EU warns of 5G cybersecurity risks, stops short of singling out China

By Foo Yun Chee

BRUSSELS (Reuters) – The European Union warned on Wednesday of the risk of increased cyber attacks by state-backed entities but refrained from singling out China and its telecoms equipment market leader Huawei Technologies as threats.

The comments came in a report prepared by EU member states on cybersecurity risks to next-generation 5G mobile networks seen as crucial to the bloc’s competitiveness in an increasingly networked world.

The authors chose to ignore calls by the United States to ban Huawei’s equipment, drawing a welcome from the Shenzen-based company after it faced U.S. accusations that its gear could be used by China for spying.

“Among the various potential actors, non-EU states or state-backed are considered as the most serious ones and the most likely to target 5G networks,” the European Commission and Finland, which currently holds the rotating EU presidency, said in a joint statement.

“In this context of increased exposure to attacks facilitated by suppliers, the risk profile of individual suppliers will become particularly important, including the likelihood of the supplier being subject to interference from a non-EU country,” they said.

Huawei, which competes with Finland’s Nokia and Sweden’s Ericsson, said it stood ready to work with its European partners on 5G network security. It has always denied its equipment can be used for spying.

“This exercise is an important step toward developing a common approach to cybersecurity and delivering safe networks for the 5G era,” a Huawei spokesman said.

“We are pleased to note that the EU delivered on its commitment to take an evidence-based approach, thoroughly analyzing risks rather than targeting specific countries or actors.”

Tom Ridge, a former U.S. secretary of homeland security, took a different view of the report. He said Huawei’s close ties to the Chinese government meant it would have to comply with legislation requiring it to assist with intelligence gathering.

“If countries needed more reason to implement stricter security measures to protect 5G networks, this comprehensive risk assessment is it,” said Ridge, a member of the advisory board of Global Cyber Policy Watch.

Fifth-generation networks will hook up billions of devices, sensors and cameras in ‘smart’ cities, homes and offices. With that ubiquity, security becomes an even more pressing need than in existing networks.

“5G security requires that networks are built leveraging the most advanced security features, selecting vendors that are trustworthy and transparent,” a Nokia spokesperson said, adding that the company was the only global vendor capable of providing all the building blocks for secure 5G networks.

EU members have differed on how to treat Huawei, with Britain, a close U.S. ally, leaning toward excluding it from critical parts of networks. Germany is meanwhile creating a level playing field in which all 5G vendors should prove they are trustworthy.

OVER-DEPENDENCE

The report warned against over-dependence on one telecoms equipment supplier.

“A major dependency on a single supplier increases the exposure to a potential supply interruption, resulting for instance from a commercial failure, and its consequences,” it said.

European network operators, including Germany’s Deutsche Telekom typically have multi-vendor strategies that they say reduce the security risks that might arise from relying too heavily on a single provider.

“The Commission’s 5G assessment recognizes security isn’t just a supplier issue,” said Alex Sinclair, chief technology officer of the GSMA, a global mobile-industry trade group.

“We all have a role to play – from manufacturers to operators to consumers – and we are taking responsibility for our part in the security chain seriously.”

The EU will now seek to come up with a so-called toolbox of measures by the end of the year to address cyber security risks at national and bloc-wide level.

The European Agency for Cybersecurity is also finalizing a map of specific threats related to 5G networks.

(Additional reporting by Douglas Busvine in Berlin and Anne Kauranen in Helsinki; Editing by Kirsten Donovan and Elaine Hardcastle)

U.S. imposes sanctions on North Korean hacking groups blamed for global attacks

FILE PHOTO: A North Korean flag flies on a mast at the Permanent Mission of North Korea in Geneva October 2, 2014. REUTERS/Denis Balibouse/File Picture

WASHINGTON (Reuters) – The U.S. Treasury on Friday announced sanctions on three North Korean hacking groups it said were involved in the “WannaCry” ransomware attacks and hacking of international banks and customer accounts.

It named the groups as Lazarus Group, Bluenoroff, and Andariel and said they were controlled by the RGB, North Korea’s primary intelligence bureau, which is already subject to U.S. and United Nations sanctions.

