The Jim Bakker Show

National Security Agency merging offensive, defensive hacking operations

WASHINGTON (Reuters) – The U.S. National Security Agency on Monday outlined a reorganization that will consolidate its spying and domestic cyber-security operations, despite recommendations by a presidential panel that the agency focus solely on espionage.

The NSA said the reorganization, known as “NSA21,” or NSA in the 21st century, will take two years to complete, well into the first term of whoever is elected president in November.

A review board appointed by President Barack Obama recommended in December 2013 that the NSA concentrate solely on foreign intelligence gathering. The board’s recommendations came as the United States was reeling from disclosures from former NSA contractor Edward Snowden about the collection of vast amounts of domestic and international communications data.

Under the board’s plan, a separate agency would have been housed within the Department of Defense with responsibility for enhancing the security of government networks and assisting corporate computer systems.

Ignoring that recommendation, the Obama administration will replace its separate spying and cyber-defense directorates with a unified organization responsible for both espionage and helping defend U.S. computer networks.

The “new structure will enable us to consolidate capabilities and talents to ensure that we’re using all of our resources to maximum effect to accomplish our mission,” NSA Director Mike Rogers said in a workforce address made publicly available on Monday.

Some technology specialists and privacy advocates have said the government agency responsible for building and exploiting flaws in computer software for spying purposes should not be the same one entrusted to warn companies about detected software weaknesses.

The presidential panel cited concerns about “potential conflicts of interest” between the NSA’s offensive and defensive objectives, in addition to the need to restore confidence with the U.S. technology industry to induce better cyber-security collaboration.

“I hope the NSA will explain its strategy for continuing to rebuild trust with the private sector,” Peter Swire, a professor of law at the Georgia Institute of Technology, who served on the five-member review group, said on Monday.

In November, the NSA told Reuters it informed U.S. technology firms more than 90 percent of the time about serious software flaws it found. The spy agency did not say how quickly it alerted those firms, leaving open the possibility it exploits software vulnerabilities before sharing details about them.

(Reporting by Dustin Volz; Editing by Peter Cooney)

Hackers attack 20 million accounts on Chinese shopping site

BEIJING (Reuters) – Hackers in China attempted to access over 20 million active accounts on Alibaba Group Holding Ltd’s Taobao e-commerce website using Alibaba’s own cloud computing service, according to a state media report posted on the Internet regulator’s website.

Analysts said the report from The Paper led to the price of Alibaba’s U.S.-listed shares falling as much as 3.7 percent in late Wednesday trade.

An Alibaba spokesman on Thursday said the company detected the attack in “the first instance”, reminded users to change passwords, and worked closely with the police investigation.

Chinese companies are grappling a sharp rise in the number of cyber attacks, and cyber security experts say firms have a long way to go before defenses catch up to U.S. counterparts.

In the latest case, hackers obtained a database of 99 million usernames and passwords from a number of websites, according to a separate report on a website managed by the Ministry of Public Security.

The hackers then used Alibaba’s cloud computing platform to input the details into Taobao. Of the 99 million usernames, they found 20.59 million were also being used for Taobao accounts, the ministry website said.

The hackers started inputting the details into Taobao in mid-October and were discovered in November, at which time Alibaba immediately reported the case to police, the ministry website said. The hackers have since been caught, it said.

Alibaba’s systems discovered and blocked the vast majority of log-in attempts, according to the ministry website.

The hackers used compromised accounts to fake orders on Taobao, a practice known as “brushing” in China and used to raise sellers’ rankings, the newspaper said. The hackers also sold accounts to be used for fraud, it said.

Alibaba’s spokesman said the hackers rented the cloud computing service, but declined to comment on security measures designed to stop the system being used for the attack. He said they could have used any such service, and that the attack was not aided by any possible loopholes in Alibaba’s platform.

“Alibaba’s system was never breached,” the spokesman said.

The number of accounts, 20.59 million, represents about 1 out of every 20 annual active buyers on Alibaba’s China retail marketplaces.

(Reporting by Paul Carsten; Additional reporting by Beijing Newsroom; Editing by Christopher Cushing)

Ex-government employee pleads guilty in nuclear secrets cyber attack scheme

A former government employee who was accused of trying to orchestrate a cyber attack against computers that contained information about nuclear weapons pleaded guilty to a federal computer crime, the Department of Justice announced in a news release on Tuesday afternoon.

Prosecutors said 62-year-old Charles Harvey Eccleston, a former employee of the Nuclear Regulatory Commission, admitted his guilt in the attempted “spear-phishing” attack that took place last January. Eccleston was arrested after an undercover operation in which prosecutors said the accused dealt with FBI employees who had been posing as foreign government officials.

