U.S. trade group hacked with Chinese software ahead of Xi summit

FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on March 1, 2017.REUTERS/Kacper Pempel/Illustration/File Photo

By Joseph Menn

SAN FRANCISCO (Reuters) – A sophisticated hacking group that pursues Chinese government interests broke into the website of a private U.S. trade group ahead of Thursday’s summit between U.S. President Donald Trump and Chinese President Xi Jinping, according to researchers.

The hackers left a malicious link on web pages where members of the National Foreign Trade Council (NFTC) register for upcoming meetings, according to researchers at Fidelis Cybersecurity and a person familiar with the trade group.

The nonprofit NFTC is a prominent advocate on international trade policy, with corporate members including Wal-Mart Stores Inc <WMT.N>, Johnson & Johnson <JNJ.N>, Amazon.com Inc <AMZN.O>, Ford Motor Co <F.N> and Microsoft Corp <MSFT.O>.

The malicious link deployed a spying tool called Scanbox, which would have recorded the type and versions of software running on the computers of those exposed to it, said Fidelis researcher John Bambenek. Such reconnaissance is typically followed by new attacks using known flaws in the detected software, especially older versions.

Scanbox has only been used by groups associated with the Chinese government, Fidelis said, and was recently seen on a political site aimed at Uyghurs, an ethnic minority under close government scrutiny in China.

The breach was detected about five weeks ago by a NFTC director who is a customer of Fidelis, the security company said. Both the Federal Bureau of Investigation and the NFTC were notified and the malicious link removed, and Fidelis said it had no evidence of NFTC members being infected.

The FBI and the NFTC declined to comment. A spokesman for the Chinese foreign ministry did not respond to a request for comment.

Bambenek said he believed the attack was classic espionage related to international trade talks, rather than a violation of a 2015 agreement between former U.S. President Barack Obama and Xi to end spying for commercial motives.

The summit starting on Thursday is the first meeting between Xi and Trump, who blamed China on the campaign trail for the loss of many U.S. jobs and vowed to confront the country’s leaders on the matters of trade and currency manipulation.

“I think it’s traditional espionage that happens ahead of any summit,” said Bambenek. “They would like to know what we, the Americans, really care about and use that for leverage.”

Other security firms agreed that wholesale theft of U.S. intellectual property has not returned.

Instead, FireEye Inc <FEYE.O> and BAE Systems Plc <BAES.L> said that the hacking group identified by Fidelis, called APT10, has recently attacked government and commercial targets in Europe.

FireEye researcher John Hultquist said heavy industries in Nordic countries have been hacked more often as Beijing switches priorities.

“They are certainly taking those resources and pushing them to other places where they can still get away with this behavior,” Hultquist said.

(Reporting by Joseph Menn in San Francisco; Addtional reporting by Dustin Volz in Washington; Editing by Bill Rigby)

Yahoo under scrutiny after latest hack, Verizon seeks new deal terms

Yahoo logo on smartphone

By Greg Roumeliotis and Jessica Toonkel

NEW YORK (Reuters) – Yahoo Inc <YHOO.O> came under renewed scrutiny by federal investigators and lawmakers on Thursday after disclosing the largest known data breach in history, prompting Verizon Communications Inc <VZ.N> to demand better terms for its planned purchase of Yahoo’s internet business.

Shares of the Sunnyvale, California-based internet pioneer fell more than 6 percent after it announced the breach of data belonging to more than 1 billion users late on Wednesday, following another large hack reported in September.

Verizon, which agreed to buy Yahoo’s core internet business in July for $4.8 billion, is now trying to persuade Yahoo to amend the terms of the acquisition agreement to reflect the economic damage from the two hacks, according to people familiar with the matter.

The U.S. No. 1 wireless carrier still expects to go through with the deal, but is looking for “major concessions” in light of the most recent breach, according to another person familiar with the situation.

Asked about the status of the deal, a Yahoo spokesperson said: “We are confident in Yahoo’s value and we continue to work towards integration with Verizon.”

Verizon had already said in October it was reviewing the deal after September’s breach disclosure. Late on Wednesday, it said it would “review the impact of this new development before reaching any final conclusions” about whether to proceed.

The company declined to comment beyond that statement on Thursday.

