Blame game for cyber attacks grows murkier as spying, crime tools mix

FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken March 1, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

By Eric Auchard

TALLINN, Estonia (Reuters) – Veteran espionage researcher Jon DiMaggio was hot on the trail three months ago of what on the face of it looked like a menacing new industrial espionage attack by Russian cyber spies.

All the hallmarks were there: targeted phishing emails common to government espionage, an advanced Trojan horse for stealing data from inside organizations, covert communication channels for grabbing documents and clues in the programming code indicating its authors were Russian speakers.

It took weeks before the lead cyber spying investigator at Symantec, a top U.S. computer security firm, figured out instead he was tracking a lone-wolf cyber criminal.

DiMaggio won’t identify the name of the culprit, whom he has nicknamed Igor, saying the case is a run-of-the-mill example of increasing difficulties in separating national spy agency activity from cyber crime. The hacker comes from Transdniestria, a disputed, Russian-speaking region of Moldova, he said.

“The malware in question, Trojan.Bachosens, was so advanced that Symantec analysts initially thought they were looking at the work of nation-state actors,” DiMaggio told Reuters in a phone interview on Wednesday. “Further investigation revealed a 2017 equivalent of the hobbyist hackers of the 1990s.”

Reuters could not contact the alleged hacker.

The example highlights the dangers of jumping to conclusions in the murky world of cyber attack and defense, as tools once only available to government intelligence services find their way into the computer criminal underground.

Security experts refer to this as “the attribution problem”, using technical evidence to assign blame for cyber attacks in order to take appropriate legal and political responses.

These questions echo through the debate over whether Russia used cyber attacks to influence last year’s U.S. presidential elections and whether Moscow may be attempting to disrupt national elections taking place in coming months across Europe.

The topic is a big talking point for military officials and private security researchers at the International Conference on Cyber Conflict in Tallin this week. It has been held each year since Estonia was swamped in 2007 by cyber attacks that took down government, financial and media websites amid a dispute with Russia. Attribution for those attacks remains disputed.

THE SMOKING GUN

“Attribution is almost never a clean, smoking-gun,” said Paul Vixie, creator of the first commercial anti-spam service, whose latest firm, Farsight Security, helps firms track down cyber attackers to identify and block them.

Raising the stakes, a mystery group calling itself ShadowBrokers has taken credit for leaking cyber-spying tools that are now being turned to criminal use, including ones used in the recent WannaCry global ransomware attack, ratcheting up cyber security threats to a whole new level.

In recent weeks, ShadowBrokers has threatened to sell more such tools, believed to have been stolen from the U.S. National Security Agency, to enable hacking into the world’s most used computers, software and phones. (http://reut.rs/2rmTZmm)

“The bar for what’s considered advanced is lowered as time goes by,” said Sean Sullivan, a security researcher with Finnish cyber firm F-Secure.

The Moldovan hacker’s campaign to steal data and resell it on the web came to light only after infections popped up last year at a major airline, an online gambling firm and a Chinese automotive software maker, which are all customers of Symantec products used to secure their business networks.

Igor appears to have targeted the auto-tech company to steal its car diagnostics software, which retails for around $1,100 but Igor sold for just a few hundred dollars on underground forums and websites he had created. His aims in trying to break into the airline and gambling firm remain a mystery.

“Considering the audacity of this attack, the financial rewards for Igor are pretty low,” DiMaggio wrote in a blog post on his findings to be published on Wednesday.

As a threat, Symantec rates Trojan.Bachosens as a very low risk virus, in part because the attack singles out only a handful of specific firms rather than the wide-ranging, random attacks used by many cyber criminals to scoop up the greatest number of victims.

“I think those days are over when we can say in black and white: We know this is an espionage group,” DiMaggio said.

The Symantec researcher has not reported Igor to local authorities, calculating that exposing the methods of the attack will be enough to neutralize them.

(Editing by Peter Millership)

Wikipedia can pursue NSA surveillance lawsuit: U.S. appeals court

A man is silhouetted near logos of the U.S. National Security Agency (NSA) and Wikipedia in this photo illustration taken in Sarajevo March 11, 2015. REUTERS/Dado Ruvic/File Photo

By Jonathan Stempel

(Reuters) – A federal appeals court on Tuesday revived a Wikipedia lawsuit that challenges a U.S. National Security Agency (NSA) program of mass online surveillance, and claims that the government unconstitutionally invades people’s privacy rights.

