Britain says Russian military intelligence behind host of global cyber attacks

FILE PHOTO: Russian President Vladimir Putin and a masked security officer stand at a shooting gallery of the new GRU military intelligence headquarters building as he visits it in Moscow, Russia November 8, 2006.REUTERS/ITAR-TASS/PRESIDENTIAL PRESS SERVICE/File Photo

By Guy Faulconbridge and Anthony Deutsch

THE HAGUE (Reuters) – Britain accused Russian military intelligence on Thursday of directing a host of cyber attacks aimed at undermining Western democracies by sowing confusion in everything from the 2016 U.S. presidential election to the global chemical weapons watchdog.

In a British assessment based on work by its National Cyber Security Centre (NCSC), Russian military intelligence (GRU) was cast as a pernicious cyber aggressor which used a network of hackers to spread discord across the world.

GRU, Britain said, was almost certainly behind the BadRabbit and World Anti-Doping Agency attacks of 2017, the hack of the Democratic National Committee (DNC) in 2016 and the theft of emails from a UK-based TV station in 2015.

The Netherlands said it had caught four GRU officers red-handed as they tried to hack into the Organization for the Prohibition of Chemical Weapons from a hotel next door in April.

“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries,” said British Foreign Secretary Jeremy Hunt.

“Our message is clear – together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability,” Hunt said. Britain believes the Russian government is responsible for the attacks.

Maria Zakharova, a spokeswoman for the Russian Ministry of Foreign Affairs, told a news briefing that the British accusations were the product of someone with a “rich imagination”.

“It’s some kind of a diabolical perfume cocktail (of allegations),” TASS quoted Zakharova as telling reporters.

Though less well known than the Soviet Union’s once mighty KGB, Russia’s military intelligence service played a major role in some of the biggest events of the past century, from the Cuban missile crisis to the annexation of Crimea.

RUSSIAN CYBER POWER?

Though commonly known by the acronym GRU, which stands for the Main Intelligence Directorate, its name was formally changed in 2010 to the Main Directorate of the General Staff (or just GU). Its old acronym – GRU – is still more widely used.

It has agents across the globe and answers directly to the chief of the general staff and the Russian defense minister. The GRU does not comment publicly on its actions. Its structure, staff numbers and financing are Russian state secrets.

The GRU traces its history back to the times of Ivan the Terrible, though it was founded as the Registration Directorate in 1918 after the Bolshevik Revolution. Vladimir Lenin insisted on its independence from other secret services.

British Prime Minister Theresa May has said GRU officers used a nerve agent to try to kill former double agent Sergei Skripal, who was found unconscious in the English city of Salisbury in March. Russia has repeatedly denied the charges.

After the Skripal poisoning, the West agreed with Britain’s assessment that Russian military intelligence was to blame and launched the biggest expulsion of Russian spies working under diplomatic cover since the height of the Cold War.

According to a presentation by the head of the Netherlands’ military intelligence agency, four Russians arrived in the Netherlands on April 10 and were caught with spying equipment at a hotel located next to the OPCW headquarters.

At the time, the OPCW was working to verify the identity of the substance used in the Salisbury attack. It was also seeking to verify the identity of a substance used in an attack in Douma, Syria.

Russian President Vladimir Putin, himself a former KGB spy, said on Wednesday that Skripal, a GRU officer who betrayed dozens of agents to Britain’s MI6 foreign spy service, was a “scumbag” who had betrayed Russia.

Britain said the GRU was associated with a host of hackers including APT 28, Fancy Bear, Sofacy, Pawnstorm, Sednit, CyberCaliphate, Cyber Berkut, Voodoo Bear and BlackEnergy Actors.

“This pattern of behavior demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences,” Foreign Secretary Hunt said.

The United States sanctioned GRU officers including its chief, Igor Korobov, in 2016 and 2018 for attempted interference in the 2016 U.S. election and cyber attacks.

Australia and New Zealand backed the United Kingdom’s findings on the GRU.

“Cyberspace is not the Wild West. The International Community – including Russia – has agreed that international law and norms of responsible state behavior apply in cyberspace,” Australia’s Prime Minister Scott Morrison said.

“By embarking on a pattern of malicious cyber behavior, Russia has shown a total disregard for the agreements it helped to negotiate,” Morrison said.

