Tag Archives: FBI

Exclusive: Yahoo secretly scanned customer emails for U.S. intelligence – sources

Yahoo billboard

By Joseph Menn

SAN FRANCISCO (Reuters) – Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.

The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.

Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to an intelligence agency’s request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified.

Reuters was unable to determine what data Yahoo may have handed over, if any, and if intelligence officials had approached other email providers besides Yahoo with this kind of request.

According to two of the former employees, Yahoo Chief Executive Marissa Mayer’s decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc.

“Yahoo is a law abiding company, and complies with the laws of the United States,” the company said in a brief statement in response to Reuters questions about the demand. Yahoo declined any further comment.

Through a Facebook spokesman, Stamos declined a request for an interview.

The NSA referred questions to the Office of the Director of National Intelligence, which declined to comment.

The request to search Yahoo Mail accounts came in the form of a classified edict sent to the company’s legal team, according to the three people familiar with the matter.

U.S. phone and Internet companies are known to have handed over bulk customer data to intelligence agencies. But some former government officials and private surveillance experts said they had not previously seen either such a broad demand for real-time Web collection or one that required the creation of a new computer program.

“I’ve never seen that, a wiretap in real time on a ‘selector,'” said Albert Gidari, a lawyer who represented phone and Internet companies on surveillance issues for 20 years before moving to Stanford University this year. A selector refers to a type of search term used to zero in on specific information.

“It would be really difficult for a provider to do that,” he added.

Experts said it was likely that the NSA or FBI had approached other Internet companies with the same demand, since they evidently did not know what email accounts were being used by the target. The NSA usually makes requests for domestic surveillance through the FBI, so it is hard to know which agency is seeking the information.

Alphabet Inc’s Google and Microsoft Corp, two major U.S. email service providers, separately said on Tuesday that they had not conducted such email searches.

“We’ve never received such a request, but if we did, our response would be simple: ‘No way’,” a spokesman for Google said in a statement.

A Microsoft spokesperson said in a statement, “We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.” The company declined to comment on whether it had received such a request.

CHALLENGING THE NSA

Under laws including the 2008 amendments to the Foreign Intelligence Surveillance Act, intelligence agencies can ask U.S. phone and Internet companies to provide customer data to aid foreign intelligence-gathering efforts for a variety of reasons, including prevention of terrorist attacks.

Disclosures by former NSA contractor Edward Snowden and others have exposed the extent of electronic surveillance and led U.S. authorities to modestly scale back some of the programs, in part to protect privacy rights.

Companies including Yahoo have challenged some classified surveillance before the Foreign Intelligence Surveillance Court, a secret tribunal.

Some FISA experts said Yahoo could have tried to fight last year’s demand on at least two grounds: the breadth of the directive and the necessity of writing a special program to search all customers’ emails in transit.

Apple Inc made a similar argument earlier this year when it refused to create a special program to break into an encrypted iPhone used in the 2015 San Bernardino massacre. The FBI dropped the case after it unlocked the phone with the help of a third party, so no precedent was set.

“It is deeply disappointing that Yahoo declined to challenge this sweeping surveillance order, because customers are counting on technology companies to stand up to novel spying demands in court,” Patrick Toomey, an attorney with the American Civil Liberties Union, said in a statement.

Some FISA experts defended Yahoo’s decision to comply, saying nothing prohibited the surveillance court from ordering a search for a specific term instead of a specific account. So-called “upstream” bulk collection from phone carriers based on content was found to be legal, they said, and the same logic could apply to Web companies’ mail.

As tech companies become better at encrypting data, they are likely to face more such requests from spy agencies.

Former NSA General Counsel Stewart Baker said email providers “have the power to encrypt it all, and with that comes added responsibility to do some of the work that had been done by the intelligence agencies.”

SECRET SIPHONING PROGRAM

Mayer and other executives ultimately decided to comply with the directive last year rather than fight it, in part because they thought they would lose, said the people familiar with the matter.

Yahoo in 2007 had fought a FISA demand that it conduct searches on specific email accounts without a court-approved warrant. Details of the case remain sealed, but a partially redacted published opinion showed Yahoo’s challenge was unsuccessful.

