Russian hackers targeted U.S. Senate, think tanks: Microsoft

FILE PHOTO: A Microsoft logo is seen in Los Angeles, California U.S. November 7, 2017. REUTERS/Lucy Nicholson/File Phot

By Brendan O’Brien

(Reuters) – Microsoft Corp charged that hackers linked to Russia’s government sought to launch cyber attacks on the U.S. Senate and conservative American think tanks, warning that Moscow is broadening attacks ahead of November’s congressional elections.

The world’s biggest software company said late on Monday that it last week took control of six web domains that hackers had created to mimic sites belonging to the Senate and the think tanks. Users who visited the fake sites were asked to enter login credentials.

It is the latest in a string of actions Microsoft has taken to thwart what it charges are Russian government hacking attempts. The company said it has shut down 84 fake websites in 12 court-approved actions over the past two years.

“We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections,” Microsoft President Brad Smith said in a blog post.

Microsoft said it had no evidence that the hackers had succeeded in compromising any user credentials before it took control of the malicious sites.

The Kremlin rejected the Microsoft allegations and said there was no evidence to support them.

“We don’t know what hackers they are talking about,” Kremlin spokesman Dmitry Peskov told reporters. “Who exactly are they talking about? We don’t understand what the proof and the basis is for them drawing these kind of conclusions. Such information (proof) is lacking.”

Moscow has repeatedly dismissed allegations that it has used hackers to influence U.S. elections and political opinion.

The targets, Microsoft said, included the International Republican Institute, whose high-profile Republican board members include Senator John McCain of Arizona, who has criticized U.S. President Donald Trump’s interactions with Russia and Moscow’s rights record.

The Hudson Institute, another target, has hosted discussions on topics including cyber security, according to Microsoft. It has also examined the rise of kleptocracy, especially in Russia, and has been critical of the Russian government.

Other malicious domains were used to mimic legitimate sites used by the U.S. Senate and Microsoft’s Office software suite, the company said.

CYBER TENSIONS

Microsoft’s report came amid increasing tensions between Moscow and Washington ahead of midterm elections in November.

A U.S. federal grand jury indicted 12 Russian intelligence officers in July on charges of hacking the computer networks of 2016 Democratic presidential candidate Hillary Clinton and the Democratic Party.

Special Counsel Robert Mueller is investigating Russia’s role in the 2016 election and whether Trump’s campaign worked with Russians to sway the vote. Russia denies interfering in the elections and Trump has denied any collusion.

The type of attack is known as “spear fishing,” in which the hackers trick victims into entering their username and password into a fake site in order to steal their credentials.

Facebook Inc said late last month it had removed 32 pages and fake accounts from its platforms in a bid to combat foreign meddling ahead of the U.S. votes.

The company stopped short of identifying the source of the misinformation. But members of Congress who had been briefed by Facebook on the matter said the methodology of the influence campaign suggested Russian involvement.

(Reporting by Brendan O’Brien; Additional reporting by Andrew Osborn and Tom Balmforth in Moscow; Editing by Jim Finkle and Steve Orlofsky)

Russia postpones bill making U.S. sanctions compliance a crime

FILE PHOTO: A general view shows the State Duma, the lower house of parliament, in Moscow, Russia January 20, 2017. REUTERS/Maxim Shemetov/File Photo

By Polina Nikolskaya and Tom Balmforth

MOSCOW (Reuters) – Russian lawmakers on Thursday voted to postpone the second reading of a bill being discussed in the lower house of parliament that would make it a crime to comply with Western sanctions on Russia.

The lower house said it would hold talks next week with businesses before proceeding further with discussion of the draft law, a day after business lobby groups on Wednesday publicly voiced opposition to it.

“We support postponing (discussion) for further consultations because of numerous appeals and insufficient legal preparation,” said Nikolai Kolomeytsev, a lawmaker for the Communist party, which often backs the Kremlin on important issues.

Russian lawmakers in a first reading on Tuesday approved a bill making it a crime punishable by up to four years in jail to refuse to supply services or do business with a Russian citizen, citing U.S. or other sanctions.

The Russian Union of Industrialists and Entrepreneurs said in a statement on Wednesday that the bill creates risks of unreasonable criminal prosecution of Russian and foreign citizens, and could harm the investment climate.

Business representatives will be invited to discuss the bill with lawmakers next Wednesday.

“I think we can find a construction under which these fears can be removed. And then the law will pass without any fears and, generally speaking, we need it,” lawmaker Valery Gartung said on Thursday. He is a member of the Just Russia party which often allies itself with the Kremlin.

The bill is one of two items of legislation drawn up by lawmakers in response to the United States’ decision to impose sanctions on Russia last month.

Washington blacklisted some of Russia’s biggest companies and businessmen, striking at allies of President Vladimir Putin to punish Moscow for alleged meddling in the 2016 U.S. presidential election and other “malign activities”.

Later on Thursday, lawmakers in a second reading approved the second item of legislation. The bill would give the government authority to ban trade in certain items with countries deemed to be unfriendly to Moscow.

Under the bill, the Russian president would decide which products would be affected by the restrictions, and any decision would be subject to approval from parliament.

The legislation also bars affected countries and those countries’ citizens from taking part in the privatization of Russian property.

The legislation has been diluted since it was first put forward. Lawmakers originally proposed restricting imports of U.S.-made software and farm goods, U.S. medicines that can be sourced elsewhere, and tobacco and alcohol.