The action blocks any U.S.-related assets of the groups and prohibits dealings with them. The Treasury statement said any foreign financial institution that knowingly facilitated significant transactions or services for them could also be subject to sanctions.

“Treasury is taking action against North Korean hacking groups that have been perpetrating cyberattacks to support illicit weapon and missile programs,” said Sigal Mandelker, Treasury undersecretary for Terrorism and Financial Intelligence.

“We will continue to enforce existing U.S. and U.N. sanctions against North Korea and work with the international community to improve the cybersecurity of financial networks.”

The United States has been attempting to restart talks with North Korea, aimed at pressing the country to give up its nuclear weapons. The talks have been stalled over North Korean demands for concessions, including sanctions relief.

Earlier this month, North Korea denied U.N. allegations it had obtained $2 billion through cyberattacks on banks and cryptocurrency exchanges and accused the United States of spreading rumors.

The Treasury statement said Lazarus Group was involved in the WannaCry ransomware attack that the United States, Australia, Canada, New Zealand and the United Kingdom publicly attributed to North Korea in December 2017.

It said WannaCry affected at least 150 countries and shut down about 300,000 computers, including many in Britain’s National Health Service (NHS). The NHS attack led to the cancellation of more than 19,000 appointments and ultimately cost the service over $112 million, the biggest known ransomware attack in history.

The Treasury said Lazarus Group was also directly responsible for 2014 cyber-attacks on Sony Pictures Entertainment.

The statement cited industry and press reporting as saying that by 2018, Bluenoroff had attempted to steal over $1.1 billion from financial institutions and successfully carried out operations against banks in Bangladesh, India, Mexico, Pakistan, Philippines, South Korea, Taiwan, Turkey, Chile, and Vietnam.

It said Bluenoroff worked with the Lazarus Group to steal approximately $80 million from the Central Bank of Bangladesh’s New York Federal Reserve account.

Andariel, meanwhile, was observed by cyber security firms attempting to steal bank card information by hacking into ATMs to withdraw cash or steal customer information to later sell on the black market, the statement said.

Andariel was also responsible for developing and creating unique malware to hack into online poker and gambling sites and, according to industry and press reporting, targeted the South Korea government military in an effort to gather intelligence, it said.

(Reporting by David Brunnstrom and Lisa Lambert; Editing by Raissa Kasolowsky and Rosalba O’Brien)

Iran says U.S. cyber attacks failed, hints talks are possible

FILE PHOTO: Iranian President Hassan Rouhani delivers a speech at the Conference on Interaction and Confidence-Building Measures in Asia (CICA) in Dushanbe, Tajikistan June 15, 2019. REUTERS/Mukhtar Kholdorbekov/File Photo

By Stephen Kalin and Bozorgmehr Sharafedin

JEDDAH, Saudi Arabia/LONDON (Reuters) – Iran said on Monday U.S. cyber attacks on its military had failed, while also hinting that it could be willing to discuss new concessions with Washington if the United States were to lift sanctions and offer new incentives.

The longtime foes have come the closest in years to a direct military confrontation in the past week with the shooting down of a U.S. drone by Iran. U.S. President Donald Trump aborted a retaliatory strike just minutes before impact.

U.S. media have reported that the United States launched cyber attacks even as Trump called off the air strike. The Washington Post said on Saturday that the cyber strikes, which had been planned previously, had disabled Iranian rocket launch systems. U.S. officials have declined to comment.

“They try hard, but have not carried out a successful attack,” Mohammad Javad Azari Jahromi, Iran’s minister for information and communications technology, said on Twitter.

“Media asked if the claimed cyber attacks against Iran are true,” he said. “Last year we neutralized 33 million attacks with the (national) firewall.”

Allies of the United States have been calling for steps to defuse the crisis, saying they fear a small mistake on either side could trigger war.

“We are very concerned. We don’t think either side wants a war, but we are very concerned that we could get into an accidental war and we are doing everything we can to ratchet things down,” British Foreign Secretary Jeremy Hunt said.

U.S. Secretary of State Mike Pompeo jetted to the Middle East to discuss Iran with the leaders of Saudi Arabia and the United Arab Emirates, two Gulf Arab allies that favor a hard line. Pompeo met King Salman as well as the king’s son, de facto ruler Crown Prince Mohammed bin Salman.