Some Yahoo employees were upset about the decision not to contest the more recent edict and thought the company could have prevailed, the sources said.

They were also upset that Mayer and Yahoo General Counsel Ron Bell did not involve the company’s security team in the process, instead asking Yahoo’s email engineers to write a program to siphon off messages containing the character string the spies sought and store them for remote retrieval, according to the sources.

The sources said the program was discovered by Yahoo’s security team in May 2015, within weeks of its installation. The security team initially thought hackers had broken in.

When Stamos found out that Mayer had authorized the program, he resigned as chief information security officer and told his subordinates that he had been left out of a decision that hurt users’ security, the sources said. Due to a programming flaw, he told them hackers could have accessed the stored emails.

Stamos’s announcement in June 2015 that he had joined Facebook did not mention any problems with Yahoo. (http://bit.ly/2dL003k)

In a separate incident, Yahoo last month said “state-sponsored” hackers had gained access to 500 million customer accounts in 2014. The revelations have brought new scrutiny to Yahoo’s security practices as the company tries to complete a deal to sell its core business to Verizon Communications Inc for $4.8 billion.

(Reporting by Joseph Menn; Editing by Jonathan Weber and Tiffany Wu)

‘No doubt’ Russia behind hacks on U.S. election system: senior Democrat

Vice Presidential debate in Virginia

By Dustin Volz

WASHINGTON (Reuters) – A senior Democratic lawmaker said Sunday he had “no doubt” that Russia was behind recent hacking attempts targeting state election systems, and urged the Obama administration to publicly blame Moscow for trying to undermine confidence in the Nov. 8 presidential contest.

The remarks from Representative Adam Schiff, the top Democrat on the intelligence committee in the U.S. House of Representatives, come amid heightened concerns among U.S. and state officials about the security of voting machines and databases, and unsubstantiated allegations from Republican candidate Donald Trump that the election could be “rigged.”

“I have no doubt [this is Russia]. And I don’t think the administration has any doubt,” Schiff said during an appearance on ABC’s “This Week.”

Schiff’s call to name and shame the Kremlin came a week after Trump questioned widely held conclusions made privately by the U.S. intelligence community that Russia is responsible for the hacking activity.

“It could be Russia, but it could also be China,” Trump said during a televised debate with Democratic candidate Hillary Clinton. “It also could be somebody sitting on their bed that weighs 400 pounds.”

On Saturday, Homeland Security Secretary Jeh Johnson said hackers have probed the voting systems of many U.S. states but there is no sign that they have manipulated any voting data.

Schiff said he doubted hackers could falsify vote tallies in a way to affect the election outcome. Officials and experts have said the decentralized and outdated nature of U.S. voting technology makes such hacks more unlikely.

But cyber attacks on voter registration systems could “sow discord” on election day, Schiff said. He further added that leaks of doctored emails would be difficult to disprove and could “be election altering.”

The National Security Agency, FBI and DHS all concluded weeks ago that Russian intelligence agencies conducted, directed or coordinated all the major cyberattacks on U.S. political organizations, including the Democratic National Committee, and individuals, a U.S. official who is participating in the investigations said on Sunday.

However, the official said, White House officials have resisted naming the Russians publicly because doing so could result in escalating cyberattacks, and because it is considered impossible to offer public, unclassified proof of the allegation.

Schiff and Senator Dianne Feinstein, the top Democrat on the U.S. Senate intelligence committee, said last month they had concluded Russian intelligence agencies were “making a serious and concerted effort to influence the U.S. election.”

(Reporting by Dustin Volz and John Walcott; Editing by Nick Zieminski)

FBI Probes Hacks targeting phones of Democratic Party officials

The headquarters of the Democratic National Committee is seen in Washington,

By Mark Hosenball

WASHINGTON (Reuters) – The FBI is investigating suspected attempts to hack mobile phones used by Democratic Party officials as recently as the past month, four people with direct knowledge of the attack and the investigation told Reuters.

The revelation underscores the widening scope of the U.S. criminal inquiry into cyber attacks on Democratic Party organizations, including the presidential campaign of its candidate, former U.S. Secretary of State Hillary Clinton.

