Ukrainian institutions hit by 6,500 hack attacks, sees Russian ‘cyberwar’

A padlock is displayed at the Alert Logic booth during the 2016 Black Hat cyber-security conference

By Natalia Zinets

KIEV (Reuters) – Hackers have targeted Ukrainian state institutions about 6,500 times in the past two months, including incidents that showed Russian security services were waging a cyberwar against the country, President Petro Poroshenko said on Thursday.

In December, Ukraine suffered attacks on its finance and defense ministries and the State Treasury that allocates cash to government institutions. A suspected hack also wiped out part of Kiev’s power grid, causing a blackout in part of the capital.

“Acts of terrorism and sabotage on critical infrastructure facilities remain possible today,” Poroshenko said during a meeting of the National Security and Defence Council, according to a statement released by Poroshenko’s office.

The statement said the president stressed that “the investigation of a number of incidents indicated the complicity directly or indirectly of Russian security services waging a cyberwar against our country”.

Relations between Kiev and Moscow collapsed in 2014 following Russia’s annexation of Crimea and support for pro-Russian separatists in eastern Ukraine, where fighting continues despite a ceasefire agreement.

Among the 6,500 attacks Poroshenko said the country had been hit by, the attack on the State Treasury halted its systems for several days, meaning state workers and pensioners had been unable to receive their salaries or payments on time.

Cyber security firm CrowdStrike said last week a hacking group linked to the Russian government likely used a malware implant on Android devices to track and target Ukrainian artillery units from late 2014 through 2016.

Its findings are the latest to support a growing view among Western security officials and cyber security researchers that Russian President Vladimir Putin has increasingly relied on hacking to exert influence and attack geopolitical foes.

Russia has repeatedly denied hacking accusations.

Poroshenko’s comments come as the Obama administration plans to announce retaliatory measures against Russia for hacking into U.S. political institutions and individuals and leaking information in an effort to help Donald Trump win the presidency. Trump has dismissed the assessments of the U.S. intelligence community.

In December 2015, Ukrainian regional power company Prykarpattyaoblenergo reported an outage, saying the area affected included the regional capital Ivano-Frankivsk. Ukraine’s state security service blamed Russia.

Experts widely described that incident as the first known power outage caused by a cyber attack. The U.S. cyber firm iSight Partners identified the perpetrator as a Russian hacking group known as “Sandworm”.

As a result of the cyber attacks, Ukraine’s security council agreed measures to protect state institutions, the statement said. It did not disclose what the measures were.

(Writing by Matthias Williams; Editing by Alison Williams)

U.S. weighs dangers, benefits of naming Russia in cyber hack

Hand in front of computer

By Warren Strobel and John Walcott

WASHINGTON (Reuters) – Wary of a global confrontation with Russia, U.S. President Barack Obama must carefully weigh how to respond to what security experts believe was Moscow’s involvement in the hacking of Democratic Party organizations, U.S. officials said.

Publicly blaming Russian President Vladimir Putin’s intelligence services would bring instant pressure on Washington to divulge its evidence, which relies on highly classified sources and methods, U.S. intelligence officials said.

One option for Washington is to retaliate against Russia in cyberspace. But the intelligence officials said they fear a rapid escalation in which, under a worst-case scenario, Moscow’s sophisticated cyber warriors could attack power grids, financial systems and other critical infrastructure.

Washington also has diplomacy to manage with Russia in Secretary of State John Kerry’s long-shot attempt to enlist Moscow’s help in ending the Syrian civil war and sustaining the Iran nuclear deal, as well as Russia-NATO tensions over Ukraine and Eastern Europe to manage.

“Despite how outrageous it is to interfere with a democratic election, the costs of coming out and saying the Russians did it would far outweigh the benefits, if there would be any benefits,” said one intelligence official, speaking on condition of anonymity to discuss a sensitive matter.

Russia has denied responsibility for hacking the emails of the Democratic National Committee. Also attacked were a computer network used by Democratic presidential nominee Hillary Clinton’s campaign and the party’s fundraising committee for House of Representative candidates in the Nov. 8 election.

Other current and former officials are arguing for a firm response, however. They said the hack was the latest in a series of aggressive moves by Putin, including Russia’s annexation of Crimea, military intervention to rescue Syrian President Bashar al-Assad, and funding of right-wing and anti-European Union groups in Europe.

Columbia University cyber security expert Jason Healey said at an annual security forum in Aspen, Colorado, on Saturday that the Russians had been very aggressive in cyberspace too.

