Exclusive: India and Pakistan hit by spy malware – cybersecurity firm

FILE PHOTO: A Symantec security app is seen on a phone in this illustration photo taken May 23, 2017. REUTERS/Thomas White/Illustration/File Photo

By Rahul Bhatia

MUMBAI (Reuters) – Symantec Corp, a digital security company, says it has identified a sustained cyber spying campaign, likely state-sponsored, against Indian and Pakistani entities involved in regional security issues.

In a threat intelligence report that was sent to clients in July, Symantec said the online espionage effort dated back to October 2016.

The campaign appeared to be the work of several groups, but tactics and techniques used suggest that the groups were operating with “similar goals or under the same sponsor”, probably a nation state, according to the threat report, which was reviewed by Reuters. It did not name a state.

The detailed report on the cyber spying comes at a time of heightened tensions in the region.

India’s military has raised operational readiness along its border with China following a face-off in Bhutan near their disputed frontier, while Indo-Pakistan tensions are also simmering over the disputed Kashmir region.

A spokesman for Symantec said the company does not comment publicly on the malware analysis, investigations and incident response services it provides clients.

Symantec did not identify the likely sponsor of the attack. But it said that governments and militaries with operations in South Asia and interests in regional security issues would likely be at risk from the malware. The malware utilizes the so-called “Ehdoor” backdoor to access files on computers.

“There was a similar campaign that targeted Qatar using programs called Spynote and Revokery,” said a security expert, who requested anonymity. “They were backdoors just like Ehdoor, which is a targeted effort for South Asia.”

CLICKBAIT

To install the malware, Symantec found, the attackers used decoy documents related to security issues in South Asia. The documents included reports from Reuters, Zee News, and the Hindu, and were related to military issues, Kashmir, and an Indian secessionist movement.

The malware allows spies to upload and download files, carry out processes, log keystrokes, identify the target’s location, steal personal data, and take screenshots, Symantec said, adding that the malware was also being used to target Android devices.

In response to frequent cyber-security incidents, India in February established a center to help companies and individuals detect and remove malware. The center is operated by the Indian Computer Emergency Response Team (CERT-In).

Gulshan Rai, the director general of CERT-In, declined to comment specifically on the attack cited in the Symantec report, but added: “We took prompt action when we discovered a backdoor last October after a group in Singapore alerted us.” He did not elaborate.

Symantec’s report said an investigation into the backdoor showed that it was constantly being modified to provide “additional capabilities” for spying operations.

A senior official with Pakistan’s Federal Investigation Agency said it had not received any reports of malware incidents from government information technology departments. He asked not to be named due to the sensitivity of the matter.

A spokesman for FireEye, another cybersecurity company, said that based on an initial review of the malware, it had concluded that an internet protocol address in Pakistan had submitted the malware to a testing service. The spokesman requested anonymity, citing company policy.

Another FireEye official said the attack reported by Symantec was not surprising.

“South Asia is a hotbed of geopolitical tensions, and wherever we find heightened tensions we expect to see elevated levels of cyber espionage activity,” said Tim Wellsmore, FireEye’s director of threat intelligence for the Asia Pacific region.

The Symantec report said the ‘Ehdoor’ backdoor was initially used in late 2016 to target government, military and military-affiliated targets in the Middle East and elsewhere.

(Reporting by Rahul Bhatia. Additional reporting by Jeremy Wagstaff in Singapore.; Editing by Euan Rocha and Philip McClellan)

Exclusive: Moscow lawyer who met Trump Jr. had Russian spy agency as client

Russian lawyer Natalia Veselnitskaya speaks during an interview in Moscow, Russia November 8, 2016. REUTERS/Kommersant Photo/Yury Martyanov

By Maria Tsvetkova and Jack Stubbs

MOSCOW (Reuters) – The Russian lawyer who met Donald Trump Jr. after his father won the Republican nomination for the 2016 U.S. presidential election counted Russia’s FSB security service among her clients for years, Russian court documents seen by Reuters show.

The documents show that the lawyer, Natalia Veselnitskaya, successfully represented the FSB’s interests in a legal wrangle over ownership of an upscale property in northwest Moscow between 2005 and 2013.

The FSB, successor to the Soviet-era KGB service, was headed by Vladimir Putin before he became Russian president.

