Trump Jr.’s Russia emails could trigger probe under election law

Donald Trump hugs his son Donald Trump Jr. at a campaign rally in St. Clairsville, Ohio June 28, 2016. REUTERS/Aaron Josefczyk

By Jan Wolfe

NEW YORK (Reuters) – Donald Trump Jr.’s meeting with a woman he was told was a Russian government lawyer who had incriminating information about Democratic candidate Hillary Clinton that could help his father’s presidential campaign could lead investigators to probe whether he violated U.S. election law, experts said.

Trump Jr. met the woman, lawyer Natalia Veselnitskaya, on June 9, 2016, after an email exchange with an intermediary.

The emails, tweeted by Trump Jr. on Tuesday, could provide material for Special Counsel Robert Mueller’s probe into possible collusion between the Trump campaign and Russia during the 2016 presidential election.

In one of the emails dated June 3, 2016, Trump Jr. wrote: “If it’s what you say I love it.” He released the tweets after the New York Times said it planned to write about their contents and sought his comment.

Trump Jr. said in his tweets that nothing came of the meeting. Veselnitskaya told NBC News early on Tuesday she was not affiliated with the Russian government and had passed no information.

“In retrospect, I probably would have done things a little differently,” Trump Jr. said in an interview on Fox News. “For me, this was opposition research.”

Collusion itself is not an actual crime under the U.S. criminal code, so prosecutors would look to see if Trump Jr.’s conduct ran afoul of a specific law, legal experts said.

Moscow has denied interference in the U.S. election, and President Donald Trump has said his campaign did not collude with Russia.

Alan Futerfas, Trump Jr.’s lawyer, did not respond to a request for comment. A spokesman for Mueller declined to comment.

FEDERAL ELECTION CAMPAIGN ACT

One law that might come into play is the Federal Election Campaign Act, which makes it illegal for a foreign national to contribute to a U.S. political campaign. The campaign is also prohibited from soliciting such contributions.

A contribution does not have to be monetary in nature, according to Paul S. Ryan, an attorney with watchdog group Common Cause. He said incriminating information about Clinton could be considered a contribution under the act.

Ryan said Trump Jr.’s “enthusiastic response” to the offer for information and particularly his proposal in his email to have a follow-up call the next week constituted “solicitation.”

“That to me is an indication, a concession by Donald Trump Jr. that he wants and is requesting this information,” Ryan said.

Joshua Douglas, a professor at the University of Kentucky College of Law, said Trump Jr.’s emails made it “more plausible” that there could be a criminal case against him.

James Gardner, an election law expert at the University of Buffalo Law School, said the election law was intended to target donations of cash or goods and services.

He said he did not believe Trump Jr. would have violated the law if he solicited damaging information about Clinton.

A federal law known as the general conspiracy statute that makes it illegal to conspire to commit a crime against or defraud the United States could also come into play if, for example, Trump Jr. tried to help Russians hack into U.S. computer networks. There was no indication that Trump Jr. did such a thing.

Andrew Wright, a professor at Savannah Law School who was

associate counsel in the White House Counsel’s Office under former Democratic President Barack Obama, said he thought Trump Jr.’s agreeing to meet with someone to discuss an illegal act would be enough to trigger a conspiracy charge.

“It’s a very powerful tool,” he said.

(Additional reporting by Lindsey Kortyka)

Oddities in WannaCry ransomware puzzle cybersecurity researchers

Cables and computers are seen inside a data centre at an office in the heart of the financial district in London, Britain May 15, 2017. REUTERS/Dylan Martinez

By Jeremy Wagstaff

SINGAPORE (Reuters) – The WannaCry malware that spread to more than 100 countries in a few hours is throwing up several surprises for cybersecurity researchers, including how it gained its initial foothold, how it spread so fast and why the hackers are not making much money from it.

Some researchers have found evidence they say could link North Korea with the attack, but others are more cautious, saying that the first step is shedding light on even the most basic questions about the malware itself.

For one thing, said IBM Security’s Caleb Barlow, researchers are still unsure exactly how the malware spread in the first place. Most cybersecurity companies have blamed phishing e-mails – e-mails containing malicious attachments or links to files – that download the ransomware.