U.S. officials have said they believe those attacks were orchestrated by hackers backed by the Russian government, possibly to disrupt the Nov. 8 election in which Clinton faces Republican Party candidate Donald Trump. Russia has dismissed allegations it was involved in cyber attacks on the organizations.

The more recent attempted phone hacking also appears to have been conducted by Russian-backed hackers, two people with knowledge of the situation said.

Federal Bureau of Investigation representatives had no immediate comment, and a Clinton campaign spokesman said they were unaware of the suspected phone hacking.

The Democratic National Committee (DNC) did not respond to a request for comment. An official of the Democratic Congressional Campaign Committee (DCCC) said that nobody at the organization had been contacted by investigators about possible phone hacking.

Interim DNC Chairwoman Donna Brazile told CNN: “Our struggle with the Russian hackers that we announced in June is ongoing – as we knew it would be – and we are choosing not to provide general updates unless personal data or other sensitive information has been accessed or stolen.”

FBI agents had approached a small number of Democratic Party officials to discuss concerns their mobile phones may have been compromised by hackers, people involved said. It was not clear how many people were targeted by the hack or whether they included members of Congress, a possibility that could raise additional security concerns for U.S. officials.

‘OFFICE BRAIN’

If they were successful, hackers could have been able to acquire a wide range of data from targeted cellphones, including call data, text messages, emails, photos and contact lists, one person with knowledge of the situation said.

“In a sense, your phone is your office brain,” said Bruce Schneier, a cyber security expert with Resilient, an IBM company, which is not involved in the investigation. “It’s incredibly intimate.”

“Anything that’s on your phone, if your phone is hacked, the hacker can get it.”

The FBI has asked some of those whose phones were believed to have hacked to turn over their phones so that investigators could “image” them, creating a copy of the device and related data.

U.S. investigators are looking into whether hackers used data stolen from servers run by Democratic organizations or the private emails of their employees to get access to cellphones, one person said.

Hackers previously targeted servers used by the DNC, the body that sets strategy for the party, and the DCCC, which raises money for Democrats running for seats in the House of Representatives, officials have said.

Clinton said during Monday’s presidential debate there was “no doubt” Russia has sponsored hacks against “all kinds of organizations in our country” and mentioned Russian President Vladimir Putin by name.

“Putin is playing a really tough, long game here. And one of the things he’s done is to let loose cyber attackers to hack into government files, to hack into personal files, hack into the Democratic National Committee,” Clinton said.

Trump countered that there was no definitive proof that Russia had sponsored the hacks of Democratic organizations.

“I don’t think anybody knows it was Russia that broke into the DNC,” he said. “It could be Russia, but it could also be China. It could also be lots of other people.”

(Reporting By Mark Hosenball; Editing by Kevin Krolicki and Grant McCool)

FBI report expected to show violent crime rise in some U.S. cities

Phone banks of the FBI

By Julia Harte

WASHINGTON (Reuters) – Violent crime in certain big U.S. cities in 2015 likely increased over 2014, although the overall crime rate has remained far below peak levels of the early 1990s, experts said, in advance of the FBI’s annual crime report to be released later on Monday.

The Federal Bureau of Investigation’s report was expected to show a one-year increase in homicides and other violent crimes in cities including Chicago, Baltimore and Washington, D.C., based on already published crime statistics.

Coming on the day of the first presidential campaign debate between Republican Donald Trump and Democrat Hillary Clinton, the report could “be turned into political football,” said Robert Smith, a research fellow at Harvard Law School, in a teleconference on Friday with other crime experts.

A rise in violent crime in U.S. cities since 2014 has already been revealed in preliminary 2015 figures released by the FBI in January.

A recent U.S. Justice Department-funded study examined the nation’s 56 largest cities and found 16.8 percent more murders last year over 2014.

Trump last week praised aggressive policing tactics, including the “stop-and-frisk” approach.

Clinton has pushed for stricter gun control to help curb violence and has called for the development of national guidelines on the use of force by police officers.

FBI Director James Comey warned last year that violent crime in the United States might rise because increased scrutiny of policing tactics had created a “chill wind” that discouraged police officers from aggressively fighting crime.

