The Jim Bakker Show

German cyber agency chides Yahoo for not helping hacking probe

By Andrea Shalal

BERLIN (Reuters) – Germany’s federal cyber agency said on Thursday that Yahoo Inc <YHOO.O> had not cooperated with its investigation into a series of hacks that compromised more than one billion of the U.S. company’s email users between 2013 and 2016.

Yahoo’s Dublin-based Europe, Middle East and Africa unit “refused to give the BSI any information and referred all questions to the Irish Data Protection Commission, without, however, giving it the authority to provide information to the BSI,” Germany’s BSI computer security agency said.

A BSI spokesman said it decided to go public after Yahoo repeatedly failed to respond to efforts to look into the data breaches and garner lessons to prevent similar lapses. BSI also urged internationally active Internet service providers to work more closely with it when German customers were affected by cyber attacks and other computer security issues.

Yahoo did not respond to requests for comment, while Ireland’s data protection agency was not immediately available.

The BSI’s statement comes at a time of heightened German government concerns about Russian meddling in national elections in September, after cyber attacks on the French and U.S. presidential elections which have been linked to Russia.

The U.S. Justice Department in March charged two Russian intelligence agents and two hackers with masterminding the 2014 theft of 500 million Yahoo accounts, marking the first time the U.S. government had criminally charged Russian spies for cyber offences., while U.S. officials have charged Russian intelligence agents with involvement in at least one of the hacks that affected Yahoo.

Moscow has denied any involvement in hacking.

The BSI said it did not yet have any concrete information about the data breaches because of Yahoo’s lack of cooperation.

“Users should therefore be very careful about which services they want to use in the future and to whom they entrust their data,” BSI President Arne Schoenbohm said in a statement.

The BSI chief reiterated his recommendation that German consumers consider switching to other email service providers, adding that certifications such as those offered with C5-class cloud service security were valuable for customers.

C5 is a German government scheme to encourage cloud-based internet service providers to attest they use various safeguards against cyber attacks.

Late last year Yahoo, which has agreed to be acquired by U.S. telecoms giant Verizon <VZ.N> and is set to be merged with AOL to form a new business known as Oath, revealed a data breach dating back to 2013 of one billion user accounts.

The various disclosures led Verizon to cut the amount it was willing to pay for Yahoo by $350 million on its previously agreed $4.83 billion deal. Yahoo has said it expects the merger into Verizon to close in June.

BSI said an additional 32 million Yahoo users were affected by cyber breaches in 2015 and 2016. A spokesman for the agency said he was unaware of any additional breaches in 2017.

(Additional reporting by Eric Auchard in Frankfurt; editing by Alexander Smith)

Dos, don’ts and geo-fencing: Europe proposes rules for small drones

A drone flies as Belgian police officers showcase the use of drones deployed over traffic accidents occurring on highways, in Ranst near Antwerp, Belgium, January 18, 2017. REUTERS/Francois Lenoir

BERLIN (Reuters) – Europe’s aviation safety authorities have proposed rules for operating small drones that include requirements for geo-fencing technology to prevent them from straying into banned areas and a “dos and don’ts” leaflet to be inserted in retail packaging.

With demand booming, both for hobby and commercial use, European regulators have been looking for ways to ensure drones can be safely operated, while allowing the industry to grow.

Fears have been raised over the use of drones near airports in particular, with a number of pilots reporting near collisions with drones, and the European Aviation Safety Agency (EASA) has set up a task force to look into the risk of drone strikes.

EASA’s proposals include requirements for drones to be remotely identifiable, to be fitted with geo-fencing technology to prevent them from entering prohibited zones such as airports and nuclear sites, and a requirement for people operating drones weighing more than 250 grams to register themselves.

EASA hopes such measures will address privacy concerns, as well as safety risks.

The design requirements for small drones will be implemented using the CE product legislation commonly used across Europe.