The U.S. special representative for Iran, Brian Hook, visited Oman and was headed to Europe to explain U.S. policy to allies. He told European reporters on a phone call ahead of his arrival that Trump was willing to sit down with Iran, but Iran must do a deal before sanctions could be lifted.

CONCESSIONS

U.S.-Iran relations began to deteriorate last year when the United States abandoned a 2015 agreement between Iran and world powers designed to curb Iran’s nuclear program in return for the lifting of sanctions.

They got sharply worse last month when Trump tightened sanctions, ordering all countries to stop buying Iranian oil.

Recent weeks saw a military dimension to the confrontation, with the United States blaming Iran for attacks on vessels at sea, which Iran denies. Iran shot down the drone, saying it was in its air space, which Washington disputes. Washington also blames Iran for attacks by its Yemeni allies on Saudi targets.

Washington argues that the 2015 nuclear agreement known as the JCPOA, negotiated under Trump’s predecessor Barack Obama, did not go far enough, and that new sanctions are needed to force Iran back to the table to make more concessions.

Throughout the escalation, both sides have suggested they are willing to hold talks but the other side must move first. In the latest comment from Tehran, an adviser to President Hassan Rouhani repeated a longstanding demand that Washington lift sanctions in line with the deal.

But the adviser, Hesameddin Ashena, also tweeted a rare suggestion that Iran could be willing to discuss new concessions, if Washington were willing to put new incentives on the table that go beyond those in the deal.

“If they want something beyond the JCPOA, they should offer something beyond the JCPOA; with international guarantees.”

Iran’s foreign ministry spokesman, Abbas Mousavi, was quoted by ISNA news agency as saying on Monday Tehran did not “want a rise of tensions and its consequences”.

U.S. allies in Europe and Asia view Trump’s decision to abandon the nuclear deal as a mistake that strengthens hardliners in Iran and weakens the pragmatic faction of Rouhani.

Trump has suggested that he backed off the military strike against Iran in part because he was not sure the country’s top leadership had intended to shoot down the drone. However, an Iranian commander said Tehran was prepared to do it again.

“Everyone saw the downing of the unmanned drone,” navy commander Rear Admiral Hossein Khanzadi was quoted on Sunday as saying by the Tasnim news agency. “I can assure you that this firm response can be repeated, and the enemy knows it.”

(Reporting by Bozorgmehr Sharafedin in London and Stephen Kalin in Jeddah; Additional reporting by Robin Emmott in Brussels; Writing by Peter Graff; Editing by Jon Boyle)

U.S. initiative warns firms of hacking by China, other countries

FILE PHOTO: A Chinese flag flutters at Tiananmen Square in central Beijing, China June 8, 2018. REUTERS/Jason Lee

By Jonathan Landay

WASHINGTON (Reuters) – The Trump administration on Monday launched a drive to push U.S. firms to better protect their trade secrets from foreign hackers, following a slew of cases accusing individuals and companies of economic espionage for China.

U.S. companies hit by recent attacks included Hewlett Packard Enterprise Co and International Business Machines Corp

The National Counter-Intelligence and Security Center, which coordinates counter-intelligence efforts within the U.S. government, launched the outreach campaign to address persistent concerns that many companies are not doing enough to guard against cyber theft.

The Center is worried about cyber attacks on U.S. government agencies and the private sector from China, Russia, North Korea and Iran.

“Top corporate executives and directors should know the intent of our adversaries and what they are trying to do economically to gain the upper hand,” William Evanina, a veteran FBI agent who oversees the center, said in an interview. “We are not saying don’t invest in China or with China, but know the risk.”

The drive targets trade associations across the United States and their members. Videos, brochures and online informational materials describe the threat posed by cyber espionage and other methods used by foreign intelligence services.

One brochure details methods hackers use to break into computer networks and how they create fake social media accounts to deceive people into revealing work or personal details. It outlines ways to protect information, such as researching apps before downloading them and updating anti-virus software.

The first parts of this administration outreach effort called,”Know the Risk, Raise Your Shield,” focused mainly on federal workers. The new phase follows a series of cases announced by the U.S. government against individuals and firms for allegedly stealing government secrets and proprietary information from U.S. companies for China’s benefit.