By a 3-0 vote, the 4th U.S. Circuit Court of Appeals in Richmond, Virginia, said the Wikimedia Foundation, which hosts the Wikipedia online encyclopedia, had a legal right to challenge the government’s Upstream surveillance program.

The decision could make it easier for people to learn whether authorities have spied on them through Upstream, which involves bulk searches of international communications within the internet’s backbone of cables, switches and routers.

Upstream’s existence was revealed in leaks by former NSA contractor Edward Snowden in 2013.

Lawyers for the Wikipedia publisher and eight other plaintiffs including Amnesty International USA and Human Rights Watch, with more than 1 trillion international communications annually, argued that the surveillance violated their rights to privacy, free expression and association.

The U.S. Department of Justice countered that the Foreign Intelligence Surveillance Act had authorized Upstream’s review of communications between Americans and foreign “targets.”

In October 2015, U.S. District Judge T.S. Ellis III in Baltimore dismissed the lawsuit, finding a lack of evidence that the NSA, headquartered in Maryland, was conducting surveillance “at full throttle.”

Writing for the appeals court panel, however, Circuit Judge Albert Diaz found “nothing speculative” about the Wikimedia Foundation’s claims.

Diaz said the NSA interception and copying of communications showed “an invasion of a legally protected interest – the Fourth Amendment right to be free from unreasonable searches and seizures.”

The foundation could also pursue its First Amendment claim because it had “self-censored” some communications in response to the Upstream surveillance, Diaz said.

By a 2-1 vote, the same panel also ruled the plaintiffs lacked standing to challenge the NSA’s alleged “dragnet” to intercept “substantially all” text-based communications to and from the United States while conducting Upstream surveillance.

Justice Department spokesman Mark Abueg declined to comment.

Patrick Toomey, an American Civil Liberties Union lawyer representing the plaintiffs, said the ruling means Upstream “will finally face badly needed scrutiny” in the courts.

“This is an important victory for the rule of law,” he said in a statement. “Our government shouldn’t be searching the private communications of innocent people in bulk.”

Some Democratic and Republican lawmakers are working on legislation to curtail parts of Upstream. A section of FISA that authorizes the program expires at year end.

The case is Wikimedia Foundation et al v National Security Agency et al, 4th U.S. Circuit Court of Appeals, No. 15-2560.

(Reporting by Jonathan Stempel in New York; Additional reporting by Dustin Volz in Washington; editing by Jeffrey Benkoe and Phil Berlowitz)

Anti-abortion activists seek dismissal of California privacy case

Anti-abortion activist David Daleiden, waits outside Superior Court in San Francisco, California, U.S., May 3, 2017. REUTERS/Lisa Fernandez

By Lisa Fernandez

SAN FRANCISCO (Reuters) – Lawyers for two anti-abortion activists who secretly filmed a conference of abortion providers while pretending to work for a fetal-tissue procurement company asked a California judge on Wednesday to dismiss eavesdropping charges against the pair.

Defense attorneys asserted in court papers that the criminal complaint brought by California’s attorney general against David Daleiden, 28, and Sandra Merritt, 63, was insufficient because it failed to identify their alleged victims by name.

Daleiden and Merritt are each charged with conspiracy and 14 counts of invasion of privacy for creating false identities to infiltrate the abortion conference, then videotaping various conference participants and others without their consent.

The two are accused of fabricating a sham biomedical research firm, BioMax Procurement Services, to gain access to private meetings of the National Abortion Federation (NAF), Planned Parenthood and others affiliated with reproductive healthcare.

The individuals they taped are referred to in charging documents as DOE 1 through 14. Prosecutors filed identifying information in a sealed confidential attachment.

If the judge sides with the defense, finding prosecutors lack justification for keeping the alleged victims anonymous, the state could be forced to amend its complaint and reveal their names in order to proceed.

Defense lawyer Steve Cooley, representing Daleiden, said state Attorney General Xavier Becerra, a Democrat, was conducting a political prosecution.

Daleiden, who runs the California-based nonprofit Center for Medical Progress, and Merritt, a fellow anti-abortion activist and retired teacher, have cast themselves as “citizen journalists” who employed well-worn undercover tactics of the news media to expose wrongdoing.

But prosecutors said Daleiden and Merritt engaged in computer hacking and criminal fraud to create false IDs and a bogus corporate entity – crossing lines that bona fide journalists would avoid.

The case stems from recordings made at an April 2014 NAF conference in San Francisco and several subsequent restaurant meetings in Los Angeles and El Dorado, California.