There is no suggestion that Veselnitskaya is an employee of the Russian government or intelligence services, and she has denied having anything to do with the Kremlin.

But the fact she represented the FSB in a court case may raise questions among some U.S. politicians.

The Obama administration last year sanctioned the FSB for what it said was its role in hacking the election, something Russia flatly denies.

Charles Grassley, Republican chairman of the Senate Judiciary Committee, has raised concerns about why Veselnitskaya gained entry into the United States. Veselnitskaya represented a Russian client accused by U.S. prosecutors of money laundering in a case that was settled in May this year after four years.

Veselnitskaya did not reply to emailed Reuters questions about her work for the FSB. But she later posted a link to it on her Facebook page on Friday.

“Is it all your proof? You disappointed me,” she wrote in a post.

“Dig in court databases again! You’ll be surprised to find among my clients Russian businessmen… as well as citizens and companies that had to defend themselves from accusations from the state…”

Veselnitskaya added that she also had U.S. citizens as clients.

The FSB did not respond to a request for comment.

Reuters could not find a record of when and by whom the lawsuit – which dates back to at least 2003 – was first lodged. But appeal documents show that Rosimushchestvo, Russia’s federal government property agency, was involved. It did not immediately respond to a request for comment.

Veselnitskaya and her firm Kamerton Consulting represented “military unit 55002” in the property dispute, the documents show.

A public list of Russian legal entities shows the FSB, Russia’s domestic intelligence agency, founded the military unit whose legal address is behind the FSB’s own headquarters.

Reuters was unable to establish if Veselnitskaya did any other work for the FSB or confirm who now occupies the building at the center of the case.

‘MASS HYSTERIA’ OVER MEETING

President Donald Trump’s eldest son eagerly agreed in June 2016 to meet Veselnitskaya, a woman he was told was a Russian government lawyer who might have damaging information about Democratic White House rival Hillary Clinton, according to emails released by Trump Jr.

Veselnitskaya has said she is a private lawyer and has never obtained damaging information about Clinton. Dmitry Peskov, a spokesman for the Kremlin, has said she had “nothing whatsoever to do with us.”

Veselnitskaya has also said she is ready to testify to the U.S. Congress to dispel what she called “mass hysteria” about the meeting with Trump Jr.

The case in which Veselnitskaya represented the FSB was complex; appeals courts at least twice ruled in favor of private companies which the FSB wanted to evict.

The FSB took over the disputed office building in mid-2008, a person who worked for Atos-Component, a firm that was evicted as a result, told Reuters, on condition of anonymity.

The building was privatized after the 1991 Soviet collapse, but the Russian government said in the lawsuit in which Veselnitskaya represented the FSB that the building had been illegally sold to private firms.

The businesses were listed in the court documents, but many of them no longer exist and those that do are little-known firms in the electric components business.

Elektronintorg, an electronic components supplier, said on its website that it now occupied the building. Elektronintorg is owned by state conglomerate Rostec, run by Sergei Chemezov, who, like Putin, worked for the KGB and served with him in East Germany.

When contacted by phone, an unnamed Elektronintorg employee said he was not obliged to speak to Reuters. Rostec, responding to a request for comment, said that Elektronintorg only had a legal address in the building but that its staff were based elsewhere.

When asked which organization was located there, an unidentified man who answered a speakerphone at the main entrance laughed and said: “Congratulations. Ask the city administration.”

(Reporting by Maria Tsvetkova and Jack Stubbs; additional reporting by Polina Nikolskaya, Gleb Stolyarov and Darya Korsunskaya in Moscow; Editing by Andrew Osborn, Mike Collett-White and Grant McCool)

Half of German companies hit by sabotage, spying in last two years, BSI says

FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on March 1, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

BERLIN (Reuters) – More than half the companies in Germany have been hit by spying, sabotage or data theft in the last two years, the German IT industry association Bitkom said on Friday, and estimated the attacks caused around 55 billion euros’ worth of damage a year.

Several high-profile attacks have occurred recently, such as the WannaCry ransomware attacks in May and a virus dubbed “NotPetya” that halted production at some companies for more than a week. Others lost millions of euros to organized crime in a scam called “CEO Fraud”.

Some 53 percent of companies in Germany have been victims of industrial espionage, sabotage or data theft in the last two years, Bitkom found – up from 51 percent in a 2015 study.