Spear-phishing is a type of cyber attack in which people send authentic-looking emails to their targets, encouraging the recipients to open them. However, the emails contain malicious code.

According to the Department of Justice, Eccleston sent an email that he believed contained a virus to about 80 Department of Energy employees, thinking the code would allow a foreign country to infiltrate or harm their computers. Prosecutors said Eccleston targeted employees “whom he claimed had access to information related to nuclear weapons or nuclear materials.”

The code was harmless and was actually crafted by the FBI, according to the release.

Eccleston, who thought he would be paid roughly $80,000 for sending the spear-phishing email, was arrested last March during a meeting with an undercover FBI employee, prosecutors said.

“Eccleston admitted that he attempted to compromise, exploit and damage U.S. government computer systems that contained sensitive nuclear weapon-related information with the intent of allowing foreign nations to gain access to that information or to damage essential systems,” Assistant Attorney General John P. Carlin said in a statement announcing the guilty plea.

Prosecutors said Eccleston was fired from his job with the Nuclear Regulatory Commission in 2010. He moved to the Philippines the following year and had been living there until his arrest.

The alleged cyber attack wasn’t the first time that law enforcement heard Eccleston’s name.

Prosecutors said the FBI first learned about Eccleston in 2013 after he walked into an embassy in the Philippines and offered to sell a list of 5,000 U.S. government email accounts for $18,800. If the nation wasn’t interested, Eccleston said he would offer the list to China, Iran or Venezuela.

That November, the FBI sent undercover employees to meet with Eccleston and had them pose as foreign government officials. One FBI employee bought a list of 1,200 email addresses for $5,000, prosecutors said, though an investigation found the accounts were publicly available.

Prosecutors said Eccleston communicated with the employees for “several months,” and offered to help design the spear-phishing emails during a meeting with an undercover FBI employee in June 2014. He made the bogus emails look like advertisements for a nuclear energy conference.

Eccleston pleaded guilty to attempted unauthorized access and intentional damage to a protected computer and faces 24 to 30 months in prison and a $95,000 fine when he is sentenced in April, prosecutors announced.

Company develops ‘tech tattoos’ to store medical, financial info

A software company has created a “tech tattoo” that allows a person to store their medical and financial information inside his or her body, according to a new report from CBS New York.

Officials from Chaotic Moon, the company behind the tattoos, told the television station that the tattoos can monitor a patient’s vital signs and other medical information and wirelessly send the data to doctors. The tattoos, which use special ink and microchips, can last up to a year and may replace the need for people to visit doctors for their annual physicals, according to the report.

The tattoos could also one day be used to help locate lost children or monitor the vital signs of soldiers in combat, the television station reported, and might also eliminate the need for wallets because people will be able to store their credit card information and identification in them.

Reports: U.S., British spies hacked Israeli air force

JERUSALEM (Reuters) – The United States and Britain have monitored secret sorties and communications by Israel’s air force in a hacking operation dating back to 1998, according to documents attributed to leaks by former U.S. spy agency contractor Edward Snowden.

Israel voiced disappointment at the disclosures, which were published on Friday in three media outlets and might further strain relations with Washington after years of feuding over strategies on Iran and the Palestinians.

Israel’s Yedioth Ahronoth daily said the U.S. National Security Agency, which specializes in electronic surveillance, and its British counterpart GCHQ spied on Israeli air force missions against the Palestinian enclave Gaza, Syria and Iran.

The spy operation, codenamed “Anarchist”, was run out of a Cyprus base and targeted other Middle East states too, it said. Its findings were mirrored by stories in Germany’s Der Spiegel news magazine and the online publication The Intercept, which lists Snowden confidant Glenn Greenwald among its associates.

“This access is indispensable for maintaining an understanding of Israeli military training and operations and thus an insight to possible future developments in the region,” The Intercept quoted a classified GCHQ report as saying in 2008.

That year, Israel went to war against Hamas guerrillas in Gaza and began issuing increasingly vocal threats to attack Iranian nuclear facilities if it deemed international diplomacy insufficient to deny its arch-foe the means of making a bomb.

Asked for comment, the United States and Britain said through spokespeople for their embassies in Israel that they do not publicly discuss intelligence matters.

NOT “DEEPEST KINGDOM OF SECRETS”

Israeli Energy Minister Yuval Steinitz, a member of Prime Minister Benjamin Netanyahu’s security cabinet, sought to play down the potential damage but said lessons would be learned.