Distribution of those tapes and others from a 2015 NAF conference in Baltimore were barred under federal court order after NAF sued Daleiden’s group in 2015.

But Daleiden has released other videos targeting Planned Parenthood purporting to show its officials trying to profit from the sale aborted fetal tissue, in violation of federal law.

Planned Parenthood accused Daleiden of using the videos to distort its practices, in which it lawfully seeks only to recover costs associated with fetal tissue donations for scientific research.

Daleiden and Merritt were indicted in January 2016 for using illegal government identifications to secretly film a Planned Parenthood facility in Texas, but that case was dropped. Both are slated for arraignment in the California case on June 8.

Daleiden surrendered to authorities last month under an arrest warrant and was released on $75,000 bond. Merritt was taken into custody at the court on Thursday and was expected to post bond later in the day.

(Additional reporting and writing by Steve Gorman in Los Angeles; Editing by Robert Birsel)

NSA collected Americans’ phone records despite law change: report

An illustration picture shows the logo of the U.S. National Security Agency on the display of an iPhone in Berlin, June 7, 2013. REUTERS/Pawel Kopczynski

By Mark Hosenball

WASHINGTON (Reuters) – The U.S. National Security Agency collected more than 151 million records of Americans’ phone calls last year, even after Congress limited its ability to collect bulk phone records, according to an annual report issued on Tuesday by the top U.S. intelligence officer.

The report from the office of Director of National Intelligence Dan Coats was the first measure of the effects of the 2015 USA Freedom Act, which limited the NSA to collecting phone records and contacts of people U.S. and allied intelligence agencies suspect may have ties to terrorism.

It found that the NSA collected the 151 million records even though it had warrants from the secret Foreign Intelligence Surveillance court to spy on only 42 terrorism suspects in 2016, in addition to a handful identified the previous year.

The NSA has been gathering a vast quantity of telephone “metadata,” records of callers’ and recipients’ phone numbers and the times and durations of the calls – but not their content – since the September 11, 2001, attacks.

The report came as Congress faced a decision on whether to reauthorize Section 702 of the Foreign Intelligence Surveillance Act (FISA), which permits the NSA to collect foreign intelligence information on non-U.S. persons outside the United States, and is scheduled to expire at the end of this year.

Privacy advocates have argued that Section 702 permits the NSA to spy on Internet and telephone communications of Americans without warrants from the secret Foreign Intelligence Surveillance Court, and that foreign intelligence could be used for domestic law enforcement purposes in a way that evades traditional legal requirements.

The report said that on one occasion in 2016, the FBI obtained information about an American in response to a search of Section 702 data intended to produce evidence of a crime not related to foreign intelligence.

The report did not address how frequently the FBI obtained information about Americans while investigating a foreign intelligence matter, however.

On Friday, the NSA said it had stopped a form of surveillance that allowed it to collect the digital communications of Americans who mentioned a foreign intelligence target in their messages without a warrant.

TRUMP’S ALLEGATIONS

The new report also came amid allegations, recently repeated by U.S. President Donald Trump, that former President Barack Obama ordered warrantless surveillance of his communications and that former national security adviser Susan Rice asked the NSA to unmask the names of U.S. persons caught in the surveillance.

Both Republican and Democratic members of the congressional intelligence committees have said that so far they have found no evidence to support either allegation.

Officials on Tuesday argued that the 151 million records collected last year were tiny compared with the number collected under procedures that were stopped after former NSA contractor Edward Snowden revealed the surveillance program in 2013.

Because the 151 million would include multiple calls made to or from the same phone numbers, the number of people whose records were collected also would be much smaller, the officials said. They said they had no breakdown of how many individuals’ phone records were among those collected.

In all, according to the report, U.S. officials unmasked the names of fewer Americans in NSA eavesdropping reports in 2016 than they did the previous year, the top U.S. intelligence officer reported on Tuesday.

The report said the names of 1,934 “U.S. persons” were “unmasked” last year in response to specific requests, compared with 2,232 in 2015, but it did not identify who requested the names or on what grounds.

Officials said in the report that U.S. intelligence agencies had gone out of their way to make public more information about U.S. electronic eavesdropping.

“This year’s report continues our trajectory toward greater transparency, providing additional statistics beyond what is required by law,” said Office of the Director of National Intelligence spokesman Timothy Barrett.