Increased crime has been concentrated in segregated and impoverished neighborhoods of big cities. Experts said in such areas crime can best be fought through better community policing and alternatives to incarceration for nonviolent crime.

“We’re just beginning to see a shift in mentality in law enforcement from a warrior mentality … to a guardian mentality,” said Carter Stewart, a former prosecutor for the Southern District of Ohio, on the teleconference. “I don’t want us as a country to go backwards.”

In Chicago, 54 more people were murdered in 2015 than the year before, a 13 percent jump in the city’s murder rate, according to an April study by New York University’s Brennan Center for Justice.

(Editing by Kevin Drawbaugh and Matthew Lewis)

Yahoo says hackers stole data from 500 million accounts

A Yahoo logo is seen on top of the building where they have offices in New York

By Dustin Volz

(Reuters) – Yahoo Inc said on Thursday that at least 500 million of its accounts were hacked in 2014 by what it believed was a state-sponsored actor, a theft that appeared to be the world’s biggest known cyber breach by far.

Cyber thieves may have stolen names, email addresses, telephone numbers, dates of birth and encrypted passwords, the company said. But unprotected passwords, payment card data and bank account information did not appear to have been compromised, signaling that some of the most valuable user data was not taken.

The attack on Yahoo was unprecedented in size, more than triple other large attacks on sites such as eBay Inc, and it comes to light at a difficult time for Yahoo.

Chief Executive Officer Marissa Mayer is under pressure to shore up the flagging fortunes of the site founded in 1994, and the company in July agreed to a $4.83 billion cash sale of its internet business to Verizon Communications Inc.

“This is the biggest data breach ever,” said well-known cryptologist Bruce Schneier, adding that the impact on Yahoo and its users remained unclear because many questions remain, including the identity of the state-sponsored hackers behind it.

On its website on Thursday, Yahoo encouraged users to change their passwords but did not require it.

Although the attack happened in 2014, Yahoo only discovered the incursion after August reports of a separate breach. While that report turned out to be false, Yahoo’s investigation turned up the 2014 theft, according to a person familiar with the matter.

Analyst Robert Peck of SunTrust Robinson Humphrey said the breach probably was not enough to prompt Verizon to abandon its deal with Yahoo, but it could call for a price decrease of $100 million to $200 million, depending on how many users leave Yahoo.

Steven Caponi, an attorney at K&L Gates with a practice including merger litigation, said that Yahoo’s breach could fall under the “material adverse change” clause common in mergers allowing a buyer to walk away if its target’s value deteriorates.

“That would give Verizon the opportunity to renegotiate the terms or potentially walk away from the transaction if it is a material change. Whether it is a material change will depend in large part on what kind of information was compromised,” Caponi said.

Still, it is rare for mergers to fall apart over material changes. Verizon said in a statement it was made aware of the breach within the last two days and had limited information about the matter.

“We will evaluate as the investigation continues through the lens of overall Verizon interests,” the company said.

Shares of Yahoo stock closed a penny higher at $44.15, while shares of Verizon, were up about 1 percent.

RISING ATTACKS

The Yahoo breach follows a rising number of other large-scale data attacks and could make it a watershed event that prompts government and businesses to put more effort into bolstering defenses, said Dan Kaminsky, a well-known internet security expert.

Retailers and health insurers have been especially hard hit after high-profile breaches at Home Depot Inc, Target Corp, Anthem Inc and Premera Blue Cross.

“Five hundred of the Fortune 500 have been hacked,” he said. “If anything has changed, it’s that these attacks are getting publicly disclosed.”

Three U.S. intelligence officials, who declined to be identified by name, said they believed the attack was state-sponsored because of its resemblance to previous hacks traced to Russian intelligence agencies or hackers acting at their direction.

Yahoo said it was working with law enforcement on the matter, and the FBI said it was investigating.

“The investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network,” the company said.

While the breach comprised mostly low-value information, it did include security questions and answers created by users themselves. That data could make users vulnerable if they use the same answers on other sites.