Along with the CE marking, drones will be identified according to their class, and a “dos and don’ts” leaflet will be in all product boxes.

“Based on the drone class, an operator will know in which area he can operate and what competence is required,” EASA said in a statement.

The proposal is now open for comment from May 12 until Aug. 12 and EASA will submit its final opinion to the European Commission at the end of 2017.

The regulation of drones weighing less than 150 kg is currently up to individual EU member states, resulting in a fragmented regulatory framework.

Makers of commercial drones include China’s DJI and France’s Parrot <PARRO.PA>.

(Reporting by Victoria Bryan; Editing by Mark Potter)

FBI warns of surge in wire-transfer fraud via spoofed emails

A computer keyboard is seen in this picture illustration taken in Bordeaux, Southwestern France, August 22, 2016. REUTERS/Regis Duvignau

By Alastair Sharp

(Reuters) – Attempts at cyber wire fraud globally, via emails purporting to be from trusted business associates, surged in the last seven months of 2016, the U.S. Federal Bureau of Investigation said in a warning to businesses.

Fraudsters sought to steal $5.3 billion through schemes known as business email compromise from October 2013 through December, the FBI said in a report released Thursday by its Internet Crime Complaint Center.(http://bit.ly/2qAEVBE)

The figure is up sharply from the FBI’s previous report which said thieves attempted to steal $3.1 billion from October 2013 through May 2016, according to a survey of cases from law enforcement agencies around the world.

The number of business-email compromise cases, in which cyber criminals request wire transfers in emails that look like they are from senior corporate executives or business suppliers who regularly request payments, almost doubled from May to December of last year, rising to 40,203 from 22,143, the FBI said.

The survey does not track how much money was actually lost to criminals.

Robert Holmes, who studies business email compromise for security firm Proofpoint Inc <PFPT.O>, estimated the incidents collated by the FBI represent just 20 percent of the total, and that total actual losses could be as much as double the figures reported by the FBI.

The losses are growing as scammers become more sophisticated, delving deeper into corporate finance departments to find susceptible targets, he said.

“This is not a volume play; it’s a carefully researched play,” he said.

The United States is by far the biggest target market, though fraudsters have started to expand in other developed countries, including Australia, Britain, France and Germany, Holmes said.

The FBI has said that about one in four U.S. victims respond by wiring money to fraudsters. In some of those cases, authorities have been able to identify the crimes in time to help victims recover the funds from banks before the criminals pulled them out of the system.

The U.S. Department of Justice said in March that it had charged a Lithuanian man with orchestrating a fraudulent email scheme that had tricked agents and employees of two U.S.-based internet companies into wiring more than $100 million to overseas bank accounts.

Fraudsters have also used spoofed emails to trick corporate workers into releasing sensitive data, including wage and tax reports, according to the advisory.

(Reporting by Alastair Sharp in Toronto; Editing by Bernadette Baum and Lisa Shumaker)

Islamic State militants developing own social media platform: Europol

By Michael Holden

LONDON (Reuters) – Islamic State militants are developing their own social media platform to avoid security crackdowns on their communications and propaganda, the head of the European Union’s police agency said on Wednesday.

Europol Director Rob Wainwright said the new online platform had been uncovered during a 48-hour operation against Internet extremism last week.

“Within that operation it was revealed IS was now developing its very own social media platform, its own part of the Internet to run its agenda,” Wainwright told a security conference in London. “It does show that some members of Daesh (IS), at least, continue to innovate in this space.”

During a Europol-coordinated crackdown on IS and al Qaeda material, which involved officials from the United States, Belgium, Greece, Poland, and Portugal, more than 2,000 extremist items were identified, hosted on 52 social media platforms.

Jihadists have often relied on mainstream social media platforms for online communications and to spread propaganda, with private channels on messaging app Telegram being especially popular over the past year.

Technology firms, such as Facebook and Google, have come under increasing political pressure to do more to tackle extremist material online and to make it harder for groups such as Islamic State to communicate through encrypted services to avoid detection by security services.