At the same time, the damage caused rose by 8 percent to around 55 billion euros a year, the survey of 1,069 managers and people responsible for security in various sectors found.

Arne Schoenbohm, president of Germany’s BSI federal cyber agency, said many big companies and especially those operating critical infrastructure were generally well-prepared for cyber attacks. But many smaller and medium-sized companies did not take the threat seriously enough, he said.

“The high number of companies affected clearly shows that we still have work to do on cyber security in Germany,” he said in a statement on Friday.

The BSI urged companies in Europe’s largest economy to make information security a top priority and said all companies need to report serious IT security incidents, even if anonymously.

Schoenbohm told Reuters in an interview that hardware and software makers should do their part to shore up cyber security and patch weaknesses in software more quickly once identified.

“There’s still a lot of work to be done,” he said. “We have to be careful that we don’t focus solely on industry and computer users, but also look at the producers and quality management.”

Some 62 percent of companies affected found those behind the attacks were either current or former employees. Forty-one percent blamed competitors, customers, suppliers or service providers for the attacks, Bitkom said.

Foreign intelligence agencies were found to be responsible in 3 percent of the cases, it said.

Twenty-one percent believed hobby hackers were responsible while 7 percent attributed attacks to organized crime.

(Reporting by Michelle Martin, Andrea Shalal and Thorsten Severin; Editing by Larry King and Hugh Lawson)

Despite hacking charges, U.S. tech industry fought to keep ties to Russia spy service

FILE PHOTO: Police guard the FSB headquarters during an opposition protest in Moscow, Russia, on March 5, 2012. REUTERS/Mikhail Voskresensky/File Photo

(Editors note: Attention to language in paragraph 22 that may be offensive to some readers.)

By Joel Schectman, Dustin Volz and Jack Stubbs

WASHINGTON/MOSCOW (Reuters) – As U.S. officials investigated in January the FSB’s alleged role in election cyber attacks, U.S. technology firms were quietly lobbying the government to soften a ban on dealing with the Russian spy agency, people with direct knowledge of the effort told Reuters.

New U.S. sanctions put in place by former President Barack Obama last December – part of a broad suite of actions taken in response to Russia’s alleged meddling in the 2016 presidential election – had made it a crime for American companies to have any business relationship with the FSB, or Federal Security Service.

U.S. authorities had accused the FSB, along with the GRU, Russia’s military intelligence agency, of orchestrating cyber attacks on the campaign of Democratic presidential candidate Hillary Clinton, a charge Moscow denies.

But the sanctions also threatened to imperil the Russian sales operations of Western tech companies. Under a little-understood arrangement, the FSB doubles as a regulator charged with approving the import to Russia of almost all technology that contains encryption, which is used in both sophisticated hardware as well as products like cellphones and laptops.

Worried about the sales impact, business industry groups, including the U.S.-Russia Business Council and the American Chamber of Commerce in Russia, contacted U.S. officials at the American embassy in Moscow and the Treasury, State and Commerce departments, according to five people with direct knowledge of the lobbying effort.

The campaign, which began in January and proved successful in a matter of weeks, has not been previously reported.

In recent years, Western technology companies have acceded to increasing demands by Moscow for access to closely guarded product security secrets, including source code, Reuters reported last week.[nL1N1JK1ZF] Russia’s information technology market is expected to reach $18.4 billion this year, according to market researcher International Data Corporation.

The sanctions would have meant the Russian market was “dead for U.S. electronics” said Alexis Rodzianko, president of the American Chamber of Commerce in Russia, who argued against the new restrictions. “Every second Russian has an iPhone, iPad, so they would all switch to Samsungs,” he said.

A spokesman for the U.S. Commerce Department Bureau of Industry and Security declined to comment. A State Department official said Washington considered a range of factors before amending the FSB sanction and regularly works with U.S. companies to assess the impact of such policies.

The lobbyists argued the sanction could have stopped the sale of cars, medical devices and heavy equipment, all of which also often contain encrypted software, according to a person involved in the lobbying effort. The goal of the sanctions was to sever U.S. business dealings with the FSB – not end American technology exports to Russia entirely, the industry groups argued.

“The sanction was against a government agency that has many functions, only one of them being hacking the U.S. elections,” said Rodzianko.

The lobbyists assembled representatives from the tech, automotive and manufacturing sectors to make the case to the U.S. Treasury Department, said the person involved in the lobbying effort.