That’s how most ransomware finds its way onto victims’ computers.

The problem in the WannaCry case is that despite digging through the company’s database of more than 1 billion e-mails dating back to March 1, Barlow’s team could find none linked to the attack.

“Once one victim inside a network is infected it propagates,” Boston-based Barlow said in a phone interview, describing a vulnerability in Microsoft Windows that allows the worm to move from one computer to another.

The NSA used the Microsoft flaw to build a hacking tool codenamed EternalBlue that ended up in the hands of a mysterious group called the Shadow Brokers, which then published that and other such tools online.

But the puzzle is how the first person in each network was infected with the worm. “It’s statistically very unusual that we’d scan and find no indicators,” Barlow said.

Other researchers agree. “Right now there is no clear indication of the first compromise for WannaCry,” said Budiman Tsjin of RSA Security, a part of Dell.

Knowing how malware infects and spreads is key to being able to stop existing attacks and anticipate new ones. “How the hell did this get on there, and could this be repeatedly used again?” said Barlow.

PALTRY RANSOM

Some cybersecurity companies, however, say they’ve found a few samples of the phishing e-mails. FireEye said it was aware customers had used its reports to successfully identify some associated with the attack.

But the company agrees that the malware relied less on phishing e-mails than other attacks. Once a certain number of infections was established, it was able to use the Microsoft vulnerability to propagate without their help.

There are other surprises, that suggest this is not an ordinary ransomware attack.

Only paltry sums were collected by the hackers, according to available evidence, mostly in the bitcoin cryptocurrency.

There were only three bitcoin wallets and the campaign has far earned only $50,000 or so, despite the widespread infections. Barlow said that single payments in some other ransomware cases were more than that, depending on the victim.

Jonathan Levin of Chainalysis, which monitors bitcoin payments, said there were other differences compared to most ransomware campaigns: for instance the lack of sophisticated methods used in previous cases to convince victims to pay up. In the past, this has included hot lines in various languages.

And so far, Levin said, the bitcoin that had been paid into the attackers’ wallets remained there – compared to another campaign, known as Locky, which made $15 million while regularly emptying the bitcoin wallets.

“They really aren’t set up well to handle their bitcoin payments,” Levin said.

The lack of sophistication may bolster those cybersecurity researchers who say they have found evidence that could link North Korea to the attack.

A senior researcher from South Korea’s Hauri Labs, Simon Choi, said on Tuesday the reclusive state had been developing and testing ransomware programs only since August. In one case, the hackers demanded bitcoin in exchange for client information they had stolen from a South Korean shopping mall.

Choi, who has done extensive research into North Korea’s hacking capabilities, said his findings matched those of Symantec and Kaspersky Lab, who say some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, identified by some researchers as a North Korea-run hacking operation.

The Lazarus hackers have however been more brazen in their pursuit of financial gain than others, and have been blamed for the theft of $81 million from the Bangladesh central bank, according to some cybersecurity firms. The United States accused it of being behind a cyber attack on Sony Pictures in 2014.

Whoever is found to be behind the attack, said Marin Ivezic, a cybersecurity partner at PwC in Hong Kong, the way the hackers used freely available tools so effectively may be what makes this campaign more worrying.

By bundling a tool farmed from the leaked NSA files with their own ransomware, “they achieved better distribution than anything they could have achieved in a traditional way” he said.

“EternalBlue (the hacking tool) has now demonstrated the ROI (return on investment) of the right sort of worm and this will become the focus of research for cybercriminals,” Ivezic said.

(Additional reporting Ju-Min Park in Seoul, Editing by Raju Gopalakrishnan)

FBI warns of surge in wire-transfer fraud via spoofed emails

A computer keyboard is seen in this picture illustration taken in Bordeaux, Southwestern France, August 22, 2016. REUTERS/Regis Duvignau

By Alastair Sharp

(Reuters) – Attempts at cyber wire fraud globally, via emails purporting to be from trusted business associates, surged in the last seven months of 2016, the U.S. Federal Bureau of Investigation said in a warning to businesses.