(Reporting by Mark Hosenball; Additional reporting by Dustin Volz; Editing by John Walcott and Jonathan Oatis)

U.S. spy agency abandons controversial surveillance technique

FILE PHOTO - An aerial view shows the National Security Agency (NSA) headquarters in Ft. Meade, Maryland, U.S. on January 29, 2010. REUTERS/Larry Downing/File Photo

By Dustin Volz

WASHINGTON (Reuters) – The U.S. National Security Agency said on Friday it had stopped a form of surveillance that allowed it to collect without a warrant the digital communications of Americans who mentioned a foreign intelligence target in their messages, marking an unexpected triumph for privacy advocates long critical of the practice.

The decision to stop the once-secret activity, which involved messages sent to or received from people believed to be living overseas, came despite the insistence of U.S. officials in recent years that it was both lawful and vital to national security.

The halt is among the most substantial changes to U.S. surveillance policy in years and comes as digital privacy remains a contentious issue across the globe following the 2013 disclosures of broad NSA spying activity by former intelligence contractor Edward Snowden.

“NSA will no longer collect certain internet communications that merely mention a foreign intelligence target,” the agency said in a statement. “Instead, NSA will limit such collection to internet communications that are sent directly to or from a foreign target.”

NSA also said it would delete the “vast majority” of internet data collected under the surveillance program “to further protect the privacy of U.S. person communications.”

The decision is an effort to remedy privacy compliance issues raised in 2011 by the Foreign Intelligence Surveillance Court, a secret tribunal that rules on the legality of intelligence operations, sources familiar with the matter said.

The court recently approved the changes, NSA said in its statement.

The NSA is not permitted to conduct surveillance within the United States. The so-called “about” collection went after messages that mentioned a surveillance target, even if the message was neither to nor from that person.

That type of collection sometimes resulted in surveillance of emails, texts and other communications that were wholly domestic. The NSA will continue to collect communications directly involving intelligence targets.

Friday’s announcement came as a surprise to privacy advocates who have long argued that “about” collection was overly broad and ran afoul of the U.S. Constitution’s protections against unreasonable searches.

Julian Sanchez, a privacy and surveillance expert with the Cato Institute, a libertarian think tank, called the decision “very significant” and among the top priorities of surveillance reform among civil liberties groups.

“Usually you identify a specific individual to scrutinize their content; this was scrutinizing everyone’s content to find mentions of an individual,” Sanchez said.

Other privacy advocates seized on the change to advocate for additional reforms to the Foreign Intelligence Surveillance Act (FISA). The part of the law under which the banned surveillance occurred, known as Section 702, is due to expire at the end of the year unless Congress reauthorizes it.

Democratic Senator Ron Wyden said in a statement he would introduce legislation “banning this kind of collection in the future.”

A U.S. government official familiar with the matter said the change was motivated in part to ensure that Section 702 is renewed before it sunsets on Dec. 31, 2017. FISA has come under increased scrutiny in recent months amid unsubstantiated claims by President Donald Trump and other Republicans that the Obama White House improperly spied on Trump or his associates.

Pieces of differing bits of digital traffic are often packaged together as they travel across the internet. Part of the issue with “about” collection stemmed from how an entire packet of information would be vacuumed up if one part of it contained information, such as an email address or phone number, connected to a foreign target.

NSA told the Privacy and Civil Liberties Oversight Board as recently as last year that changes to “about” collection were not “practical at this time,” according to a report from the government watchdog.

News of the surveillance activity being halted was first reported on Friday by The New York Times, which first revealed its existence in 2013, two months after Snowden leaked intelligence documents to journalists.

(Additional reporting by Mark Hosenball; writing by Eric Beech; editing by Tim Ahmann, Leslie Adler and Bill Rigby)

Lawyer urges Trump to press Iran on jailed U.S. father and son at nuclear talks

Lawyer Jared Genser and Babak Namazi, the brother and son of two prisoners in Iran, who hold both U.S. American and Iranian citizenship and who have been sentenced to lengthy prison terms in Iran, address the media in Vienna, Austria, April 25, 2017. REUTERS/Leonhard Foeger

VIENNA (Reuters) – The lawyer of an American-Iranian father and son jailed in Iran called on U.S. President Donald Trump to get his officials to press for the men’s release at nuclear talks with Tehran on Tuesday.

An Iranian court sentenced 46-year-old Siamak Namazi and his 80-year-old father Baquer Namazi to 10 years in prison each in October on charges of spying and cooperating with the United States.

The Namazis’ lawyer, Jared Genser, said he had traveled to the nuclear talks venue in Vienna with Siamak’s brother, Babak, to encourage Washington’s delegation to press the case, adding that he was worried about the detained men’s health.

