Kaspersky says it obtained suspected NSA hacking code from U.S. computer

Kaspersky says it obtained suspected NSA hacking code from U.S. computer

By Joseph Menn

SAN FRANCISCO (Reuters) – Moscow-based Kaspersky Lab on Wednesday acknowledged that its security software had taken source code for a secret American hacking tool from a personal computer in the United States.

The admission came in a statement from the embattled company that described preliminary results from an internal inquiry it launched into media reports that the Russian government used Kaspersky anti-virus software to collect National Security Agency technology.

While the explanation is considered plausible by some security experts, U.S. officials who have been campaigning against using Kaspersky software on sensitive computers are likely to seize on the admission that the company took secret code that was not endangering its customer to justify a ban.

Fears about Kaspersky’s ties to Russian intelligence, and the capacity of its anti-virus software to sniff out and remove files, prompted an escalating series of warnings and actions from U.S. authorities over the past year. They culminated in the Department of Homeland Security last month barring government agencies from using Kaspersky products.

In a statement, the company said it stumbled on the code a year earlier than the recent newspaper reports had it, in 2014. It said logs showed that the consumer version of Kaspersky’s popular product had been analyzing questionable software from a U.S. computer and found a zip file that was flagged as malicious.

While reviewing the file’s contents, an analyst discovered it contained the source code for a hacking tool later attributed to what Kaspersky calls the Equation Group. The analyst reported the matter to Chief Executive Eugene Kaspersky, who ordered that the company’s copy of the code be destroyed, the company said.

“Following a request from the CEO, the archive was deleted from all our systems,” the company said. It said no third parties saw the code, though the media reports had said the spy tool had ended up in Russian government hands.

The Wall Street Journal said on Oct. 5 that hackers working for the Russian government appeared to have targeted the NSA worker by using Kaspersky software to identify classified files. The New York Times reported on Oct. 10 that Israeli officials reported the operation to the United States after they hacked into Kaspersky’s network.

Kaspersky did not say whether the computer belonged to an NSA worker who improperly took home secret files, which is what U.S. officials say happened. Kaspersky denied the Journal’s report that its programs searched for keywords including “top secret.”

The company said it found no evidence that it had been hacked by Russian spies or anyone except the Israelis, though it suggested others could have obtained the tools by hacking into the American’s computer through a back door it later spotted there.

The new 2014 date of the incident is intriguing, because Kaspersky only announced its discovery of an espionage campaign by the Equation Group in February 2015. At that time, Reuters cited former NSA employees who said that Equation Group was an NSA project.

Kaspersky’s Equation Group report was one of its most celebrated findings, since it indicated that the group could infect firmware on most computers. That gave the NSA almost undetectable presence.

Kaspersky later responded via email to a question by Reuters to confirm that the company had first discovered the so-called Equation Group programs in the spring of 2014.

It also did not say how often it takes uninfected, non-executable files, which normally would pose no threat, from users’ computers.

Former employees told Reuters in July that the company used that technique to help identify suspected hackers. A Kaspersky spokeswoman at the time did not explicitly deny the claim but complained generally about “false allegations.”

After that, the stories emerged suggesting that Kaspersky was a witting or unwitting partner in espionage against the United States.

Kaspersky’s consumer anti-virus software has won high marks from reviewers.

It said Monday that it would submit the source code of its software and future updates for inspection by independent parties.

(Reporting by Joseph Menn in San Francisco; Editing by Jim Finkle and Eric Auchard)

Exclusive: U.S. widens surveillance to include ‘homegrown violent extremists’ – documents

Exclusive: U.S. widens surveillance to include 'homegrown violent extremists' - documents

By Dustin Volz

WASHINGTON (Reuters) – The U.S. government has broadened an interpretation of which citizens can be subject to physical or digital surveillance to include “homegrown violent extremists,” according to official documents seen by Reuters.

The change last year to a Department of Defense manual on procedures governing its intelligence activities was made possible by a decades-old presidential executive order, bypassing congressional and court review.

The new manual, released in August 2016, now permits the collection of information about Americans for counterintelligence purposes “when no specific connection to foreign terrorist(s) has been established,” according to training slides created last year by the Air Force Office of Special Investigations (AFOSI).

The slides were obtained by Human Rights Watch through a Freedom of Information Act request about the use of federal surveillance laws for counter-drug or immigration purposes and shared exclusively with Reuters.

The Air Force and the Department of Defense told Reuters that the documents are authentic.