A former Yahoo employee said the Q&A were deliberately left unencrypted, which allowed Yahoo to catch fake accounts more easily because fake accounts tended to reuse questions and answers.

News of the massive breach at one of the nation’s largest email providers may fan concern that U.S. companies and government agencies are not doing enough to improve cyber security.

Democratic Senator Mark Warner said in a statement he was “most troubled by news that this breach occurred in 2014, and yet the public is only learning details of it today.”

Technology website Recode first reported Tuesday that Yahoo planned to disclose details about a data breach affecting hundreds of millions of users.

(Reporting by Aishwarya Venugopal in Bengaluru and Dustin Volz in Washington; additional reporting by Jim Finkle in Boston, Lauren Hirsch in New York, and Joseph Menn and Deborah Todd in San Francisco, writing by Alwyn Scott; editing by Peter Henderson and Cynthia Osterman)

Investigators try to determine if accused New York bomber had help

robot retrieving unexploded bomb

By David Ingram and Nate Raymond

NEW YORK (Reuters) – U.S. authorities on Wednesday were looking into whether an Afghan-born American citizen charged with carrying out bombings in New York and New Jersey acted alone or had help as the city’s top federal public defender sought access to the suspect.

Police in New York City said they had not yet been permitted by doctors to speak to Ahmad Khan Rahami, 28, who was arrested on Monday after being wounded in a gunfight with police in Linden, New Jersey.

Rahami has been charged with wounding 31 people in a bombing in New York on Saturday that authorities called a “terrorist act.”

The Federal Bureau of Investigation released a photo of two men who found a second, unexploded pressure cooker device they say Rahami left in a piece of luggage in Manhattan’s Chelsea neighborhood on Saturday night.

The two men, who took the bag but left the improvised bomb on the street are not suspects, officials said, but investigators want to interview them as witnesses.

“As far as whether he’s a lone actor, that’s still the path we are following, but we are keeping all the options open,” William Sweeney, the FBI’s assistant director in New York, told reporters.

Rahami is also charged with planting a bomb that exploded in Seaside Park, New Jersey, but did not injure anyone and planting explosive devices in his hometown of Elizabeth, New Jersey, which did not detonate. He faces charges from federal prosecutors in both states.

Federal prosecutors portray Rahami, who came to the United States at age 7 and became a naturalized citizen, as embracing militant Islamic views, begging for martyrdom and expressing outrage at the U.S. “slaughter” of Muslim fighters in Afghanistan, Iraq, Syria and Palestine.

Investigators were also probing Rahami’s history of travel to Afghanistan and Pakistan, and looking for evidence that he may have picked up radical views or trained in bomb-making.

Both government and pro-Taliban sources in Pakistan on Wednesday said they had no knowledge of Rahami having met with prominent people connected to the Taliban or other religious groups.

Prosecutors plan to move Rahami to New York from the New Jersey hospital where he is being treated as soon as his medical condition allows, said Preet Bharara, the U.S. attorney in Manhattan.

DEFENSE LAWYER DEMANDS COURT APPEARANCE

Rahami’s wife met with U.S. law enforcement officials while in the United Arab Emirates and voluntarily gave a statement, a law enforcement official said on Wednesday. She was not in custody.

A New Jersey U.S. congressman previously said Rahami had emailed his office in 2014 for help in getting her a visa to enter the United States from Pakistan when she was pregnant.

Rahami’s defense attorney, David Patton, on Wednesday demanded that his first court appearance to be scheduled as soon as possible, even if it occurs in his hospital bed, saying that the defendant had a constitutional right to a lawyer and a court appearance within two days of his arrest.

New York Police Commissioner James O’Neill told a news conference that investigators had not yet received doctors’ clearance to interview Rahami, adding, “That may happen in the next 24 hours, pending the doctors’ approval.”

Federal prosecutors in New York noted that while they had filed charges against Rahami, he remained in the custody of state officials in New Jersey, who initially arrested him after Monday’s gunfight. They said that makes Patton’s request for access premature.

Patton, in a subsequent filing, shot back that such delays were unacceptable.