The industry groups did not argue against the intent of the sanction but asked for a narrow exception that would allow them to continue to seek regulatory approvals from the FSB while still keeping in place the broader ban on doing business with the spy agency.

“PUNISHMENT FOR VERY BAD ACTS”

The industry groups represent a number of technology firms with a large presence in Russia, including Cisco and Microsoft.

Reuters was unable to determine which companies were directly involved in the lobbying. Microsoft said it did not ask for changes to the sanctions. In a statement, Cisco said it also did not seek any changes to the sanction but had asked the Treasury Department for clarification on how it applied.

In order to get encrypted technology into Russia, companies need to obtain the blessing of the FSB, a process that can sometimes take months or even years of negotiation. Before granting that approval, the agency can demand sensitive security data about the product, including source code – instructions that control the basic operations of computer equipment.

The United States has accused Russia of a growing number of cyber attacks against the West. U.S. officials say they are concerned that Moscow’s reviews of product secrets could be used to find vulnerabilities to hack into the products.

Some U.S. government officials rejected the industry groups’ arguments. They openly embraced the prospect of any ripple effect that cut further trade with Russia.

Kevin Wolf was assistant secretary at the Commerce Department and oversaw export control policy when the FSB sanction was put in place. Wolf said within days of the sanction taking effect, Commerce received numerous calls from industry groups and companies warning of the unintended consequences.

But for Wolf, who was “furious” with Moscow over the alleged cyber attacks, any additional curbs on trade with Russia was a bonus rather than an unintended downside.

“I said, ‘Great, terrific, fuck ’em … The whole point is to interfere with trade’,” recounted Wolf. “The sanction was meant to impose pain (on Russia) and send a signal as punishment for very bad acts.”

Wolf left the Commerce Department when President Donald Trump took office on Jan. 20.

Other officials felt that the impact on legitimate trade was too great. “The intention of the sanction was not to cut off tech trade with Russia,” said a U.S. official with direct knowledge of the process.

The lobbyists had also argued that since the sanctions only applied to U.S. technology makers, it would put them at a disadvantage to European and Asian companies who would still be able to interact with the FSB and sell products in Russia.

“We were asking for a narrow technical fix that would give a fair deal for American companies,” Dan Russell, CEO of the U.S.-Russia Business Council, said in an interview.

The advocacy worked. State and Treasury officials began working to tweak the sanction in January before Obama left office, according to people involved in the process.

On Feb. 2, the Treasury Department created an exception to the sanction, about two weeks after Trump took office, to allow tech companies to continue to obtain approvals from the FSB.

(Reporting by Joel Schectman and Dustin Volz in Washington and Jack Stubbs in Moscow; Editing by Ross Colvin)

Mexico opposition officials targeted by government spying: report

A Mexican flag is seen over the city of Tijuana, Mexico from San Ysidro, a district of San Diego, California, U.S., April 21, 2017. REUTERS/Mike Blake

By Michael O’Boyle

MEXICO CITY (Reuters) – Three senior opposition officials in Mexico, including a party leader, were targeted with spying software sold to governments to fight criminals and terrorists, according to a report by researchers at the University of Toronto.

The officials, who included conservative National Action Party (PAN) head Ricardo Anaya, received text messages linked to software known as Pegasus, which Israeli company NSO Group only sells to governments, the report by Citizen Lab said.

Mexican President Enrique Pena Nieto has asked the attorney general’s office to investigate charges that the government spied on private citizens, saying he wanted to get to the bottom of the accusations that he called “false.”

Last week, Citizen Lab, a group of researchers at the University of Toronto’s Munk School, identified 12 activists, human-rights lawyers and journalists who had also seen attempts to infect their phones with the powerful spyware.

John Scott-Railton, one of a group of researchers at Citizen Lab who have spent five years tracking the use of such spyware by governments against civilians, said Mexico’s case was notable for the number of targets and the intensity of efforts.

“What we have already provided, in our prior reporting, is strong circumstantial evidence implicating the government of Mexico,” he said.

Anaya, PAN Senator Roberto Gil Zuarth and Fernando Rodriguez, the PAN’s communications secretary, received infectious messages in June 2016, when lawmakers were discussing anti-corruption legislation, the report said.