However, Wainwright said that IS, by creating its own service, was responding to concerted pressure from intelligence agencies, police forces and the tech sector, and were trying to found a way around it.

“We have certainly made it a lot harder for them to operate in this space but we’re still seeing the publication of these awful videos, communications operating large scale across the Internet,” he said, adding he did not know if it would be technically harder to take down IS’s own platform.

Wainwright also said he believed that security cooperation between Britain and the EU would continue after Brexit, despite British warnings it is likely to leave Europol and cease sharing intelligence if it strikes no divorce deal with the bloc.

“The operational requirement is for that to be retained. If anything, “If anything we need to have an even more closely integrated pan-European response to security if you consider the way in which the threat is heading,” he said.

Europe, he added, is facing “the highest terrorist threat for a generation”.

However, Wainwright said there were important legal issues that would have to be thrashed out and it was not easy “to just cut and paste current arrangements”.

“The legal issues have to be worked through and then they have to be worked through within of course the broader political context of the Article 50 negotiations (on Britain’s planned exit from the EU),” he said.

“In the end I hope the grown-ups in the room will realize that … security is one of the most important areas of the whole process. We need to get that right in the collective security interest of Europe as a whole, including of course the United Kingdom.”

(Additional reporting by Eric Auchard; editing by Mark Heinrich)

Germany challenges Russia over alleged cyberattacks

Hans-Georg Maassen, Germany's head of the German Federal Office for the Protection of the Constitution (Bundesamt fuer Verfassungsschutz) addresses a news conference in Berlin, Germany, in this file photo dated June 28, 2016. REUTERS/Fabrizio Bensch

By Andrea Shalal

BERLIN (Reuters) – The head of Germany’s domestic intelligence agency accused Russian rivals of gathering large amounts of political data in cyber attacks and said it was up to the Kremlin to decide whether it wanted to put it to use ahead of Germany’s September elections.

Moscow denies it has in any way been involved in cyber attacks on the German political establishment.

Hans-Georg Maassen, president of the BfV agency, said “large amounts of data” were seized during a May 2015 cyber attack on the Bundestag, or lower house of parliament, which has previously been blamed on APT28, a Russian hacking group.

Maassen, speaking with reporters after a cyber conference in Potsdam, repeated his warning from last December in which he said Russia was increasing cyber attacks, propaganda and other efforts to destabilize German society.

Some cyber experts have drawn clear links between APT28 and the GRU Russian military intelligence organization.

Maassen said there had been subsequent attacks after the 2015 Bundestag hack that were directed at lawmakers, the Christian Democratic Union (CDU) of Chancellor Angela Merkel, and other party-affiliated institutions, but it was unclear if they had resulted in the loss of data.

Germany’s top cyber official last week confirmed attacks on two foundations affiliated with Germany’s ruling coalition parties that were first identified by security firm Trend Micro.

“We recognize this as a campaign being directed from Russia. Our counterpart is trying to generate information that can be used for disinformation or for influencing operations,” he said. “Whether they do it or not is a political decision … that I assume will be made in the Kremlin.”

Maassen said it appeared that Moscow had acted in a similar manner in the United States, making a “political decision” to use information gathered through cyber attacks to try to influence the U.S. presidential election.

Maassen told reporters that Germany was working hard to strengthen its cyber defenses, but also needed the legal framework for offensive operations.

Berlin was studying what legal changes were needed to allow authorities to purge stolen data from third-party servers, and to potentially destroy servers used to carry out cyber attacks.

“We believe it is necessary that we are in a position to be able to wipe out these servers if the providers and the owners of the servers are not ready to ensure that they are not used to carry out attacks,” Maassen said.

He said intelligence agencies knew which servers were used by various hacker groups, including APT10, APT28 and APT29.