Verizon has threatened to go to court to get out of the deal if it is not repriced, citing a material adverse effect, said the people familiar with the matter, who asked not to be identified because the negotiations are confidential.

No court in Delaware, where Yahoo is incorporated, has ever found that a material adverse effect has occurred that would allow companies to terminate a merger agreement.

Nevertheless, the threat of a court case on the issue has been successfully used by companies to renegotiate deals, and experts said that some concessions from Yahoo are likely, given the magnitude of the cyber security breaches.

Renegotiating the deal’s price tag would be the simplest but also least likely scenario because the impact of the data breaches will not be apparent for some time, according to Erik Gordon, a professor at the University of Michigan’s Ross School of Business.

A more likely concession would be for Yahoo to agree to compensate Verizon after the close of the deal, based on the liabilities that occur. The two companies may also agree to extend the close of the deal to allow for more time for information to come in on the impact of the breaches, Gordon suggested.

Verizon shares rose 0.4 percent to close at $51.81, in line with the S&P 500 Index <.SPX>. Yahoo closed down 6.1 percent at $38.41.

BIGGEST BREACH

Yahoo said late on Wednesday that it had uncovered a 2013 cyber attack that compromised data of more than 1 billion user accounts, the largest known breach on record.

It said the data stolen may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.

The company added that some of its partners were affected. One such partner, Europe’s Sky Plc <SKYB.L>, said Yahoo provides email services to its 2.1 million Sky.com email account holders, but it was unclear how many of those accounts were affected.

The announcement followed Yahoo’s disclosure in September of a separate breach that affected over 500 million accounts, which the company said it believed was launched by different hackers.

The White House said on Thursday the U.S. Federal Bureau of Investigation was probing the breach. Several lawsuits seeking class-action status on behalf of Yahoo shareholders have been filed, or are in the works.

Meanwhile, Democratic Senator Mark Warner of Virginia said he was looking into Yahoo’s cyber security practices.

“This most-recent revelation warrants a separate follow-up and I plan to press the company on why its cyber defenses have been so weak as to have compromised over a billion users,” he said in a statement.

Warner, who will become the top Democrat on the Senate Intelligence Committee next year, described the hacks as “deeply troubling.”

New York Attorney General Eric Schneiderman urged anyone with a Yahoo account to change their passwords and security questions and said he is examining the breach’s circumstances and the company’s disclosures to law enforcement.

Germany’s cyber security authority, the Federal Office for Information Security (BSI), advised German consumers to consider switching to safer alternatives for email, and criticized Yahoo for failing to adopt modern encryption techniques to protect users’ personal data.

“Considering the repeated cases of data theft, users should look more closely at which services they want to use in the future and security should play a part in that decision,” BSI President Arne Schoenbohm said in a statement.

The latest breach drew widespread criticism from security experts, several advising consumers to close their Yahoo accounts.

“Yahoo has fallen down on security in so many ways I have to recommend that if you have an active Yahoo email account, either direct with Yahoo of via a partner like AT&T, get rid of it,” Stu Sjouwerman, chief executive of cyber security firm KnowBe4 Inc, said in a broadly distributed email.

A Yahoo spokesperson, in response to criticism of the company’s security measures, said on Thursday: “We’re committed to keeping our users secure, both by continuously striving to stay ahead of ever-evolving online threats and to keep our users and platforms secure.”

(Reporting by Greg Roumeliotis and Jessica Toonkel in New York and Dustin Volz in Washington; Additional reporting by Liana Baker, Anna Driver, Eric Auchard and Michael Erman; Writing by Jim Finkle and Jonathan Weber; Editing by Bill Trott and Bill Rigby)

VTech Hires Cyber Security Firm After Hack, Lawmakers Want Answers

VTech hired a company to help it with cyber security after a hacker gained access to the toy maker’s customer database — and private information about millions of adults and children.

The Hong Kong-based company announced Thursday that a team from FireEye is helping it with the fallout from the massive data breach, one of the largest documented consumer hacks.

VTech said in a news release that the United States-based company is helping it beef up its security after a November cyber attack in which a hacker accessed the manufacturer’s Learning Lodge portal, which allows customers to download a variety of content to VTech’s digital toys.

The company has said the data included information like email addresses and passwords but not credit card or social security numbers. The hacker who claimed responsibility for the attack has told Motherboard he also accessed pictures of children and logs of private chats between kids and their parents. Those were originally sent through a VTech service called Kid Connect, which allowed smartphone-using parents to exchange messages with children using VTech tablets.