Fraudsters sought to steal $5.3 billion through schemes known as business email compromise from October 2013 through December, the FBI said in a report released Thursday by its Internet Crime Complaint Center.(http://bit.ly/2qAEVBE)

The figure is up sharply from the FBI’s previous report which said thieves attempted to steal $3.1 billion from October 2013 through May 2016, according to a survey of cases from law enforcement agencies around the world.

The number of business-email compromise cases, in which cyber criminals request wire transfers in emails that look like they are from senior corporate executives or business suppliers who regularly request payments, almost doubled from May to December of last year, rising to 40,203 from 22,143, the FBI said.

The survey does not track how much money was actually lost to criminals.

Robert Holmes, who studies business email compromise for security firm Proofpoint Inc <PFPT.O>, estimated the incidents collated by the FBI represent just 20 percent of the total, and that total actual losses could be as much as double the figures reported by the FBI.

The losses are growing as scammers become more sophisticated, delving deeper into corporate finance departments to find susceptible targets, he said.

“This is not a volume play; it’s a carefully researched play,” he said.

The United States is by far the biggest target market, though fraudsters have started to expand in other developed countries, including Australia, Britain, France and Germany, Holmes said.

The FBI has said that about one in four U.S. victims respond by wiring money to fraudsters. In some of those cases, authorities have been able to identify the crimes in time to help victims recover the funds from banks before the criminals pulled them out of the system.

The U.S. Department of Justice said in March that it had charged a Lithuanian man with orchestrating a fraudulent email scheme that had tricked agents and employees of two U.S.-based internet companies into wiring more than $100 million to overseas bank accounts.

Fraudsters have also used spoofed emails to trick corporate workers into releasing sensitive data, including wage and tax reports, according to the advisory.

(Reporting by Alastair Sharp in Toronto; Editing by Bernadette Baum and Lisa Shumaker)

U.S. electors expected to officially confirm Trump victory

U.S. President-elect Donald Trump speaks during a USA Thank You Tour event in Hershey, Pennsylvania, U.S

By David Morgan

WASHINGTON (Reuters) – The U.S. Electoral College is expected on Monday to officially select Republican Donald Trump as the next president in a vote that is usually routine but takes place this year amid allegations of Russian hacking to try to influence the election.

At meetings scheduled in every state and the District of Columbia, the institution’s 538 electors, generally chosen by state parties, will cast official ballots for president and vice president.

It is highly unlikely the vote will change the outcome of the Nov. 8 election, which gave the White House to Trump after he won a majority of Electoral College votes. The popular vote went to Democrat Hillary Clinton.

But the conclusion by U.S. intelligence agencies that Russia hacked into the emails of the Democratic National Committee in an attempt to sway the election for Trump has prompted Democrats to urge some electors not to vote as directed by their state’s popular ballot.

The leaked emails disclosed details of Clinton’s paid speeches to Wall Street, party infighting and inside criticism about Clinton’s use of a private server to send emails while U.S. secretary of state. The disclosures led to embarrassing media coverage and prompted some party officials to resign.

Trump and his team dismiss intelligence claims of Russian interference, accusing Democrats and their allies of trying to undermine the legitimacy of his election victory.

Russian officials have denied accusations of interfering in the election.

On Sunday, Clinton’s campaign chairman, John Podesta, said it was an open question whether the Trump campaign colluded with Russia about the emails, an allegation that Trump’s incoming White House chief of staff, Reince Priebus, denied. A bipartisan group of U.S. senators called for a special committee probe of cyber attacks by Russia and other countries.

The number of Electoral College electors equals the number of representatives and senators in Congress, with each state receiving a share roughly proportional to its population size.

When voters go to the polls to cast a ballot for president, they are actually choosing a presidential candidate’s preferred slate for their state.

A candidate must secure 270 votes to win. Trump won 306 electors from 30 states.

The electors convene meetings in each state to cast ballots about six weeks after each presidential election.

If no candidate reaches 270 in the Electoral College, the president is chosen by the U.S. House of Representatives – currently controlled by Republicans.