“Mr. Rahami was arrested more than 48 hours ago. His bail in New Jersey was set without any appointment of counsel or court appearance. He still has not been provided counsel. He does not have a scheduled court appearance in New Jersey until next week,” Patton said.

The attacks in New York and New Jersey were the latest in a series in the United States inspired by Islamic militant groups including al Qaeda and Islamic State. A pair of ethnic Chechen brothers killed three people and injured more than 260 at the 2013 Boston Marathon with homemade pressure-cooker bombs similar to those used in this weekend’s attacks.

Rahami, in other parts of a journal that prosecutors said he was carrying when he was arrested, praised “Brother” Osama bin Laden, the al Qaeda leader slain in a 2011 U.S. raid in Pakistan; Anwar al-Awlaki, an American-born Muslim cleric and leading al Qaeda propagandist who was killed in a 2011 U.S. drone strike in Yemen; and Nidal Hasan, the U.S. Army psychiatrist who shot dead 13 people and wounded 32 at Fort Hood, Texas, in 2009.

Republican Rep. Michael McCaul, house Homeland Security Committee chairman, told CNN that Rahami’s writings in a journal showed that his actions had been inspired by Islamic State as “his guidance came from the lead ISIS spokesman.”

“What that tells me as a counterterrorism expert that now we can definitively say this was an ISIS-inspired terrorist attack.”

(Additional reporting by Doina Chiacu and Julia Edwards in Washington and Mehreen Zahra-Malik in Quetta, Pakistan; Writing by Scott Malone and Dan Whitcomb; Editing by Will Dunham and Alan Crosby)

U.S. portrays NY bomb suspect as jihadist who praised bin Laden

Federal Bureau of Investigation (FBI) personnel search an address during an investigation into Ahmad Khan Rahami, who was wanted for questioning in an explosion in New York, which authorities believe is linked to the explosive devices found in New Jersey

By Daniel Trotta

NEW YORK, Sept 20 (Reuters) – Federal prosecutors on Tuesday charged the Afghan-born man suspected of weekend bombings in New York and New Jersey with 10 counts including use of weapons of mass destruction, portraying him as a jihadist who begged for martyrdom and praised Osama bin Laden.

The suspect, Ahmad Khan Rahami, bought bomb components on eBay, made a video of himself testing out homemade explosives, and kept a journal expressing outrage at the U.S. “slaughter” of mujahideen in Afghanistan, Iraq, Syria and Palestine, federal officials allege.

“Inshallah (God willing), the sounds of bombs will be heard in the streets. Gun shots to your police. Death to your
oppression,” Rahami, who came to the United States at age 7, wrote in a journal he was carrying when arrested.

Rahami was apprehended on Monday in Linden, New Jersey, after a shootout with police that left him with multiple gunshot wounds. He was listed in critical but stable condition on Tuesday, and police had not yet been able to interview him in depth, New York Police Commissioner James O’Neill said.

Federal prosecutors from separate districts in New York and New Jersey charged him with four and six counts respectively.

In addition to leaving the bomb that exploded on Saturday evening in the Manhattan district of Chelsea that wounded 31 people, they allege he planted a pipe bomb on the New Jersey shore that injured no one when it exploded on Saturday morning.

He also is accused of planting another pressure-cooker bomb in Chelsea that failed to explode, and multiple devices at a train station in Elizabeth, New Jersey. One of those exploded as a bomb squad robot attempted to defuse it.

The charging documents and accompanying sworn statements from Federal Bureau of Investigation agents offer the first official explanation of what they believe to be the bomber’s motive.

As the charges were made public, the White House for the first time said it appeared the attacks were an act of
terrorism. Earlier in the investigation, officials had withheld such an assessment until they could discern a motive.

“It does appear this was an act of terrorism,” White House spokesman Josh Earnest said during a press briefing in New York City.

At least one victim in the Chelsea blast was knocked unconscious and another hospitalized to remove ball bearings
from her body, metal fragmentation from her ear and wood shards from her neck, the charging documents say.

Surveillance video from the bomb scenes and fingerprints on unexploded devices also point to Rahami, according to the documents.

The three counts of using weapons of mass destruction, one from New York and two from New Jersey, each carry a maximum sentence of life in prison.

