U.S. initiative warns firms of hacking by China, other countries

FILE PHOTO: A Chinese flag flutters at Tiananmen Square in central Beijing, China June 8, 2018. REUTERS/Jason Lee

By Jonathan Landay

WASHINGTON (Reuters) – The Trump administration on Monday launched a drive to push U.S. firms to better protect their trade secrets from foreign hackers, following a slew of cases accusing individuals and companies of economic espionage for China.

U.S. companies hit by recent attacks included Hewlett Packard Enterprise Co and International Business Machines Corp

The National Counter-Intelligence and Security Center, which coordinates counter-intelligence efforts within the U.S. government, launched the outreach campaign to address persistent concerns that many companies are not doing enough to guard against cyber theft.

The Center is worried about cyber attacks on U.S. government agencies and the private sector from China, Russia, North Korea and Iran.

“Top corporate executives and directors should know the intent of our adversaries and what they are trying to do economically to gain the upper hand,” William Evanina, a veteran FBI agent who oversees the center, said in an interview. “We are not saying don’t invest in China or with China, but know the risk.”

The drive targets trade associations across the United States and their members. Videos, brochures and online informational materials describe the threat posed by cyber espionage and other methods used by foreign intelligence services.

One brochure details methods hackers use to break into computer networks and how they create fake social media accounts to deceive people into revealing work or personal details. It outlines ways to protect information, such as researching apps before downloading them and updating anti-virus software.

The first parts of this administration outreach effort called,”Know the Risk, Raise Your Shield,” focused mainly on federal workers. The new phase follows a series of cases announced by the U.S. government against individuals and firms for allegedly stealing government secrets and proprietary information from U.S. companies for China’s benefit.

Nine cases announced since July 2018 included the unsealing last month of an indictment of two alleged hackers linked to China’s main spy agency on charges that they stole confidential government and corporate data. The pair allegedly belonged to a hacking ring known as APT 10.

Evanina said the new campaign also focuses on what he called Moscow’s aggressive, persistent attacks on computer networks of critical U.S. infrastructure, which includes power grids and communications, financial and transportation systems.

China and Russia have repeatedly denied conducting such attacks.

The most serious threats now facing companies, Evanina said, are efforts to plant malicious software in components purchased from suppliers or to substitute counterfeit parts for genuine products.

Companies need to take greater care to counter those efforts and in vetting new hires because of the growing danger of employing people acting for foreign powers, he said.

(Reporting by Jonathan Landay; Editing by David Gregorio)

Chinese hacking against U.S. on the rise: U.S. intelligence official

A staff member sets up Chinese and U.S. flags for a meeting in Beijing, China April 27, 2018. REUTERS/Jason Lee

By Jim Finkle and Christopher Bing

NEW YORK (Reuters) – A senior U.S. intelligence official warned on Tuesday that Chinese cyber activity in the United States had risen in recent months, and the targeting of critical infrastructure in such operations suggested an attempt to lay the groundwork for future disruptive attacks.

”You worry they are prepositioning against critical infrastructure and trying to be able to do the types of disruptive operations that would be the most concern,” National Security Agency official Rob Joyce said in response to a question about Chinese hacking at a Wall Street Journal conference.

Joyce, a former White House cyber advisor for President Donald Trump, did not elaborate or provide an explanation of what he meant by critical infrastructure, a term the U.S. government uses to describe industries from energy and chemicals to financial services and manufacturing.

In the past, the U.S. government has openly blamed hackers from Iran, Russia or North Korea for disruptive cyberattacks against U.S. companies, but not China. Historically, Chinese hacking operations have been more covert and focused on espionage and intellectual property theft, according to charges filed by the Justice Department in recent years.

A spokesperson for Joyce said he was specifically referring to digital attacks against the U.S. energy, financial, transportation, and healthcare sectors in his speech on Tuesday.

The comments follow the arrest by Canadian authorities of Meng Wanzhou, chief financial officer of Chinese telecommunications giant Huawei Technologies, at the request of the United States on Dec. 1. Wanzhou was extradited and faces charges in the U.S. related to sanctions violations.

