U.S. detects new activity at North Korea factory that built ICBMs

A satellite image shows the Sanumdong missile production site in North Korea on July 29, 2018. Planet Labs Inc/Handout via REUTERS

By David Brunnstrom

WASHINGTON (Reuters) – U.S. spy satellites have detected renewed activity at the North Korean factory that produced the country’s first intercontinental ballistic missiles capable of reaching the United States, a senior U.S. official said on Monday, in the midst of talks to compel Pyongyang to give up its nuclear arms.

Photos and infrared imaging indicate vehicles moving in and out of the facility at Sanumdong, but do not show how advanced any missile construction might be, the official told Reuters on condition of anonymity because the intelligence is classified.

The Washington Post reported on Monday that North Korea appeared to be building one or two new liquid-fueled intercontinental ballistic missiles at the large research facility on the outskirts of Pyongyang, citing unidentified officials familiar with intelligence reporting.

According to the U.S. official who spoke to Reuters, one photo showed a truck and covered trailer similar to those the North has used to move its ICBMs. Since the trailer was covered, it was not possible to know what, if anything, it was carrying.

The White House said it did not comment on intelligence. A senior official at South Korea’s presidential office said U.S. and South Korean intelligence agencies are closely looking into various North Korean movements, declining specific comment.

The evidence obtained this month is the latest to suggest ongoing activity in North Korea’s nuclear and missile facilities despite talks with the United States and a June summit between North Korean leader Kim Jong Un and U.S. President Donald Trump.

Trump declared soon afterward that North Korea no longer posed a nuclear threat. Kim committed in a broad summit statement to work toward denuclearization, but Pyongyang has offered no details as to how it might go about that and subsequent talks have not gone smoothly.

It was not the first time U.S. intelligence clashed with the president’s optimism.

In late June, U.S. officials told U.S. media outlets that intelligence agencies believed North Korea had increased production of fuel for nuclear weapons and that it did not intend to fully give up its nuclear arsenal.

U.S. Secretary of State Mike Pompeo told the U.S. Senate Foreign Relations Committee last week that North Korea was continuing to produce fuel for nuclear bombs despite its pledge to denuclearize. But he insisted the Trump administration was still making progress in its talks with Pyongyang.

Joel Wit, a former State Department negotiator and founder of 38 North, a North Korea monitoring project, said it was unrealistic to expect North Korea to stop its programs “until the ink is dry on an agreement.”

That was the case with U.S. negotiations with the Soviet Union during the Cold War, and more recently with Iran, “which continued to build more centrifuges capable of producing nuclear material even as it negotiated with the United States to limit those capabilities,” Wit said.

The Sanumdong factory produced two Hwasong-15 ICBMs, North Korea’s longest-range missiles, but the U.S. official noted that Pyongyang still had not tested a reliable re-entry vehicle capable of surviving a high-velocity trip through the Earth’s atmosphere and delivering a nuclear warhead.

It is possible, the official said, that any new missiles the North is building may be for further testing of such vehicles and of more accurate guidance systems.

“They seem to have figured out the engines, but not all the higher-tech stuff, and that might be what this is about,” the official said.

“What’s more, a liquid-fueled ICBM doesn’t pose nearly the threat that a solid-fueled one would because they take so long to fuel, and that’s something we almost certainly could see in time to abort a launch, given our assets in the vicinity.”

(Additional reporting by David Alexander and Joyce Lee; Writing by Mary Milliken; Editing by Peter Cooney)

In a first, U.S. blames Russia for cyber attacks on energy grid

An electrical line technician works on restoring power in Vilonia, Arkansas April 29, 2014. REUTERS/Carlo Alle

By Dustin Volz and Timothy Gardner

WASHINGTON (Reuters) – The Trump administration on Thursday blamed the Russian government for a campaign of cyber attacks stretching back at least two years that targeted the U.S. power grid, marking the first time the United States has publicly accused Moscow of hacking into American energy infrastructure.

Beginning in March 2016, or possibly earlier, Russian government hackers sought to penetrate multiple U.S. critical infrastructure sectors, including energy, nuclear, commercial facilities, water, aviation and manufacturing, according to a U.S. security alert published Thursday.

The Department of Homeland Security and FBI said in the alert that a “multi-stage intrusion campaign by Russian government cyber actors” had targeted the networks of small commercial facilities “where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.” The alert did not name facilities or companies targeted.

The direct condemnation of Moscow represented an escalation in the Trump administration’s attempts to deter Russia’s aggression in cyberspace, after senior U.S. intelligence officials said in recent weeks the Kremlin believes it can launch hacking operations against the West with impunity.

