Tag Archives: Hacking

G20 to jointly fight bank sector hacking

A general view shows the G20 Finance Ministers and Central Bank Governors Meeting in Baden-Baden, Germany, March 17, 2017. REUTERS/Kai Pfaffenbach

By Balazs Koranyi

BADEN-BADEN, Germany (Reuters) – The world’s biggest economies will pledge to jointly fight cyber attacks on the global banking system, one of the biggest coordinated efforts yet to protect lenders since an $81 million heist of the Bangladesh central bank’s account last year.

Meeting in the German resort town of Baden-Baden, G20 finance chiefs will agree to fight attacks regardless of their origin and promise cross-border cooperation to maintain financial stability, according to a draft document seen by Reuters.

“We will promote the resilience of financial services and institutions in G20 jurisdictions against malicious use of information and communication technologies, including from countries outside the G20,” it said.

However, it dropped an earlier reference for enhanced security requirements for financial services.

Cyber crime became a top priority after an elaborate heist on the Bangladesh central bank’s account at the Federal Reserve Bank of New York last year, an unprecedented theft that exposed the vulnerabilities of the system.

The agreement, set to be finalised on Saturday, will come just days after the United States charged two intelligence agents from Russia, another G20 member, with masterminding the 2014 theft of 500 million Yahoo accounts.

The indictment was the first time U.S. authorities have criminally charged Russian spies for cyber offences including for computer fraud, economic espionage, theft of trade secrets, and wire fraud.

The charges came amid a swirl of controversies relating to alleged Kremlin-backed hacking of the 2016 U.S. presidential election and possible links between Russian figures and associates of U.S. President Donald Trump.

In the banking world, attacks through the global SWIFT bank transfer system have continued to increase with the network recording a “meaningful” number of attacks with about a fifth of them resulting in stolen funds since the Bangladesh heist, the firm said late last year.

In other highly publicized attacks, retailer Tesco Plc’s banking arm said 2.5 million pounds ($3 million) had been stolen from 9,000 customers last year while hackers also stole more than 2 billion rubles ($34 million) from correspondent accounts at the Russian central bank and from accounts in commercial banks.

The European Union is considering testing banks’ defenses against cyber attacks with concerns growing about the industry’s vulnerability to hacking.

(Editing by Julia Glover)

U.S. indicts Russian spies, hackers over massive Yahoo hack

Acting AAG for National Security Mary McCord speaks in front of a poster of a suspected Russian hacker during FBI National Security Division and the U.S. Attorney's Office for the Northern District of California joint news conference at the Justice Department in Washington, U.S., March 15, 2017. REUTERS/Yuri Gripas

By Dustin Volz

WASHINGTON (Reuters) – The U.S. government on Wednesday unsealed charges against two Russian spies and two criminal hackers for allegedly pilfering 500 million Yahoo user accounts in 2014.

The indictments, announced at a news conference in Washington, represent the first time the U.S. government has criminally charged Russian officials for cyber offenses.

The contents of at least 30 million accounts were accessed as part of a spam campaign and at least 18 people who used other internet service providers, such as Google, were also victimized, the government charged.

The officers of the FSB, Russia’s Federal Security Service, which is a successor to the KGB, were identified as Dmitry Dokuchaev and his superior, Igor Sushchin, the government said.

Both men are in Russia, it said.

Alexsey Belan, who is on the list of most-wanted cyber criminals, and Karim Baratov, who was born in Kazakhstan but has Canadian citizenship, were also named in the indictment.

The Justice Department said Baratov was arrested in Canada on Tuesday and his case is pending with Canadian authorities.

Belan was arrested in Europe in June 2013 but escaped to Russia before he could be extradited to the United States, according to the Justice Department.

“The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cyber crime matters, is beyond the pale,” said Acting Assistant Attorney General Mary McCord.

McCord said the hacking campaign was waged by the FSB to collect intelligence but that the two hackers used the collected information as an opportunity to “line their pockets.”

The United States does not have an extradition treaty with Russia, but McCord said she was hopeful Russian authorities would cooperate in bringing criminals to justice. The United States often charges cyber criminals with the intent of deterring future state-sponsored activity.

The administration of former President Barack Obama brought similar charges against Chinese and Iranian hackers who have not been extradited.