(Reporting by Jim Finkle and Christopher Bing; Editing by Bernadette Baum)

HSBC discloses customer accounts hacked at its U.S. bank

FILE PHOTO: The HSBC logo is seen on a top roof of the main branch in Beirut, Lebanon July 25, 2016. REUTERS/ Aziz Taher/File Photo

LONDON (Reuters) – Hackers breached some HSBC & HSBA. customers’ accounts in the United States in October and accessed their information, the bank said in a regulatory filing on Tuesday.

It was not immediately clear how many accounts were breached or whether any money was stolen.

“HSBC regrets this incident, and we take our responsibility for protecting our customers very seriously.” an HSBC spokeswoman said. “We have notified customers whose accounts may have experienced unauthorized access and offered them one year of credit monitoring and identify theft protection service.”

(Reporting by Lawrence White; Editing by David Goodman)

What is Russia’s GRU military intelligence agency?

A general view shows the headquarters of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation, formerly known as the Main Intelligence Directorate (GRU), in Moscow, Russia October 4, 2018. REUTERS/Stringer

By Guy Faulconbridge

LONDON (Reuters) – The West has accused Russia’s military intelligence agency (GRU) of running what it described as a global hacking campaign, targeting institutions from sports anti-doping bodies to a nuclear power company and the chemical weapons watchdog.

What is GRU and what does it do?

What is the GRU?

Russia’s military intelligence service is commonly known by the Russian acronym GRU, which stands for the Main Intelligence Directorate. Its name was formally changed in 2010 to the Main Directorate (or just GU) of the general staff, but its old acronym – GRU – is still more widely used.

Its published aims are the supply of military intelligence to the Russian president and government. Additional aims include ensuring Russia’s military, economic and technological security.

The GRU answers directly to the chief of the general staff, Valery Gerasimov, and the Russian defense minister, Sergei Shoigu, each of whom are thought to have access to Russia’s portable nuclear briefcase.

Russia’s two other main intelligence and security services were both created from the Soviet-era KGB: the Foreign Intelligence Service, or SVR, and the Federal Security Service, or FSB.

What are the GRU’s capabilities?

According to a Western assessment of GRU seen by Reuters, the GRU has a long-running program to run ‘illegal’ spies – those who work without diplomatic cover and who live under an assumed identity for years until orders from Moscow.

“It has a long-running program of ‘illegals’ reserved for the most sensitive or deniable tasks across the spectrum of GRU operations,” the assessment said.

The GRU is seen as a major Russian cyber player.

“It plays an increasingly important role in Russia’s development of Information Warfare (both defensive and offensive),” according to the Western assessment.

“It is an aggressive and well-funded organization which has the direct support of – and access to – [Russian President Vladimir] Putin, allowing freedom in its activities and leniency with regards to diplomatic and legislative scrutiny,” according to the assessment.

The GRU also has a considerable special forces unit. They are the elite of the Russian military.

“I don’t like rankings but the GRU is in the top levels of this business,” Onno Eichelsheim, director of the Netherlands Defence Intelligence and Security Service, told Reuters. “They are a very real threat.”

What are Western claims about GRU?

– The United States sanctioned GRU officers including its chief, Igor Korobov, for cyber attempts to interfere in the 2016 presidential election. Russia denied meddling in the election.

– Britain said two GRU officers attempted to murder former GRU double agent Sergei Skripal with Novichok. Russia denied any involvement.

– Britain said GRU was behind the BadRabbit attack of 2017, the hack of the Democratic National Committee in 2016, and attacks on the computer systems of both the Foreign Office and the Defence Science and Technology Laboratory in 2018. Russia said the accusations were fiction.

– The Netherlands said it caught four GRU cyberspies trying to hack into the Organization for the Prohibition of Chemical Weapons. It said the same group, known as unit 26165, had targeted the investigation into the downing of Malaysia Airlines flight MH-17.

– The United States charged seven GRU officers with plots to hack the World Anti-Doping Agency which had exposed a Russian doping program.

– GRU played a significant role in the 2014 annexation of Crimea, the conflict in Ukraine and the 2008 conflict with Georgia.

Note: The GRU does not have its own public web site and does not comment publicly on its actions. Its structure, staff numbers and financing are state secrets.