The slides list the shooting attacks in San Bernardino, California, in December 2015 and Orlando, Florida, in June 2016 as examples that would fall under the “homegrown violent extremist” category. The shooters had declared fealty to Islamic State shortly before or during the attacks, but investigators found no actual links to the organization that has carried out shootings and bombings of civilians worldwide.

Michael Mahar, the Department of Defense’s senior intelligence oversight official, said in an interview that AFOSI and other military counterintelligence agencies are allowed to investigate both active duty and U.S. civilian personnel as long as there is a potential case connected to the military. Investigations of civilians are carried out cooperatively with the Federal Bureau of Investigation, Mahar said.

Executive order 12333, signed by former President Ronald Reagan in 1981 and later modified by former President George W. Bush, establishes how U.S. intelligence agencies such as the CIA are allowed to pursue foreign intelligence investigations. The order also allows surveillance of U.S. citizens in certain cases, including for activities defined as counterintelligence.

Under the previous Defense Department manual’s definition of counterintelligence activity, which was published in 1982, the U.S. government was required to demonstrate a target was working on behalf of the goals of a foreign power or terrorist group.

It was not clear what practical effect the expanded definition might have on how the U.S. government gathers intelligence. One of the Air Force slides described the updated interpretation as among several “key changes.”

‘CLOAK OF DARKNESS’

However, some former U.S. national security officials, who generally support giving agents more counterterrorism tools but declined to be quoted, said the change appeared to be a minor adjustment that was unlikely to significantly impact intelligence gathering.

Some privacy and civil liberties advocates who have seen the training slides disagreed, saying they were alarmed by the change because it could increase the number of U.S. citizens who can be monitored under an executive order that lacks sufficient oversight.

“What happens under 12333 takes place under a cloak of darkness,” said Sarah St. Vincent, a surveillance researcher with Human Rights Watch who first obtained the documents. “We have enormous programs potentially affecting people in the United States and abroad, and we would never know about these changes” without the documents, she said.

The National Security Act, a federal law adopted 70 years ago, states that Congress must be kept informed about significant intelligence activities. But the law leaves the interpretation of that to the executive branch.

The updated interpretation was motivated by recognition that some people who may pose a security threat do not have specific ties to a group such as Islamic State or Boko Haram, Mahar at the Defense Department said.

“The internet and social media has made it easier for terrorist groups to radicalize followers without establishing direct contact,” Mahar said.

“We felt that we needed the flexibility to target those individuals,” he said.

In August 2016, during the final months of former President Barack Obama’s administration, a Pentagon press release announced that the department had updated its intelligence collecting procedures but it made no specific reference to “homegrown violent extremists.”

The revision was signed off by the Department of Justice’s senior leadership, including the attorney general, and reviewed by the Privacy and Civil Liberties Oversight Board, a government privacy watchdog.

Mahar said that “homegrown violent extremist,” while listed in the Air Force training slide, is not an official phrase used by the Defense Department. It does not have a specific list of traits or behaviors that would qualify someone for monitoring under the new definition, Mahar said.

Hunches or intuition are not enough to trigger intelligence gathering, Mahar said, adding that a “reasonable belief” that a target may be advancing the goals of an international terrorist group to harm the United States is required.

The updated Defense Department manual refers to any target “reasonably believed to be acting for, or in furtherance of, the goals or objectives of an international terrorist or international terrorist organization, for purposes harmful to the national security of the United States.”

Mahar said that in counterterrorism investigations, federal surveillance laws, including the Foreign Intelligence Surveillance Act, continue to govern electronic surveillance in addition to the limitations detailed in his department’s manual.

(Reporting by Dustin Volz; editing by Grant McCool)

Senators push bill requiring warrant for U.S. data under spy law

Senators push bill requiring warrant for U.S. data under spy law

By Dustin Volz

WASHINGTON (Reuters) – A bipartisan group of at least 10 U.S. senators plans to introduce on Tuesday legislation that would substantially reform aspects of the National Security Agency’s warrantless internet surveillance program, according to congressional aides.

The effort, led by Democrat Ron Wyden and Republican Rand Paul, would require a warrant for queries of data belonging to any American collected under the program. The bill’s introduction is likely to add uncertainty to how Congress will renew a controversial portion of a spying law due to expire on Dec. 31.

Section 702 of the Foreign Intelligence Surveillance Act is considered by U.S. intelligence officials to be among their most vital tools used to combat national and cyber security threats and help protect American allies.