The German government also remained deeply concerned about the possibility that German voters could be manipulated by fake news items, like the bogus January 2016 story about the rape of a 13-year Russian-German girl by migrants that sparked demonstrations by over 12,000 members of that community.

He said another attempt was made in January shortly after the Social Democrats named former European Parliament President Martin Schulz as their chancellor candidate, with a Russian website carrying a blatantly false story about Schulz’s father having run a Nazi concentration camp.

However that story did not receive as much attention.

Officials also remained concerned that real information seized during cyber attacks could be used to discredit politicians or affect the election, he said.

(Reporting by Andrea Shalal; Editing by Madeline Chambers)

Spam campaign targets Google users with malicious link

By Jim Finkle and Alastair Sharp

(Reuters) – Alphabet Inc <GOOGL.O> warned its users to beware of emails from known contacts asking them to click on a link to Google Docs after a large number of people turned to social media to complain that their accounts had been hacked.

Google said on Wednesday that it had taken steps to protect users from the attacks by disabling offending accounts and removing malicious pages.

The attack used a relatively novel approach to phishing, a hacking technique designed to trick users into giving away sensitive information, by gaining access to user accounts without needing to obtain their passwords. They did that by getting an already logged-in user to grant access to a malicious application posing as Google Docs.

“This is the future of phishing,” said Aaron Higbee, chief technology officer at PhishMe Inc. “It gets attackers to their goal … without having to go through the pain of putting malware on a device.”

He said the hackers had also pointed some users to another site, since taken down, that sought to capture their passwords.

Google said its abuse team “is working to prevent this kind of spoofing from happening again.”

Anybody who granted access to the malicious app unknowingly also gave hackers access to their Google account data including emails, contacts and online documents, according to security experts who reviewed the scheme.

“This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party,” said Justin Cappos, a cyber security professor at NYU Tandon School of Engineering.

Cappos said he received seven of those malicious emails in three hours on Wednesday afternoon, an indication that the hackers were using an automated system to perpetuate the attacks.

He said he did not know the objective, but noted that compromised accounts could be used to reset passwords for online banking accounts or provide access to sensitive financial and personal data.

(Reporting by Alastair Sharp and Jim Finkle in Toronto; editing by Grant McCool)

China tightens rules on online news, network providers

A map of China is seen through a magnifying glass on a computer screen showing binary digits in Singapore in this January 2, 2014 photo illustration. REUTERS/Edgar Su/File Photo

BEIJING (Reuters) – China on Tuesday issued tighter rules for online news portals and network providers, the latest step in President Xi Jinping’s push to secure the internet and maintain strict party control over content.

Xi has made China’s “cyber sovereignty” a top priority in his sweeping campaign to bolster security. He has also reasserted the ruling Communist Party’s role in limiting and guiding online discussion.

The new regulations, released by the Cyberspace Administration of China (CAC) on its website, extend restrictions on what news can be produced and distributed by online platforms, requiring all services to be managed by party-sanctioned editorial staff.

The rules, which come into effect on June 1, apply to all political, economic, military, or diplomatic reports or opinion articles on blogs, websites, forums, search engines, instant messaging apps and all other platforms that select or edit news and information, the administration said.

All such platforms must have editorial staff who are approved by the national or local government internet and information offices, while their workers must get training and reporting credentials from the central government, it said.

Editorial work must be separate from business operations and only public funds can be used to pay for any work, it added.

Under the rules, editorial guidance measures used for the mainstream media will be applied to online providers to ensure they too adhere to the party line, such as requiring “emergency response” measures to increase vetting of content after disasters.

The rules also stipulate that a domestic business that wants to set up a joint venture with a foreign partner, or accept foreign funding, must be assessed by the State Internet Information Office.

Content on China’s internet has never been free of government censorship, though a number of internet companies run news portals that produce relatively independent reporting and opinion pieces.

A number of these platforms were shut down last year, after Xi in April called in a speech for better regulation of China’s internet.

