times between 2011 and 2015.

The House Committee on Science, Space and Technology on Friday sent a letter to Federal Reserve Chair Janet Yellen to express “serious concerns” over the central bank’s ability to protect sensitive financial information.

The letter cited the Reuters report, which was based on heavily redacted internal Fed records obtained through a Freedom of Information Act request. The redacted records did not say who hacked the bank’s systems or whether they accessed sensitive information or stole money.

“These reports raise serious concerns about the Federal Reserve’s cyber security posture, including its ability to prevent threats from compromising highly sensitive financial information housed on the agency’s systems,” said the letter, signed by House Science Committee Chairman Lamar Smith, a Texas Republican, and Barry Loudermilk, a Georgia Republican and chairman of the panel’s oversight subcommittee.

The Fed had declined to comment on the cyber breaches reported by Reuters on Wednesday.

The panel asked the Fed’s national cyber security team – the National Incident Response Team – to turn over all cyber incident reports in unredacted form from Jan. 1, 2009, to the present. It also asked for incident reports from the Fed’s local incident response teams.

Global policymakers, regulators and financial institutions have become increasingly concerned about the security of the international banking system after a string of cyber attacks against banks in Bangladesh, Vietnam and elsewhere linked to fraudulent transaction messages sent across the global financial platform SWIFT.

The probe into the Fed’s security practices followed a separate inquiry by the same committee into the Federal Reserve Bank of New York’s handling of the cyber theft of $81 million from one of its accounts held by the central bank of Bangladesh.

The committee said it has jurisdiction over the Fed’s cyber security because the panel is tasked with oversight of the U.S. National Institute of Standards and Technology, an agency responsible for developing federal cyber security standards and guidelines, under a 2014 federal information technology law.

The panel also requested a “detailed description of all confirmed cyber security incidents” from 2009 to the present, all documents and communications referring or relating to “higher impact cases” handled by the Fed’s NIRT team, all documents and communications with the Fed’s Office of Inspector General related to confirmed cyber incidents, and an organizational chart detailing the Fed’s top cyber security personnel.

The committee requested a response to its inquiry by June 17.

(Reporting by Dustin Volz and Jason Lange; Editing by David Chance and Tiffany Wu)

Fed records show dozens of cybersecurity breaches

The Federal Reserve building in Washington

By Jason Lange and Dustin Volz

WASHINGTON (Reuters) – The U.S. Federal Reserve detected more than 50 cyber breaches between 2011 and 2015, with several incidents described internally as “espionage,” according to Fed records.

The central bank’s staff suspected hackers or spies in many of the incidents, the records show. The Fed’s computer systems play a critical role in global banking and hold confidential information on discussions about monetary policy that drives financial markets.

The cybersecurity reports, obtained by Reuters through a Freedom of Information Act request, were heavily redacted by Fed officials to keep secret the central bank’s security procedures.

The Fed declined to comment, and the redacted records do not say who hacked the bank’s systems or whether they accessed sensitive information or stole money.

“Hacking is a major threat to the stability of the financial system. This data shows why,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, a Washington think tank. Lewis reviewed the files at the request of Reuters.

For a graphic on the Fed security breaches, see: http://tmsnrt.rs/1TxSu8R

The records represent only a slice of all cyber attacks on the Fed because they include only cases involving the Washington-based Board of Governors, a federal agency that is subject to public records laws. Reuters did not have access to reports by local cybersecurity teams at the central bank’s 12 privately owned regional branches.

The disclosure of breaches at the Fed comes at a time when cybersecurity at central banks worldwide is under scrutiny after hackers stole $81 million from a Bank Bangladesh account at the New York Fed.

Cyber thieves have targeted large financial institutions around the world, including America’s largest bank JPMorgan, as well as smaller players like Ecuador’s Banco del Austro and Vietnam’s Tien Phong Bank.

Hacking attempts were cited in 140 of the 310 reports provided by the Fed’s board. In some reports, the incidents were not classified in any way.

In eight information breaches between 2011 and 2013 – a time when the Fed’s trading desk was buying massive amounts of bonds – Fed staff wrote that the cases involved “malicious code,” referring to software used by hackers.

Four hacking incidents in 2012 were considered acts of “espionage,” according to the records. Information was disclosed in at least two of those incidents, according to the records. In the other two incidents, the records did not indicate whether there was a breach.