It allows U.S. intelligence agencies to eavesdrop on and store vast amounts of digital communications from foreign suspects living outside the United States.

The surveillance program, classified details of which were exposed in 2013 by former NSA contractor Edward Snowden, also incidentally scoops up communications of Americans, including if they communicate with a foreign target living overseas.

Those communications can then be subject to searches without a warrant, including by the Federal Bureau of Investigation, a practice that the USA Rights Act authored by Wyden and Paul would end.

The measure is expected to be introduced with support from a wide berth of civil society groups, including the American Civil Liberties Union and FreedomWorks, a Wyden spokesman said.

It would renew Section 702 for four years with additional transparency and oversight provisions, such as allowing individuals to more easily raise legal challenges against the law and expand the oversight jurisdiction of the Privacy and Civil Liberties Oversight Board, a government privacy watchdog.

A bipartisan group of lawmakers in the House of Representatives earlier this month introduced legislation seeking to add privacy protections to Section 702, including a partial restriction to the FBI’s ability to access U.S. data when seeking evidence of a crime.

But that was criticized by privacy groups as too narrow.

Separately, the Senate Intelligence Committee is expected to privately vote on Tuesday on a bill to reauthorize Section 702 that privacy advocates say will lack their reform priorities.

Wyden sent a letter on Monday urging committee leaders to allow a public vote, saying the bill “will have enormous impact on the security, liberty, and constitutional rights of the American people” and should be debated in the open.

(Reporting by Dustin Volz; Editing by Leslie Adler)

After massive quakes, millions in Mexico turn to early warning app

After massive quakes, millions in Mexico turn to early warning app

By Sheky Espejo

MEXICO CITY (Reuters) – Since two massive earthquakes hit Mexico in September, claiming more than 460 lives, an early warning start-up called SkyAlert has doubled its users to 5.8 million, making it one of the country’s most downloaded apps.

SkyAlert has also found a market selling alarms to small businesses in the capital, said its co-founder and director Alvaro Velasco. And it is looking to expand to Latin America, mainly Colombia, Peru and Chile, which lack an official alerting system despite frequent quakes in those countries.

Velasco said that he and SkyAlert co-founder Alejandro Cantú are talking to investors from Mexico and elsewhere about raising 100 million pesos ($5.35 million) in capitalization in 2018.

He said the surge in users after the most recent deadly quake in Mexico City had heightened the interest of existing investors including U.S.-based American Messaging and attracted interest from two Mexico-based private equity funds.

American Messaging did not respond to requests to comment on any potential new investment.

Velasco said SkyAlert was in talks with those funds and existing investors to inject around 20 million pesos (1.05 million dollars) into SkyAlert.

Still, finding a sustainable business model for the quake monitoring app has been a challenge partly because recent regulation in Mexico City has limited SkyAlert’s ability to access funds through public financing.

MAKING A PROFIT NOT EASY

Shomit Ghose at Onset Ventures, a U.S. private equity company with experience in software start-ups, said quake apps have struggled to get adequate financing because of the lack of a clear path to profits.

“If the business model is B2B where the earthquake early-warning is sent to companies, or railways, or hospitals, or high-buildings then perhaps a strong B2B case can be made for start-up investment,” Ghose said.

SkyAlert’s predicament echoes that of companies seeking funding to develop earthquake alert apps in the United States. Seismic activity is hard to monetize without government support.

It competes with its former partner, Mexico’s official alerting system run by government-funded non profit CIRES, which was created after an earthquake in 1985 killed thousands in the country.

One of the world’s few widely deployed seismic alarms, CIRES runs a network of sirens positioned around Mexico City that warn of a coming quake. SkyAlert mainly warns people through a mobile app.

Both sell quake warning systems, but a 2016 regulatory reform requires public buildings in Mexico City to purchase alarm systems from CIRES, limiting SkyAlert’s public financing.

SkyAlert initially replicated CIRES’ alerts, but in 2015 it decided to deploy its own detection sensors to increase coverage with greater accuracy, Velasco said.

“After a few false alerts from CIRES that affected SkyAlert’s credibility, we decided to invest in our own technology,” he said.

SkyAlert also is exploring ways to monetize its free app.

Currently, it sells a “premium” version for $4 a year that allows users to personalize alerts. However, Mexico has an average per capita income of $8,200, and the company said only around 4 percent of users pay for it.