The PAN officials did not immediately respond to a request for comment on the report, which was published on Citizen Lab’s website: http://bit.ly/2sl8UiH.

Pena Nieto’s office said in a statement that it “categorically refuses to allow any of its agencies to carry out surveillance or intervention of communications” except for fighting organized crime or national security threats, and only with court authorization.

Mexico’s government purchased about $80 million worth of spyware from NSO Group, according to a report by the New York Times last week.

The spying allegations have added to the problems facing Pena Nieto, whose popularity has waned due to rising violence and signs of widespread corruption.

Among the previous targets who Citizen Lab identified were Carmen Aristegui, a journalist who in 2014 helped reveal that Pena Nieto’s wife had acquired a house from a major government contractor, as well as lawyers representing the families of 43 students who disappeared and were apparently massacred in 2014.

At least nine of the people who were targeted filed charges with authorities on June 19. On June 22, Pena Nieto promised a thorough investigation and insisted that Mexico was a democracy that tolerated critical voices.

The president’s office said in its latest statement that any new allegations would be added to the current investigation.

(Editing by Lisa Von Ahn and Frank Jack Daniel)

Suspected North Korea drone spied on U.S. anti-missile system: South Korea officials

FILE PHOTO: A Terminal High Altitude Area Defense (THAAD) interceptor is launched during a successful intercept test, in this undated handout photo provided by the U.S. Department of Defense, Missile Defense Agency. U.S. Department of Defense, Missile Defense Agency/Handout via Reuters/File Photo

SEOUL (Reuters) – A suspected North Korean drone had taken photographs of an advanced U.S. anti-missile battery in South Korea before it crashed on its way home, the South Korean military said on Tuesday.

The drone, mounted with a camera, was found last week in a forest near the border with North Korea. It was similar in size and shape to a North Korean drone found in 2014 on an island near the border.

“We confirmed that it took about 10 photos,” of the anti-missile system, known as the Terminal High Altitude Area Defense (THAAD), a South Korean Defense Ministry official said by telephone.

The drone was suspected to be from North Korea, the official added.

South Korea is hosting the anti-missile defense system in the Seongju region, about 250 km (155 miles) from the border with North Korea, to counter a growing missile threat from the North.

“We will come up with measures to deal with North Korean drones,” said an official at South Korea’s Office of the Joint Chiefs of Staff, who also declined to be identified as he is not authorized to speak to the media.

North Korean drones are known to have flown over South Korea several times.

North Korea has about 300 unmanned aerial vehicles of different types including one designed for reconnaissance as well as combat drones, the United Nations said in a report last year.

The North Korean drones recovered in South Korea were probably procured through front companies in China, with parts manufactured in China, the Czech Republic, Japan and the United States, it added.

The neighbors are technically at war after the 1950-53 Korean War ended in a truce and not a peace treaty.

South Korea and the United States agreed last year to deploy the THAAD unit in response to North Korea’s relentless development of its ballistic missiles, and nuclear weapons, in defiance of U.N. sanctions.

China strongly objects to the THAAD system saying its powerful radar can probe deep into its territory, undermining its security and upsetting a regional balance. China also says the system does nothing to deter North Korea.

South Korea and the United States say the system is aimed solely at defending against North Korean missiles.

(Reporting by Yuna Park; Editing by Kim Coghill, Robert Birsel)

NSA backtracks on sharing number of Americans caught in warrant-less spying

A security car patrols the National Security Agency (NSA) data center in Bluffdale, Utah, U.S., March 24, 2017. REUTERS/George Frey

By Dustin Volz

WASHINGTON (Reuters) – For more than a year, U.S. intelligence officials reassured lawmakers they were working to calculate and reveal roughly how many Americans have their digital communications vacuumed up under a warrant-less surveillance law intended to target foreigners overseas.

This week, the Trump administration backtracked, catching lawmakers off guard and alarming civil liberties advocates who say it is critical to know as Congress weighs changes to a law expiring at the end of the year that permits some of the National Security Agency’s most sweeping espionage.

“The NSA has made Herculean, extensive efforts to devise a counting strategy that would be accurate,” Dan Coats, a career Republican politician appointed by Republican President Donald Trump as the top U.S. intelligence official, testified to a Senate panel on Wednesday.

Coats said “it remains infeasible to generate an exact, accurate, meaningful, and responsive methodology that can count how often a U.S. person’s communications may be collected” under the law known as Section 702 of the Foreign Intelligence Surveillance Act.