“I do not think that this is the deepest kingdom of secrets, but it is certainly something that should not happen, which is unpleasant,” he told Israel’s Army Radio. “We will now have to look and consider changing the encryption, certainly.”

With the Netanyahu government and Obama administration at loggerheads over the U.S.-led nuclear agreement with Iran, there have been a series of high-profile media exposes in recent months alleging mutual espionage between the allies.

Israel insists that it ceased such missions since it ran U.S. Navy analyst Jonathan Pollard as an agent in the 1980s.

“We know that the Americans spy on the whole world, and also on us, also on their friends,” Steinitz said. “But still, it is disappointing, inter alia because, going back decades already, we have not spied nor collected intelligence nor hacked encryptions in the United States.”

The Intercept report included what it said were images of armed Israeli drones hacked from onboard cameras’ live feeds.

Israel neither confirms nor denies having armed drones, though one of its senior military officers was quoted as acknowledging their existence in a 2010 U.S. diplomatic cable that was previously disseminated by WikiLeaks.

Yedioth said that the hacking revelations could hurt Israeli drone sales to Germany should Berlin worry about the aircraft networks’ security. But Steinitz brushed off that possibility.

“Every country carries out its own encryption,” he said.

Germany said on January 12 it would lease Heron TP drones from state-owned Israel Aerospace Industries (IAI).

(Writing by Dan Williams; Editing by Mark Heinrich)

Hackers target HSBC, disrupt online banking for UK customers

Hackers targeted one of the world’s largest banks on Friday morning, preventing some of HSBC’s customers in the United Kingdom from being able to access their online accounts.

HSBC issued a statement saying it “successfully defended” against a denial-of-service attack, in which hackers try to prevent people from accessing a given site by overwhelming it with traffic.

The company said the attack targeted its Internet banking system for the United Kingdom, but no transactions were affected. However, some United Kingdom customers who tried to log into their accounts Friday were greeted by a message that said online banking was unavailable.

That message did not appear on the company’s website for online banking in the United States.

HSBC tweeted that its service was recovering, though it was still seeing some denial-of-service attacks some five hours after it initially reported the incident. The bank added it was “working closely with law enforcement authorities to pursue the criminals responsible.”

About 17 million United Kingdom residents are HSBC customers, the bank says. It apologized to all those inconvenienced by the outage, and encouraged them to visit a branch for urgent issues.

It was the second time this month that HSBC customers had an issue with online banking.

The company tweeted that “an internal technical issue” prevented some people from accessing their accounts on Jan. 4 and Jan. 5. In a video tweeted from the company’s account, an HSBC official said that was not caused by a cyber attack and that customers’ data was never at risk.

HSBC has about 6,100 offices in more than 70 countries and territories across the globe, according to its website.

Canada stops sharing some spy info with allies after breach

OTTAWA (Reuters) – Canada has stopped its electronic spy agency from sharing some data with key international allies after discovering the information mistakenly contained personal details about Canadians, government officials said on Thursday.

Ottawa acted after learning that the Communications Security Establishment (CSE) agency had failed to properly disguise metadata – the numbers and time stamps of phone calls but not their content – before passing it on to their international partners.

“CSE will not resume sharing this information with our partners until I am fully satisfied the effective systems and measures are in place,” Defense Minister Harjit Sajjan said in a statement.

Sajjan, who has overall responsibility for the agency, did not say when Canada had stopped sharing the data in question.

Canada is part of the Five Eyes intelligence sharing network, along with the United States, Britain, Australia and New Zealand. CSE, like the U.S. National Security Agency, monitors electronic communication and helps protect national computer networks.

While the agency is not allowed to specifically target Canadians or Canadian corporations, it can scoop up data about Canadians while focusing on other targets.

Sajjan, blaming technical deficiencies at CSE for the problems, said the metadata that Canada shared did not contain names or enough information to identify individuals and added: “The privacy impact was low.”

He made the announcement shortly after an official watchdog that monitors CSE revealed the metadata problem. The watchdog said CSE officials themselves had realized they were not doing enough to disguise the information they shared.

An NSA program to vacuum up Americans’ call data was exposed publicly by former NSA contractor Edward Snowden in 2013 and prompted questions about the CSE’s practices.

(Reporting by David Ljunggren; Editing by Diane Craft)

U.S. utilities worry about cyber cover after Ukraine grid attack

(Reuters) – U.S. utilities are looking hard at their cyber vulnerabilities and whether they can get insurance to cover what could be a multi-billion dollar loss after hackers cut electric power to more than 80,000 Ukrainians last month.

The Dec. 23 incident in Ukraine was the first cyber attack to cause a power outage, and is one of just a handful of incidents in which computer hacking has caused physical effects on infrastructure rather than the loss or theft of electronic data.