(Additional reporting by Stephanie van den Berg and Colin Packham; Editing by Stephen Addison)

NSA backtracks on sharing number of Americans caught in warrant-less spying

A security car patrols the National Security Agency (NSA) data center in Bluffdale, Utah, U.S., March 24, 2017. REUTERS/George Frey

By Dustin Volz

WASHINGTON (Reuters) – For more than a year, U.S. intelligence officials reassured lawmakers they were working to calculate and reveal roughly how many Americans have their digital communications vacuumed up under a warrant-less surveillance law intended to target foreigners overseas.

This week, the Trump administration backtracked, catching lawmakers off guard and alarming civil liberties advocates who say it is critical to know as Congress weighs changes to a law expiring at the end of the year that permits some of the National Security Agency’s most sweeping espionage.

“The NSA has made Herculean, extensive efforts to devise a counting strategy that would be accurate,” Dan Coats, a career Republican politician appointed by Republican President Donald Trump as the top U.S. intelligence official, testified to a Senate panel on Wednesday.

Coats said “it remains infeasible to generate an exact, accurate, meaningful, and responsive methodology that can count how often a U.S. person’s communications may be collected” under the law known as Section 702 of the Foreign Intelligence Surveillance Act.

He told the Senate Intelligence Committee that even if he dedicated more resources the NSA would not be able to calculate an estimate, which privacy experts have said could be in the millions.

The statement ran counter to what senior intelligence officials had previously promised both publicly and in private briefings during the previous administration of President Barack Obama, a Democrat, lawmakers and congressional staffers working on drafting reforms to Section 702 said.

Representative John Conyers, the top Democrat in the House of Representatives Judiciary Committee, said that for many months intelligence agencies “expressly promised” members of both parties to deliver the estimated number to them.

Senior intelligence officials had also previously said an estimate could be delivered. In March, then NSA deputy director Rick Ledgett, said “yes” when asked by a Reuters reporter if an estimate would be provided this year.

“We’re working on that with the Congress and we’ll come to a satisfactory resolution, because we have to,” said Ledgett, who has since retired from public service.

The law allows U.S. intelligence agencies to eavesdrop on and collect vast amounts of digital communications from foreign suspects living outside of the United States, but often incidentally scoops up communications of Americans.

The decision to scrap the estimate is likely to complicate a debate in Congress over whether to curtail certain aspects of the surveillance law, congressional aides said. Congress must vote to renew Section 702 to avoid its expiration on Dec. 31.

Privacy issues often scramble traditional party lines, but there are signs that Section 702’s renewal will be even more politically unpredictable.

Some Republicans who usually support surveillance programs have expressed concerns about Section 702, in part because they are worried about leaks of intercepts of conversations between Trump associates and Russian officials amid investigations of possible collusion.

U.S. intelligence agencies last year accused Russia of interfering in the 2016 presidential election campaign, allegations Moscow denies. Trump denies there was collusion. Intelligence officials have said Section 702 was not directly connected to surveillance related to those leaks.

“As big a fan as I am of collection, incidental collection, I’m not going to reauthorize a program that could be politically manipulated,” Senator Lindsey Graham, usually a defender of U.S. surveillance activities, told reporters this week.

Graham was among 14 Republican senators, including every Republican member of the intelligence panel, who on Tuesday introduced a bill supported by the White House and top intelligence chiefs, that would renew Section 702 without changes and make it permanent.

Critics have called the process under which the FBI and other agencies can query the pool of data collected for U.S. information a “backdoor search loophole” that evades traditional warrant requirements.

“How can we accept the government’s reassurance that our privacy is being protected when the government itself has no idea how many Americans’ communications are being swept up and stored?” said Liza Goitein, a privacy expert at the Brennan Center for Justice.

(Reporting by Dustin Volz; additional reporting by Richard Cowan; Editing by Jonathan Weber and Grant McCool)

White House, intel chiefs want to make digital spying law permanent

Director of National Intelligence Daniel Coats (2nd-R) testifies as he appears alongside acting FBI Director Andrew McCabe (L), Deputy Attorney General Rod Rosenstein (2nd-L) and National Security Agency Director Michael Rogers (R) at a Senate Intelligence Committee hearing on the Foreign Intelligence Surveillance Act (FISA) in Washington, U.S., June 7, 2017. REUTERS/Kevin Lamarque

By Dustin Volz

WASHINGTON (Reuters) – The White House and U.S. intelligence chiefs Wednesday backed making permanent a law that allows for the collection of digital communications of foreigners overseas, escalating a fight in Congress over privacy and security.