He told the Senate Intelligence Committee that even if he dedicated more resources the NSA would not be able to calculate an estimate, which privacy experts have said could be in the millions.

The statement ran counter to what senior intelligence officials had previously promised both publicly and in private briefings during the previous administration of President Barack Obama, a Democrat, lawmakers and congressional staffers working on drafting reforms to Section 702 said.

Representative John Conyers, the top Democrat in the House of Representatives Judiciary Committee, said that for many months intelligence agencies “expressly promised” members of both parties to deliver the estimated number to them.

Senior intelligence officials had also previously said an estimate could be delivered. In March, then NSA deputy director Rick Ledgett, said “yes” when asked by a Reuters reporter if an estimate would be provided this year.

“We’re working on that with the Congress and we’ll come to a satisfactory resolution, because we have to,” said Ledgett, who has since retired from public service.

The law allows U.S. intelligence agencies to eavesdrop on and collect vast amounts of digital communications from foreign suspects living outside of the United States, but often incidentally scoops up communications of Americans.

The decision to scrap the estimate is likely to complicate a debate in Congress over whether to curtail certain aspects of the surveillance law, congressional aides said. Congress must vote to renew Section 702 to avoid its expiration on Dec. 31.

Privacy issues often scramble traditional party lines, but there are signs that Section 702’s renewal will be even more politically unpredictable.

Some Republicans who usually support surveillance programs have expressed concerns about Section 702, in part because they are worried about leaks of intercepts of conversations between Trump associates and Russian officials amid investigations of possible collusion.

U.S. intelligence agencies last year accused Russia of interfering in the 2016 presidential election campaign, allegations Moscow denies. Trump denies there was collusion. Intelligence officials have said Section 702 was not directly connected to surveillance related to those leaks.

“As big a fan as I am of collection, incidental collection, I’m not going to reauthorize a program that could be politically manipulated,” Senator Lindsey Graham, usually a defender of U.S. surveillance activities, told reporters this week.

Graham was among 14 Republican senators, including every Republican member of the intelligence panel, who on Tuesday introduced a bill supported by the White House and top intelligence chiefs, that would renew Section 702 without changes and make it permanent.

Critics have called the process under which the FBI and other agencies can query the pool of data collected for U.S. information a “backdoor search loophole” that evades traditional warrant requirements.

“How can we accept the government’s reassurance that our privacy is being protected when the government itself has no idea how many Americans’ communications are being swept up and stored?” said Liza Goitein, a privacy expert at the Brennan Center for Justice.

(Reporting by Dustin Volz; additional reporting by Richard Cowan; Editing by Jonathan Weber and Grant McCool)

South Korea finds apparent North Korean drone near border

A small aircraft what South Korea's Military said is believed to be a North Korean drone, is seen at a mountain near the demilitarised zone separating the two Koreas in Inje, South Korea in this handout picture provided by the Defence Ministry and released by News1 on June 9, 2017. The Defence Ministry/News1 via REUTERS

By Ju-min Park

SEOUL (Reuters) – South Korea has found what appears to be a North Korean drone equipped with a camera on a mountain near its border with the isolated nation, the South’s military said on Friday, suggesting the device was on a spying mission.

Its appearance a day after Pyongyang tested a new type of anti-ship missile on Thursday, could spark questions about the state of South Korea’s air defenses at a time when Seoul is trying to rein in the North’s nuclear and missile programs.

In size and shape, the device looked like a North Korean drone found in 2014 on an island near the border, South Korea’s Office of Joint Chiefs of Staff said in a statement, adding that authorities plan to conduct a close analysis.

“The drone found this time looks sloppy but slightly more slender than previous ones,” a South Korean military official told Reuters on condition of anonymity, because he was not authorized to speak to the media.

The device would be the latest of several North Korean drones to have flown into the South, with which Pyongyang is technically at war after the Korean war ended in a truce, rather than a peace treaty, in 1953.

In 2014, South Korea said three unmanned drones from North Korea were found in border towns.

A joint investigation by South Korean and U.S. militaries has concluded the craft were on reconnaissance missions for the North, which has denied sending spy drones, however, dismissing the findings as a fabrication.

Last year, South Korea fired warning shots at a suspected North Korean drone, forcing it to turn back.