Velasco said SkyAlert’s revenue is split fairly evenly between those fees and income from selling to businesses.

The newest version of the app allows for paid advertising, but ads would not be visible during a seismic alert.

SkyAlert, founded in 2011, has few peers, but one similar service in Japan is called YureKuru Call, which relies on government seismic data. YureKuru has received some government funding on an ad-hoc basis, but like SkyAlert is mostly funded by fees, said Rina Suzuki, an official at RC Solution Co., the Tokyo-based firm that developed YureKuru.

Detection technologies are evolving and they are all perfectible, Jennifer Strauss, external relations officer at the Berkeley Seismology Lab told Reuters.

“In the end, what matters is how effective they are at alerting people to save lives,” said Strauss.

(Additional reporting by Christine Murray in Mexico City and Minami Funakoshi in Tokyo; Editing by Frank Jack Daniel and Diane Craft)

Ford to recall about 1.3 million vehicles in North America

FILE PHOTO: An airplane flies above a Ford logo in Colma, California, U.S., October 3, 2017. REUTERS/Stephen Lam

(Reuters) – Ford Motor Co said on Wednesday it would recall about 1.3 million vehicles in North America, including certain 2015-17 Ford F-150 and 2017 Ford Super Duty trucks, to add water shields to side door latches. (http://ford.to/2ySvCBJ)

The No.2 U.S. automaker said the safety recall is due to frozen door latch or a bent or kinked actuation cable in the affected vehicles, that may result in a door not opening or closing.

The company said it was not aware of any accidents or injuries associated with the issue but said because of the fault the door may appear closed, increasing the risk of the door opening while driving.

The cost of the recall was estimated to be $267 million and would be reflected in its fourth quarter results, the company said. (http://bit.ly/2yT3EWu)

Ford said it continues to expect full-year adjusted earnings in the range of $1.65 to $1.85‍​ per share.

(Reporting by Ankit Ajmera in Bengaluru; Editing by Anil D’Silva and Arun Koyyur)

Researchers uncover flaw that makes Wi-Fi vulnerable to hacks

FILE PHOTO: A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. REUTERS/Pawel Kopczynski

(Reuters) – Cyber security watchdogs and researchers are issuing warnings over risks associated with a widely used system for securing Wi-Fi communications after the discovery of a flaw that could allow hackers to read information thought to be encrypted, or infect websites with malware.

An alert from the U.S. Department of Homeland Security Computer Emergency Response Team on Monday said the flaw could be used within range of Wi-Fi using the WPA2 protocol to hijack private communications. It recommended installing vendor updates on affected products, such as routers provided by Cisco Systems Inc <CSCO.O> or Juniper Networks Inc <JNPR.N>.

Belgian researchers Mathy Vanhoef and Frank Piessens of Belgian university KU Leuven disclosed the bug in WPA2, which secures modern Wi-Fi systems used by vendors for wireless communications between mobile phones, laptops and other connected devices with Internet-connected routers or hot spots.

“If your device supports Wi-Fi, it is most likely affected,” they said on the www.krackattacks.com website, which they set up to provide technical information about the flaw and methods hackers might use to attack vulnerable devices.

It was not immediately clear how difficult it would be for hackers to exploit the bug, or if the vulnerability has previously been used to launch any attacks.

Finnish security firm F-Secure said experts have long been cautious about Wi-Fi’s ability to withstand security challenges of the 21st century.

“But the worst part of it is that it’s an issue with Wi-Fi protocols, which means it affects practically every single person in the world that uses Wi-Fi networks,” it said on its website.

Microsoft Corp <MSFT.O> said it had released a security update for Windows. Customers who applied the update, or had automatic updates enabled, would already be protected, it said in a statement emailed to Reuters.

CERT New Zealand and CERT India asked users to apply security updates. CERT NZ suggested using ethernet cables and to connect directly into the network, when possible.

“Given the complexity of updating smart devices such as mobile phones, CERT NZ also strongly recommends disabling Wi-Fi when it isn’t required,” it said in its advisory. (http://bit.ly/2gfho2b)

The Wi-Fi Alliance, an industry group that represents hundreds of Wi-Fi technology companies, said the issue “could be resolved through a straightforward software update”.

The group said in a statement it had advised members to release patches quickly and recommended that consumers quickly install those security updates.