“I think the president needs to start looking at brush-back pitches,” Healey said, referring to a baseball thrown near the batter as a warning.

NAME AND SHAME?

Intelligence officials and cyber experts said the intrusions themselves were not that unusual. American spy agencies conduct similar electronic espionage outside U.S. borders.

What made this hack a game-changer, they said, was the public release of the DNC emails, via the pro-transparency group WikiLeaks, in an apparent attempt to affect the election.

Government and party officials said they were unaware of any evidence that WikiLeaks had received the hacked materials directly from Russians or that WikiLeaks’ release of the materials was in any way directed by Russians.

The Justice Department’s National Security Division, which is overseeing the investigation, has publicly charged U.S. adversaries – known as “naming and shaming” – before.

The U.S. government blamed North Korea for a damaging attack on Sony Pictures, and in 2014 indicted five members of the Chinese military for computer hacking and economic espionage.

Among adversary nations with significant cyber capabilities, a list that also includes Iran, the Russian government is the only one the Justice Department has not yet charged.

Obama’s homeland security and counter-terrorism advisor Lisa Monaco said the government has developed “best practices” to investigate cyber attacks and decide when to make the results public.

Monaco, also speaking at the Aspen forum, said that in the Sony case, FBI investigators had high confidence North Korea was responsible. The attack was deemed destructive, as well as coercive, because it was retaliation for a movie parodying North Korean leader Kim Jong Un.

“Those two things, along with our confidence in the attribution and the ability to talk about it in a way that would not disclose sources and methods and hinder our ability to make such attribution in the future all combined to say, ‘We’re going to call this out’,” she said.

Elissa Slotkin, an acting assistant secretary of defense, said that for the next decade, the U.S. government faced a fundamental question in dealing with Russia: “How do you get the balance right?”

“Are we being too charitable and giving them too many opportunities to come back to the table, or are we providing such a high level of deterrence that we’re potentially provoking them?” Slotkin asked.

(Additional reporting by Mark Hosenball, Jonathan Landay and Arshad Mohammed; editing by Grant McCool)

Keyboard warriors: South Korea trains new frontline in decades-old war with North

Student training to be hacker

By Ju-min Park

SEOUL (Reuters) – In one college major at Seoul’s elite Korea University, the courses are known only by number, and students keep their identities a secret from outsiders.

The Cyber Defense curriculum, funded by the defense ministry, trains young keyboard warriors who get a free education in exchange for a seven-year commitment as officers in the army’s cyber warfare unit – and its ongoing conflict with North Korea.

North and South Korea remain in a technical state of war since the 1950-53 Korean War ended in an armed truce. Besides Pyongyang’s nuclear and rocket program, South Korea says the North has a strong cyber army which it has blamed for a series of attacks in the past three years.

The cyber defense program at the university in Seoul was founded in 2011, with the first students enrolled the following year.

One 21-year-old student, who allowed himself to be identified only by his surname Noh, said he had long been interested in computing and cyber security and was urged by his father to join the program. All South Korean males are required to serve in the military, usually for up to two years.

“It’s not a time burden but part of a process to build my career,” Noh said.

“Becoming a cyber warrior means devoting myself to serve my country,” he said in a war room packed with computers and wall-mounted flat screens at the school’s science library.

South Korea, a key U.S. ally, is one of the world’s most technologically advanced countries.

That makes its networks that control everything from electrical power grids to the banking system vulnerable against an enemy that has relatively primitive infrastructure and thus few targets against which the South can retaliate.

“In relative terms, it looks unfavorable because our country has more places to defend, while North Korea barely uses or provides internet,” said Noh.

Last year, South Korea estimated that the North’s “cyber army” had doubled in size over two years to 6,000 troops, and the South has been scrambling to ramp up its capability to meet what it considers to be a rising threat.

The United States and South Korea announced efforts to strengthen cooperation on cyber security, including “deepening military-to-military cyber cooperation,” the White House said during President Park Geun-hye’s visit to Washington in October.

In addition to the course at Korea University, the national police has been expanding its cyber defense capabilities, while the Ministry of Science, ICT and Future Planning started a one-year program in 2012 to train so-called “white hat” – or ethical – computer hackers.

NORTH’S CYBER OFFENSIVES

Still, the North appears to have notched up successes in the cyber war against both the South and the United States.

Last week, South Korean police said the North hacked into more than 140,000 computers at 160 South Korean companies and government agencies, planting malicious code under a long-term plan laying groundwork for a massive cyber attack against its rival.

In 2013, Seoul blamed the North for a cyber attack on banks and broadcasters that froze computer systems for over a week.