(Additional reporting by Julia Harte in Washington; Editing by Peter Cooney)

Big Breeches found at major email services

A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin

By Eric Auchard

FRANKFURT (Reuters) a security expert told Reuters.

The discovery of 272.3 million stolen accounts included a majority of users of Mail.r, MAILRq, Russia’s most popular email service, and smaller fractions of Google GO, Yahoo YHOO.O and Microsoft email users, said Alex Holden, founder and chief information security officer of Hold Security.

It is one of the biggest stashes of stolen credentials to be uncovered since cyber attacks hit major U.S. banks and retailers two years ago.

Holden was previously instrumental in uncovering some of the world’s biggest known data breaches, affecting tens of millions of users at Adobe Systems, ADBE., JPMorgan JPM and Target and exposing them to subsequent cyber crimes.

The latest discovery came after Hold Security researchers found a young Russian hacker bragging in an online forum that he had collected and was ready to give away a far larger number of stolen credentials that ended up totaling 1.17 billion records.

After eliminating duplicates, Holden said, the cache contained nearly 57 million Mail.ru accounts – a big chunk of the 64 million monthly active email users Mail.ru said it had at the end of last year. It also included tens of millions of credentials for the world’s three big email providers, Gmail, Microsoft and Yahoo, plus hundreds of thousands of accounts at German and Chinese email providers.

“This information is potent. It is floating around in the underground and this person has shown he’s willing to give the data away to people who are nice to him,” said Holden, the former chief security officer at U.S. brokerage R.W. Baird. “These credentials can be abused multiple times,” he said.

LESS THAN $1

Mysteriously, the hacker asked just 50 rubles – less than $1 – for the entire trove, but gave up the dataset after Hold researchers agreed to post favorable comments about him in hacker forums, Holden said. He said his company’s policy is to refuse to pay for stolen data.

Such large-scale data breaches can be used to engineer further break-ins or phishing attacks by reaching the universe of contacts tied to each compromised account, multiplying the risks of financial theft or reputational damage across the web.

Hackers know users cling to favorite passwords, resisting admonitions to change credentials regularly and make them more complex. It’s why attackers reuse old passwords found on one account to try to break into other accounts of the same user.

After being informed of the potential breach of email credentials, Mail.ru spokeswoman Madina Tayupova told Reuters: “We are now checking, whether any combinations of usernames/passwords match users’ e-mails and are still active.

“As soon as we have enough information we will warn the users who might have been affected,” she said, adding that Mail.ru’s initial checks found no live combinations of usernames and passwords which match existing emails.

A Microsoft spokesman said stolen online credentials was an unfortunate reality. “Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access.”

Yahoo and Google did not respond to requests for comment.

Yahoo Mail credentials numbered 40 million, or 15 percent of the 272 million unique IDs discovered. Meanwhile, 33 million, or 12 percent, were Microsoft Hotmail accounts and 9 percent, or nearly 24 million, were Gmail, according to Holden.

Thousands of other stolen username/password combinations appear to belong to employees of some of the largest U.S. banking, manufacturing and retail companies, he said.

Stolen online account credentials are to blame for 22 percent of big data breaches, according to a recent survey of 325 computer professionals by the Cloud Security Alliance.

In 2014, Holden, a Ukrainian-American who specializes in Eastern European cyber crime threats, uncovered a cache of 1.2 billion unique credentials that marked the world’s biggest-ever recovery of stolen accounts.

His firm studies cyber threats playing out in the forums and chatrooms that make up the criminal underground, speaking to hackers in their native languages while developing profiles of individual criminals.

Holden said efforts to identify the hacker spreading the current trove of data or the source or sources of the stolen accounts would have exposed the investigative methods of his researchers. Because the hacker vacuumed up data from many sources, researchers have dubbed him “The Collector”.

Ten days ago, Milwaukee-based Hold Security began informing organizations affected by the latest data breaches. The company’s policy is to return data it recovers at little or no cost to firms found to have been breached.

“This is stolen data, which is not ours to sell,” said Holden.

(Editing by Mark Trevelyan)