The 47-count indictment includes conspiracy, computer fraud and abuse, economic espionage, theft of trade secrets, wire fraud, access device fraud and aggravated identify theft.

The charges are not related to the hacking of Democratic Party emails during the 2016 U.S. presidential election. Intelligence agencies have said they were carried out by Russia to help the campaign of Republican candidate Donald Trump.

Yahoo said when it announced the then-unprecedented breach last September that it believed the attack was state-sponsored, and on Wednesday the company said the indictment “unequivocally shows” that to be the case.

Yahoo in December also announced a breach that occurred in 2013 affecting one billion accounts, though it has not linked that intrusion to the one in 2014.

The Russian hacking conspiracy, which began as early as 2014, allowed Belan to use his relationship with the Russian spy agency and access to Yahoo’s network to engage in financial crimes, according to the indictment.

The breaches were the latest in a series of setbacks for the Internet pioneer, which has fallen on hard times in recent years after being eclipsed by younger, fast-growing rivals including Alphabet Inc’s Google and Facebook Inc.

Yahoo’s disclosure of the years-old cyber invasions and its much-criticized slow response forced it to accept a discount of $350 million in what had been a $4.83 billion deal to sell its main assets to Verizon Communications Inc.

Shares of Yahoo were down 0.9 percent.

“We’re committed to keeping our users and our platforms secure and will continue to engage with law enforcement to combat cyber crime,” Chris Madsen, Yahoo’s assistant general counsel, said in a statement.

(Reporting by Dustin Volz and Joseph Menn; Additional reporting by Julia Edwards; Editing by Jeffrey Benkoe and James Dalgleish)

WikiLeaks offers CIA hacking tools to tech companies: Assange

WikiLeaks founder Julian Assange makes a speech from the balcony of the Ecuadorian Embassy, in central London, Britain February 5, 2016. REUTERS/Peter Nicholls/Files

By Dustin Volz and Eric Auchard

WASHINGTON/FRANKFURT (Reuters) – WikiLeaks will provide technology companies with exclusive access to CIA hacking tools that it possesses, to allow them to patch software flaws, founder Julian Assange said on Thursday.

The offer, if legitimate, could put Silicon Valley in the unusual position of deciding whether to cooperate with Assange, a man believed by some U.S. officials and lawmakers to be an untrustworthy pawn of Russian President Vladimir Putin, or a secretive U.S. spy agency.

It was not clear how WikiLeaks intended to cooperate with technology companies, or if they would accept his offer. The anti-secrecy group published documents on Tuesday describing secret Central Intelligence Agency hacking tools and snippets of computer code. It did not publish the full programs that would be needed to actually conduct cyber exploits against phones, computers and Internet-connected televisions.

Representatives of Alphabet Inc’s Google Apple Inc, Microsoft Corp <MSFT.O> and Cisco Systems Inc <CSCO.O>, all of whose wares are subject to attacks described in the documents, did not immediately respond to requests for comment before regular business hours on the U.S. West Coast.

“Considering what we think is the best way to proceed and hearing these calls from some of the manufacturers, we have decided to work with them to give them some exclusive access to the additional technical details that we have so that the fixes can be developed and pushed out, so people can be secure,” Assange said during a press conference broadcast via Facebook Live.

Responding to Assange’s comments, CIA spokesman Jonathan Liu, said in a statement, “As we’ve said previously, Julian Assange is not exactly a bastion of truth and integrity.”

“Despite the efforts of Assange and his ilk, CIA continues to aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nation states and other adversaries.”

The disclosures alarmed the technology world and among consumers concerned about the potential privacy implications of the cyber espionage tactics that were described.

One file described a program known as Weeping Angel that purportedly could take over a Samsung smart television, making it appear it was off when in fact it was recording conversations in the room.

Other documents described ways to hack into Apple Inc <AAPL.O> iPhones, devices running Google’s <GOOGL.O> Android software and other gadgets in a way that could observe communications before they are protected by end-to-end encryption offered by messaging apps like Signal or WhatsApp.

Several companies have already said they are confident that their recent security updates have already accounted for the purported flaws described in the CIA documents. Apple said in a statement on Tuesday that “many of the issues” leaked had already been patched in the latest version of its operating system.