What is GRU’s history?

Russian spies trace their history back to at least the reign of Ivan the Terrible in the 16th Century, who established a feared espionage service.

The GRU was founded as the Registration Directorate in 1918 after the Bolshevik Revolution. Soviet state founder Vladimir Lenin insisted on its independence from other secret services, which saw it as a rival.

While the once mighty KGB was broken up during the 1991 collapse of the Soviet Union, the GRU remained intact.

GRU officers played a significant role in some of the key junctures of the Cold War and post-Soviet history – from the Cuban Missile crisis to Afghan war and the annexation of Crimea.

The public was given a rare chance to see parts of the GRU’s Moscow headquarters when Putin visited it in 2006. He was shown taking part in shooting practice.

(Editing by Richard Balmforth)

Dutch government says it disrupted Russian attempt to hack chemical weapons watchdog

Dutch Minister of Defence Ank Bijleveld speaks during a news conference in The Hague, Netherlands, October 4, 2018. REUTERS/Piroschka van de Wouw

By Anthony Deutsch and Stephanie van den Berg

THE HAGUE (Reuters) – Dutch authorities disrupted an attempt in April by Russian intelligence agents to hack the Organization for the Prohibition of Chemical Weapons, Defence Minister Ank Bijleveld said on Thursday.

At a news conference in The Hague, Bijleveld called on Russia to cease its cyber activities aimed at “undermining” Western democracies.

She noted that the U.S. Department of Justice is expected to issue indictments of suspected Russian spies later on Thursday, in part due to information gleaned from the Dutch operation.

According to a presentation by the head of the Netherlands’ military intelligence agency, four Russians arrived in the Netherlands on April 10 and were caught on the 13th with spying equipment at a hotel next to the OPCW headquarters.

The men were not successful in breaching OPCW systems, the minister said.

At a presentation, Dutch Major General Onno Eichelsheim showed the antennae, laptops and other equipment the men intended to use to breach the OPCW’s wifi network. He said the spies were caught red-handed and attempted to destroy some of their own equipment to conceal what they had been doing.

At the time, the OPCW was working to verify the identity of the substance used in the March attack in Salisbury, Britain, on former Russian spy Sergei Skripal and his daughter Yulia. It was also seeking to verify the identity of a substance used in an attack in Douma, Syria.

The four Russians in the Netherlands were detained in April and expelled to Russia and not immediately prosecuted because the operation was considered military, not police, Eichelsheim said.

The men, who were also believed to have spied on the investigation into the 2014 downing of Malaysia Airlines flight MH17 had planned to travel on from the Netherlands to a laboratory in Spiez, Switzerland used by the OPCW to analyze chemical weapons samples, he said.

They were instead “put on a flight to Moscow,” said Bijleveld.

Eichelsheim warned against being naive and considering the Netherlands as relatively safe from Russian cyber attacks.

Russian military intelligence “is active here in the Netherlands … where a lot of international organizations are (based),” Eichelsheim said.

(Reporting by Toby Sterling; Editing by Janet Lawrence)

U.S. judge will not force Georgia to use paper ballots despite concerns

FILE PHOTO: Georgia Secretary of State Brian Kemp speaks with visitors to the state capitol about the "SEC primary" involving a group of southern states voting next month in Atlanta, Georgia February 24, 2016. REUTERS/Letitia Stein/File Photo

By Gina Cherelus

(Reuters) – A federal judge will not force Georgia to use paper ballots for the November election, citing the potential for last-minute confusion, but expressed concern that the state’s electronic machines could be vulnerable to hacking.

U.S. District Judge Amy Totenberg said in a ruling late on Monday that while it is important for citizens to know their ballots are properly counted, voters also must rely on a smooth process, especially in a fast-approaching election race.

“Ultimately, any chaos or problems that arise in connection with a sudden rollout of a paper ballot system with accompanying scanning equipment may swamp the polls with work and voters – and result in voter frustration and disaffection from the voting process,” Totenberg said in a 46-page decision.

The state’s November contests include a gubernatorial race that is among the most high-profile in the country. Democrat Stacey Abrams faces Secretary of State Brian Kemp, who is responsible for the state’s elections and is named as a defendant in the lawsuit.