The law, enshrined in Section 702 of the Foreign Intelligence Surveillance Act, is due to expire on December 31 unless Congress votes to reauthorize it, but is considered vital by U.S. intelligence agencies.

Privacy advocates have criticized the law though for allowing the incidental collection of data belonging to millions of Americans without a search warrant.

The push to make the law permanent may lead to a contentious debate over renewal of Section 702 in Congress, where lawmakers in both parties are deeply divided over whether to adopt transparency and oversight reforms.

“We cannot allow adversaries abroad to cloak themselves in the legal protections we extend to Americans,” White House Homeland Security Adviser Tom Bossert wrote in an editorial published in the New York Times newspaper on Wednesday.

U.S. Director of National Intelligence Dan Coats, speaking on behalf of other intelligence agency leaders, also told the Senate Intelligence Committee panel on Wednesday that the statute should be made permanent, saying it was necessary to keep the United States safe from national security threats.

NSA Director Rogers added that the law had been vital to preventing terrorism in allied countries as well.

Fourteen Republican senators, including every Republican member of the Senate intelligence panel, introduced a bill on Tuesday that would make part of Section 702 permanent.

The statute, which grants the National Security Agency a considerable freedom in the collection of foreigners’ digital communications, normally comes with a “sunset” clause, meaning that roughly every five years lawmakers need to reconsider its impact on privacy and civil liberties.

‘SPY ON AMERICANS’

Intelligence Director Coats said it was not feasible for the NSA to provide an estimate of the number of Americans whose communications are ensnared incidentally under Section 702.

Coats and other officials had previously told Congress they would attempt to share an estimate publicly before the statute expires. A frustrated Democratic Senator Ron Wyden, who has asked for such an estimate for several years, said Coats “went back on a pledge.”

Privacy advocates criticized the push to make Section 702 permanent, arguing that regular reviews of the law were necessary to conduct appropriate oversight and prevent potential abuses.

“After months of criticizing the government for allegedly spying on his presidential campaign, President Trump is now hypocritically endorsing a bill that would make permanent the NSA authority that is used to spy on Americans without a warrant,” said Neema Singh Guliani, legislative counsel with the American Civil Liberties Union.

Disclosures by former NSA contractor Edward Snowden in 2013 revealed the sweeping nature of 702 surveillance, prompting outrage internationally and embarrassing some U.S. technology firms shown to be involved in a program known as Prism.

Last week, Facebook <FB.O>, Amazon <AMZN.O>, Alphabet Inc’s Google <GOOGL.O> sent a letter to Congress urging lawmakers to adopt several reforms to the law, including codifying the recent termination of a type of NSA surveillance that collected Americans’ communications with someone living overseas that merely mentioned a foreign intelligence target.

Making the law permanent without changes would preclude codifying that change.

Reuters reported in March that the Trump administration supported renewal of Section 702 without any changes, citing an unnamed White House official, but it was not clear at the time whether it wanted the law made permanent.

(This version of the story corrects paragraph 14 to add dropped words “embarrassing some U.S. technology firms involved in”)

(Reporting by Dustin Volz; Editing by Alden Bentley and Paul Simao)

Wikipedia can pursue NSA surveillance lawsuit: U.S. appeals court

A man is silhouetted near logos of the U.S. National Security Agency (NSA) and Wikipedia in this photo illustration taken in Sarajevo March 11, 2015. REUTERS/Dado Ruvic/File Photo

By Jonathan Stempel

(Reuters) – A federal appeals court on Tuesday revived a Wikipedia lawsuit that challenges a U.S. National Security Agency (NSA) program of mass online surveillance, and claims that the government unconstitutionally invades people’s privacy rights.

By a 3-0 vote, the 4th U.S. Circuit Court of Appeals in Richmond, Virginia, said the Wikimedia Foundation, which hosts the Wikipedia online encyclopedia, had a legal right to challenge the government’s Upstream surveillance program.

The decision could make it easier for people to learn whether authorities have spied on them through Upstream, which involves bulk searches of international communications within the internet’s backbone of cables, switches and routers.