WikiLeaks’ publication of the documents reignited a debate about whether U.S. intelligence agencies should hoard serious cyber security vulnerabilities rather than share them with the public. An interagency process created under former President Barack Obama called for erring on the side of disclosure.

President Donald Trump believed changes were needed to safeguard secrets at the CIA, White House spokesman Sean Spicer told a news briefing on Thursday. “He believes that the systems at the CIA are outdated and need to be updated.”

Two U.S. intelligence and law enforcement officials told Reuters on Wednesday that intelligence agencies have been aware since the end of last year of a breach at the CIA, which led to WikiLeaks releasing thousands of pages of information on its website.

The officials, speaking on condition of anonymity, said contractors likely breached security and handed over the documents to WikiLeaks. The CIA has declined to comment on the authenticity of the documents leaked, but the officials said they believed the pages about hacking techniques used between 2013 and 2016 were authentic.

Contractors have been revealed as the source of sensitive government information leaks in recent years, most notably Edward Snowden and Harold Thomas Martin, both employed by consulting firm Booz Allen Hamilton <BAH.N> while working for the National Security Agency.

Assange said he possessed “a lot more information” about the CIA’s cyber arsenal that would be released soon. He criticized the CIA for “devastating incompetence” for not being able to control access to such sensitive material.

Nigel Farage, the former leader of the populist UK Independence Party, visited Assange at the Ecuadorean embassy in London earlier on Thursday. A representative for Farage said he was unaware what was discussed.

Assange has been holed up since 2012 at the embassy, where he fled to avoid extradition to Sweden over allegations of rape, which he denies.

(Reporting by Dustin Volz; Additional reporting by Eric Auchard in Frankfurt, Joseph Menn in San Francisco and Guy Falconbridge in London; Editing by Frances Kerry and Grant McCool)

New York state cyber security regulation to take effect March 1

projection of man in binary code representing cyber security or cyber attack

By Karen Freifeld and Jim Finkle

NEW YORK/BOSTON (Reuters) – New York state on Thursday announced final regulations requiring banks and insurers to meet minimum cyber-security standards and report breaches to regulators as part of an effort to combat a surge in cyber crime and limit damages to consumers.

The rules, in the works since 2014, followed a series of high-profile data breaches that resulted in losses of hundreds of millions of dollars to U.S. companies, including Target Corp, Home Depot Inc and Anthem Inc .

They lay out unprecedented requirements on steps financial firms must take to protect their networks and customer data from hackers and disclose cyber events to state regulators.

“These strong, first-in-the-nation protections will help ensure this industry has the necessary safeguards in place” to protect businesses and clients “from the serious economic harm caused by these devastating cyber-crimes,” Governor Andrew Cuomo said in a statement.

The state in December delayed implementation of the rules by two months and loosened some requirements after financial firms complained they were onerous and said they would need more time to comply.

The new rules call for banks and insurers to scrutinize security at third-party vendors that provide them goods and services. In 2015, the New York Department of Financial Services found that a third of 40 banks polled did not require outside vendors to notify them of breaches that could compromise data.

The revised rule requires firms to perform risk assessments in order to design a program particular to them, and gives them at least a year-and-a-half to comply with the requirements. The final rule took into account the burden on smaller companies, a spokeswoman for the agency said.

Covered entities must annually certify compliance.

Institutions subject to the regulation include state-chartered banks, as well as foreign banks licensed to operate in the state, along with any insurer that does business in New York.

A task force of U.S. state insurance regulators is also developing a model cyber security law, which individual state legislatures could ultimately choose to adopt.

Hong Kong police struggle to stop brokerage hacking spree

Electric display chart

By Michelle Price

HONG KONG (Reuters) – Hong Kong police are struggling to deal with digital pump-and-dump schemes targeting brokerages – a little-known type of computer-generated fraud that surged in the Chinese territory last year.

Although the money involved was small – only about $20 million worth of shares – there were 81 such incidents reported in 2016, more than triple the number in 2015, according to police.

In the scheme, criminals invest in thinly traded penny stocks and then manipulate their share prices by ordering trades from hacked brokerage accounts. They earn profits by selling before the fraudulent trades are reported.