If elected, Abrams would be the first black female governor in the United States.

Georgia is one of five states that use touchscreen machines with no paper record.

Voting rights groups and individual voters sued Georgia officials in 2017, alleging that the electronic machines are highly vulnerable to hacking and cannot be audited or verified. The judge’s decision to reject their request to require paper ballots in November does not affect the underlying lawsuit, which will continue.

An attorney for the plaintiffs, David Cross, said that while they were disappointed the judge had not imposed paper ballots for November, her decision was nevertheless a victory because she agreed the current election system is “woefully inadequate and insecure.”

Georgia has used direct-recording electronic (DRE) voting machines exclusively since 2002. The machines have drawn criticism from various advocacy groups and federal agencies, including U.S. Department of Homeland Security officials who called the systems a “national security concern” in March, according to Totenberg.

“Plaintiffs shine a spotlight on the serious security flaws and vulnerabilities in the state’s DRE system,” Totenberg said in the court order.

A representative from Kemp’s office did not immediately respond to a request for comment on Tuesday. Kemp on Monday said that Georgia’s electronic voting machines are secure and that switching to paper ballots would cause “chaos,” according to the Atlantic Journal-Constitution newspaper.

(Reporting by Gina Cherelus in New York; Editing by Joseph Ax and Susan Thomas)

Exclusive: Iran-based political influence operation – bigger, persistent, global

FILE PHOTO: Silhouettes of mobile users are seen next to a screen projection of Instagram logo in this picture illustration taken March 28, 2018. REUTERS/Dado Ruvic/Illustration

By Jack Stubbs and Christopher Bing

LONDON/WASHINGTON (Reuters) – An apparent Iranian influence operation targeting internet users worldwide is significantly bigger than previously identified, Reuters has found, encompassing a sprawling network of anonymous websites and social media accounts in 11 different languages.

Facebook and other companies said last week that multiple social media accounts and websites were part of an Iranian project to covertly influence public opinion in other countries. A Reuters analysis has identified 10 more sites and dozens of social media accounts across Facebook, Instagram, Twitter and YouTube.

U.S.-based cybersecurity firm FireEye Inc and Israeli firm ClearSky reviewed Reuters’ findings and said technical indicators showed the web of newly-identified sites and social media accounts – called the International Union of Virtual Media, or IUVM – was a piece of the same campaign, parts of which were taken down last week by Facebook Inc, Twitter Inc and Alphabet Inc.

IUVM pushes content from Iranian state media and other outlets aligned with the government in Tehran across the internet, often obscuring the original source of the information such as Iran’s PressTV, FARS news agency and al-Manar TV run by the Iran-backed Shi’ite Muslim group Hezbollah.

PressTV, FARS, al-Manar TV and representatives for the Iranian government did not respond to requests for comment. The Iranian mission to the United Nations last week dismissed accusations of an Iranian influence campaign as “ridiculous.”

The extended network of disinformation highlights how multiple state-affiliated groups are exploiting social media to manipulate users and further their geopolitical agendas, and how difficult it is for tech companies to guard against political interference on their platforms.

In July, a U.S. grand jury indicted 12 Russians whom prosecutors said were intelligence officers, on charges of hacking political groups in the 2016 U.S. presidential election. U.S. officials have said Russia, which has denied the allegations, could also attempt to disrupt congressional elections in November.

Ben Nimmo, a senior fellow at the Atlantic Council’s Digital Forensic Research Lab who has previously analyzed disinformation campaigns for Facebook, said the IUVM network displayed the extent and scale of the Iranian operation.

“It’s a large-scale amplifier for Iranian state messaging,” Nimmo said. “This shows how easy it is to run an influence operation online, even when the level of skill is low. The Iranian operation relied on quantity, not quality, but it stayed undetected for years.”

FURTHER INVESTIGATIONS

Facebook spokesman Jay Nancarrow said the company is still investigating accounts and pages linked to Iran and had taken more down on Tuesday.

“This is an ongoing investigation and we will continue to find out more,” he said. “We’re also glad to see that the information we and others shared last week has prompted additional attention on this kind of inauthentic behavior.”