The legislation must pass a third reading, before being approved by the upper house of parliament and signed by President Vladimir Putin.

(Reporting by Polina Nikolskaya; Writing by Tom Balmforth; Editing by Christian Lowe)

In a first, U.S. blames Russia for cyber attacks on energy grid

An electrical line technician works on restoring power in Vilonia, Arkansas April 29, 2014. REUTERS/Carlo Alle

By Dustin Volz and Timothy Gardner

WASHINGTON (Reuters) – The Trump administration on Thursday blamed the Russian government for a campaign of cyber attacks stretching back at least two years that targeted the U.S. power grid, marking the first time the United States has publicly accused Moscow of hacking into American energy infrastructure.

Beginning in March 2016, or possibly earlier, Russian government hackers sought to penetrate multiple U.S. critical infrastructure sectors, including energy, nuclear, commercial facilities, water, aviation and manufacturing, according to a U.S. security alert published Thursday.

The Department of Homeland Security and FBI said in the alert that a “multi-stage intrusion campaign by Russian government cyber actors” had targeted the networks of small commercial facilities “where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.” The alert did not name facilities or companies targeted.

The direct condemnation of Moscow represented an escalation in the Trump administration’s attempts to deter Russia’s aggression in cyberspace, after senior U.S. intelligence officials said in recent weeks the Kremlin believes it can launch hacking operations against the West with impunity.

It coincided with a decision Thursday by the U.S. Treasury Department to impose sanctions on 19 Russian people and five groups, including Moscow’s intelligence services, for meddling in the 2016 U.S. presidential election and other malicious cyber attacks.

Russia in the past has denied it has tried to hack into other countries’ infrastructure, and vowed on Thursday to retaliate for the new sanctions.

‘UNPRECEDENTED AND EXTRAORDINARY’

U.S. security officials have long warned that the United States may be vulnerable to debilitating cyber attacks from hostile adversaries. It was not clear what impact the attacks had on the firms that were targeted.

But Thursday’s alert provided a link to an analysis by the U.S. cyber security firm Symantec last fall that said a group it had dubbed Dragonfly had targeted energy companies in the United States and Europe and in some cases broke into the core systems that control the companies’ operations.

Malicious email campaigns dating back to late 2015 were used to gain entry into organizations in the United States, Turkey and Switzerland, and likely other countries, Symantec said at the time, though it did not name Russia as the culprit.

The decision by the United States to publicly attribute hacking attempts of American critical infrastructure was “unprecedented and extraordinary,” said Amit Yoran, a former U.S. official who founded DHS’s Computer Emergency Response Team.

“I have never seen anything like this,” said Yoran, now chief executive of the cyber firm Tenable, said.

A White House National Security Council spokesman did not respond when asked what specifically prompted the public blaming of Russia. U.S. officials have historically been reluctant to call out such activity in part because the United States also spies on infrastructure in other parts of the world.

News of the hacking campaign targeting U.S. power companies first surfaced in June in a confidential alert to industry that described attacks on industrial firms, including nuclear plants, but did not attribute blame.

“People sort of suspected Russia was behind it, but today’s statement from the U.S. government carries a lot of weight,” said Ben Read, manager for cyber espionage analysis with cyber security company FireEye Inc.

ENGINEERS TARGETED

The campaign targeted engineers and technical staff with access to industrial controls, suggesting the hackers were interested in disrupting operations, though FireEye has seen no evidence that they actually took that step, Read said.

A former senior DHS official familiar with the government response to the campaign said that Russia’s targeting of infrastructure networks dropped off after the publication in the fall of Symantec’s research and an October government alert, which detailed technical forensics about the hacking attempts but did not name Russia.

The official declined to say whether the campaign was still ongoing or provide specifics on which targets were breached, or how close hackers may have gotten to operational control systems.

“We did not see them cross into the control networks,” DHS cyber security official Rick Driggers told reporters at a dinner on Thursday evening.

Driggers said he was unaware of any cases of control networks being compromised in the United States and that the breaches were limited to business networks. But, he added, “We know that there is intent there.”

It was not clear what Russia’s motive was. Many cyber security experts and former U.S. officials say such behavior is generally espionage-oriented with the potential, if needed, for sabotage.

Russia has shown a willingness to leverage access into energy networks for damaging effect in the past. Kremlin-linked hackers were widely blamed for two attacks on the Ukrainian energy grid in 2015 and 2016, that caused temporary blackouts for hundreds of thousands of customers and were considered first-of-their-kind assaults.

Senator Maria Cantwell, the top Democrat on the Senate Energy and Natural Resources Committee, asked the Trump administration earlier this month to provide a threat assessment gauging Russian capabilities to breach the U.S. electric grid.

It was the third time Cantwell and other senators had asked for such a review. The administration has not yet responded, a spokesman for Cantwell’s office said on Thursday.

Last July, there were news reports that the Wolf Creek Nuclear Operating Corp, which operates a nuclear plant in Kansas, had been targeted by hackers from an unknown origin.

Spokeswoman Jenny Hageman declined to say at the time if the plant had been hacked but said that there had been no operational impact to the plant because operational computer systems were separate from the corporate network. Hageman on Thursday said the company does not comment on security matters.

John Keeley, a spokesman for the industry group the Nuclear Energy Institute, said: “There has been no successful cyber attack against any U.S. nuclear facility, including Wolf Creek.”

(Reporting by Dustin Volz and Timothy Gardner, additional reporting by Jim Finkle; Editing by Tom Brown, Alistair Bell and Cynthia Osterman)