Upstream’s existence was revealed in leaks by former NSA contractor Edward Snowden in 2013.

Lawyers for the Wikipedia publisher and eight other plaintiffs including Amnesty International USA and Human Rights Watch, with more than 1 trillion international communications annually, argued that the surveillance violated their rights to privacy, free expression and association.

The U.S. Department of Justice countered that the Foreign Intelligence Surveillance Act had authorized Upstream’s review of communications between Americans and foreign “targets.”

In October 2015, U.S. District Judge T.S. Ellis III in Baltimore dismissed the lawsuit, finding a lack of evidence that the NSA, headquartered in Maryland, was conducting surveillance “at full throttle.”

Writing for the appeals court panel, however, Circuit Judge Albert Diaz found “nothing speculative” about the Wikimedia Foundation’s claims.

Diaz said the NSA interception and copying of communications showed “an invasion of a legally protected interest – the Fourth Amendment right to be free from unreasonable searches and seizures.”

The foundation could also pursue its First Amendment claim because it had “self-censored” some communications in response to the Upstream surveillance, Diaz said.

By a 2-1 vote, the same panel also ruled the plaintiffs lacked standing to challenge the NSA’s alleged “dragnet” to intercept “substantially all” text-based communications to and from the United States while conducting Upstream surveillance.

Justice Department spokesman Mark Abueg declined to comment.

Patrick Toomey, an American Civil Liberties Union lawyer representing the plaintiffs, said the ruling means Upstream “will finally face badly needed scrutiny” in the courts.

“This is an important victory for the rule of law,” he said in a statement. “Our government shouldn’t be searching the private communications of innocent people in bulk.”

Some Democratic and Republican lawmakers are working on legislation to curtail parts of Upstream. A section of FISA that authorizes the program expires at year end.

The case is Wikimedia Foundation et al v National Security Agency et al, 4th U.S. Circuit Court of Appeals, No. 15-2560.

(Reporting by Jonathan Stempel in New York; Additional reporting by Dustin Volz in Washington; editing by Jeffrey Benkoe and Phil Berlowitz)

WikiLeaks says it releases files on CIA cyber spying tools

FILE PHOTO: People are silhouetted as they pose with laptops in front of a screen projected with binary code and a Central Inteligence Agency (CIA) emblem, in this picture illustration taken in Zenica, Bosnia and Herzegovina October 29, 2014. REUTERS/Dado Ruvic/File Photo/Illustration

By Dustin Volz and Warren Strobel

WASHINGTON (Reuters) – Anti-secrecy group WikiLeaks on Tuesday published what it said were thousands of pages of internal CIA discussions about hacking techniques used over several years, renewing concerns about the security of consumer electronics and embarrassing yet another U.S. intelligence agency.

The discussion transcripts showed that CIA hackers could get into Apple Inc iPhones, Google Inc Android devices and other gadgets in order to capture text and voice messages before they were encrypted with sophisticated software.

Cyber security experts disagreed about the extent of the fallout from the data dump, but said a lot would depend on whether WikiLeaks followed through on a threat to publish the actual hacking tools that could do damage.

Reuters could not immediately verify the contents of the published documents, but several contractors and private cyber security experts said the materials, dated between 2013 and 2016, appeared to be legitimate.

A longtime intelligence contractor with expertise in U.S. hacking tools told Reuters the documents included correct “cover” terms describing active cyber programs.

Among the most noteworthy WikiLeaks claims is that the Central Intelligence Agency, in partnership with other U.S. and foreign agencies, has been able to bypass the encryption on popular messaging apps such as WhatsApp, Telegram and Signal.

The files did not indicate the actual encryption of Signal or other secure messaging apps had been compromised.

The information in what WikiLeaks said were 7,818 web pages with 943 attachments appears to represent the latest breach in recent years of classified material from U.S. intelligence agencies.

Security experts differed over how much the disclosures could damage U.S. cyber espionage. Many said that, while harmful, they do not compare to former National Security Agency contractor Edward Snowden’s revelations in 2013 of mass NSA data collection.

“This is a big dump about extremely sophisticated tools that can be used to target individual user devices … I haven’t yet come across the mass exploiting of mobile devices,” said Tarah Wheeler, senior director of engineering and principal security advocate for Symantec.