Twitter referred to a statement it tweeted on Monday shortly after receiving a request for comment from Reuters. The statement said the company had removed a further 486 accounts for violating its terms of use since last week, bringing the total number of suspended accounts to 770.

“Fewer than 100 of the 770 suspended accounts claimed to be located in the U.S. and many of these were sharing divisive social commentary,” Twitter said.

Google declined to comment but took down the IUVM TV YouTube account after Reuters contacted the company with questions about it. A message on the page on Tuesday said the account had been “terminated for a violation of YouTube’s Terms of Service.”

IUVM did not respond to multiple emails or social media messages requesting comment.

The organization does not conceal its aims, however. Documents on the main IUVM website  said its headquarters are in Tehran and its objectives include “confronting with remarkable arrogance, western governments, and Zionism front activities.”

APP STORE AND SATIRICAL CARTOONS

IUVM uses its network of websites – including a YouTube channel, breaking news service, mobile phone app store, and a hub for satirical cartoons mocking Israel and Iran’s regional rival Saudi Arabia – to distribute content taken from Iranian state media and other outlets which support Tehran’s position on geopolitical issues.

Reuters recorded the IUVM network operating in English, French, Arabic, Farsi, Urdu, Pashto, Russian, Hindi, Azerbaijani, Turkish and Spanish.

Much of the content is then reproduced by a range of alternative media sites, including some of those identified by FireEye last week as being run by Iran while purporting to be domestic American or British news outlets.

For example, an article run by in January by Liberty Front Press – one of the pseudo-U.S. news sites exposed by FireEye – reported on the battlefield gains made by the army of Iranian ally Syrian President Bashar al-Assad. That article was sourced to IUVM but actually lifted from two FARS news agency stories.

FireEye analyst Lee Foster said iuvmpress.com, one of the biggest IUVM websites, was registered in January 2015 with the same email address used to register two sites already identified as being run by Iran. ClearSky said multiple IUVM sites were hosted on the same server as another website used in the Iranian operation.

(Reporting by Jack Stubbs in LONDON, Christopher Bing in WASHINGTON; Additional reporting by Bozorgmehr Sharafedin in LONDON; Editing by Damon Darlin and Grant McCool)

More U.S. states deploy technology to track election hacking attempts

FILE PHOTO: A man types into a keyboard during the Def Con hacker convention in Las Vegas, Nevada, U.S. on July 29, 2017. REUTERS/Steve Marcus/File Photo

By Christopher Bing

WASHINGTON (Reuters) – A majority of U.S. states has adopted technology that allows the federal government to see inside state computer systems managing voter data or voting devices in order to root out hackers.

Two years after Russian hackers breached voter registration databases in Illinois and Arizona, most states have begun using the government-approved equipment, according to three sources with knowledge of the deployment. Voter registration databases are used to verify the identity of voters when they visit polling stations.

The rapid adoption of the so-called Albert sensors, a $5,000 piece of hardware developed by the Center for Internet Security https://www.cisecurity.org, illustrates the broad concern shared by state government officials ahead of the 2018 midterm elections, government cybersecurity experts told Reuters.

CIS is a nonprofit organization based in East Greenbush, N.Y., that helps governments, businesses and organization fight computer intrusions.

“We’ve recently added Albert sensors to our system because I believe voting systems have tremendous vulnerabilities that we need to plug; but also the voter registration systems are a concern,” said Neal Kelley, chief of elections for Orange County, California.

“That’s one of the things I lose sleep about: It’s what can we do to protect voter registration systems?”

As of August 7, 36 of 50 states had installed Albert at the “elections infrastructure level,” according to a Department of Homeland Security official. The official said that 74 individual sensors across 38 counties and other local government offices have been installed. Only 14 such sensors were installed before the U.S. presidential election in 2016.

“We have more than quadrupled the number of sensors on state and county networks since 2016, giving the election community as a whole far greater visibility into potential threats than we’ve ever had in the past,” said Matthew Masterson, a senior adviser on election security for DHS.

The 14 states that do not have a sensor installed ahead of the 2018 midterm elections have either opted for another solution, are planning to do so shortly or have refused the offer because of concerns about federal government overreach. Those 14 states were not identified by officials.