It coincided with a decision Thursday by the U.S. Treasury Department to impose sanctions on 19 Russian people and five groups, including Moscow’s intelligence services, for meddling in the 2016 U.S. presidential election and other malicious cyber attacks.

Russia in the past has denied it has tried to hack into other countries’ infrastructure, and vowed on Thursday to retaliate for the new sanctions.

‘UNPRECEDENTED AND EXTRAORDINARY’

U.S. security officials have long warned that the United States may be vulnerable to debilitating cyber attacks from hostile adversaries. It was not clear what impact the attacks had on the firms that were targeted.

But Thursday’s alert provided a link to an analysis by the U.S. cyber security firm Symantec last fall that said a group it had dubbed Dragonfly had targeted energy companies in the United States and Europe and in some cases broke into the core systems that control the companies’ operations.

Malicious email campaigns dating back to late 2015 were used to gain entry into organizations in the United States, Turkey and Switzerland, and likely other countries, Symantec said at the time, though it did not name Russia as the culprit.

The decision by the United States to publicly attribute hacking attempts of American critical infrastructure was “unprecedented and extraordinary,” said Amit Yoran, a former U.S. official who founded DHS’s Computer Emergency Response Team.

“I have never seen anything like this,” said Yoran, now chief executive of the cyber firm Tenable, said.

A White House National Security Council spokesman did not respond when asked what specifically prompted the public blaming of Russia. U.S. officials have historically been reluctant to call out such activity in part because the United States also spies on infrastructure in other parts of the world.

News of the hacking campaign targeting U.S. power companies first surfaced in June in a confidential alert to industry that described attacks on industrial firms, including nuclear plants, but did not attribute blame.

“People sort of suspected Russia was behind it, but today’s statement from the U.S. government carries a lot of weight,” said Ben Read, manager for cyber espionage analysis with cyber security company FireEye Inc.

ENGINEERS TARGETED

The campaign targeted engineers and technical staff with access to industrial controls, suggesting the hackers were interested in disrupting operations, though FireEye has seen no evidence that they actually took that step, Read said.

A former senior DHS official familiar with the government response to the campaign said that Russia’s targeting of infrastructure networks dropped off after the publication in the fall of Symantec’s research and an October government alert, which detailed technical forensics about the hacking attempts but did not name Russia.

The official declined to say whether the campaign was still ongoing or provide specifics on which targets were breached, or how close hackers may have gotten to operational control systems.

“We did not see them cross into the control networks,” DHS cyber security official Rick Driggers told reporters at a dinner on Thursday evening.

Driggers said he was unaware of any cases of control networks being compromised in the United States and that the breaches were limited to business networks. But, he added, “We know that there is intent there.”

It was not clear what Russia’s motive was. Many cyber security experts and former U.S. officials say such behavior is generally espionage-oriented with the potential, if needed, for sabotage.

Russia has shown a willingness to leverage access into energy networks for damaging effect in the past. Kremlin-linked hackers were widely blamed for two attacks on the Ukrainian energy grid in 2015 and 2016, that caused temporary blackouts for hundreds of thousands of customers and were considered first-of-their-kind assaults.

Senator Maria Cantwell, the top Democrat on the Senate Energy and Natural Resources Committee, asked the Trump administration earlier this month to provide a threat assessment gauging Russian capabilities to breach the U.S. electric grid.

It was the third time Cantwell and other senators had asked for such a review. The administration has not yet responded, a spokesman for Cantwell’s office said on Thursday.

Last July, there were news reports that the Wolf Creek Nuclear Operating Corp, which operates a nuclear plant in Kansas, had been targeted by hackers from an unknown origin.

Spokeswoman Jenny Hageman declined to say at the time if the plant had been hacked but said that there had been no operational impact to the plant because operational computer systems were separate from the corporate network. Hageman on Thursday said the company does not comment on security matters.

John Keeley, a spokesman for the industry group the Nuclear Energy Institute, said: “There has been no successful cyber attack against any U.S. nuclear facility, including Wolf Creek.”

(Reporting by Dustin Volz and Timothy Gardner, additional reporting by Jim Finkle; Editing by Tom Brown, Alistair Bell and Cynthia Osterman)

Vladimir Putin says can prove Trump did not pass Russia secrets

FILE PHOTO: Russian President Vladimir Putin speaks during a news conference at the Kremlin in Moscow, Russia, January 17, 2017. REUTERS/Sergei Ilnitsky/Pool/File Photo

SOCHI, Russia (Reuters) – Russian President Vladimir Putin said on Wednesday that U.S. President Donald Trump had not passed on any secrets to Russian Foreign Minister Sergei Lavrov during a meeting in Washington last week and that he could prove it.

