Global Banks fearing North Korea hacking, prepare defenses

Binary code is seen on a screen against a North Korean flag in this illustration photo November 1, 2017.

By Jim Finkle and Alastair Sharp

WASHINGTON/TORONTO (Reuters) – Global banks are preparing to defend themselves against North Korea potentially intensifying a years-long hacking spree by seeking to cripple financial networks as Pyongyang weighs the threat of U.S. military action over its nuclear program, cyber security experts said.

North Korean hackers have stolen hundreds of millions of dollars from banks during the past three years, including a heist in 2016 at Bangladesh Bank that yielded $81 million, according to Dmitri Alperovitch, chief technology officer at cyber security firm CrowdStrike.

Alperovitch told the Reuters Cyber Security Summit on Tuesday that banks were concerned Pyongyang’s hackers may become more destructive by using the same type of “wiper” viruses they deployed across South Korea and at Sony Corp’s <6758.T> Hollywood studio.

The North Korean government has repeatedly denied accusations by security researchers and the U.S. government that it has carried out cyber attacks.

North Korean hackers could leverage knowledge about financial networks gathered during cyber heists to disrupt bank operations, according to Alperovitch, who said his firm has conducted “war game” exercises for several banks.

“The difference between theft and destruction is often a few keystrokes,” Alperovitch said.

Security teams at major U.S. banks have shared information on the North Korean cyber threat in recent months, said a second cyber security expert familiar with those talks.

“We know they attacked South Korean banks,” said the source, who added that fears have grown that banks in the United States will be targeted next.

Tensions between Washington and Pyongyang have been building after a series of nuclear and missile tests by North Korea and bellicose verbal exchanges between U.S. President Donald Trump and North Korean leader Kim Jong Un.

John Carlin, a former U.S. assistant attorney general, told the Reuters summit that other firms, among them defense contractors, retailers and social media companies, were also concerned.

“They are thinking ‘Are we going to see an escalation in attacks from North Korea?'” said Carlin, chair of Morrison & Foerster international law firm’s global risk and crisis management team.

Jim Lewis, a cyber expert with Washington’s Center for Strategic and International Studies, said it is unlikely that North Korea would launch destructive attacks on American banks because of concerns about U.S. retaliation.

Representatives of the U.S. Federal Reserve and the Office of the Comptroller of the Currency, the top U.S. banking regulators, declined to comment. Both have ramped up cyber security oversight in recent years.



(Reporting by Jim Finkle in Washington and Alastair Sharp in Toronto; additional reporting by Dustin Volz in Washington; editing by Grant McCool)


U.S. financial regulator must beef up cyber security: inspector

A man poses inside a server room at an IT company in this June 19, 2017 illustration photo. REUTERS/Athit Perawongmetha/Illustration

By Lisa Lambert

WASHINGTON (Reuters) – The U.S. Consumer Financial Protection Bureau (CFPB), one of Wall Street’s top regulators, must strengthen its protections against hacking, according to a report the agency’s internal inspector released on Wednesday as the financial sector reels from recent revelations of two major data breaches.

The former head of the Equifax <EFX.N> credit bureau is testifying before Congress this week about the company’s disclosure that personal information for millions of individuals had been stolen from its systems.

At the same time, the Securities and Exchange Commission – the country’s lead securities regulator – is facing lawmakers’ questions about information stolen last year from its filing system that may have been used for illicit trades.

The CFPB, which gathers sensitive information on individuals, banks, credit card companies and other financial firms as the government’s consumer finance watchdog, could suffer similar intrusions that might undermine public trust or limit its ability to carry out its mission, its inspector general said in a report dated Sept. 27 and released on Wednesday.

The agency “has not fully implemented processes, such as data loss prevention technologies, within its internal network that would enable the agency to detect and better protect against unauthorized access to and disclosure of its sensitive information,” the report said.

It also needs to run automated feeds through security checks and move away from manually tracking system security by putting alerts and continuous monitoring tools in place, the inspector general found.

In the five years since it was established, the CFPB has had to quickly erect sound information systems that can repel cyber attacks. All federal agencies are struggling to keep up with a steady rise in the number and sophistication of attempted intrusions, as criminal demand for stolen Social Security numbers and other personally identifiable information swells.