(Reporting by Jim Finkle in Toronto and Dustin Volz in Washington; Additional reporting by Aradhana Aravindan in Singapore; Editing by Susan Thomas, Dan Grebler and Jacqueline Wong)

SWIFT says hackers still targeting bank messaging system

FILE PHOTO : The Swift bank logo is pictured in this photo illustration taken April 26, 2016. REUTERS/Carlo Allegri/File Photo

By Jim Finkle

TORONTO (Reuters) – Hackers continue to target the SWIFT bank messaging system, though security controls instituted after last year’s $81 million heist at Bangladesh’s central bank have helped thwart many of those attempts, a senior SWIFT official told Reuters.

“Attempts continue,” said Stephen Gilderdale, head of SWIFT’s Customer Security Programme, in a phone interview. “That is what we expected. We didn’t expect the adversaries to suddenly disappear.”

The disclosure underscores that banks remain at risk of cyber attacks targeting computers used to access SWIFT almost two years after the February 2016 theft from a Bangladesh Bank account at the Federal Reserve Bank of New York.

Gilderdale declined to say how many hacks had been attempted this year, what percentage were successful, how much money had been stolen or whether they were growing or slowing down.

On Monday, two people were arrested in Sri Lanka for suspected money laundering from a Taiwanese bank whose computer system was hacked to enable illicit transactions abroad. Police acted after the state-owned Bank of Ceylon reported a suspicious transfer.

SWIFT, a Belgium-based co-operative owned by its user banks, has declined comment on the case, saying it does not discuss individual entities.

Gilderdale said that some security measures instituted in the wake of the Bangladesh Bank heist had thwarted attempts.

As an example, he said that SWIFT had stopped some heists thanks to an update to its software that automatically sends alerts when hackers tamper with data on bank computers used to access the messaging network.

SWIFT shares technical information about cyber attacks and other details on how hackers target banks on a private portal open to its members.

Gilderdale was speaking ahead of the organization’s annual Sibos global user conference, which starts on Monday in Toronto.

At the conference, SWIFT will release details of a plan to start offering security data in “machine digestible” formats that banks can use to automate efforts to discover and remediate cyber attacks, he said.

SWIFT will also unveil plans to start sharing that data with outside security vendors so they can incorporate the information into their products, he said.

(Reporting by Jim Finkle, Editing by Rosalba O’Brien)

U.S. governors, hackers, academics team up to secure elections

FILE PHOTO: A man types into a keyboard during the Def Con hacker convention in Las Vegas, Nevada, U.S. on July 29, 2017. REUTERS/Steve Marcus

By Jim Finkle

(Reuters) – Hackers are joining forces with U.S. governors and academics in a new group aimed at preventing the manipulation of voter machines and computer systems to sway the outcome of future U.S. elections, a source familiar with the project said on Monday.

The anti-hacking coalition’s members include organizers of last summer’s Def Con hacking conference in Las Vegas, the National Governors Association and the Center for Internet Security, said the source, who asked not to be identified ahead of a formal announcement due to be made on Tuesday.

The Washington-based Atlantic Council think tank and several universities are also part of the project, the source said.

The coalition will be unveiled as Def Con organizers release a report describing vulnerabilities in voting machines and related technology that were uncovered in July.

Hackers pulled apart voting machines and election computers at the three-day event, uncovering security bugs that organizers said could be exploited by people trying to manipulate election results.

People at the Las Vegas conference learned to hack voting machines within minutes or just a few hours, according to a copy of the organizers’ report due for release on Tuesday and seen ahead of time by Reuters.

Concerns about election hacking have surged in the United States since late last year, when news surfaced that top U.S. intelligence agencies had determined that Russian President Vladimir Putin ordered computer hacks of Democratic Party emails to help Republican Donald Trump win the Nov. 8 election.

The U.S. Department of Homeland Security has said that Russian hackers targeted 21 U.S. state election systems in the 2016 presidential race and a small number were breached, although some states have disputed they were hacked. There was no evidence that any votes had been manipulated.

Several congressional committees are investigating and special counsel Robert Mueller is leading a separate probe into the Russia matter, including whether the Trump campaign colluded with Moscow.

Russia has denied the accusations.

As one possible counter-measure, organizers of the Def Con hacking conference have recommended that U.S. states reduce the amount of non-American parts and software used in their voting machines, according to the group’s report.

“Via a supply chain originating overseas, voting equipment and software can be compromised at the earliest of stages in manufacturing process,” the report says.

Further details on the members of the anti-hacking coalition were not immediately available.