In all, the Fed’s national team of cybersecurity experts, which operates mostly out of New Jersey, identified 51 cases of “information disclosure” involving the Fed’s board. Separate reports showed a local team at the board registered four such incidents.

The cases of information disclosure can refer to a range of ways unauthorized people see Fed information, from hacking attacks to Fed emails sent to the wrong recipients, according to two former Fed cybersecurity staffers who spoke on condition of anonymity.

The former employees said that cyber attacks on the Fed are about as common as at other large financial institutions.

It was unclear if the espionage incidents involved foreign governments, as has been suspected in some hacks of federal agencies. Beginning in 2014, for instance, hackers stole more than 21 million background check records from the federal Office of Personnel Management, and U.S. officials attributed the breach to the Chinese government, an accusation denied by Beijing.

TARGET FOR SPYING

Security analysts said foreign governments could stand to gain from inside Fed information. China and Russia, for instance, are major players in the $13.8 trillion federal debt market where Fed policy plays a big role in setting interest rates.

“Obviously that makes it a very clear (hacking) target for other nation states,” said Ari Schwartz, a former top cybersecurity adviser at the White House who is now with the law firm Venable.

U.S. prosecutors in March accused hackers associated with Iran’s government of attacking dozens of U.S. banks.

In the records obtained by Reuters, espionage might also refer to spying by private companies, or even individuals such British activist Lauri Love, who is accused of infiltrating a server at a regional Fed branch in October 2012. Love stole names, e-mail addresses, and phone numbers of Fed computer system users, according to a federal indictment.

The redacted reports obtained by Reuters do not mention Love or any other hacker by name.

The records point to breaches during a sensitive period for the Fed, which was ramping up aid for the struggling U.S. economy by buying massive quantities of U.S. government debt and mortgage-backed securities.

In 2010 and 2011, the Fed went on a $600 billion bond-buying spree that lowered interest rates and made bonds more expensive. It restarted purchases in September 2012 and expanded them up in December of that year.

The Fed cybersecurity records did not indicate whether hackers accessed sensitive information on the timing or amounts of bond purchases or used it for financial gain.

UP ALL NIGHT

The Fed’s national cybersecurity team – the National Incident Response Team, or NIRT – created 263 of the incident reports obtained by Reuters.

NIRT operates in a fortress-like building in East Rutherford, New Jersey that also processes millions of dollars in cash everyday as part of the central bank’s duty to keep the financial system running, according to the New York Fed’s website. The unit provides support to the local cybersecurity teams at the Fed’s Board and regional banks, which process more than $3 trillion in payments every day.

The NIRT handles “higher impact” cases, according to a 2013 report by the Board of Governor’s Office of Inspector General.

One of the two former NIRT employees interviewed by Reuters described being on a team that once worked around the clock for five-straight days to patch software hackers had used to gain access to Fed systems in an attempt to obtain passwords. The former employee worked through several of those nights, taking naps at a desk in the office.

In that case, Fed security staff found no signs that sensitive information had been disclosed, the former employee said. Information about future interest rate policy discussions is isolated from other Fed networks and is more difficult for hackers to access, the former NIRT worker said.

But the Fed was under constant assault, much like any large company, the former employee said, and was “compromised frequently.”

An internal watchdog has criticized the central bank for cybersecurity shortcomings. A 2015 audit by the Fed board’s Office of Inspector General found the board was not adequately scanning databases for vulnerabilities or putting enough restrictions on system access.

“There is heightened risk of unauthorized disclosure and inappropriate use of sensitive board information,” according to the audit released in November.

(Reporting by Jason Lange and Dustin Volz; Editing by David Chance and Brian Thevenot)

Cyber security is the biggest risk facing financial system

U.S. Securities and Exchange Commission Chair Mary Jo White is interviewed at the Reuters Financial Regulation Summit in Washington, US May 17, 2016.

By Lisa Lambert and Suzanne Barlyn

WASHINGTON (Reuters) – Cyber security is the biggest risk facing the financial system, the chair of the U.S. Securities and Exchange Commission (SEC) said on Tuesday, in one of the frankest assessments yet of the threat to Wall Street from digital attacks.