The hacker has told Motherboard he has no plans to release the data.

VTech said about 4.8 million parents and 6.3 million children were affected by the hack. About 2.2 million parent accounts and 2.9 million child profiles are based in the United States, it said.

The company has suspended Learning Lodge and Kid Connect and several other websites in a precautionary measure, it said. VTech adds that it has reviewed the websites and taken steps to safeguard against future attacks, and hiring FireEye appears to be another one of those actions.

“We are deeply shocked by this orchestrated and sophisticated attack on our network. We regret that users of Learning Lodge, Kid Connect and PlanetVTech, some of whom are colleagues, friends and families, are also affected,” VTech Chairman and Group CEO Allan Wong said in a statement that accompanied the announcement. “We would like to offer our sincere apologies for any worry caused by this incident. We are taking all necessary steps to ensure that our users can continue to enjoy our products and services, safe in the knowledge that their data is secure.”

VTech said FireEye’s team will lead a forensic investigation into the attack and help review its customer data security protocols. The toy maker also it is “cooperating with law enforcement worldwide to investigate the incident,” but did not mention any specific agency’s involvement.

On Wednesday, two United States lawmakers wrote VTech and inquired about the kind of information it collects from children and how the toy manufacturer safeguards that data.

Specifically, Sen. Edward Markey (D.-Mass.) and Congressman Joe Barton (R.-Texas) want to know how VTech complies with the Children’s Online Privacy Protection Act, which governs the data websites can collect from children less than 13 years old.

PC Magazine reported the VTech hack was the fourth largest breach of consumer data.

Children among 5 million affected by VTech hack

Hackers gained access to the private information of about 5 million adults and children who used VTech toys, and some security experts warn that similar data breaches could follow.

The Hong Kong-based digital toy manufacturer announced the massive data breach in a news release on Friday, saying a hacker compromised the company’s Learning Lodge earlier this month. The Learning Lodge is a portal that customers use to download content to VTech toys.

The hackers gained access to VTech’s customer database, which the company said includes information like email addresses and passwords but not social security or credit card numbers.

PC Magazine reported the hack was the fourth largest breach of consumer data on record.

The online technology magazine Motherboard reported on Monday that it spoke to the hacker behind the breach. The hacker claimed he also accessed photographs of children and transcripts of conversations between parents and their kids, some of which dated back to last November.

That data was reportedly sent through VTech’s Kid Connect service, a channel through which adults with smartphones and children with VTech tablets can exchange text and audio messages.

The hacker told Motherboard he didn’t intend to publish or release any of the data he obtained.

VTech said it investigated the breach and implemented steps to combat further attacks. Attorney generals from Connecticut and Illinois said they will also investigate, Reuters reported Monday.

The Reuters report quoted cyber security experts who cautioned that additional breaches like this one are possible. While many digital toys collect data, the experts told Reuters that toy makers don’t necessarily have the same security background as others in the tech industry.

“VTech is a toymaker and I don’t expect them to be security superstars,” Tod Beardsley, the security research manager at the cyber security company Rapid7 Inc., told Reuters. “They are amateurs in the field of security.”

Hong Kong’s Office of the Privacy Commissioner for Personal Data began a “compliance check” on VTech on Tuesday, according to a news release. The inquiry will examine if VTech did enough to safeguard the data before it was breached, as well as the corrective measures it implemented.

Cyber security stocks get filip from Talk hack attack

Photo courtesy of Reuters/Stefan Wermuth

LONDON (Reuters) – The hacking scandal at broadband provider TalkTalk has heightened interest in stocks and companies dealing in cyber security, with some fund managers betting on more growth in the sector.

British police said on Friday that they had arrested a second teenager in connection with the breach at TalkTalk, which may have led to the theft of personal data from among the company’s more than 4 million customers.

TalkTalk was not the first such incident, but traders and investors said it should re-ignite interest in companies offering protection against hack attacks.

Market research firm Gartner has estimated that global spending on IT security is set to increase 8.2 percent in 2015 to $77 billion. Corporations around the world will spend $101 billion on information security in 2018, Gartner says.