After last year’s cyber-heist of $81 million at Bangladesh’s central bank and a series of hacks of ATM’s around the world, authorities fear such pump-and-dump schemes could be increasingly used for electronic theft.

Hong Kong is a favored place for such attacks because of the number of thinly-traded penny stocks in the territory and because its securities industry has fallen behind other financial centers in defending against cyber fraud.

At least seven brokers and eight banks have been targeted in Hong Kong, including HSBC Holdings Plc and Bank of China International (BOCI) Securities, according to regulators and people familiar with confidential investigations.

A spokesman for HSBC declined to comment.

A spokeswoman for BOCI Securities said he could not comment on its case but the brokerage would continue to invest in IT security.

“If you ask regulators in the industry what is the number one threat, not surprisingly it’s all about cyber attacks,” Ashley Alder, CEO of the Hong Kong Securities and Futures Commission (SFC) and chairman of the International Organization of Securities Commissions, said in a speech to the local legislature last week.

“We’ve seen that happen not only in banking but also at brokers in Hong Kong, in particular recent attacks to do with basically hijacking share trading accounts.”

Such schemes surfaced more than a decade ago in the United States. Charles Schwab Corp, E*Trade Financial Corp and JP Morgan Chase & Co. were identified as victims of these schemes in a 2006 complaint filed by the Securities and Exchange Commission.

The pace of attacks reported in the United States has slowed in recent years after big brokerages implemented a variety of strategies to thwart the hacks, said John Reed Stark, a former chief of the Securities and Exchange Commission’s (SEC) Office of Internet Enforcement.

Some use algorithms to identify and halt unusual trading activity, others scrutinize Internet traffic for orders coming from suspicious servers and one stopped permitting customers to use its online trading platform from buying penny stocks, said Stark, who now runs cyber-security consulting firm John Reed Stark Consulting LLC.

But such protections are rare in Hong Kong, where the government has only recently started suggesting security improvements to banks and brokerages which have traditionally considered stock trading to be low-risk.

TWO-FACTOR AUTHENTICATION

The Hong Kong SFC last year told firms to increase surveillance of client transactions and data protection.

Authorities believe that hackers accessed brokerage accounts using stolen or guessed passwords, according to investigators. This might have been thwarted if they were protected with two-factor authentication, the Hong Kong Monetary Authority has said.

Two-factor authentication typically includes a password and a piece of information only the user has, for instance an electronic token with changing numbers.

“Hong Kong is being targeted because they have not instituted the same cyber protections that we see in the U.S. and certain parts of Europe,” said Jeff Cramer, a former U.S. prosecutor.

Cramer, who is managing director with cyber-security investigations firm Berkeley Research Group, said he expects to see more attacks in Hong Kong and perhaps other Asian nations, including China, Japan and South Korea that are also behind in cyber security.

FIGHTING BACK

Such pump and dump cases have proven tough to crack in the United States because the masterminds are typically overseas, using surrogates and pseudonyms to make investments.

Brokerages are typically not required to go public when they are hacked, so cases often only surface when the government files a complaint against suspected cyber criminals, or the hack results in litigation.

The attack involving BOCI Securities year became public after it was sued by a customer that claimed its account was breached.

Trading firm Fast Track Holdings Limited alleged in court documents that somebody hacked into its brokerage account on the afternoon of September 23 using a valid user ID and password. Within 18 minutes, the intruder had emptied the account by spending HK$38 million to buy 49 million shares of thinly traded Pa Shun Pharmaceutical, according to Fast Track.

The stock soared more than 30 percent after the purchase, which was made at a 36 percent premium to the previous day’s closing price, Reuters data shows.

BOCI alerted Fast Track of the suspicious activity an hour later, but it has said in court documents it should not be held financially responsible, saying it found no evidence its systems had been compromised.

Peter Pang, Pa Shun’s CFO, told Reuters the management “would keep an eye to the incident and report to the regulators and the public when necessary”.

One person familiar with the case said Fast Track’s management believes the incident was a pump and dump scam and that Pa Shun was targeted because it is thinly-traded, but it remained unclear who was responsible.

Fast Track’s directors did not respond to requests for comment.