A similar attack in the United States could cripple utilities and leave millions of people in the dark, costing the economy more than $200 billion, an insurance study estimated last year.

Security experts, insurance brokers, insurers and attorneys representing utilities told Reuters that the Ukraine attack has exposed long-standing ambiguity over which costs would be covered by insurance in various cyber attack scenarios.

“People in the insurance industry never did a great job clarifying the scope of coverage,” said Paul Ferrillo, an attorney with Weil, Gotshal & Manges who advises utilities.

Cyber insurance typically covers the cost of attacks involving stolen personal data. Some general property and liability policies may cover physical damage from cyber attacks, but insurers do not always provide clear answers about coverage for industrial firms, said Ben Beeson, a partner with broker Lockton Companies.

That has led to some unease among U.S. utilities.

“When you get these kind of headline-grabbing cyber incidents, there is obviously a flurry of interest,” said Dawn Simmons, an executive with Associated Energy and Gas Insurance Services, or AEGIS, a U.S. mutual insurer that provides coverage to its 300 or so members.

Getting a policy that includes cyber property damage is not cheap.

Sciemus Cyber Ltd, a specialty insurer at the Lloyd’s of London insurance market, charges energy utilities roughly $100,000 for $10 million in data breach insurance. The price balloons to as much as seven times that rate to add coverage for attacks that cause physical damage, said Sciemus Chief Executive Rick Welsh.

INDUSTRY WARNINGS

Security experts have warned for several years that a cyber attack could cause power outages due to the growing reliance on computer technology in plants that is accessible from the Internet.

In the Ukraine attack, hackers likely gained control of systems remotely, then switched breakers to cut power, according to an analysis by the Washington-based SANS Institute. Ukraine’s state security service blamed Russia for the attack, while U.S. cyber firm iSight Partners linked it to a Russian hacking group known as Sandworm Team.

Utilities are now trying to determine if they have insurance to cover these kinds of attacks, and if not, whether they need it, said Patrick Miller, founder of the Energy Sector Security Consortium, an industry group that shares information on cyber threats.

American Electric Power Company Inc, Duke Energy Corp, Nextera Energy Inc and PG&E Corp are among publicly-traded utility companies that have warned of their exposure to cyber risks in their most recent annual reports to securities regulators, and that their insurance coverage might not cover all expenses related to an attack.

Representatives with AEP, Duke and PG&E declined to disclose the limits of their insurance. Officials with Nextera could not be reached for comment.

The potential costs of an attack in the United States are huge. Last year Lloyd’s and the University of Cambridge released a 65-page study estimating that simultaneous malware attacks on 50 generators in the Northeastern United States could cut power to as many as 93 million people, resulting in at least $243 billion in economic damage and $21 billion to $71 billion in insurance claims.

The study called such a scenario improbable but “technologically possible.”

There are precedents, including the 2010 ‘Stuxnet’ attack that damaged centrifuges at an Iranian uranium enrichment facility and the 2012 ‘Shamoon’ campaign that crippled business operations at Saudi Aramco and RasGas by wiping drives on tens of thousands of PCs.

In late 2014, the German government reported that hackers had damaged an unnamed steel mill, the first attack that damaged industrial equipment. Details remain a mystery.

AMBIGUITY OVER COVERAGE

“It’s getting a little competitive just to get a carrier quoting your policy,” said Lynda Bennett, an attorney with Lowenstein Sandler, who helps businesses negotiate insurance. Some insurers have cut back on cyber coverage in response to the increase in the number and types of breaches, she added.

American International Group Inc, for example, will only write cyber policies over $5 million for a power utility after an in-depth review of its technology, including the supervisory control and data acquisition (SCADA) systems that remotely control grid operations.

“There are companies that we have walked away from providing coverage to because we had concerns about their controls,” said AIG executive Tracie Grella.

AIG and AEGIS declined to discuss pricing of policies. It seems likely they will find coverage more in demand after the Ukraine attack.

“A lot more companies will be asked by their stakeholders internally: Do we have coverage for this type of thing?” said Robert Wice, an executive with Beazley Plc, which offers cyber insurance. “Whether they actually start to buy more or not will depend on pricing.”

(Reporting by Jim Finkle; Additional reporting by Rory Carroll; Editing by Bill Rigby)

Wendy’s probing likely fraudulent payment-card charges

(Reuters) – Burger chain operator Wendy’s Co said on Wednesday it was investigating reports of unusual activity with payment cards used at some of its 5,700 locations in the United States.