Speaking at a news conference alongside Italian Prime Minister Paolo Gentiloni in the Black Sea resort of Sochi, Putin quipped that Lavrov was remiss for not passing on what he made clear he believed were non-existent secrets.

“I spoke to him (Lavrov) today,” said Putin with a smile. “I’ll be forced to issue him with a reprimand because he did not share these secrets with us. Not with me, nor with representatives of Russia’s intelligence services. It was very bad of him.”

Putin, who said Moscow rated Lavrov’s meeting with Trump “highly,” said Russia was ready to hand a transcript of Trump’s meeting with Lavrov over to U.S. lawmakers if that would help reassure them.

A Kremlin aide, Yuri Ushakov, later told reporters that Moscow had in its possession a written record of the conversation, not an audio recording.

Complaining about what he said were signs of “political schizophrenia” in the United States, Putin said Trump was not being allowed to do his job properly.

“It’s hard to imagine what else can these people who generate such nonsense and rubbish can dream up next,” said Putin.

“What surprises me is that they are shaking up the domestic political situation using anti-Russian slogans. Either they don’t understand the damage they’re doing to their own country, in which case they are simply stupid, or they understand everything, in which case they are dangerous and corrupt.”

Two U.S. officials said on Monday that Trump had disclosed highly classified information to Lavrov about a planned Islamic State operation, plunging the White House into another controversy just months into Trump’s short tenure in office.

Russia has repeatedly said that anti-Russian politicians in the United States are using groundless fears of closer ties with Moscow to sabotage any rapprochement and damage Trump in the process.

(Reporting by Denis Pinchuk/Jack Stubbs/Maria Tsvetkova; Writing by Andrew Osborn; Editing by Christian Lowe)

Russia to share intelligence with Philippines, train Duterte guards

Vladimir Putin and Duterte

MANILA (Reuters) – Russia’s top security official on Thursday offered the Philippines access to an intelligence database to help it fight crime and militancy, and training for the elite forces assigned to protect President Rodrigo Duterte.

Nikolai Patrushev, the secretary of Russia’s Security Council and Vladimir Putin’s top security adviser, made the offer during a meeting between Russian and Philippine security officials in Davao, where he was visiting Duterte at his home city.

Defense Secretary Delfin Lorenzana said the Russia had invited the Philippines to join a database-sharing system to help combat trans-national crime and terrorism, which he said could help track Islamist militants and their financial transactions.

In an interview with Reuters last week, Lorenzana said there were “very strong” links between Islamic State and militants in the Philippines.

Patrushev’s trip underlines Russia’s intent to capitalize on a radical recalibration of foreign policy under Duterte, who harbors resentment of the Philippines’ deep-rooted ties to the United States.

Duterte has made strong overtures towards China and Russia.

He praised Putin’s leadership when he met him at an international summit late last year. He also he talked at length to Putin about what he called U.S. “hypocrisy”.

Lorenzana said security officials from both sides also discussed law enforcement cooperation, including anti-piracy and anti-narcotics exercises by coastguard and police.

The two countries were working on a military technical cooperation agreement, he said, and Russia offered to provide enhanced training for troops protecting Duterte.

Duterte will visit Moscow in May.

“We are keen on signing a defense cooperation agreement,” Lorenzana said of that trip.

Lorenzana said last week Russia was interested in selling military equipment to the Philippines, like drones, helicopters, rifles and submarines.

(Reporting by Manuel Mogato; Editing by Martin Petty)

Trump’s CIA nominee includes Russia in list of global challenges

guy to be head of CIA under Trump

By David Alexander and Jonathan Landay

WASHINGTON (Reuters) – U.S. President-elect Donald Trump’s nominee to head the CIA portrayed multiple challenges facing the United States on Thursday, from an aggressive Russia to a “disruptive” Iran to a China that he said is creating “real tensions.”

Diverging from Trump’s stated aim of seeking closer ties with Russia, Pompeo said that Russia is “asserting itself aggressively” by invading and occupying Ukraine, threatening Europe, and “doing nearly nothing” to destroy Islamic State.

Mike Pompeo, a Republican member of the House of Representatives and a former U.S. Army officer, was speaking at the start of his confirmation hearing in the U.S. Senate.

In his prepared opening statement, Pompeo noted that the CIA does not make policy on any country, adding, “it is a policy decision as to what to do with Russia, but it will be essential that the Agency provide policymakers with accurate intelligence and clear-eyed analysis of Russian activities.”

His testimony came at a time when Trump, a Republican who takes office on Jan. 20, has openly feuded with U.S. intelligence agencies.