Stuart McClure, CEO of Cylance, an Irvine, California, cyber security firm, said that one of the most significant disclosures shows how CIA hackers cover their tracks by leaving electronic trails suggesting they are from Russia, China and Iran rather than the United States.

Other revelations show how the CIA took advantage of vulnerabilities that are known, if not widely publicized.

In one case, the documents say, U.S. and British personnel, under a program known as Weeping Angel, developed ways to take over a Samsung smart television, making it appear it was off when in fact it was recording conversations in the room.

The CIA and White House declined comment. “We do not comment on the authenticity or content of purported intelligence documents,” CIA spokesman Jonathan Liu said in a statement.

Google declined to comment on the purported hacking of its Android platform, but said it was investigating the matter.

Snowden on Twitter said the files amount to the first public evidence that the U.S. government secretly buys software to exploit technology, referring to a table published by WikiLeaks that appeared to list various Apple iOS flaws purchased by the CIA and other intelligence agencies.

Apple Inc did not respond to a request for comment.

The documents refer to means for accessing phones directly in order to catch messages before they are protected by end-to-end encryption tools like Signal.

Signal inventor Moxie Marlinspike said he took that as “confirmation that what we’re doing is working.” Signal and the like are “pushing intelligence agencies from a world of undetectable mass surveillance to a world where they have to use expensive, high-risk, extremely targeted attacks.”

CIA CYBER PROGRAMS

The CIA in recent years underwent a restructuring to focus more on cyber warfare to keep pace with the increasing digital sophistication of foreign adversaries. The spy agency is prohibited by law from collecting intelligence that details domestic activities of Americans and is generally restricted in how it may gather any U.S. data for counterintelligence purposes.

The documents published Tuesday appeared to supply specific details to what has been long-known in the abstract: U.S. intelligence agencies, like their allies and adversaries, are constantly working to discover and exploit flaws in any manner of technology products.

Unlike the Snowden leaks, which revealed the NSA was secretly collecting details of telephone calls by ordinary Americans, the new WikiLeaks material did not appear to contain material that would fundamentally change what is publicly known about cyber espionage.

WikiLeaks, led by Julian Assange, said its publication of the documents on the hacking tools was the first in a series of releases drawing from a data set that includes several hundred million lines of code and includes the CIA’s “entire hacking capacity.”

The documents only include snippets of computer code, not the full programs that would be needed to conduct cyber exploits.

WikiLeaks said it was refraining from disclosing usable code from CIA’s cyber arsenal “until a consensus emerges on the technical and political nature of the C.I.A.’s program and how such ‘weapons’ should be analyzed, disarmed and published.”

U.S. intelligence agencies have said that Wikileaks has ties to Russia’s security services. During the 2016 U.S. presidential campaign, Wikileaks published internal emails of top Democratic Party officials, which the agencies said were hacked by Moscow as part of a coordinated influence campaign to help Republican Donald Trump win the presidency.

WikiLeaks has denied ties to Russian spy agencies.

Trump praised WikiLeaks during the campaign, often citing hacked emails it published to bolster his attacks on Democratic Party candidate Hillary Clinton.

WikiLeaks said on Tuesday that the documents showed that the CIA hoarded serious security vulnerabilities rather than share them with the public, as called for under a process established by President Barack Obama.

Rob Knake, a former official who dealt with the issue under Obama, said he had not seen evidence in what was published to support that conclusion.

The process “is not a policy of unilateral disarmament in cyberspace. The mere fact that the CIA may have exploited zero-day [previously undisclosed] vulnerabilities should not surprise anyone,” said Knake, now at the Council on Foreign Relations.

U.S. officials, speaking on condition of anonymity, said they did not know where WikiLeaks might have obtained the material.

In a press release, the group said, “The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”

U.S. intelligence agencies have suffered a series of security breaches, including Snowden’s.

In 2010, U.S. military intelligence analyst Chelsea Manning provided more than 700,000 documents, videos, diplomatic cables and battlefield accounts to Wikileaks.

Last month, former NSA contractor Harold Thomas Martin was indicted on charges of taking highly sensitive government materials over a course of 20 years, storing the secrets in his home.

(Reporting by Dustin Volz and Warren Strobel; additional reporting by Joseph Menn, Mark Hosenball, Jonathan Landay and Jim Finkle; Editing by Grant McCool)