Banks around the world have been rattled by a $81 million cyber theft from the Bangladesh central bank that was funneled through SWIFT, a member-owned industry cooperative that handles the bulk of cross-border payment instructions between banks.

The SEC, which regulates securities markets, has found some major exchanges, dark pools and clearing houses did not have cyber policies in place that matched the sort of risks they faced, SEC Chair Mary Jo White told the Reuters Financial Regulation Summit in Washington D.C.

“What we found, as a general matter so far, is a lot of preparedness, a lot of awareness but also their policies and procedures are not tailored to their particular risks,” she said.

“As we go out there now, we are pointing that out.”

White said SEC examiners were very pro-active about doing sweeps of broker-dealers and investment advisers to assess their defenses against a cyber attack.

“We can’t do enough in this sector,” she said.

Cyber security experts said her remarks represented the SEC’s strongest warning to date of the threat posed by hackers.

A former member of the World Bank’s security team, Tom Kellermann, who is now chief executive of the investment firm Strategic Cyber Ventures LLC, called it “a historic recognition of the systemic risk facing Wall Street.”

BROKEN WINDOWS

Under White, a former federal prosecutor, the SEC introduced an initiative called “broken windows” designed to crack down on small violations of SEC rules to deter traders and others from larger transgressions.

But critics have questioned whether the initiative, similar to one used by former New York City Mayor Rudy Giuliani in his crackdown on crime in the city, is an effective use of the agency’s limited resources.

The policy has been applied to instances of “rampant non-compliance” involving serious, significant rules, White said, noting that she considers the initiative a huge success.

For example, the SEC brought three groups of cases in a key area, the prohibition against short selling ahead of an IPO by individuals who then participated in the IPO, since 2013, she said. Each year, there have been fewer cases, with the most recent number at around 12, White said.

GAAP VS. NON-GAAP

Also on Tuesday, the SEC released guidance about how certain accounting practices could potentially mislead investors that White called “consequential.”

Companies are increasingly using non-Generally Accepted Accounting Principles, or non-GAAP, to report earnings, permitting them to back out certain expenses from earnings figures, such as non-cash costs. But critics say the practice can also mislead investors by creating a rosier picture of a company’s profits.

The SEC’s current rules allow companies to report with figures that do not comply with GAAP, as long as certain conditions are met and White said the guidance spells out those conditions, such as a requirement that “the GAAP measure has to be of equal or greater prominence than non-GAAP.”

Non-GAAP “is not supposed to supplant GAAP and obviously not obscure GAAP,” she said.

She declined to say if the SEC is considering enforcement actions against companies that might be misleading investors with non-GAAP, but noted the SEC would not hesitate to bring one if it uncovered an “actionable violation.”

For months now, the SEC has only had three commissioners, down from its full complement of five, and the U.S. Congress has stalled on confirming two nominees.

“We’re really functioning on all cylinders,” White said, ticking off a list of projects the commission has recently completed.

She added that, to comply with rules on meetings and disclosures, commissioners typically meet one-on-one.

“If there are only three of you, it’s shorter-circuited to some degree,” she said. “There are some advantages, too.”

Follow Reuters Summits on Twitter @Reuters_Summits

For other news from the Reuters Financial Regulation Summit, click on http://www.reuters.com/summit/FinancialRegulation16

(Additional reporting by Sarah N. Lynch)

U.S., China cyber group holds first talks since September pact

Hands on Keyboard

WASHINGTON (Reuters) – A group of senior U.S. and China cyber officials on Wednesday held its first meeting since the two countries struck an anti-hacking agreement in September to try to ease years of acrimony over the issue.

The so-called Senior Experts Group on International Norms and Related Issues is expected to gather twice a year, the U.S. State Department said in a statement announcing the meeting.

It provided scant information about the talks, saying officials from the two nations’ foreign, defense and other ministries discussed “international norms of state behavior and other crucial issues for international security in cyberspace.”

China’s foreign ministry, in a brief statement, said the two sides had a “positive, deep and constructive” discussion about issues including international law as it relates to the Internet and trust measures.

China and the United States will hold another meeting at an appropriate time within the next six months, it added.

China withdrew in 2014 from a separate bilateral cyber working group following the U.S. indictment of five members of its military on charges it hacked six U.S. companies. The new group appears be a fresh start to grapple with cyber issues.