The inspector general also said the CFPB will soon implement a job succession plan to try to close possible staffing and skill gaps, hopefully clarifying what the future holds after Richard Cordray, the CFPB’s first director, leaves the agency.

Cordray, whose term expires in July, was appointed by President Barack Obama after the agency was created under the 2010 Dodd-Frank financial reform law.

Many expect him to depart earlier, however, and there is no precedent for replacing him.

President Donald Trump will likely appoint a successor who cuts back on the agency’s reach, raising questions about the direction of open CFPB investigations and rulemakings.

(Reporting by Lisa Lambert, editing by G Crosse)

China beefs up cyber defenses with centralized threat database

A map of China is seen through a magnifying glass on a computer screen showing binary digits in Singapore in this January 2, 2014 photo illustration. REUTERS/Edgar Su

BEIJING (Reuters) – China said on Wednesday it will create a national data repository for information on cyber attacks and require telecom firms, internet companies and domain name providers to report threats to it.

The Ministry of Industry and Information Technology (MIIT) said companies and telcos as well as government bodies must share information on incidents including Trojan malware, hardware vulnerabilities, and content linked to “malicious” IP addresses to the new platform.

An MIIT policy note also said that the ministry, which is creating the platform, will be liable for disposing of threats under the new rules, which will take effect on Jan. 1.

Companies and network providers that fail to follow the rules will be subject to “warnings, fines and other administrative penalties”, it said, without giving any details.

The law is the latest in a series of moves by Chinese authorities designed to guard core infrastructure and private enterprises against large-scale cyber attacks.

In June, China’s cyber watchdog formalized a nationwide cyber emergency response plan, which included the construction of a central response system and mandated punitive measures for government units that failed to safeguard the system.

Earlier this year, the same ministry introduced rules requiring state telecommunications firms to take a more active role in removing VPNs and other tools used to subvert China’s so-called Great Firewall.

(Reporting by Cate Cadell; Editing by Richard Borsuk)

German military aviation command launches cyber threat initiative

A German Air Force piolt poses inside the cockpit of an Airbus A400M military aircraft at the ILA Berlin Air Show in Schoenefeld, south of Berlin, Germany, June 1, 2016. Picture taken with a fish-eye lens. REUTERS/Fabrizio Bensch

By Andrea Shalal

BERLIN (Reuters) – The German military’s aviation safety chief has launched a new initiative against cyber threats, citing research that he said shows hackers can commandeer military airplanes with the help of equipment that costs about 5,000 euros ($5,700).

A defense ministry spokesman told Reuters that development of new “aviation cyber expertise” would cover everything from raising consciousness about cyber threats to technical research projects and equipping aircraft with protective systems.

State Secretary Katrin Suder had backed the idea, which Major General Ansgar Rieks, head of the German Military Aviation Authority, proposed in a letter in June, the spokesman said.

Rieks said last week that he was unnerved by a demonstration by the government-funded German Aerospace Center (DLR) in Bavaria showing hackers could take control of an aircraft with inexpensive equipment.

“That frightens me. I wrote to the state secretary about it and said doing nothing would amount to gross negligence,” he said at a talk at a conference in Bueckeburg, Germany. He said the issue was also a vital concern for civil aviation.

He said military officials needed to focus not just on potential problems with computer software, but should also work to “ensure that airplanes cannot be taken over from the ground, or possibly by a passenger in the air”.

A spokesman for the DLR, which has studied aviation cyber security extensively, had no immediate comment on the issue.

Germany’s military this year launched a new cyber command that groups cyber units from across the military, which will also involved in the new aviation cyber initiative.

Cyber resilience – making sure that systems can survive a cyber attack and keep functioning – was a major topic during a conference at Bundeswehr University Munich last month, the DLR spokesman said.

Germany’s military is also working on the aviation cyber issue within the European Union and NATO, he said.

Concerns about cyber attacks on aircraft and in the broader aviation sector have grown sharply in recent years with a growing barrage of attacks and breaches against other sectors.

Many experts fear that the aviation industry has not kept pace with the threat hackers pose to increasingly computer-connected airplanes.

Rapid adoption of communication protocols similar to those used on the internet to connect cockpits, cabins and ground controls, have left air traffic open to vulnerabilities bedevilling other sectors such as finance and oil and gas.