“Reports indicate fraudulent charges may have occurred elsewhere after payment cards were legitimately used at some restaurants,” Wendy’s spokesman Bob Bertini told Reuters in an email statement.

Large retailers such as Target Corp and Home Depot Inc have been victims of security breaches in recent years. Gourmet sandwich chain Jimmy John’s was also breached in 2014.

“Until this investigation is completed, it is difficult to determine with certainty the nature or scope of any potential incident,” Bertini said. “We have hired a cyber security firm to assist, but are not disclosing the name at this point.”

Security blog Krebs on Security first reported the development earlier in the day.

(Reporting by Subrat Patnaik and Sruthi Ramakrishnan in Bengaluru; Editing by Savio D’Souza and Maju Samuel)

Hackers may have wider access to Ukrainian industrial facilities

KIEV (Reuters) – Hackers were able to attack four sections of Ukraine’s power grid with malware late last year because of basic security lapses and they could take down other industrial facilities at any time, a consultant to government investigators said.

Three power cuts reported in separate areas of western and central Ukraine in late December were the first known electrical outages caused by cyber attacks, causing consternation among businesses and officials around the world.

The consultant, Oleh Sych, told Reuters a fourth Ukrainian energy company had been affected by a lesser attack in October, but declined to name it.

He also said a similar type of malware had been identified by the Ukrainian anti-virus software company Zillya! where he works as far back as July, making it impossible to know how many other systems were at risk.

“This is the scariest thing – we’re living on a powder keg. We don’t know where else has been compromised. We can protect everything, we can teach administrators never to open emails, but the system is already infected,” he said.

Sych, whose firm is advising the State Security Service SBU and a commission set up by the energy ministry, said power distributors had ignored their own security rules by allowing critical computers to be hooked up to the Internet when they should have been kept within an internal network.

This so-called “air gap” separates computer systems from any outside Internet connections accessible to hackers.

“A possible objective was to bring down some branches (of the Ukrainian energy system) and create a ‘domino effect’ to collapse the entire system of Ukraine or a significant part,” Sych said.

Ukraine has also been targeted in other cyber attacks, which included hacking into the system of Ukraine’s biggest airport and TV news channels.

Security services and the military blamed the attacks on Russia, an allegation dismissed by the Kremlin as evidence of Ukraine’s tendency to accuse Russia of “all mortal sins”.

Russia annexed Crimea from Ukraine in 2014 and has supported separatist rebels in east of the former Soviet republic, arguing that Kiev’s Western-backed government, elected after the Moscow-backed president fled widespread protests, was illegitimate.

Sych, who said he could not reveal all the details of the probe, said there was no conclusive evidence that the attacks originated in Russia. One of the emails was sent from the server of a German university, another from the United States, he said.

INSIDER

International cyber-security researchers who have studied the attacks believe the attackers broke into networks by sending targeted emails designed to trick utility insiders to click on Excel documents that were poisoned with malware used to gain control inside the networks.

Sych agreed, saying:

“We understand that this couldn’t have happened without an insider. To carry out this kind of attack you need to know what kind of operating system and SCADA (supervisory control and data acquisition) are used and what software controls the industrial facility,” he said.

SCADA software is widely used to control industrial systems worldwide.

“The attackers must have known what software was installed … to test (the malware) on it. Clearly preliminary investigations were carried out and this was easy to do with this kind of insider information.”

He said the hackers had sent the e-mails in question to workers at the affected power distribution companies with infected Word or Excel files that were meant to look like official correspondence from the energy ministry.

They contained topics that would have been recognizable to the workers and were not sent out en masse but targeted certain individuals instead. One of the emails was about regional electricity production levels, he said.

“It was all very simple and stupid,” Sych said, adding that the hackers totally wiped the data of some of the computers in one of the firms.

Details of the impact of the attacks have been sketchy, but one is reported to have affected 80,000 customers for two hours. The three named companies declined to comment on Sych’s remarks.

“All experts agree this sort of attack on electric utilities or other critical infrastructure was bound to happen because engineering-wise, physics-wise it is technically possible to do,” said Kenneth Geers, a Kiev-based national security analyst who worked for U.S. intelligence agencies for 20 years until 2013.

All it takes is political will or opportunism to try something like this, he said.

Ukrainian Deputy Energy Minister Oleksander Svetelyk has also accused the companies of lapses, saying on Tuesday there had been a “a lot of errors”. He added that U.S. cyber experts would come to Kiev later this week to help with the investigation.

(Additional reporting by Maria Tsvetkova in Moscow and Eric Auchard in Brussels; Writing by Matthias Williams; Editing by Philippa Fletcher)

Sign up for Jim Bakker Show