Cyber security has long been an irritant in relations between China and the United States, despite robust economic ties worth nearly $600 billion in two-way trade last year.

The September pact, reached during a U.S. visit by Chinese President Xi Jinping, included a pledge that neither country would knowingly carry out hacking for commercial advantage.

(Reporting by Arshad Mohammed; Additional reporting by Ben Blanchard in Beijing; Editing by Peter Cooney)

Big Breeches found at major email services

A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin

By Eric Auchard

FRANKFURT (Reuters) a security expert told Reuters.

The discovery of 272.3 million stolen accounts included a majority of users of Mail.r, MAILRq, Russia’s most popular email service, and smaller fractions of Google GO, Yahoo YHOO.O and Microsoft email users, said Alex Holden, founder and chief information security officer of Hold Security.

It is one of the biggest stashes of stolen credentials to be uncovered since cyber attacks hit major U.S. banks and retailers two years ago.

Holden was previously instrumental in uncovering some of the world’s biggest known data breaches, affecting tens of millions of users at Adobe Systems, ADBE., JPMorgan JPM and Target and exposing them to subsequent cyber crimes.

The latest discovery came after Hold Security researchers found a young Russian hacker bragging in an online forum that he had collected and was ready to give away a far larger number of stolen credentials that ended up totaling 1.17 billion records.

After eliminating duplicates, Holden said, the cache contained nearly 57 million Mail.ru accounts – a big chunk of the 64 million monthly active email users Mail.ru said it had at the end of last year. It also included tens of millions of credentials for the world’s three big email providers, Gmail, Microsoft and Yahoo, plus hundreds of thousands of accounts at German and Chinese email providers.

“This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him,” said Holden, the former chief security officer at U.S. brokerage R.W. Baird. “These credentials can be abused multiple times,” he said.

LESS THAN $1

Mysteriously, the hacker asked just 50 rubles – less than $1 – for the entire trove, but gave up the dataset after Hold researchers agreed to post favorable comments about him in hacker forums, Holden said. He said his company’s policy is to refuse to pay for stolen data.

Such large-scale data breaches can be used to engineer further break-ins or phishing attacks by reaching the universe of contacts tied to each compromised account, multiplying the risks of financial theft or reputational damage across the web.

Hackers know users cling to favorite passwords, resisting admonitions to change credentials regularly and make them more complex. It’s why attackers reuse old passwords found on one account to try to break into other accounts of the same user.

After being informed of the potential breach of email credentials, Mail.ru spokeswoman Madina Tayupova told Reuters: “We are now checking, whether any combinations of usernames/passwords match users’ e-mails and are still active.

“As soon as we have enough information we will warn the users who might have been affected,” she said, adding that Mail.ru’s initial checks found no live combinations of usernames and passwords which match existing emails.

A Microsoft spokesman said stolen online credentials was an unfortunate reality. “Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.”

Yahoo and Google did not respond to requests for comment.

Yahoo Mail credentials numbered 40 million, or 15 percent of the 272 million unique IDs discovered. Meanwhile, 33 million, or 12 percent, were Microsoft Hotmail accounts and 9 percent, or nearly 24 million, were Gmail, according to Holden.

Thousands of other stolen username/password combinations appear to belong to employees of some of the largest U.S. banking, manufacturing and retail companies, he said.

Stolen online account credentials are to blame for 22 percent of big data breaches, according to a recent survey of 325 computer professionals by the Cloud Security Alliance.

In 2014, Holden, a Ukrainian-American who specializes in Eastern European cyber crime threats, uncovered a cache of 1.2 billion unique credentials that marked the world’s biggest-ever recovery of stolen accounts.

His firm studies cyber threats playing out in the forums and chatrooms that make up the criminal underground, speaking to hackers in their native languages while developing profiles of individual criminals.

Holden said efforts to identify the hacker spreading the current trove of data or the source or sources of the stolen accounts would have exposed the investigative methods of his researchers. Because the hacker vacuumed up data from many sources, researchers have dubbed him “The Collector”.

Ten days ago, Milwaukee-based Hold Security began informing organizations affected by the latest data breaches. The company’s policy is to return data it recovers at little or no cost to firms found to have been breached.

“This is stolen data, which is not ours to sell,” said Holden.

(Editing by Mark Trevelyan)