That has caught the attention of financial markets. The ISPY exchange-traded-fund, which lets investors hold a basket of cyber security stocks – such as Cisco Systems and Sophos Group – has risen around 3 percent.

“As cyber crime continues to grow, governments and companies are prioritising cyber security as an essential investment. This is a sector we can expect to dominate headlines and corporate budgets,” said Kris Monaco, the head of ISE ETF Ventures.

Others focused on some relatively small British stocks whose shares have risen, in contrast to those of TalkTalk whose stock has fallen 6 percent in the last week.

Falanx Group has climbed 15 percent over that same period. NCC Group and Corero Network Security – an offshoot of the former Corero software business – have risen 3 percent.

Corero’s products include software that protects against attacks on Internet sites and domain addresses.

NCC has similar services, including one to test how vulnerable a company is to “phishing” – where internal emails are hacked by someone posing as an employee or outside contact – while Falanx has services monitoring clients’ computer infrastructure for signs of suspicious activity.

John Blamire, a former British Army officer who is chief executive at Falanx, said customer interest had risen since the attack on TalkTalk.

“Incidents such as the one at TalkTalk actively brings attention to organizations such as ours,” he said.

To be sure, stocks such as these would carry the usual risks associated with “small cap” stocks with a relatively small market valuation – less liquidity, which can then make them more prone to a slump and harder to sell than bigger stocks.

Nevertheless, they have attracted some big-name investment houses, with Liontrust Asset Management holding a near 10 percent stake in NCC while Blackrock Investment Management has a near 3 percent holding in Corero. Both Liontrust and Blackrock declined to comment on those holdings.

Mark Slater, chief investment officer at Slater Investments, holds around 3 million NCC shares in his company’s portfolio, and he expected NCC and others to continue to grow.

“The nature of the Internet makes it open to attack. These problems are not going to go away.”

(By Sudip Kar-Gupta; Reporting by Sudip Kar-Gupta; Editing by Lionel Laurent, Larry King)

Two Individuals Exposed in Ashley Madison Hack Commit Suicide

Two individuals connected to the release of users of the adultery website Ashley Madison have taken their own lives.

Police in Toronto would not release the names of the individuals and would not release information other than their connection to the release of Ashley Madison info.

“This hack is one of the largest data breaches in the world,” Toronto Police acting staff-Supt. Bryce Evans said. “This is affecting all of us. The social impact behind this leak, we’re talking about families, we’re talking about children, we’re talking about wives, their male partners.”

The shocking news was actually predicted last week by a security analyst that first reported the hacking of Ashley Madison and the release of the names of those who paid to try and have an affair.

“There’s a very real chance that people are going to overreact. I wouldn’t be surprised if we saw people taking their lives because of this, and obviously piling on with ridicule and trying to out people is not gonna help the situation,” analyst Brian Krebs said on Wednesday.

Another suicide has been potentially linked to the breach.  An employee of the city of San Antonio committed suicide Thursday, but officials would not confirm it was because of the leak.

The company that owns Ashley Madison is offering a $500,000 reward to anyone who will turn in the hackers that revealed their adultery seeking clientele.

Hack of Government Servers Much Larger Than First Disclosed

The attack on servers controlling data for the Office of Personnel Management (OPM) is now being reported as significantly larger than initially disclosed to the public.

Government investigators say the total number of people who had data taken in the attack suspected of being carried out by Chinese hackers was roughly 21.5 million, well above the initially released estimate of 4 million people.

The 21.5 million includes many non-government employees after the initial report claimed that it was only government workers who were at risk.

“If an individual underwent a background investigation through OPM in 2000 or afterwards … it is highly likely that the individual is impacted by this cyber breach,” OPM’s statement read.

Republicans in Congress were calling on the President to replace OPM Director Katherine Archuleta.

“It has taken this administration entirely too long to come to grips with the magnitude of this security breach — a breach that experts agree was entirely foreseeable. Americans who serve our country need to be able to trust that the government can keep their personal information safe and secure,” House Speaker John Boehner said in a statement.

Jason Chaffetz, the head of the House Oversight and Reform Committee, called on the President to not only fire Archuleta but also Chief Information Officer Donna Seymour.

“Their negligence has now put the personal and sensitive information of 21.5 million Americans into the hands of our adversaries. Such incompetence is inexcusable,” Chaffetz, a Republican, said Thursday in a statement.