(Additional reporting by Jim Finkle in Boston and Jessica Yu, Katy Wong and Donny Kwok in Hong Kong; Editing by Raju Gopalakrishnan)

‘Digital Geneva Convention’ needed to deter nation-state hacking: Microsoft president

microsoft president brad smith

By Dustin Volz

SAN FRANCISCO (Reuters) – Microsoft President Brad Smith on Tuesday pressed the world’s governments to form an international body to protect civilians from state-sponsored hacking, saying recent high-profile attacks showed a need for global norms to police government activity in cyberspace.

Countries need to develop and abide by global rules for cyber attacks similar to those established for armed conflict at the 1949 Geneva Convention that followed World War Two, Smith said. Technology companies, he added, need to preserve trust and stability online by pledging neutrality in cyber conflict.

“We need a Digital Geneva Convention that will commit governments to implement the norms needed to protect civilians on the internet in times of peace,” Smith said in a blog post.

Smith outlined his proposal during keynote remarks at this week’s RSA cybersecurity conference in San Francisco, following a 2016 U.S. presidential election marred by the hacking and disclosure of Democratic Party emails that U.S. intelligence agencies concluded were carried out by Russia in order to help Republican Donald Trump win.

Cyber attacks have increasingly been used in recent years by governments to achieve foreign policy or national security objectives, sometimes in direct support of traditional battlefield operations. Despite a rise in attacks on governments, infrastructure and political institutions, few international agreements currently exist governing acceptable use of nation-state cyber attacks.

The United States and China signed a bilateral pledge in 2015 to refrain from hacking companies in order to steal intellectual property. A similar deal was forged months later among the Group of 20 nations.

Smith said President Donald Trump has an opportunity to build on those agreements by sitting down with Russian President Vladimir Putin to “hammer out a future agreement to ban the nation-state hacking of all the civilian aspects of our economic and political infrastructures.”

A Digital Geneva Convention would benefit from the creation of an independent organization to investigate and publicly disclose evidence that attributes nation-state attacks to specific countries, Smith said in his blog post.

Smith likened such an organization, which would include technical experts from governments and the private sector, to the International Atomic Energy Agency, a watchdog based at the United Nations that works to deter the use of nuclear weapons.

Smith also said the technology sector needed to work collectively and neutrally to protect internet users around the world from cyber attacks, including a pledge not to aid governments in offensive activity and the adoption of a coordinated disclosure process for software and hardware vulnerabilities.

(Reporting by Dustin Volz; Editing by Dan Grebler)

U.S. makes limited exceptions to sanctions on Russian spy agency

cars drive past headquarters

By Joel Schectman and Dustin Volz

WASHINGTON (Reuters) – The U.S. Treasury Department on Thursday adjusted sanctions on Russian intelligence agency FSB, making limited exceptions to the measures put in place by former President Barack Obama over accusations Moscow tried to influence the 2016 U.S. presidential election with cyber attacks on political organizations.

The department said in a statement it would allow U.S. companies to make limited transactions with FSB that are needed to gain approval to import information technology products into Russia.

At the White House, President Donald Trump responded to a reporter’s question about whether he was easing sanctions on Russia, saying, “I’m not easing anything.”

Sanctions experts and former Obama administration officials stressed the exceptions to the sanctions imposed in December do not signal a broader shift in Russia policy.

In a conference call with reporters, a senior Treasury Department official said the exceptions were “a very technical fix” made in response to “direct complaints” from companies that were unable to import many consumer technology products without a permit from the FSB. The action had been in the making for weeks before Trump took office on Jan. 20, the official said.

Beyond its intelligence function, the FSB also regulates the importation of software and hardware that contains cryptography. Companies need FSB approval even to import broadly available commercial products such as cell phones and printers if they contain encryption.

Peter Harrell, a sanctions expert and former senior U.S. State Department official, said Treasury officials likely had not considered the issue in December.

“I don’t think when they sanctioned FSB they were intending to complicate the sale of cell phones and tablets,” Harrell said.

David Mortlock, a former National Security Council advisor for Obama said that before granting such exceptions, the administration would ask who a sanction was hurting and who it was benefiting.

Mortlock, now an attorney, said “here it’s a pretty easy calculus” because it was clear tech companies were the ones harmed by not being able to import software into Russia, not the spy agencies.