For weeks, the president-elect questioned the intelligence agencies’ conclusion that Russia used hacking and other tactics to try to tilt the 2016 presidential election in his favor. Trump said on Wednesday that Russia was behind the hacking but that other countries were hacking the United States as well.

This week, Trump furiously denounced intelligence officials for what he said were leaks to the media by intelligence agencies of a dossier that makes unverified, salacious allegations about his contacts in Russia.

Pompeo, a conservative lawmaker from Kansas who is on the House Intelligence Committee, listed challenges facing the United States, saying “this is the most complicated threat environment the United States has faced in recent memory.”

This included what he called a “resilient” Islamic State and the fallout from Syria’s long civil war.

Pompeo also included North Korea, which he said had “dangerously accelerated its nuclear and ballistic missile capabilities.” He said China was creating “real tensions” with its activities in the South China Sea and in cyberspace as it flexed its muscles and expanded its military and economic reach.

He called Iran an “emboldened, disruptive player in the Middle East, fueling tensions” with Sunni Muslim allies of the United States.

(Writing by Frances Kerry; Editing by Howard Goller)

Exclusive: Top U.S. spy agency has not embraced CIA assessment on Russia hacking – sources

Padlock with the word hack, a representation of cyber attacks

By Mark Hosenball and Jonathan Landay

WASHINGTON (Reuters) – The overseers of the U.S. intelligence community have not embraced a CIA assessment that Russian cyber attacks were aimed at helping Republican President-elect Donald Trump win the 2016 election, three American officials said on Monday.

While the Office of the Director of National Intelligence (ODNI) does not dispute the CIA’s analysis of Russian hacking operations, it has not endorsed their assessment because of a lack of conclusive evidence that Moscow intended to boost Trump over Democratic opponent Hillary Clinton, said the officials, who declined to be named.

The position of the ODNI, which oversees the 17 agency-strong U.S. intelligence community, could give Trump fresh ammunition to dispute the CIA assessment, which he rejected as “ridiculous” in weekend remarks, and press his assertion that no evidence implicates Russia in the cyber attacks.

Trump’s rejection of the CIA’s judgment marks the latest in a string of disputes over Russia’s international conduct that have erupted between the president-elect and the intelligence community he will soon command.

An ODNI spokesman declined to comment on the issue.

“ODNI is not arguing that the agency (CIA) is wrong, only that they can’t prove intent,” said one of the three U.S. officials. “Of course they can’t, absent agents in on the decision-making in Moscow.”

The Federal Bureau of Investigation, whose evidentiary standards require it to make cases that can stand up in court, declined to accept the CIA’s analysis – a deductive assessment of the available intelligence – for the same reason, the three officials said.

The ODNI, headed by James Clapper, was established after the Sept. 11, 2001, attacks on the recommendation of the commission that investigated the attacks. The commission, which identified major intelligence failures, recommended the office’s creation to improve coordination among U.S. intelligence agencies.

In October, the U.S. government formally accused Russia of a campaign of cyber attacks against American political organizations ahead of the Nov. 8 presidential election. Democratic President Barack Obama has said he warned Russian President Vladimir Putin about consequences for the attacks.

Reports of the assessment by the CIA, which has not publicly disclosed its findings, have prompted congressional leaders to call for an investigation.

Obama last week ordered intelligence agencies to review the cyber attacks and foreign intervention in the presidential election and to deliver a report before he turns power over to Trump on Jan. 20.

The CIA assessed after the election that the attacks on political organizations were aimed at swaying the vote for Trump because the targeting of Republican organizations diminished toward the end of the summer and focused on Democratic groups, a senior U.S. official told Reuters on Friday.

Moreover, only materials filched from Democratic groups – such as emails stolen from John Podesta, the Clinton campaign chairman – were made public via WikiLeaks, the anti-secrecy organization, and other outlets, U.S. officials said.

“THIN REED”

The CIA conclusion was a “judgment based on the fact that Russian entities hacked both Democrats and Republicans and only the Democratic information was leaked,” one of the three officials said on Monday.

“(It was) a thin reed upon which to base an analytical judgment,” the official added.

Republican Senator John McCain said on Monday there was “no information” that Russian hacking of American political organizations was aimed at swaying the outcome of the election.

“It’s obvious that the Russians hacked into our campaigns,” McCain said. “But there is no information that they were intending to affect the outcome of our election and that’s why we need a congressional investigation,” he told Reuters.

McCain questioned an assertion made on Sunday by Republican National Committee Chairman Reince Priebus, tapped by Trump to be his White House chief of staff, that there were no hacks of computers belonging to Republican organizations.