North Korea owns around 300 unmanned aerial vehicles of different types including reconnaissance, target and combat drones, the United Nations said in a report last year.

The North Korean drones recovered in South Korea were probably procured through front companies in China, with parts manufactured in China, the Czech Republic, Japan and the United States, it added.

(Reporting by Ju-min Park; Editing by Soyoung Kim and Clarence Fernandez)

White House, intel chiefs want to make digital spying law permanent

Director of National Intelligence Daniel Coats (2nd-R) testifies as he appears alongside acting FBI Director Andrew McCabe (L), Deputy Attorney General Rod Rosenstein (2nd-L) and National Security Agency Director Michael Rogers (R) at a Senate Intelligence Committee hearing on the Foreign Intelligence Surveillance Act (FISA) in Washington, U.S., June 7, 2017. REUTERS/Kevin Lamarque

By Dustin Volz

WASHINGTON (Reuters) – The White House and U.S. intelligence chiefs Wednesday backed making permanent a law that allows for the collection of digital communications of foreigners overseas, escalating a fight in Congress over privacy and security.

The law, enshrined in Section 702 of the Foreign Intelligence Surveillance Act, is due to expire on December 31 unless Congress votes to reauthorize it, but is considered vital by U.S. intelligence agencies.

Privacy advocates have criticized the law though for allowing the incidental collection of data belonging to millions of Americans without a search warrant.

The push to make the law permanent may lead to a contentious debate over renewal of Section 702 in Congress, where lawmakers in both parties are deeply divided over whether to adopt transparency and oversight reforms.

“We cannot allow adversaries abroad to cloak themselves in the legal protections we extend to Americans,” White House Homeland Security Adviser Tom Bossert wrote in an editorial published in the New York Times newspaper on Wednesday.

U.S. Director of National Intelligence Dan Coats, speaking on behalf of other intelligence agency leaders, also told the Senate Intelligence Committee panel on Wednesday that the statute should be made permanent, saying it was necessary to keep the United States safe from national security threats.

NSA Director Rogers added that the law had been vital to preventing terrorism in allied countries as well.

Fourteen Republican senators, including every Republican member of the Senate intelligence panel, introduced a bill on Tuesday that would make part of Section 702 permanent.

The statute, which grants the National Security Agency a considerable freedom in the collection of foreigners’ digital communications, normally comes with a “sunset” clause, meaning that roughly every five years lawmakers need to reconsider its impact on privacy and civil liberties.

‘SPY ON AMERICANS’

Intelligence Director Coats said it was not feasible for the NSA to provide an estimate of the number of Americans whose communications are ensnared incidentally under Section 702.

Coats and other officials had previously told Congress they would attempt to share an estimate publicly before the statute expires. A frustrated Democratic Senator Ron Wyden, who has asked for such an estimate for several years, said Coats “went back on a pledge.”

Privacy advocates criticized the push to make Section 702 permanent, arguing that regular reviews of the law were necessary to conduct appropriate oversight and prevent potential abuses.

“After months of criticizing the government for allegedly spying on his presidential campaign, President Trump is now hypocritically endorsing a bill that would make permanent the NSA authority that is used to spy on Americans without a warrant,” said Neema Singh Guliani, legislative counsel with the American Civil Liberties Union.

Disclosures by former NSA contractor Edward Snowden in 2013 revealed the sweeping nature of 702 surveillance, prompting outrage internationally and embarrassing some U.S. technology firms shown to be involved in a program known as Prism.

Last week, Facebook <FB.O>, Amazon <AMZN.O>, Alphabet Inc’s Google <GOOGL.O> sent a letter to Congress urging lawmakers to adopt several reforms to the law, including codifying the recent termination of a type of NSA surveillance that collected Americans’ communications with someone living overseas that merely mentioned a foreign intelligence target.

Making the law permanent without changes would preclude codifying that change.

Reuters reported in March that the Trump administration supported renewal of Section 702 without any changes, citing an unnamed White House official, but it was not clear at the time whether it wanted the law made permanent.