Nine cases announced since July 2018 included the unsealing last month of an indictment of two alleged hackers linked to China’s main spy agency on charges that they stole confidential government and corporate data. The pair allegedly belonged to a hacking ring known as APT 10.

Evanina said the new campaign also focuses on what he called Moscow’s aggressive, persistent attacks on computer networks of critical U.S. infrastructure, which includes power grids and communications, financial and transportation systems.

China and Russia have repeatedly denied conducting such attacks.

The most serious threats now facing companies, Evanina said, are efforts to plant malicious software in components purchased from suppliers or to substitute counterfeit parts for genuine products.

Companies need to take greater care to counter those efforts and in vetting new hires because of the growing danger of employing people acting for foreign powers, he said.

(Reporting by Jonathan Landay; Editing by David Gregorio)

Mystery hacker steals data on 1,000 North Korean defectors in South

FILE PHOTO: A North Korean flag flutters on top of a 160-metre tower in North Korea's propaganda village of Gijungdong, in this picture taken from the Tae Sung freedom village near the Military Demarcation Line (MDL), inside the demilitarised zone separating the two Koreas, in Paju, South Korea, April 24, 2018. REUTERS/Kim Hong-Ji

By Hyonhee Shin

SEOUL (Reuters) – The personal information of nearly 1,000 North Koreans who defected to South Korea has been leaked after unknown hackers got access to a resettlement agency’s database, the South Korean Unification Ministry said on Friday.

The ministry said it discovered last week that the names, birth dates and addresses of 997 defectors had been stolen through a computer infected with malicious software at an agency called the Hana center, in the southern city of Gumi.

“The malware was planted through emails sent by an internal address,” a ministry official told reporters on condition of anonymity, due to the sensitivity of the issue, referring to a Hana center email account.

The Hana center is among 25 institutes the ministry runs around the country to help some 32,000 defectors adjust to life in the richer, democratic South by providing jobs, medical and legal support.

Defectors, most of whom risked their lives to flee poverty and political oppression, are a source of shame for North Korea. Its state media often denounces them as “human scum” and accuses South Korean spies of kidnapping some of them.

The ministry official declined to say if North Korea was believed to have been behind the hack, or what the motive might have been, saying a police investigation was under way to determine who did it.

North Korean hackers have in the past been accused of cyber attacks on South Korean state agencies and businesses.

North Korea stole classified documents from the South’s defense ministry and a shipbuilder last year, while a cryptocurrency exchange filed for bankruptcy following a cyber attack linked to the North.

North Korean state media has denied those cyber attacks.

The latest data breach comes at a delicate time for the two Koreas which have been rapidly improving their relations after years of confrontation.

The Unification Ministry said it was notifying the affected defectors and there were no reports of any negative impact of the data breach.

“We’re sorry this has happened and will make efforts to prevent it from recurring,” the ministry official said.

Several defectors, including one who became a South Korean television celebrity, have disappeared in recent years only to turn up later in North Korean state media, criticizing South Korea and the fate of defectors.

(Reporting by Hyonhee Shin; Editing by Robert Birsel)

Chinese hacking against U.S. on the rise: U.S. intelligence official

A staff member sets up Chinese and U.S. flags for a meeting in Beijing, China April 27, 2018. REUTERS/Jason Lee

By Jim Finkle and Christopher Bing

NEW YORK (Reuters) – A senior U.S. intelligence official warned on Tuesday that Chinese cyber activity in the United States had risen in recent months, and the targeting of critical infrastructure in such operations suggested an attempt to lay the groundwork for future disruptive attacks.

”You worry they are prepositioning against critical infrastructure and trying to be able to do the types of disruptive operations that would be the most concern,” National Security Agency official Rob Joyce said in response to a question about Chinese hacking at a Wall Street Journal conference.

Joyce, a former White House cyber advisor for President Donald Trump, did not elaborate or provide an explanation of what he meant by critical infrastructure, a term the U.S. government uses to describe industries from energy and chemicals to financial services and manufacturing.

In the past, the U.S. government has openly blamed hackers from Iran, Russia or North Korea for disruptive cyberattacks against U.S. companies, but not China. Historically, Chinese hacking operations have been more covert and focused on espionage and intellectual property theft, according to charges filed by the Justice Department in recent years.