In addition to the federal charges, New Jersey state prosecutors from Union County have charged Rahami with five
counts of attempted first-degree murder for firing at police officers and two second-degree weapons counts.

JIHADI JOURNAL

Other parts of Rahami’s journal praise “Brother” Osama bin Laden; Anwar al-Awlaki, an American-born Muslim cleric and leading al Qaeda propagandist who was killed in a U.S. drone strike in Yemen in 2011; and Nidal Hasan, the U.S. Army psychiatrist who shot dead 13 people and wounded 32 at Fort Hood, Texas, in 2009.

“I beg … for shahadat (martyrdom) and inshallah this call will be answered,” he wrote in a passage expressing concern about getting caught.

Video found on a family member’s mobile phone dated two days before the bombings and taken near his home in New Jersey showed him lighting a fuse that igniting incendiary material packed in a partially buried cylinder.

An eBay account linked to Rahami bought a precursor chemical used in explosives, circuit boards and ball bearings that matched the explosives and remnants collected at the crime scenes, the documents said.

Investigators also traced mobile phones used in the bombs to Rahami and said he played jihadist videos from social media.

Earlier on Tuesday Rahami’s father said he had reported concerns about his son being involved with militants to the Federal Bureau of Investigations two years ago.

The FBI acknowledged it had investigated Rahami in 2014, but found no “ties to terrorism” and dropped its inquiry.

His father, Mohammad Rahami, briefly emerged on Tuesday from the family’s restaurant in Elizabeth, New Jersey, about 20 miles (30 km) west of New York City, telling reporters, “I called the FBI two years ago.”

The FBI said in a statement that it began an assessment of the younger Rahami in 2014 based on comments his father made about his son after “a domestic dispute.”

“The FBI conducted internal database reviews, interagency checks, and multiple interviews, none of which revealed ties to terrorism,” the FBI said.

(Additional reporting by Joseph Ax and Mica Rosenberg in Elizabeth, N.J., Mark Hosenball and Julia Edwards in Washington and Jeffrey Dastine an dChristine Prentice in New York; Writing by Daniel Trotta; Editing by Alan Crosby)

FBI detects breaches against two state voter systems

A padlock is displayed at the Alert Logic booth during the 2016 Black Hat cyber-security conference in Las Vegas, Nevada,

By Jim Finkle and Dustin Volz

WASHINGTON (Reuters) – The FBI is urging U.S. election officials to increase computer security after it uncovered evidence that hackers have targeted two state election databases in recent weeks, according to a confidential advisory.

The warning was in an Aug. 18 flash alert from the FBI’s Cyber Division. Reuters obtained a copy of the document.

Yahoo News first reported the story Monday, citing unnamed law enforcement officials who said they believed foreign hackers caused the intrusions.

U.S. intelligence officials have become increasingly worried that hackers sponsored by Russia or other countries may attempt to disrupt the November presidential election.

Officials and cyber security experts say recent breaches at the Democratic National Committee and elsewhere in the Democratic Party were likely carried out by people within the Russian government. Kremlin officials have denied the allegations of Moscow’s involvement.

Concerns about election computer security prompted Homeland Security Secretary Jeh Johnson to convene a conference call with state election officials earlier this month, when he offered the department’s help in making their voting systems more secure.

The FBI warning did not identify the two states targeted by cyber intruders, but Yahoo News said sources familiar with the document said it referred to Arizona and Illinois, whose voter registration systems were penetrated.

Citing a state election board official, Yahoo News said the Illinois voter registration system was shut down for 10 days in late July after hackers downloaded personal data on up to 200,000 voters.

The Arizona attack was more limited and involved introducing malicious software into the voter registration system, Yahoo News quoted a state official as saying. No data was removed in that attack, the official said.

(Writing by David Alexander; Editing by Lisa Von Ahn)

Canada security questioned after FBI tip thwarts attack

Police photograph of taxi where suicide bomber detonated in Canada

By Andrea Hopkins

OTTAWA (Reuters) – Aaron Driver first came to the attention of Canadian officials in late 2014 after he voiced support for Islamic State on social media. In 2015, the Muslim convert was arrested for communicating with militants involved with attack plots in Texas and Australia. Early this year, he agreed to a court order known as a peace bond that restricted his online and cell phone use.