The lawyer said a senior administration official in the U.S. delegation had told him on Monday that the case would be raised directly during the talks on the implementation of a deal reached in 2015 to shrink Iran’s nuclear programme in exchange for sanctions relief.

A State Department spokeswoman did not comment directly on the case, but said: “We continue to use all the means at our disposal to advocate for U.S. citizens who need our assistance overseas.”

Iran has not commented on the Namazis’ prison conditions but has repeatedly said that political prisoners are kept under standard condition in Evin prison with full access to medical care.

“In our view, something happening to the Namazis would be devastating not just to one side but to both sides,” Genser told reporters in a hotel near the venue.

“For either or both of the Namazis to die on (Trump’s) watch would be a public and catastrophic failure of his negotiating skills,”

Iran’s Islamic Revolutionary Guard Corps detained Siamak Namazi, a businessman, in October 2015 while he was visiting family in Tehran, relatives said.

The IRGC arrested his 80-year-old father, Baquer Namazi, a former Iranian provincial governor and former UNICEF official in February lat year, family members said.

Soon after the sentencing and days before he won the presidential election, Trump said on Twitter: “Iran has done it again … This doesn’t happen if I’m president!”

(Reporting By Shadia Nasralla; Editing by Andrew Heavens)

Hackers release files indicating NSA monitored global bank transfers

FILE PHOTO: Swift code bank logo is displayed on an iPhone 6s among Euro banknotes in this picture illustration January 26, 2016. REUTERS/Dado Ruvic/File Photo - RTS11WHG

By Clare Baldwin

(Reuters) – Hackers released documents and files on Friday that cybersecurity experts said indicated the U.S. National Security Agency had accessed the SWIFT interbank messaging system, allowing it to monitor money flows among some Middle Eastern and Latin American banks.

The release included computer code that could be adapted by criminals to break into SWIFT servers and monitor messaging activity, said Shane Shook, a cyber security consultant who has helped banks investigate breaches of their SWIFT systems.

The documents and files were released by a group calling themselves The Shadow Brokers. Some of the records bear NSA seals, but Reuters could not confirm their authenticity.

The NSA could not immediately be reached for comment.

Also published were many programs for attacking various versions of the Windows operating system, at least some of which still work, researchers said.

In a statement to Reuters, Microsoft <MSFT.O>, maker of Windows, said it had not been warned by any part of the U.S. government that such files existed or had been stolen.

“Other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers,” the company said.

The absence of warning is significant because the NSA knew for months about the Shadow Brokers breach, officials previously told Reuters. Under a White House process established by former President Barack Obama’s staff, companies were usually warned about dangerous flaws.

Shook said criminal hackers could use the information released on Friday to hack into banks and steal money in operations mimicking a heist last year of $81 million from the Bangladesh central bank.

“The release of these capabilities could enable fraud like we saw at Bangladesh Bank,” Shook said.

The SWIFT messaging system is used by banks to transfer trillions of dollars each day. Belgium-based SWIFT downplayed the risk of attacks employing the code released by hackers on Friday.

SWIFT said it regularly releases security updates and instructs client banks on how to handle known threats.

“We mandate that all customers apply the security updates within specified times,” SWIFT said in a statement.

SWIFT said it had no evidence that the main SWIFT network had ever been accessed without authorization.

It was possible that the local messaging systems of some SWIFT client banks had been breached, SWIFT said in a statement, which did not specifically mention the NSA.

When cyberthieves robbed the Bangladesh Bank last year, they compromised that bank’s local SWIFT network to order money transfers from its account at the New York Federal Reserve.

The documents released by the Shadow Brokers on Friday indicate that the NSA may have accessed the SWIFT network through service bureaus. SWIFT service bureaus are companies that provide an access point to the SWIFT system for the network’s smaller clients and may send or receive messages regarding money transfers on their behalf.

“If you hack the service bureau, it means that you also have access to all of their clients, all of the banks,” said Matt Suiche, founder of the United Arab Emirates-based cybersecurity firm Comae Technologies, who has studied the Shadow Broker releases and believes the group has access to NSA files.

The documents posted by the Shadow Brokers include Excel files listing computers on a service bureau network, user names, passwords and other data, Suiche said.

“That’s information you can only get if you compromise the system,” he said.

ATTEMPT TO MONITOR FLOW OF MONEY

Cris Thomas, a prominent security researcher with the cybersecurity firm Tenable, said the documents and files released by the Shadow Brokers show “the NSA has been able to compromise SWIFT banking systems, presumably as a way to monitor, if not disrupt, financial transactions to terrorists groups”.