A spokesperson for Joyce said he was specifically referring to digital attacks against the U.S. energy, financial, transportation, and healthcare sectors in his speech on Tuesday.

The comments follow the arrest by Canadian authorities of Meng Wanzhou, chief financial officer of Chinese telecommunications giant Huawei Technologies, at the request of the United States on Dec. 1. Wanzhou was extradited and faces charges in the U.S. related to sanctions violations.

(Reporting by Jim Finkle and Christopher Bing; Editing by Bernadette Baum)

What is Russia’s GRU military intelligence agency?

A general view shows the headquarters of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation, formerly known as the Main Intelligence Directorate (GRU), in Moscow, Russia October 4, 2018. REUTERS/Stringer

By Guy Faulconbridge

LONDON (Reuters) – The West has accused Russia’s military intelligence agency (GRU) of running what it described as a global hacking campaign, targeting institutions from sports anti-doping bodies to a nuclear power company and the chemical weapons watchdog.

What is GRU and what does it do?

What is the GRU?

Russia’s military intelligence service is commonly known by the Russian acronym GRU, which stands for the Main Intelligence Directorate. Its name was formally changed in 2010 to the Main Directorate (or just GU) of the general staff, but its old acronym – GRU – is still more widely used.

Its published aims are the supply of military intelligence to the Russian president and government. Additional aims include ensuring Russia’s military, economic and technological security.

The GRU answers directly to the chief of the general staff, Valery Gerasimov, and the Russian defense minister, Sergei Shoigu, each of whom are thought to have access to Russia’s portable nuclear briefcase.

Russia’s two other main intelligence and security services were both created from the Soviet-era KGB: the Foreign Intelligence Service, or SVR, and the Federal Security Service, or FSB.

What are the GRU’s capabilities?

According to a Western assessment of GRU seen by Reuters, the GRU has a long-running program to run ‘illegal’ spies – those who work without diplomatic cover and who live under an assumed identity for years until orders from Moscow.

“It has a long-running program of ‘illegals’ reserved for the most sensitive or deniable tasks across the spectrum of GRU operations,” the assessment said.

The GRU is seen as a major Russian cyber player.

“It plays an increasingly important role in Russia’s development of Information Warfare (both defensive and offensive),” according to the Western assessment.

“It is an aggressive and well-funded organization which has the direct support of – and access to – [Russian President Vladimir] Putin, allowing freedom in its activities and leniency with regards to diplomatic and legislative scrutiny,” according to the assessment.

The GRU also has a considerable special forces unit. They are the elite of the Russian military.

“I don’t like rankings but the GRU is in the top levels of this business,” Onno Eichelsheim, director of the Netherlands Defence Intelligence and Security Service, told Reuters. “They are a very real threat.”

What are Western claims about GRU?

– The United States sanctioned GRU officers including its chief, Igor Korobov, for cyber attempts to interfere in the 2016 presidential election. Russia denied meddling in the election.

– Britain said two GRU officers attempted to murder former GRU double agent Sergei Skripal with Novichok. Russia denied any involvement.

– Britain said GRU was behind the BadRabbit attack of 2017, the hack of the Democratic National Committee in 2016, and attacks on the computer systems of both the Foreign Office and the Defence Science and Technology Laboratory in 2018. Russia said the accusations were fiction.

– The Netherlands said it caught four GRU cyberspies trying to hack into the Organization for the Prohibition of Chemical Weapons. It said the same group, known as unit 26165, had targeted the investigation into the downing of Malaysia Airlines flight MH-17.

– The United States charged seven GRU officers with plots to hack the World Anti-Doping Agency which had exposed a Russian doping program.

– GRU played a significant role in the 2014 annexation of Crimea, the conflict in Ukraine and the 2008 conflict with Georgia.

Note: The GRU does not have its own public web site and does not comment publicly on its actions. Its structure, staff numbers and financing are state secrets.

What is GRU’s history?

Russian spies trace their history back to at least the reign of Ivan the Terrible in the 16th Century, who established a feared espionage service.

The GRU was founded as the Registration Directorate in 1918 after the Bolshevik Revolution. Soviet state founder Vladimir Lenin insisted on its independence from other secret services, which saw it as a rival.