North Korea denied responsibility.

The U.S. Federal Bureau of Investigation has blamed Pyongyang for a 2014 cyber attack on Sony Pictures’ network as the company prepared to release “The Interview,” a comedy about a fictional plot to assassinate North Korean leader Kim Jong Un. The attack was followed by online leaks of unreleased movies and emails that caused embarrassment to executives and Hollywood personalities.

North Korea described the accusation as “groundless slander.”

South Korea’s university cyber defense program selects a maximum of 30 students each year, almost all of them men. On top of free tuition, the school provides 500,000 won ($427) per month support for each student for living expenses, according to Korea University Professor Jeong Ik-rae.

The course trains pupils in disciplines including hacking, mathematics, law and cryptography, with students staging mock hacking attacks or playing defense, using simulation programs donated by security firms, he said.

The admission to the selective program entails three days of interviews including physical examinations, attended by military officials along with the school’s professors, he said.

While North Korea’s cyber army outnumbers the South’s roughly 500-strong force, Jeong said a small group of talented and well-trained cadets can be groomed to beat the enemy.

Jeong, an information security expert who has taught in the cyber defense curriculum since 2012, said the school benchmarks itself on Israel’s elite Talpiot program, which trains gifted students in areas like technology and applied sciences as well as combat. After graduating, they focus on areas like cybersecurity and missile defense.

“It’s very important to have skills to respond when attacks happen – not only to defend,” Jeong said.

(Editing by Tony Munroe and Raju Gopalakrishnan)

Trail in cyber heist suggests hackers were Chinese: senator

Bangladesh central bank

By Karen Lema

MANILA (Reuters) – A Philippine senator said on Wednesday that Chinese hackers were likely to have pulled off one of the world’s biggest cyber heists at the Bangladesh central bank, citing the network of Chinese people involved in the routing of the stolen funds through Manila.

Unidentified hackers infiltrated the computers at Bangladesh Bank in early February and tried to transfer a total of $951 million from its account at the Federal Reserve Bank of New York.

All but one of the 35 attempted transfers were to the Rizal Commercial Banking Corp (RCBC), confirming the Philippines’ centrality to the heist.

Most transfers were blocked, but a total of $81 million went to four accounts at a single RCBC branch in Manila. The stolen money was swiftly transferred to a foreign exchange broker and distributed to casinos and gambling agents in Manila.

“The hacking was done, chances are, by Chinese hackers,” Senator Ralph Recto told Reuters in a telephone interview. “Then they saw that, in the Philippines, RCBC particularly was vulnerable and sent the money over here.”

Beijing was quick to denounce the comments by Recto, vice chairman of the Senate Committee on Finance and a former head of the Philippines’ economic planning agency.

The suggestion that Chinese hackers were possibly involved was “complete nonsense” and “really irresponsible,” Chinese foreign ministry spokesman Lu Kang told reporters.

Recto said he couldn’t prove the hackers were Chinese, but was merely “connecting the dots” after a series of Senate hearings into the scandal.

At one hearing, a Chinese casino boss and junket operator called Kim Wong named two high-rolling gamblers from Beijing and Macau who he said had brought the stolen money into the Philippines. He displayed purported copies of their passports, showing they were mainland Chinese and Macau administrative region nationals respectively.

“BEST LEAD”

Wong, a native of Hong Kong who holds a Chinese passport, received almost $35 million of the stolen funds through his company and a foreign exchange broker.

The two Chinese named by Wong “are the best lead to determine who are the hackers,” said Recto. “Chances are… they must be Chinese.”

The whereabouts of the two high-rollers were unknown, Recto added, saying the Senate inquiry “may” seek help from the Chinese government to find them.

Recto also questioned the role of casino junket operators in the Philippines, saying many of them have links in Macau, the southern Chinese territory that is the world’s biggest casino hub. “There are junket operators who are from Macau, so it (the money) may find its way back to Macau,” he said.

A senior executive at a top junket operator in Macau told Reuters there was “no reason” to bring funds from the Philippines to Macau.

“This seems more like a political story in the Philippines,” he said, speaking anonymously because he was not authorized to talk to the media.

The U.S. State Department said in a report last month that the gaming industry was “a weak link” in the Philippines’ anti-money laundering regime.

Philrem, the foreign exchange agent, said it distributed the stolen $81 million to Bloomberry Resorts Corp, which owns and operates the upmarket Solaire casino in Manila; to Eastern Hawaii Leisure Company, which is owned by Wong; and to an ethnic Chinese man believed to be a junket operator in Manila.