The CAC separately on Tuesday released another set of rules that on June 1 will require “network providers and products” used by people who might touch upon “national security and the public interest” go through a new round of security reviews.

Beijing adopted a cyber security law last year that overseas critics say could shut foreign businesses out of various sectors in China.

(Reporting by Christian Shepherd; Editing by Robert Birsel)

U.S. spy agency abandons controversial surveillance technique

FILE PHOTO - An aerial view shows the National Security Agency (NSA) headquarters in Ft. Meade, Maryland, U.S. on January 29, 2010. REUTERS/Larry Downing/File Photo

By Dustin Volz

WASHINGTON (Reuters) – The U.S. National Security Agency said on Friday it had stopped a form of surveillance that allowed it to collect without a warrant the digital communications of Americans who mentioned a foreign intelligence target in their messages, marking an unexpected triumph for privacy advocates long critical of the practice.

The decision to stop the once-secret activity, which involved messages sent to or received from people believed to be living overseas, came despite the insistence of U.S. officials in recent years that it was both lawful and vital to national security.

The halt is among the most substantial changes to U.S. surveillance policy in years and comes as digital privacy remains a contentious issue across the globe following the 2013 disclosures of broad NSA spying activity by former intelligence contractor Edward Snowden.

“NSA will no longer collect certain internet communications that merely mention a foreign intelligence target,” the agency said in a statement. “Instead, NSA will limit such collection to internet communications that are sent directly to or from a foreign target.”

NSA also said it would delete the “vast majority” of internet data collected under the surveillance program “to further protect the privacy of U.S. person communications.”

The decision is an effort to remedy privacy compliance issues raised in 2011 by the Foreign Intelligence Surveillance Court, a secret tribunal that rules on the legality of intelligence operations, sources familiar with the matter said.

The court recently approved the changes, NSA said in its statement.

The NSA is not permitted to conduct surveillance within the United States. The so-called “about” collection went after messages that mentioned a surveillance target, even if the message was neither to nor from that person.

That type of collection sometimes resulted in surveillance of emails, texts and other communications that were wholly domestic. The NSA will continue to collect communications directly involving intelligence targets.

Friday’s announcement came as a surprise to privacy advocates who have long argued that “about” collection was overly broad and ran afoul of the U.S. Constitution’s protections against unreasonable searches.

Julian Sanchez, a privacy and surveillance expert with the Cato Institute, a libertarian think tank, called the decision “very significant” and among the top priorities of surveillance reform among civil liberties groups.

“Usually you identify a specific individual to scrutinize their content; this was scrutinizing everyone’s content to find mentions of an individual,” Sanchez said.

Other privacy advocates seized on the change to advocate for additional reforms to the Foreign Intelligence Surveillance Act (FISA). The part of the law under which the banned surveillance occurred, known as Section 702, is due to expire at the end of the year unless Congress reauthorizes it.

Democratic Senator Ron Wyden said in a statement he would introduce legislation “banning this kind of collection in the future.”

A U.S. government official familiar with the matter said the change was motivated in part to ensure that Section 702 is renewed before it sunsets on Dec. 31, 2017. FISA has come under increased scrutiny in recent months amid unsubstantiated claims by President Donald Trump and other Republicans that the Obama White House improperly spied on Trump or his associates.

Pieces of differing bits of digital traffic are often packaged together as they travel across the internet. Part of the issue with “about” collection stemmed from how an entire packet of information would be vacuumed up if one part of it contained information, such as an email address or phone number, connected to a foreign target.

NSA told the Privacy and Civil Liberties Oversight Board as recently as last year that changes to “about” collection were not “practical at this time,” according to a report from the government watchdog.

News of the surveillance activity being halted was first reported on Friday by The New York Times, which first revealed its existence in 2013, two months after Snowden leaked intelligence documents to journalists.