While the once mighty KGB was broken up during the 1991 collapse of the Soviet Union, the GRU remained intact.

GRU officers played a significant role in some of the key junctures of the Cold War and post-Soviet history – from the Cuban Missile crisis to Afghan war and the annexation of Crimea.

The public was given a rare chance to see parts of the GRU’s Moscow headquarters when Putin visited it in 2006. He was shown taking part in shooting practice.

(Editing by Richard Balmforth)

Britain says Russian military intelligence behind host of global cyber attacks

FILE PHOTO: Russian President Vladimir Putin and a masked security officer stand at a shooting gallery of the new GRU military intelligence headquarters building as he visits it in Moscow, Russia November 8, 2006.REUTERS/ITAR-TASS/PRESIDENTIAL PRESS SERVICE/File Photo

By Guy Faulconbridge and Anthony Deutsch

THE HAGUE (Reuters) – Britain accused Russian military intelligence on Thursday of directing a host of cyber attacks aimed at undermining Western democracies by sowing confusion in everything from the 2016 U.S. presidential election to the global chemical weapons watchdog.

In a British assessment based on work by its National Cyber Security Centre (NCSC), Russian military intelligence (GRU) was cast as a pernicious cyber aggressor which used a network of hackers to spread discord across the world.

GRU, Britain said, was almost certainly behind the BadRabbit and World Anti-Doping Agency attacks of 2017, the hack of the Democratic National Committee (DNC) in 2016 and the theft of emails from a UK-based TV station in 2015.

The Netherlands said it had caught four GRU officers red-handed as they tried to hack into the Organization for the Prohibition of Chemical Weapons from a hotel next door in April.

“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries,” said British Foreign Secretary Jeremy Hunt.

“Our message is clear – together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability,” Hunt said. Britain believes the Russian government is responsible for the attacks.

Maria Zakharova, a spokeswoman for the Russian Ministry of Foreign Affairs, told a news briefing that the British accusations were the product of someone with a “rich imagination”.

“It’s some kind of a diabolical perfume cocktail (of allegations),” TASS quoted Zakharova as telling reporters.

Though less well known than the Soviet Union’s once mighty KGB, Russia’s military intelligence service played a major role in some of the biggest events of the past century, from the Cuban missile crisis to the annexation of Crimea.

RUSSIAN CYBER POWER?

Though commonly known by the acronym GRU, which stands for the Main Intelligence Directorate, its name was formally changed in 2010 to the Main Directorate of the General Staff (or just GU). Its old acronym – GRU – is still more widely used.

It has agents across the globe and answers directly to the chief of the general staff and the Russian defense minister. The GRU does not comment publicly on its actions. Its structure, staff numbers and financing are Russian state secrets.

The GRU traces its history back to the times of Ivan the Terrible, though it was founded as the Registration Directorate in 1918 after the Bolshevik Revolution. Vladimir Lenin insisted on its independence from other secret services.

British Prime Minister Theresa May has said GRU officers used a nerve agent to try to kill former double agent Sergei Skripal, who was found unconscious in the English city of Salisbury in March. Russia has repeatedly denied the charges.

After the Skripal poisoning, the West agreed with Britain’s assessment that Russian military intelligence was to blame and launched the biggest expulsion of Russian spies working under diplomatic cover since the height of the Cold War.

According to a presentation by the head of the Netherlands’ military intelligence agency, four Russians arrived in the Netherlands on April 10 and were caught with spying equipment at a hotel located next to the OPCW headquarters.

At the time, the OPCW was working to verify the identity of the substance used in the Salisbury attack. It was also seeking to verify the identity of a substance used in an attack in Douma, Syria.

Russian President Vladimir Putin, himself a former KGB spy, said on Wednesday that Skripal, a GRU officer who betrayed dozens of agents to Britain’s MI6 foreign spy service, was a “scumbag” who had betrayed Russia.

Britain said the GRU was associated with a host of hackers including APT 28, Fancy Bear, Sofacy, Pawnstorm, Sednit, CyberCaliphate, Cyber Berkut, Voodoo Bear and BlackEnergy Actors.