U.S. intelligence agencies accused the FSB of involvement in hacking of Democratic Party organizations during the election to discredit Democrat Hillary Clinton and help Republican Trump.

The agencies and private cyber security experts concluded the FSB first broke into the Democratic National Committee’s computer system in the summer of 2015 and began monitoring email and chat conversations.

They said FSB was one of two Russian spy agencies involved in a broad operation approved by top-ranking people in the Russian government. In December, Obama expelled 35 suspected Russian spies and sanctioned two spy agencies. He also sanctioned four Russian intelligence officers and three companies that he said provided support to the cyber operations.

(Reporting by Joel Schectman and Dustin Volz; additional reporting by Yeganeh Torbati and Jason Lange; Editing by Alistair Bell and Grant McCool)

As attacks grow, EU mulls banking stress tests for cyber risks

file graphic of man using a computer representing cyber attacks

By Francesco Guarascio

BRUSSELS (Reuters) – The European Union is considering testing banks’ defenses against cyber attacks, EU officials and sources said, as concerns grow about the industry’s vulnerability to hacking.

Cyber attacks against banks have increased in numbers and sophistication in recent years, with criminals finding new ways to target banks beyond trying to illicitly obtain details of their customers’ online accounts. Last February $81 million was taken from the Bangladesh central bank when hackers broke into its system and gained access to the SWIFT international transactions network.

Global regulators have tightened security requirements for banks after that giant cyber fraud, one of the biggest in history, and in some countries have carried out checks on lenders’ security systems.

But complex cyber attacks have kept rising, as revealed in November by SWIFT in a letter to client banks and by the theft of 2.5 million pounds ($3 million) from Tesco Plc’s banking arm in the first mass hacking of accounts at a Western lender.

Banks “are struggling to demonstrate their ability to cope with the rising threat of intruders gaining unauthorized access to their critical systems and data,” a report of the European Banking Authority (EBA) warned in December.

The next step from European regulators to boost security could be an EU-wide stress test.

The European executive commission is assessing additional initiatives to counter cyber attacks, a commission official told Reuters. “These include cyber-threat information sharing or penetration and resilience testing of systems.”

The European Central Bank announced last year it would set up a database to register incidents of cyber crime at commercial banks in the 19-country euro zone. But exchanges of information among national authorities on cyber incidents remains scant.

The Commission is studying whether EU-wide tests would help step up security, a source at the EU executive said. This would be in addition to controls already carried out by national authorities.

EBA, which is in charge of stress-testing the bloc’s banks, is expected to detail in summer the checks it intends to conduct in the next exercise planned in mid 2018.

EBA tests banks’ capital cushions and can conduct checks on specific issues. Last year it monitored risks caused by fines, as EU lenders faced sanctions from U.S. regulators.

An EBA official said cyber security was on the agency’s radar but no decision had been made on a possible stress test. The body’s chairman, Andrea Enria, has urged EU states to stress-test their financial institutions for cyber risks.

Lloyds Banking Group is working with law enforcement agencies to trace who was behind a cyber attack that caused intermittent outages for customers of its personal banking websites almost two weeks ago, according to a source familiar with the incident. Lloyds said it would not speculate on the cause of the attack. No customers suffered any losses.

BLOCKCHAIN

As European banks keep relying on digital infrastructure that is “rigid and outdated”, according to EBA, regulators are considering new technologies that could boost security.

Blockchain, the technology behind the most successful virtual currency, Bitcoin, is being closely monitored in Brussels “to establish the advantages and possible risks” but also to weigh possible moves to enable blockchain where it is hindered, the Commission source said.

More than 1 billion euros have been invested in blockchain startups, a World Economic Forum report said.

The EU agency for network and information security (ENISA) said in a report last week the technology offered new opportunities and could cut costs, but may also pose new cyber security challenges, mostly caused by its decentralized network.

Ukraine’s power outage was a cyber attack: Ukrenergo

Dispatchers at Ukraine's national power company

By Pavel Polityuk, Oleg Vukmanovic and Stephen Jewkes

KIEV/MILAN (Reuters) – A power blackout in Ukraine’s capital Kiev last month was caused by a cyber attack and investigators are trying to trace other potentially infected computers and establish the source of the breach, utility Ukrenergo told Reuters on Wednesday.