Wong has returned $5.5 million to the Philippines’ anti-money laundering agency and has promised to hand over another $9.7 million. A portion of the money he received, he said, has already been spent on gambling chips for clients.

Solaire has told the Senate hearing that the $29 million that ended up with them was credited to an account of the Macau-based high-roller but it has managed to seize and confiscate $2.33 million in chips and cash.

(Writing by Andrew R.C. Marshall; Additional reporting by Farah Master in Hong Kong; Editing by Raju Gopalakrishnan)

Cyber War Between Hacktivist Group “Anonymous” and ISIS Escalates

As world powers such as Russia, France, and recently China begin to ramp up the fight against ISIS on the ground, the hacktivist group “Anonymous” has escalated their fight against the terrorist organization via cyber war.

Earlier this week, Anonymous posted a video on YouTube declaring war on ISIS. Since then, CBS News reports that they have been responsible for taking down more than 3,800 ISIS-linked Twitter accounts. Their latest video, released on Wednesday, stated that they have taken down more than 20,000 accounts and even offered a link to the list of Twitter accounts that have been taken offline.

Despite their success taking down ISIS related Twitter accounts, the group has escalated their tactics. They have now issued a guideline for hacking ISIS, and indicated they would be spamming ISIS related Twitter accounts that aren’t immediately taken down, according to NBC News.

As a response to the recent threat, ISIS had issued a set of basic rules for protecting themselves against Anonymous hackers. The measures were sent via an encrypted chat app called Telegram using the alias “Khilafah News.” The International Centre for the Study of Radicalization (ICSR) was the organization that spotted the messages, and the channel ISIS was using has since been shut down.

“O’ brothers of tawheed,” the message starts (tawheed in Islam refers to the oneness of God), “The #Anonymous hackers threatened in new video release that they will carry out a major hack operation on the Islamic State (idiots)… So U should follow the instructions below to avoid being hacked.” The instructions include frequently changing IP addresses, not communicating with people they don’t know on Twitter or Telegram, and not using the same name for emails and Twitter usernames.

And while Anonymous is taking the fight to ISIS, experts say that they are doing little to hurt the terrorist organization.

“They’re not going to be able to disrupt operations or coordination within the ISIS network,” said Denise Zheng, deputy director and senior fellow for the Strategic Technologies Program at the Center for Strategic and International Studies told CBS News. “It’s much more of an annoyance, really, I think, to them, than anything else.”

As mentioned above, China has recently stepped into the fight against ISIS after the terrorist group recently released an article in their magazine stating that they executed Chinese national Fan Jinghui. China has vowed to bring ISIS to justice. Jinghui is the first known Chinese national to be killed by the Islamic State, according to CNN.

 

U.K. to Build Cyber Attack Forces to Take On ISIS

British Finance Minister George Osborne said on Tuesday that Britain was building an elite cyber force to take down ISIS fighters, hackers, and hostile powers.

Osborne went on to tell Reuters that the Islamic State is trying to develop a way to attack British infrastructure including power networks, air traffic control systems, and hospital.

“The stakes could hardly be higher – if our electricity supply, or our air traffic control, or our hospitals were successfully attacked online, the impact could be measured not just in terms of economic damage but of lives lost,” he told CNBC News.

As a response, he stated that Britain would fight fire with fire by developing their own cyber attack force.

“We will defend ourselves. But we will also take the fight to you,” Osborne said in a speech at Britain’s GCHQ eavesdropping agency.

“We are building our own offensive cyber capability – a dedicated ability to counter-attack in cyberspace. When we talk about tackling (Islamic State), that means tackling their cyber threat as well as their guns, bombs and knives.”

The cyber attack force will be headed jointly by GCHQ – Britain’s spy agency – and the Defence Ministry. They will target criminal gangs, individual hackers, militant groups, and hostile powers.

Public spending on cyber security will be doubled by 2020 Osborne told Reuter, raising the budget to almost $3 billion. GCHQ has already been monitoring various cyber threats as cyber security issues have doubled to 200 a month since last year. The new cyber security plan also includes training coders, blocking bad URLs, and fending off malware attacks.

Currently, ISIS has been using the Internet to spread its propaganda and lead more people to their radical cause.

“They have not been able to use it to kill people yet by attacking our infrastructure through cyber attack,” Osborne added. “But we know they want it and are doing their best to build it.”

The global cyber war against ISIS has also caught the attention of the hacktivist group “Anonymous” who released a video earlier this week declaring cyber war on the Islamic State.