Since the early 1990s, interrupting the flow of money from Saudi Arabia, the United Arab Emirates and elsewhere to al Qaeda, the Taliban, and other militant Islamic groups in Afghanistan, Pakistan and other countries has been a major objective of U.S. and allied intelligence agencies.

Mustafa Al-Bassam, a computer science researcher at University College London, said on Twitter that the Shadow Brokers documents show that the “NSA hacked a bunch of banks, oil and investment companies in Palestine, UAE, Kuwait, Qatar, Yemen, more.”

He added that NSA “completely hacked” EastNets, one of two SWIFT service bureaus named in the documents that were released by the Shadow Brokers.

Reuters could not independently confirm that EastNets had been hacked.

EastNets, based in Dubai, denied it had been hacked in a statement, calling the assertion “totally false and unfounded.”

EastNets ran a “complete check of its servers and found no hacker compromise or any vulnerabilities,” according to a statement from EastNets’ chief executive and founder, Hazem Mulhim.

In 2013, documents released by former NSA contractor Edward Snowden said the NSA had been able to monitor SWIFT messages.

The agency monitored the system to spot payments intended to finance crimes, according to the documents released by Snowden.

Reuters could not confirm whether the documents released Friday by the Shadow Brokers, if authentic, were related to NSA monitoring of SWIFT transfers since 2013.

Some of the documents released by the Shadow Brokers were dated 2013, but others were not dated.

The documents released by the hackers did not clearly indicate whether the NSA had actually used all the techniques cited for monitoring SWIFT messages.

(Additional reporting by Tom Bergin in London; Dustin Volz and John Walcott in Washington; Joseph Menn in San Franciso; and Jim Finkle in Buffalo, New York.; Editing by Brian Thevenot and Cynthia Osterman)

Turkey trawled four continents for data on Erdogan foes: Austrian lawmaker

The Turkish flag is seen outside their embassy in Vienna, Austria, March 31, 2017. REUTERS/Leonhard Foeger

By Shadia Nasralla and Francois Murphy

VIENNA (Reuters) – Turkish embassies on four continents submitted reports on alleged foreign-based opponents of President Tayyip Erdogan within a week of receiving a request from Ankara last September, according to documents released by an Austrian lawmaker.

The papers made public by opposition Greens politician Peter Pilz suggested a wider intelligence network than has so far been revealed by authorities investigating alleged spying by Turkey on its expatriates in three European countries.

“There is clearly a global network of informants. We cannot say exactly how long it took to build up this network. I assume that it happened in a matter of years,” Pilz told reporters.

A senior Turkish government official said: “These claims are completely false.”

Tensions are running high between Turkey and the European Union as Ankara tries to drum up support among expatriate Turks to vote ‘yes’ in a referendum on April 16 on whether to grant Erdogan sweeping new powers.

German, Austrian and Swiss authorities have all launched investigations into whether Turkey is conducting illegal espionage on their soil.

German prosecutors are investigating Halife Keskin, who leads the foreign affairs department of the Turkish state religious authority, the Diyanet, newspaper Sueddeutsche Zeitung and two German broadcasters reported late on Friday.

Investigators have a document in which Keskin personally ordered the global surveillance effort and asked for any reports to be sent to him, according to the German media.

The German federal prosecutor’s office declined to comment.

An official at the Diyanet said Keskin was currently in Turkey and that while the Diyanet was aware of the German media reports, it had received no official notification from the German authorities that Keskin was being investigated.

Countries routinely post intelligence officers in their embassies, and the European authorities have not said in what ways the alleged Turkish activity went beyond acceptable levels of information-gathering by a foreign power.

Among the documents released by Pilz was a written call on Sept. 20, using the letterheads of the prime minister’s office and the Diyanet, for information on supporters of Erdogan’s arch-enemy Fethullah Gulen.

Turkey has accused Gulen of masterminding a failed coup attempt last July and has purged state institutions, schools, universities and the media of tens of thousands of suspected Gulen supporters. The cleric denies any involvement.

The documents, which Pilz said he had received from a Turkish source, showed embassies in over 30 countries across Europe, Africa, Australia and Asia sent reports to Diyanet on alleged Gulenists. Most were filed by religious attaches in Turkish embassies or consulates.