When the lights went out in northern Kiev on Dec. 17-18, power supplier Ukrenergo suspected a cyber attack and hired investigators to help it determine the cause following a series of breaches across Ukraine.

Preliminary findings indicate that workstations and Supervisory Control and Data Acquisition (SCADA) systems, linked to the 330 kilowatt sub-station “North”, were influenced by external sources outside normal parameters, Ukrenergo said in comments emailed to Reuters.

“The analysis of the impact of symptoms on the initial data of these systems indicates a premeditated and multi-level invasion,” Ukrenergo said.

Law enforcement officials and cyber experts are still working to compile a chronology of events, draw up a list of compromised accounts, and determine the penetration point, while tracing computers potentially infected with malware in sleep mode, it said.

The comments make no mention of which individual, group or country may have been behind the attack.

“It was an intentional cyber incident not meant to be on a large scale… they actually attacked more but couldn’t achieve all their goals,” said Marina Krotofil, lead cyber-security researcher at Honeywell, who assisted in the investigation.

In December 2015, a first-of-its-kind cyber attack cut the lights to 225,000 people in western Ukraine, with hackers also sabotaging power distribution equipment, complicating attempts to restore power.

Ukrainian security services blamed that attack on Russia.

In the latest attack, hackers are thought to have hidden in Ukrenergo’s IT network undetected for six months, acquiring privileges to access systems and figure out their workings, before taking methodical steps to take the power offline, Krotofil said.

“The team involved had quite a few people working in it, with very serious tools and an engineer who understands the power infrastructure,” she said.

The attacks against Ukraine’s power grid are widely seen by experts as the first examples of hackers shutting off critical energy systems supplying heat and light to millions of homes.

(Writing by Oleg Vukmanovic; reporting by Pavel Polityuk in Kiev, Oleg Vukmanovic and Stephen Jewkes in Milan; editing by Susan Fenton/Ruth Pitchford)

Democrats want 9/11-style special commission to probe Russia

rainy day at Capitol Hill

WASHINGTON (Reuters) – Democratic members of the U.S. Congress called on Monday for the creation of an independent commission to investigate Russia’s attempts to intervene in the 2016 election, similar to the Sept. 11 panel that probed the 2001 attacks on the United States.

Their “Protecting our Democracy Act” would create a 12-member, bipartisan independent panel to interview witnesses, obtain documents, issue subpoenas and receive public testimony to examine attempts by Moscow and any other entities to influence the election.

The panel members would not be members of Congress.

The legislation is one of many calls by lawmakers to look into Russian involvement in the contest, in which Republican Donald Trump defeated Democrat Hillary Clinton in the White House race, confounding opinion polls. Republicans also kept control of the Senate and House of Representatives by larger-than-expected margins.

U.S. intelligence agencies on Friday released a report saying that Russian President Vladimir Putin ordered an effort to help Trump’s electoral chances by discrediting Clinton.

Russia has denied the hacking allegations. A Kremlin spokesman said Monday they were “reminiscent of a witch-hunt.”

“There is no question that Russia attacked us,” Senator Ben Cardin, the top Democrat on the Senate Foreign Relations Committee, told a news conference.

Versions of the bill were introduced in both the Senate and House. In the Senate it has 10 sponsors. In the House it is backed by every member of the Democratic caucus, said Representative Elijah Cummings, the top Democrat on the House Oversight Committee.

However, no Republicans currently back the bill, so its prospects are dim, given Republican control of both houses of Congress.

While a few Republicans, notably Senators Lindsey Graham and John McCain, have supported calls for an independent probe, party leaders have resisted the idea, saying that investigations by Republican-led congressional committees are sufficient.

Senator Amy Klobuchar, who just returned from a trip to the Baltic states, Ukraine and Georgia with Graham and McCain, said Russia’s actions justified a probe by an independent panel of national experts.

“This is not just about one political party. It’s not even about one election. It’s not even about one country, our country. It is a repeated attempt… around the world, to influence elections,” Klobuchar said.

After Sept 11, 2001, Congress established an independent commission to look into the attacks and make recommendations about how to prevent similar actions in the future. Many of the recommendations were adopted into law.

“The American people felt good about what they did,” Cummings said.

(Reporting by Patricia Zengerle; editing by Grant McCool)