“This pattern of behavior demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences,” Foreign Secretary Hunt said.

The United States sanctioned GRU officers including its chief, Igor Korobov, in 2016 and 2018 for attempted interference in the 2016 U.S. election and cyber attacks.

Australia and New Zealand backed the United Kingdom’s findings on the GRU.

“Cyberspace is not the Wild West. The International Community – including Russia – has agreed that international law and norms of responsible state behavior apply in cyberspace,” Australia’s Prime Minister Scott Morrison said.

“By embarking on a pattern of malicious cyber behavior, Russia has shown a total disregard for the agreements it helped to negotiate,” Morrison said.

(Additional reporting by Stephanie van den Berg and Colin Packham; Editing by Stephen Addison)

U.S. warns again on hacks it blames on North Korea

A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

(Reuters) – The U.S. government on Tuesday released an alert with technical details about a series of cyber attacks it blamed on the North Korean government that stretch back to at least 2009.

The warning is the latest from the Department of Homeland Security and the Federal Bureau of Investigation about hacks that the United States charges were launched by the North Korean government.

A representative with Pyongyang’s mission to the United Nations declined comment. North Korea has routinely denied involvement in cyber attacks against other countries.

The report was published as U.S. and North Korean negotiators work to resuscitate plans for a possible June 12 summit between leaders of the two nations. The FBI and DHS released a similar report in June 2017, when relations were tense between Washington and Pyongyang due to North Korea’s missile tests.

The U.S. government uses the nickname “Hidden Cobra” to describe cyber operations by the North Korean government, which it says target the media, aerospace and financial sectors and critical infrastructure in the United States and around the globe.

Tuesday’s report did not identify specific victims, though it cited a February 2016 report from several security firms that blamed the same group for a 2014 cyber attack on Sony Pictures Entertainment.

The alert provided a list of 87 IP addresses, four malicious files and two email addresses it said were associated with “Hidden Cobra.”

Last year’s alert was published on the same day that North Korea released American university student Otto Warmbier, who died days after his return to the United States following 17 months of captivity by Pyongyang

(Reporting by Jim Finkle in Toronto; Additional reporting by Rodrigo Campos in New York; Editing by Leslie Adler)

Tech firms, including Microsoft, Facebook, vow not to aid government cyber attacks

Silhouettes of mobile users are seen next to a screen projection of Microsoft logo in this picture illustration taken March 28, 2018. REUTERS/Dado Ruvic/Illustration

By Dustin Volz

SAN FRANCISCO (Reuters) – Microsoft, Facebook and more than 30 other global technology companies on Tuesday announced a joint pledge not to assist any government in offensive cyber attacks.

The Cybersecurity Tech Accord, which vows to protect all customers from attacks regardless of geopolitical or criminal motive, follows a year that witnessed an unprecedented level of destructive cyber attacks, including the global WannaCry worm and the devastating NotPetya attack.

“The devastating attacks from the past year demonstrate that cyber security is not just about what any single company can do but also about what we can all do together,” Microsoft President Brad Smith said in a statement. “This tech sector accord will help us take a principled path toward more effective steps to work together and defend customers around the world.”

Smith, who helped lead efforts to organize the accord, was expected to discuss the alliance in a speech on Tuesday at the RSA cyber security conference in San Francisco.

The accord also promised to establish new formal and informal partnerships within the industry and with security researchers to share threats and coordinate vulnerability disclosures.

The pledge builds on an idea for a so-called Digital Geneva Convention Smith rolled out at least year’s RSA conference, a proposal to create an international body to protect civilians from state-sponsored hacking.

Countries, Smith said then, should develop global rules for cyber attacks similar to those established for armed conflict at the 1949 Geneva Convention that followed World War Two.

In addition to Microsoft and Facebook, 32 other companies signed the pledge, including Cisco, Juniper Networks, Oracle, Nokia, SAP, Dell and cyber security firms Symantec, FireEye and Trend Micro.

The list of companies does not include any from Russia, China, Iran or North Korea, widely viewed as the most active in launching destructive cyber attacks against their foes.

Major U.S. technology companies Amazon, Apple, Alphabet and Twitter also did not sign the pledge.

(Reporting by Dustin Volz; Editing by Dan Grebler)