Yet it took a tip from the U.S. Federal Bureau of Investigation to alert Canadian intelligence officials to what police say was an imminent attack Driver was planning on a major Canadian city.

Driver, 24, died after he detonated an explosive device in the backseat of a taxi as police closed in and opened fire, the Royal Canadian Mounted Police (RCMP) said in Ottawa.

The RCMP said Driver, one of only two Canadians currently subject to a peace bond, was not under constant surveillance before the tip from the FBI came on Wednesday morning.

Driver’s father, Wayne Driver, questioned why authorities did not intervene more decisively earlier. He said he wished his son had been forced into a de-radicalization program.

“I don’t think [the peace bond] was very effective at all. I mean, look at the outcome,” Driver’s father told the Canadian Broadcasting Corp.

“Why wasn’t he on some kind of parole where he had to report a couple times a month instead of never?”

RCMP Deputy Commissioner Mike Cabana said that even when, as in Driver’s case, there is enough evidence for a court-ordered terrorism-related peace bond, the tool cannot really prevent an attack.

“Our ability to monitor people 24 hours a day and 7 days a week simply does not exist. We can’t do that,” Cabana told reporters at a news conference in Ottawa.

Phil Gurski, a former Canadian Security Intelligence Service (CSIS) analyst and now a risk consultant, said it takes about 20 to 40 officers in multiple surveillance teams to watch a suspect.

“It is not like Hollywood films where it is one car following one guy,” said Gurski. “So you have to start prioritizing.”

With Driver’s death, one Canadian resident remains under a terrorism-related federal peace bond, a type of restraining order issued by a provincial judge. According to the Public Prosecution Service of Canada, nine more such orders are pending, nine have already expired, and three applications for peace bonds have been withdrawn.

LIMITS TO PEACE BONDS

Driver’s peace bond required him, among other things, to get permission before purchasing a cell phone, stay off social media websites and refrain from communications with members of Islamic State and other radical groups.

After Driver’s foiled attack, Public Safety Minister Ralph Goodale said peace bonds have limits.

“Those issues will obviously need to be very carefully scrutinized,” he said in an interview with CBC.

While some 600 RCMP officers and staff were transferred from organized crime, drug and financial integrity files to the counter-terrorism beat in recent years, critics of Prime Minister Justin Trudeau’s new Liberal government have argued that not enough money is being spent to fight terrorism.

The 2016 budget provided C$35-million over five years to combat radicalization, but little in the way of new funding for the RCMP or CSIS.

Trudeau was elected in October 2015 pledging to end Canada’s combat role against Islamic State and roll back some of the security powers his Conservative Party predecessor had implemented.

Ray Boisvert, a former assistant director of intelligence at CSIS, said Driver was likely on an increasingly long list of so-called “B-listers” – people known to law enforcement, but considered lower risk than others and not followed regularly.

“The problem today, of course is that a target can go from mildly radicalized to highly ‘weaponized’ in a matter of weeks – or sooner,” Boisvert, who left CSIS in 2012 and is now a security consultant to private firms, said in an email.

Mubin Shaikh, a former undercover operative with CSIS, told Reuters he considered Driver a threat back in 2015, in part because he was a Muslim convert.

“That’s a red flag,” he said on Thursday.

In October 2014, a Canadian Muslim convert shot and killed a soldier at Ottawa’s national war memorial before launching an attack on the Canadian Parliament. The same week, another convert ran down two soldiers in Quebec, killing one.

Shaikh, now a Canadian counter-terrorism and national security consultant, said law enforcement officers walk a fine line in determining which Islamic State sympathizers are just talkers, and which represent an actual threat to Canada.

“You don’t know who is going to be the one guy who is not just talking but may take action,” he said. “It’s better to assume that they are going to be a threat.”

(Additional reporting by Allison Lampert in Montreal, Leah Schnurr in Ottawa, Ethan Lou in Toronto, Rod Nickel in Winnipeg; Editing by Sue Horton, Diane Craft and Frances Kerry)