NAMES AND ADDRESSES

They typically listed the names and addresses of alleged Gulenists, as well as of publishing houses, media groups, educational centers and schools deemed to support the exiled cleric. Some reports include information on family members and the educational background of targeted people.

Reuters could not immediately verify the authenticity of the documents, but a source close to Austria’s government said it was safe to assume the ones on Austria were genuine.

Some reports, such as the one from Nigeria, include the names of middlemen responsible for building up ties between Gulenists and local power centers.

In the Austrian report, a Turkish official in Salzburg says an Austrian mosque umbrella group and other organizations have destroyed books, audio material, videos and newspapers deemed to be Gulenist.

The official says some gaps left by disappearing Gulenist organizations have been successfully filled with Erdogan-friendly replacements, such as after-school clubs.

A report from Azerbaijan names a journalist and some parliamentarians as sources of information on Gulenists. It names the director of a Turkish high school in Baku who will be reminded about the need to remove Gulenist teachers at his school.

An Australian report refers to “people who have lived in Australia for a long time and who know (the Gulenist) structure very well”. An entry from Mongolia describes activity by alleged Gulenists on Facebook and Twitter.

Turkey has rejected previous accusations that it was using religious bodies in Europe to spy on Erdogan critics.

In March, the religious attache of Turkey’s embassy in Austria told a local newspaper that mosque groups had a duty to check whether people of Turkish origin in Austria had been “radicalized” by Gulen. He said it was legitimate to deliver reports on such people.

(Additional reporting by Andrea Shalal in Berlin; Editing by Mark Trevelyan)

Germany tells Turkey not to spy on Turks living on its soil

Turkish voters living in Germany wait to cast their ballots on the constitutional referendum at the Turkish consulate in Berlin, Germany, March 27, 2017. REUTERS/Fabrizio Bensch

By Madeline Chambers

BERLIN (Reuters) – Germany will not tolerate foreign espionage on its territory, the interior minister said on Tuesday, in a robust response to media reports that Turkish secret services were spying on supporters of the Gulen movement in Germany.

Fethullah Gulen, a U.S-based Muslim cleric with a large following in Turkey, is accused by Ankara of orchestrating a failed military coup last July. Ankara has purged state institutions, schools and universities and the media of tens of thousands of suspected supporters of the cleric.

The media reports of Turkish espionage in Germany have deepened a rift between the NATO allies in the run-up to a referendum next month in Turkey that proposes to significantly expand the powers of President Tayyip Erdogan.

The Sueddeutsche Zeitung newspaper and two broadcasters reported that Turkey’s National Intelligence Agency had given Germany’s foreign intelligence service a list of names of hundreds of supposed Gulen supporters living in Germany.

Interior Minster Thomas de Maiziere, speaking in Passau in southern Germany, said he was not surprised by the report and added that the lists would be looked at individually.

“We have told Turkey several times that such (activity) is not acceptable,” he said. “Regardless of what you think of the Gulen movement, German law applies here and citizens who live here won’t be spied on by foreign states,” he said.

The reports said the list included the names of more than 300 people and more than 200 associations, schools and other institutions and a German investigation indicated some of the photos may have been taken secretly.

WARNING

The northern state of Lower Saxony even said it was warning suspected Gulen movement supporters about possible reprisals if they traveled to their homeland.

“I think that is a justified and necessary measure to be able to warn people,” said state interior minister Boris Pistorius. “The intensity and ruthlessness being (used) on people living on foreign soil is remarkable.”

Concerns about Turkish spying are not confined to Germany.

Swedish public service radio broadcaster SR reported that Turkey’s ruling AK Party was putting pressure, via the Union of European Turkish Democrats, on Swedish Gulen supporters to supply information about fellow Gulen supporters in the country.

Germany is already investigating possible spying by Turkish imams in Germany.. A spokesman for the chief federal prosecutor’s office said that probe continued.

German politicians, including Chancellor Angela Merkel, are angry about Erdogan’s repeated comparisons of their country to Nazi Germany in response to cancellations of planned campaign events targeting the Turkish diaspora in Germany. Germany says the cancellations were prompted by security concerns.

The speaker of the Bundestag lower house of parliament said in a speech late on Monday that Turkey was turning into an authoritarian system and that its president was effectively staging a coup against his own country.

Norbert Lammert, a member of Merkel’s conservatives, said the referendum was about “transforming an undoubtedly fragile but democratic system into an authoritarian system – and this second coup attempt may well be successful”.