(Additional reporting by Mark Hosenball; writing by Eric Beech; editing by Tim Ahmann, Leslie Adler and Bill Rigby)

Anti-Putin protesters get a smart phone app to help get out of jail

By Parniyan Zemaryalai

MOSCOW (Reuters) – Anti-Kremlin protesters who run the regular risk of being detained by the police are being given a helping hand: A smart phone app that allows them to instantly inform others where and when they have been arrested.

Russia faces a presidential election next year, which Vladimir Putin is expected to contest, and was last month shaken by large anti-government protests. More are planned.

The result of a collaboration between a Russian firm, a human rights group and an opposition movement, the notification system, called Red Button, automatically transmits the location and emergency contact details of a detained protester.

That, says its St Petersburg-based developer Alexander Litreev, should allow others to act quickly to help free them as it will include details of the police station where the individual is being held.

“Using this information, human rights defenders can help this person in some way, like sending him a lawyer,” Litreev told Reuters in an interview.

“When I see that people are being detained and experiencing violence at the hands of the authorities, and people can’t do anything about it, I think this must be fought against,” he said.

Litreev said he sympathized with the country’s liberal opposition and sometimes attended protests himself.

President Vladimir Putin remains by far the most popular politician in Russia, but opponents argue he keeps a check on dissent through control of the media, especially television, and limiting protest.

In developing the app, he partnered with the Open Russia foundation, founded by Kremlin critic Mikhail Khodorkovsky, and OVD-Info, a human rights organization that monitors detentions.

The app will also allow observers to track how protests unfold as it is linked to a special Twitter page that will generate maps and notifications.

It is currently available for devices on iOS and Android and, according to Litreev, some 4,000 users have already downloaded the app, which is free. A version for Windows will launch in the summer.

The alert system is due to go live on April 29 — the day when Open Russia has called for nationwide demonstrations against the government. Another protest, organized by opposition politician Alexei Navalny, is scheduled for June 12.

(Editing by Andrew Osborn and)

Cashless society getting closer, survey finds

FILE PHOTO: Samsung's new Samsung Pay mobile wallet system is demonstrated at its Australian launch in Sydney, June 15, 2016. REUTERS/Matt Siegel/File Photo

By Jeremy Gaunt

LONDON (Reuters) – More than a third of Europeans and Americans would be happy to go without cash and rely on electronic forms of payment if they could, and at least 20 percent already pretty much do so, a study showed on Wednesday.

The study, which was conducted in 13 European countries, the United States and Australia, also found that in many places where cash is most used, people are among the keenest to ditch it.

Overall, 34 percent of respondents in Europe and 38 percent in the United States said they would be willing to go cash-free, according to the survey conducted by Ipsos for the ING bank website eZonomics.

Twenty-one percent and 34 percent in Europe and the United States, respectively, said they already rarely use cash.

The trend was also clear. More than half of the European respondents said they had used less cash in the past 12 months than previously and 78 percent said they expected to use it even less over the coming 12 months.

Ian Bright, managing director of group research for ING wholesale banking, said he did not believe people would quit cash entirely, but the direction was obvious.

“More and more people will end up with a situation where they can quite comfortably get by for two days, three days, four days, even a week, without ever using cash,” he told Reuters Television.

Payment systems such as contactless cards and mobile-phone digital wallets have become so prevalent the issue has become political in some countries.

Cash-loving Germans, for example, have been concerned that a move by the European Central Bank to phase out the 500 euro note by the end of next year is the start of a slippery slope.

Germany is one of the countries that uses cash the most. The ING survey showed only 10 percent of Germans saying they rarely use cash, compared, for example, with 33 percent and 35 percent, respectively, in neighbors Poland and France.

The survey also showed that, in general, countries where cash is much in use were most likely to want to go cashless.

Only 19 percent of Italians said they rarely used cash but 41 percent said they would be willing to go cash. There was a similar trend in Turkey, Romania, the Czech Republic, Spain and even Germany.

(Editing by Catherine Evans)

Sign up for Jim Bakker Show