But enough have installed them that cybersecurity experts can begin to track intrusions and share that information with all states. The technology directly feeds data about cyber incidents through a non-profit cyber intelligence data exchange and then to DHS.

“When you start to get dozens, hundreds of sensors, like we have now, you get real value,” said John Gilligan, the chief executive of CIS.

“As we move forward, there are new sensors that are being installed literally almost every day. Our collective objective is that all voter infrastructure in states has a sensor.”

Top U.S. intelligence officials have predicted that hackers working for foreign governments will target the 2018 and 2020 elections.

Maria Benson, a spokesperson for the National Association of Secretaries of States, said that in some cases installations have been delayed because of the time spent working out “technical and contractual arrangements.”

South Dakota and Wyoming are among the states without Albert fully deployed to protect election systems, a source with knowledge of the matter told Reuters.

The South Dakota Secretary of State’s office did not respond to a request for comment. The Wyoming Secretary of State’s office said it is currently considering expanding use of the sensors.

(Reporting by Chris Bing; Editing by Damon Darlin and Dan Grebler)

Chinese hackers targeted U.S. firms, government after trade mission: researchers

A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

By Christopher Bing and Jack Stubbs

WASHINGTON/LONDON (Reuters) – Hackers operating from an elite Chinese university probed American companies and government departments for espionage opportunities following a U.S. trade delegation visit to China earlier this year, security researchers told Reuters.

Cybersecurity firm Recorded Future said the group used computers at China’s Tsinghua University to target U.S. energy and communications companies, and the Alaskan state government, in the weeks before and after Alaska’s trade mission to China. Led by Governor Bill Walker, companies and economic development agencies spent a week in China in May.

Organizations involved in the trade mission were subject to focused attention from Chinese hackers, underscoring the tensions around an escalating tit-for-tat trade war between Washington and Beijing.

China was Alaska’s largest foreign trading partner in 2017 with over $1.32 billion in exports.

Recorded Future said in a report to be released later on Thursday that the websites of Alaskan internet service providers and government offices were closely inspected in May by university computers searching for security flaws, which can be used by hackers to break into normally locked and confidential systems.

The Alaskan government was again scanned for software vulnerabilities in June, just 24 hours after Walker said he would raise concerns in Washington about the economic damage caused by the U.S.-China trade dispute.

A Tsinghua University official, reached by telephone, said the allegations were false.

“This is baseless. I’ve never heard of this, so I have no way to give a response,” said the official, who declined to give his name.

Tsinghua University, known as “China’s MIT,” is closely connected to Tsinghua Holdings, a state-backed company focused on the development of various technologies, including artificial intelligence and robotics.

China’s Defense Ministry did not respond to a request for comment.

Recorded Future gave a copy of its report to law enforcement. The FBI declined to comment.

It is unclear whether the targeted systems were compromised, but the highly focused, extensive and peculiar scanning activity indicates a “serious interest” in hacking them, said Priscilla Moriuchi, director of strategic threat development at Recorded Future and former head of the National Security Agency’s East Asia and Pacific cyber threats office.

“The spike in scanning activity at the conclusion of trade discussions on related topics indicates that the activity was likely an attempt to gain insight into the Alaskan perspective on the trip and strategic advantage in the post-visit negotiations,” Recorded Future said in the report.

The targeted organizations included Alaska Communications Systems Group In, Ensco Atwood Oceanics, the Alaska Department of Natural Resources, the Alaska governor’s office and regional internet service provider TelAlaska.

Alaska Communications declined to comment. The others did not respond to requests for comment.

U.S.-China trade tensions have escalated in recent months with both sides imposing a series of punitive tariffs and restrictions across multiple industries, and threatening more.

The economic conflict has also damaged cooperation in cyberspace following a 2015 agreement by Beijing and Washington to stop cyber-enabled industrial espionage, Moriuchi said.

“In the fall of 2015, cybersecurity cooperation was seen as a bright spot in the U.S.-China relationship,” she said.

“It was seen as a topic that the U.S. and China could actually have substantive discussions on. That’s not really the case anymore, especially with this trade war that both sides have vowed not to lose.”