(Reporting by Andrea Shalal; Editing by Louise Ireland)

Pro-Islamic State hackers threaten President Trump on Ohio governor’s website

FILE PHOTO: Ohio Governor John Kasich speaks to reporters after an event at the White House in Washington, U.S., on November 10, 2016. REUTERS/Kevin Lamarque/File Photo

By Gabriella Borter

(Reuters) – Nearly a dozen Ohio state websites, including Governor John Kasich’s, were up and running again on Monday, a day after hackers posted messages of support for the Islamic State on their homescreens.

After the hack, the homescreen of, Kasich’s official website, displayed a black background and an Arabic symbol, and the top of the screen said “Hacked by Team System Dz.”

The text on the screen read: “You will be held accountable Trump, you and all your people for every drop of blood flowing in Muslim countries,” and “I Love Islamic State.” The militant group Islamic State is largely made up of Sunni militants from Iraq and Syria but has drawn jihadi fighters from across the Muslim world and Europe.

The Ohio Department of Public Safety was working with federal agencies to investigate the hacking “to make sure nothing like this happens again,” said Tom Hoyt, a spokesman for Ohio’s Department of Administrative Services, on Monday.

Technicians are scanning websites and data banks but have found no services that have been disrupted by the hack, nor any evidence that information about employees or private citizens was accessed or disturbed, Hoyt said.

Along with Kasich’s website, the websites of First Lady Karen Kasich, the Department of Medicaid, and the Department of Rehabilitation and Correction were among the 10 other Ohio state sites that were hacked.

The websites of Howard County, Maryland and the town of Brookhaven, New York were also targets of the hacking spree and displayed the same message. The Brookhaven website remained inaccessible on Monday.

The FBI’s Columbus, Ohio, office declined comment on whether it knew anything about the group “Team System Dz.”

Earlier this year, a group using the same name claimed responsibility for hacking websites in Wisconsin, as well as in Scotland, England and Italy.

(This story has been refiled to remove extra word in paragraph 5)

(Reporting by Gabriella Borter; Editing by Marguerita Choy)

Ukraine imposes sanctions on Russian web firms, citing cyber threat

A Yandex taxi is seen in central Kiev, Ukraine, May 16, 2017. REUTERS/Gleb Garanich

By Natalia Zinets

KIEV (Reuters) – Ukraine imposed sanctions on Russia’s largest internet group Yandex and other popular online firms on Tuesday, saying it wanted to guard against cyber attacks, and the Kremlin threatened retaliation.

The restrictions froze any assets held by the Russian businesses inside Ukraine and banned hosts there from linking to them, though the websites were all still accessible in Kiev on Tuesday afternoon.

The ban was imposed partly to protect against companies “whose activities threaten the information and cyber security of Ukraine”, the Kiev government’s Security and Defence Council said in a statement.

They added to a list of more than 400 Russian firms blacklisted by Kiev since Moscow’s annexation of Crimea in 2014 and the ensuing pro-Russian separatist uprising in eastern Ukraine. Group, which owns the Odnoklassniki social network and Vkontakte, Russia’s version of Facebook, said that around 25 million Ukrainians could be affected by the “politically motivated” decision.

“We have never been involved in politics. We have not broken a single law of Ukraine,” it said in a statement. It said the Ukrainian market contributed an “immaterial” amount of revenue and so would not revise its financial plans.

Yandex declined comment and there was no immediate comment from other companies on the list.

Kremlin spokesman Dmitry Peskov told journalists that Moscow had not forgotten the principle of reciprocity when it came to such disputes, calling the move “short-sighted.”

Many of the affected sites are hugely popular in Ukraine.

Vkontakte was the second-most visited website in Ukraine as of March, according to data cited by the Ukrainian Internet Association. Yandex, Odnoklassniki and were also in the top five most popular sites that month.

In comments to Russian newspaper Kommersant, Russian Foreign Ministry spokesman Maria Zakharova called the sanctions a “manifestation of politically motivated censorship”.

Moscow has repeatedly denied accusations from Kiev that it has been waging a “cyber war” on Ukraine at the same time as it fuels Ukraine’s separatist conflict by supporting rebels with troops and weapons.

Ukraine has also accused Russian computer hackers of targeting its power grid, financial system and other infrastructure with viruses.

(Additional reporting by Maria Kiselyova and Anastasia Teterevleva in Moscow; writing by Alessandra Prentice; editing by Matthias Williams and Mark Heinrich)