(Reporting by Madeline Chambers, Reuters TV, Andrea Shalal, Hans-Edzard Busemann and Daniel Dixon in Stockholm; Writing by Madeline Chambers; Editing by Gareth Jones)

WikiLeaks offers CIA hacking tools to tech companies: Assange

WikiLeaks founder Julian Assange makes a speech from the balcony of the Ecuadorian Embassy, in central London, Britain February 5, 2016. REUTERS/Peter Nicholls/Files

By Dustin Volz and Eric Auchard

WASHINGTON/FRANKFURT (Reuters) – WikiLeaks will provide technology companies with exclusive access to CIA hacking tools that it possesses, to allow them to patch software flaws, founder Julian Assange said on Thursday.

The offer, if legitimate, could put Silicon Valley in the unusual position of deciding whether to cooperate with Assange, a man believed by some U.S. officials and lawmakers to be an untrustworthy pawn of Russian President Vladimir Putin, or a secretive U.S. spy agency.

It was not clear how WikiLeaks intended to cooperate with technology companies, or if they would accept his offer. The anti-secrecy group published documents on Tuesday describing secret Central Intelligence Agency hacking tools and snippets of computer code. It did not publish the full programs that would be needed to actually conduct cyber exploits against phones, computers and Internet-connected televisions.

Representatives of Alphabet Inc’s Google Apple Inc, Microsoft Corp <MSFT.O> and Cisco Systems Inc <CSCO.O>, all of whose wares are subject to attacks described in the documents, did not immediately respond to requests for comment before regular business hours on the U.S. West Coast.

“Considering what we think is the best way to proceed and hearing these calls from some of the manufacturers, we have decided to work with them to give them some exclusive access to the additional technical details that we have so that the fixes can be developed and pushed out, so people can be secure,” Assange said during a press conference broadcast via Facebook Live.

Responding to Assange’s comments, CIA spokesman Jonathan Liu, said in a statement, “As we’ve said previously, Julian Assange is not exactly a bastion of truth and integrity.”

“Despite the efforts of Assange and his ilk, CIA continues to aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nation states and other adversaries.”

The disclosures alarmed the technology world and among consumers concerned about the potential privacy implications of the cyber espionage tactics that were described.

One file described a program known as Weeping Angel that purportedly could take over a Samsung smart television, making it appear it was off when in fact it was recording conversations in the room.

Other documents described ways to hack into Apple Inc <AAPL.O> iPhones, devices running Google’s <GOOGL.O> Android software and other gadgets in a way that could observe communications before they are protected by end-to-end encryption offered by messaging apps like Signal or WhatsApp.

Several companies have already said they are confident that their recent security updates have already accounted for the purported flaws described in the CIA documents. Apple said in a statement on Tuesday that “many of the issues” leaked had already been patched in the latest version of its operating system.

WikiLeaks’ publication of the documents reignited a debate about whether U.S. intelligence agencies should hoard serious cyber security vulnerabilities rather than share them with the public. An interagency process created under former President Barack Obama called for erring on the side of disclosure.

President Donald Trump believed changes were needed to safeguard secrets at the CIA, White House spokesman Sean Spicer told a news briefing on Thursday. “He believes that the systems at the CIA are outdated and need to be updated.”

Two U.S. intelligence and law enforcement officials told Reuters on Wednesday that intelligence agencies have been aware since the end of last year of a breach at the CIA, which led to WikiLeaks releasing thousands of pages of information on its website.

The officials, speaking on condition of anonymity, said contractors likely breached security and handed over the documents to WikiLeaks. The CIA has declined to comment on the authenticity of the documents leaked, but the officials said they believed the pages about hacking techniques used between 2013 and 2016 were authentic.

Contractors have been revealed as the source of sensitive government information leaks in recent years, most notably Edward Snowden and Harold Thomas Martin, both employed by consulting firm Booz Allen Hamilton <BAH.N> while working for the National Security Agency.

Assange said he possessed “a lot more information” about the CIA’s cyber arsenal that would be released soon. He criticized the CIA for “devastating incompetence” for not being able to control access to such sensitive material.

Nigel Farage, the former leader of the populist UK Independence Party, visited Assange at the Ecuadorean embassy in London earlier on Thursday. A representative for Farage said he was unaware what was discussed.

Assange has been holed up since 2012 at the embassy, where he fled to avoid extradition to Sweden over allegations of rape, which he denies.

(Reporting by Dustin Volz; Additional reporting by Eric Auchard in Frankfurt, Joseph Menn in San Francisco and Guy Falconbridge in London; Editing by Frances Kerry and Grant McCool)