(Reporting by Christopher Bing in Washington and Jack Stubbs in London; Additional reporting by Gao Liangping and Ben Blanchard in Beijing; Editing by Lisa Shumaker)

U.S. officials warn Congress on 2018 election hacking threats

U.S. Secretary of Homeland Security Kirstjen Nielsen speaks to reporters after she, FBI Director Christopher Wray and Director of National Intelligence Daniel Coats briefed members of the U.S. House of Representatives on election security at the U.S. Capitol in Washington, U.S., May 22, 2018. REUTERS/Leah Millis

By David Shepardson

WASHINGTON (Reuters) – Senior Trump administration officials warned Congress on Tuesday of ongoing efforts by Russia to interfere in the 2018 midterm congressional elections as the federal government prepares to hand out $380 million in election security funding to states.

At a briefing attended by about 40 or 50 members of the 435-member U.S. House of Representatives, the heads of FBI, Homeland Security Department and the director of National Intelligence said states and cities overseeing elections need to be prepared for threats.

DHS Secretary Kirstjen Nielsen told reporters she agreed Russia was trying to influence the 2018 elections.

“We see them continuing to conduct foreign influence campaigns,” Nielsen said, but added there is no evidence of Russia targeting specific races.

Nielsen said DHS is watching other countries that have the capability to influence U.S. elections, including China and Iran. “We need to be prepared,” she said.

Chris Krebs, a senior DHS cyber security official, told Reuters that the administration was sending states guidance on how to spend the $380 million approved by Congress in March to help safeguard U.S. voting systems from cyber attacks. The funds are expected to be distributed later this week.

DHS is assisting 48 states with election security. It handed out a chart at the briefing to members that said states need to have auditable systems, spend time on planning, training and drills and they should “consider investing in full system architecture reviews.”

Representative Michael McCaul, who chairs the House Homeland Security Committee, said after the briefing that members are concerned that “not only Russia but possibly other foreign adversaries are now going to start looking at how they can meddle in the midterm elections and we need to be prepared. We were caught off guard last time.”

U.S. intelligence agencies have concluded that Russian leadership at a very high level was involved in the attempt to interfere in the U.S. election in order to boost President Donald Trump’s candidacy.

Russia has denied interfering in U.S. elections.

Several Democrats after the briefing expressed concern that the federal government was not doing enough to safeguard elections.

“It is clear that our government must do more and whatever possible to secure our elections from foreign interference. The integrity of our democracy is at stake,” said Representative Bennie Thompson, the top Democrat on the Homeland Security Committee.

UNPRECEDENTED, COORDINATED

A May 8 U.S. Senate report said that in 2016 “cyber actors affiliated with the Russian Government conducted an unprecedented, coordinated cyber campaign against state election infrastructure.” Russian actors “scanned databases for vulnerabilities, attempted intrusions, and in a small number of cases successfully penetrated a voter registration database.”

The report said in a small number of states, “these cyber actors were in a position to, at a minimum, alter or delete voter registration data.”

Krebs said on Tuesday that DHS wanted states to “increase awareness” and have a “layered defense.”

If a voter’s information was missing, for example, they could request a provisional ballot. “If we do detect something, we can overcome it,” he said.

During the 2016 campaign, hackers stole emails from the personal account of Democratic candidate Hillary Clinton’s campaign chairman and from the Democratic National Committee, and they were used to embarrass Clinton.

Representative C.A. “Dutch” Ruppersberger, said members of Congress need to be aware of cyber risks. “We need to focus on it, make it a priority,” he said.

DHS said in March it is prioritizing election cyber security above all other critical infrastructure it protects.

The agency has said that 21 states had experienced initial probing of their systems from Russian hackers in 2016 and that a small number of networks were compromised, but that there remains no evidence any votes were actually altered.

Representative Adam Schiff, the top Democrat on the Intelligence Committee, told reporters the federal government should quickly alert states if they learn of election system hacking.

He also wants a “real-time communications channel” between the intelligence community and technology companies in order to assure that internet firms are notified if evidence emerges that Russia is creating fake Facebook Inc <FB.O> pages or taking other actions to influence the elections.

(Reporting by David Shepardson; additional reporting by Susan Cornwell; editing by Bill Berkrot)