“Actually, because Mr. Priebus said that doesn’t mean it’s true,” said McCain. “We need a thorough investigation of it, whether both (Democratic and Republican organizations) were hacked into, what the Russian intentions were. We cannot draw a conclusion yet. That’s why we need a thorough investigation.”

In an angry letter sent to ODNI chief Clapper on Monday, House Intelligence Committee Chairman Devin Nunes said he was “dismayed” that the top U.S. intelligence official had not informed the panel of the CIA’s analysis and the difference between its judgment and the FBI’s assessment.

Noting that Clapper in November testified that intelligence agencies lacked strong evidence linking Russian cyber attacks to the WikiLeaks disclosures, Nunes asked that Clapper, together with CIA and FBI counterparts, brief the panel by Friday on the latest intelligence assessment of Russian hacking during the election campaign.

(Editing by Yara Bayoumy and Jonathan Oatis)

Japan, South Korea sign preliminary intelligence-sharing pact on North Korea

Officer near Japan and South Korea flags

TOKYO (Reuters) – Japan and South Korea signed a preliminary pact to share and safeguard sensitive information on North Korea’s missile and nuclear activities on Monday, a move that had already prompted anger among opposition lawmakers in Seoul.

The signing of the General Security of Military Information Agreement had originally been expected in 2012, but South Korea postponed it amid domestic opposition against concluding such a security pact with Japan, a one-time colonial ruler.

Japan’s Foreign Ministry said in a statement that discussions in the third round of the talks had reached an agreement and that a provisional signing had taken place.

Discussions would continue ahead of a final signing, which Kyodo news agency said could take place by the end of November.

Reclusive North Korea, which is still technically at war with the South because their 1950-53 conflict ended in a truce, not a peace treaty, has carried out repeated nuclear and missile tests in defiance of U.N. Security Council resolutions and sanctions.

Tokyo’s ties with Seoul, plagued by a territorial dispute and Japan’s past military aggression, have warmed after reaching a landmark agreement last December to resolve the issue of Korean girls and women forced to work in Japan’s wartime brothels.

South Korean opposition parties had warned against signing the agreement, threatening to dismiss or impeach Defence Minister Han Min-koo.

(Reporting by Elaine Lies; Editing by Nick Macfie)

White House names retired Air Force general as first cyber security chief

By Dustin Volz

WASHINGTON (Reuters) – The White House on Thursday named a retired U.S. Air Force brigadier general as the government’s first federal cyber security chief, a position announced eight months ago that is intended to improve defenses against hackers.

Gregory Touhill’s job will be to protect government networks and critical infrastructure from cyber threats as federal chief information security officer, according to a statement.

The administration of President Barack Obama has made bolstering federal cyber security a top priority in his last year in office. The issue has gained more attention because of high-profile breaches in recent years of government and private sector computers.

U.S. intelligence officials suspect Russia was responsible for breaches of Democratic political organizations and state election systems to exert influence on the Nov. 8 presidential election. Russia has dismissed the allegations as absurd.

Obama announced the new position in February alongside a budget proposal to Congress asking for $19 billion for cyber security across the U.S. government. The job is a political appointment, meaning Obama’s successor can choose to replace Touhill after being sworn in next January.

Touhill is currently a deputy assistant secretary for cyber security and communications at the Department of Homeland Security.

He will begin his new role later this month, a source familiar with the matter said. Touhill’s responsibilities will include creating and implementing policy for best security practices across federal agencies and conducting periodic audits to test for weaknesses, according to the announcement.

Grant Schneider, who is the director of cyber security policy at the White House’s National Security Council, will be acting deputy to Touhill, according to the announcement.

(Reporting by Dustin Volz; editing by Cynthia Osterman and Grant McCool)

Iraqi PM: ISIS Plans Attacks On U.S. Subways

The Prime Minister of Iraq says he has credible information regarding an ISIS plot to attack the United States.

Prime Minister Haider al-Abadi surprised intelligence and transit security officials in the U.S. who said they had no knowledge of the PM’s claims.  New York City officials quickly took to the media to assure citizens the subway system was safe.

“They plan to have attacks in the metros of Paris and the U.S.,” Abedi told reporters after a meeting of the U.N. General Assembly. “I asked for more credible information. I asked for names. I asked for details, for cities, you know, dates. And from the details I have received, yes, it looks credible.”

Iraqi intelligence officials would not specifically comment on the PM’s statements other than to say a full assessment of the plans discovered is ongoing.  U.S. officials said they had not confirmed any “specific threat.”

“We want to increase the number of willing countries who would support this,” PM Abedi said. “This is not military. This is intelligence. This is security. The terrorists have a massive international campaign. Don’t underestimate it.”