(Reporting by Jim Finkle in Toronto; Additional reporting by David Ingram in San Francisco; Editing by Jonathan Oatis and Tom Brown)

U.S. financial regulator must beef up cyber security: inspector

A man poses inside a server room at an IT company in this June 19, 2017 illustration photo. REUTERS/Athit Perawongmetha/Illustration

By Lisa Lambert

WASHINGTON (Reuters) – The U.S. Consumer Financial Protection Bureau (CFPB), one of Wall Street’s top regulators, must strengthen its protections against hacking, according to a report the agency’s internal inspector released on Wednesday as the financial sector reels from recent revelations of two major data breaches.

The former head of the Equifax <EFX.N> credit bureau is testifying before Congress this week about the company’s disclosure that personal information for millions of individuals had been stolen from its systems.

At the same time, the Securities and Exchange Commission – the country’s lead securities regulator – is facing lawmakers’ questions about information stolen last year from its filing system that may have been used for illicit trades.

The CFPB, which gathers sensitive information on individuals, banks, credit card companies and other financial firms as the government’s consumer finance watchdog, could suffer similar intrusions that might undermine public trust or limit its ability to carry out its mission, its inspector general said in a report dated Sept. 27 and released on Wednesday.

The agency “has not fully implemented processes, such as data loss prevention technologies, within its internal network that would enable the agency to detect and better protect against unauthorized access to and disclosure of its sensitive information,” the report said.

It also needs to run automated feeds through security checks and move away from manually tracking system security by putting alerts and continuous monitoring tools in place, the inspector general found.

In the five years since it was established, the CFPB has had to quickly erect sound information systems that can repel cyber attacks. All federal agencies are struggling to keep up with a steady rise in the number and sophistication of attempted intrusions, as criminal demand for stolen Social Security numbers and other personally identifiable information swells.

The inspector general also said the CFPB will soon implement a job succession plan to try to close possible staffing and skill gaps, hopefully clarifying what the future holds after Richard Cordray, the CFPB’s first director, leaves the agency.

Cordray, whose term expires in July, was appointed by President Barack Obama after the agency was created under the 2010 Dodd-Frank financial reform law.

Many expect him to depart earlier, however, and there is no precedent for replacing him.

President Donald Trump will likely appoint a successor who cuts back on the agency’s reach, raising questions about the direction of open CFPB investigations and rulemakings.

(Reporting by Lisa Lambert, editing by G Crosse)

Rising hacker threat will trigger boom in cyber crime insurance, Tryg says

People pose in front of a display showing the word 'cyber' in binary code, in this picture illustration taken in Zenica December 27, 2014. REUTERS/Dado Ruvic

COPENHAGEN (Reuters) – Insurer Tryg <TRYG.CO> expects 90 percent of its corporate customers to buy cyber crime insurance within five years as the threat from hackers and viruses to crucial data and IT systems grows.

Tryg, Denmark’s biggest insurer, has sold 5,000 cyber crime insurance policies since the turn of the year when it launched a new product providing assistance in restoring data and getting systems up and running if a firm is hit by a cyber attack.

“There are no corporate clients today that don’t have insurance on their buildings or cars, but I think that within a very few years it will be just as evident that you should insure against cyber crime,” chief executive Morten Hubbe told Reuters on Wednesday.

The initial rise in demand for cyber insurance was prompted by the ransomware attack, named “Wannacry”, that infected more than 300,000 computers worldwide in May.

He estimated that around 50 percent of the firm’s corporate clients would buy such an insurance by 2020 and from that point it would only take “a couple of years” to reach 90 percent.

Tryg’s two business segments for small and medium size businesses and larger corporate customers accounts for 44 percent of the group’s total premium income.

“The biggest risk to us is that significantly more customers get hit than we believe and that it gives us a huge economic loss,” said Hubbe.

While the firm has good insight into how often a house burns down or a bicycle is stolen on average, the frequency and extent of cyber crimes is hard to predict.

Tryg will also offer extensions to the basic insurance that cover consequential losses, back-up of data and a so-called DNS box aimed at blocking web pages known to contain viruses and malware.

For the big industrial players, Tryg would look to cooperate with global reinsurers to spread the risk when big companies lose revenues in connection with cyber attacks.

The world’s biggest container shipping firm Maersk Line <MAERSKb.CO> saw a $2-300 million bill from a June cyber attack that disrupted its operations for weeks.

(Reporting by Stine Jacobsen; editing by Ken Ferris)