(This version of the story corrects paragraph 14 to add dropped words “embarrassing some U.S. technology firms involved in”)

(Reporting by Dustin Volz; Editing by Alden Bentley and Paul Simao)

U.S. spy agencies probe another flank in Russian hacking

Reality Leigh Winner, 25, a federal contractor charged by the U.S. Department of Justice for sending classified material to a news organization, poses in a picture posted to her Instagram account. Reality Winner/Social Media via REUTERS

By Joseph Menn

SAN FRANCISCO (Reuters) – Russian hacking of the 2016 U.S. election included sophisticated targeting of state officials responsible for voter rolls and voting procedures, according to a top secret U.S. intelligence document that was leaked and published this week, revealing another potential method of attempted interference in the vote.

The month-old National Security Agency document outlined activities including impersonating an election software vendor to send trick emails to more than 100 state election officials. Analysts at the NSA believed the hackers were working for the Russian military’s General Staff Main Intelligence Directorate, or GRU, according to the document.

The document’s publication on Monday by The Intercept, a news outlet that focuses on security issues, received particular attention because an intelligence contractor, Reality Leigh Winner, was charged the same day with leaking it.

U.S. intelligence agencies have previously said the Kremlin tried to influence the election outcome in favor of Republican candidate Donald Trump through leaks during the campaign of hacked emails from Democratic Party officials, aimed at discrediting Democratic candidate Hillary Clinton.

The new revelations suggest that U.S. investigators are also still probing a more direct attempt to attack the election itself, and a federal official confirmed that is the case. However, there is no evidence that hackers were able to manipulate votes, or the vote tally.

The document says at least one employee of the software vendor had an account compromised but does not cover whether any of the elections officials were also successfully compromised.

If they did compromise the officials, hackers could have planted malicious software, then captured proof of the infection to suggest that there had been fraud on Clinton’s behalf, had she won the Nov. 8 election, experts said.

“If your goal is to disrupt an election, you don’t need to pick the winner or actually tamper with tally result,” said Matt Blaze, a University of Pennsylvania computer science professor who has written on the security of voting machines. Simply casting doubt on the legitimacy of the results could achieve the goals of a government-sponsored hacking campaign, he said.

U.S. intelligence officials had previously stated that Russian intelligence had won access to “multiple” election officials but had said that compromised machines were not involved with vote tallies. But they had not said how sophisticated and extensive the effort was or how it worked.

Russian President Vladimir Putin has strongly denied Russian government involvement in election hacking, though he said last week that “patriotic” Russians could have been involved. Trump has denied any collusion.

SPEAR-PHISHING ON ELECTIONS OFFICIALS

The newly leaked NSA report said the hackers used so-called “spear-phishing” techniques on election officials, trying to convince targets to click on links in emails that seemed to come from legitimate correspondents.

The report describes just one phishing campaign, which hit state officials a week before the election, but does not give any locations or say if it was successful. Although there may have been many others, security experts said one coming so late in the game would be more likely to be about sowing chaos than trying to alter vote counts.

The report did not say what the hackers were trying to accomplish, and any investigation of the computers of people who were targeted would be the jurisdiction of the FBI.

An FBI spokeswoman declined to comment Tuesday, as did the office of the special counsel Robert Mueller, who is investigating possible collusion between Trump campaign officials and the Russian government.

ATTACKING VOTER ROLLS

The “bait” used in the spear-phishing campaign involved software for managing voter registration rolls. The hackers might have been considering deleting some records and forcing officials to turn legitimate voters away, said elections technology security expert Alex Halderman, of the University of Michigan.

There were no wide reports of mass rejections of voters, so perhaps that plan was abandoned or proved too hard to execute, he said.

It is also possible that the idea was to get onto the machines of officials who oversaw both registration and voting software. Elections are run by counties in the United States.

“Depending on the county’s configuration and security practices and what is separated from what, they could have access to potentially every aspect, from lists of registered voters, to voting machines, to firmware on those machines, to the ballots that are presented, to the software that controls the final tally,” Blaze said.

“This is the holy grail of what an attacker would want to compromise.”

Members of Congress said they hoped to learn more about the hacking attempts.

“It’s important that the American people understand that the Russian attempts to break into a number of our state voting processes – we talked about this in the fall – was broad-based,” Democrat Mark Warner, vice chairman of the Senate Intelligence committee, told reporters.

“It’s my hope in the coming days that we can get more information out about that.”

(Reporting by Joseph Menn in San Francisco; Additonal reporting by Dustin Volz, Jim Finkle and Mark Hosenball in Washington; Editing by Jonathan Weber and Frances Kerry)