50,000 companies exposed to hacks of ‘business critical’ SAP systems: researchers

FILE PHOTO: People pose in front of a display showing the word 'cyber' in binary code, in this picture illustration taken in Zenica December 27, 2014. REUTERS/Dado Ruvic

By Jack Stubbs

LONDON (Reuters) – Up to 50,000 companies running SAP software are at greater risk of being hacked after security researchers found new ways to exploit vulnerabilities of systems that haven’t been properly protected and published the tools to do so online.

German software giant SAP said it issued guidance on how to correctly configure the security settings in 2009 and 2013. But data compiled by security firm Onapsis shows that 90 percent of affected SAP systems have not been properly protected.

“Basically, a company can be brought to a halt in a matter of seconds,” said Onapsis Chief Executive Mariano Nunez, whose company specializes in securing business applications such as those made by SAP and rival Oracle.

“With these exploits, a hacker could steal anything that sits on a company’s SAP systems and also modify any information there so he can perform financial fraud, withdraw money, or just plainly sabotage and disrupt the systems.”

SAP said: “SAP always strongly recommends to install security fixes as they are released.”

SAP software is used by more than 90 percent of the world’s top 2,000 companies to manage everything from employee payrolls to product distribution and industrial processes.

Security experts say attacks on those systems could be hugely damaging, both for the victim organizations and their wider supply chain. SAP customers collectively distribute 78 percent of the world’s food and 82 percent of global medical devices, the company says on its website.

Sogeti security consultant Mathieu Geli, one of the researchers who developed the exploits released online last month, said the issue concerned the way SAP applications to talk to one another inside a company.

If a company’s security settings are not configured correctly, he said, a hacker can trick an application into thinking they are another SAP product and gain full access without the need for any login credentials.

SAP said customer security was a priority and the vulnerabilities showed the need for clients to implement recommended fixes when they are released. “Security is a collaborative process, so our customers and partners need to safeguard their systems as well,” it said in a statement.

CRITICAL SYSTEMS

Researchers at Onapsis said on Thursday they were naming the exploits “10KBLAZE” because of the threat they posed to “business-critical applications” which, if hacked, could result in “material misstatements” in U.S. financial filings.

Nunez said he would share his company’s ability to detect the vulnerabilities with other security vendors to help secure all SAP users against possible future attacks. Full details here.

Sogeti’s Geli said he created the exploits to prove the danger of the vulnerabilities and released them online in order to help experts test the security of SAP systems.

He said there was a risk they could be used by malicious actors but not people without technical ability, and it was more important for companies to update their security settings.

“We are just pointing out something that is already fixed for SAP but clients maybe are a bit late on,” he said. “We are trying to push that and say: ‘Guys, this is critical, you need to fix it.'”

 

(Reporting by Jack Stubbs; editing by Georgina Prodhan)

Megaphones and more: Mueller details Russian U.S. election meddling

By Doina Chiacu

WASHINGTON (Reuters) – From breaking into computers to paying for a megaphone, Russian efforts to undermine the U.S. political system have been spelled out in detail by Special Counsel Robert Mueller, who has described an elaborate campaign of hacking and propaganda during the 2016 presidential race.

While Mueller has yet to submit to U.S. Attorney General William Barr a final report on his investigation into Russia’s role in the election, the former FBI director already has provided a sweeping account in a pair of indictments that charged 25 Russian individuals and three Russian companies.

Key questions still to be answered are whether Mueller will conclude that Trump’s campaign conspired with Moscow and whether Trump unlawfully sought to obstruct the probe. Trump has denied collusion and obstruction. Russia as denied election interference.

FILE PHOTO: Robert Mueller (R) , serving as Federal Bureau of Investigation director, is seen on a TV monitor at the U.S. Senate Judiciary Committee at an oversight hearing about the FBI on Capitol Hill in Washington, June 19, 2013. REUTERS/Larry Downing/File Photo

FILE PHOTO: Robert Mueller (R) , serving as Federal Bureau of Investigation director, is seen on a TV monitor at the U.S. Senate Judiciary Committee at an oversight hearing about the FBI on Capitol Hill in Washington, June 19, 2013. REUTERS/Larry Downing/File Photo

Here is an explanation of Mueller’s findings about Russian activities and U.S. intelligence assessments of the ongoing threat.

WHAT IS KNOWN ABOUT RUSSIAN “TROLL FARMS”?

On Feb. 16, 2018, Mueller charged 13 Russian individuals and three Russian entities with conspiracy to defraud the United States, wire and bank fraud and identity theft. It said the Internet Research Agency, a Russian-backed propaganda arm known for trolling on social media, flooded American social media sites Facebook, Twitter, YouTube and Instagram to promote Trump and spread disparaging information about his Democratic rival Hillary Clinton. The indictment said the Russian efforts dated to 2014, before Trump’s candidacy, and were intended to sow discord in the United States. [nL2N1Q61CL]

The St. Petersburg-based so-called troll farm employed hundreds of people for its online operations and had a multimillion-dollar budget, according to the indictment. It had a management group and departments including graphics, data analysis and search-engine optimization. Employees worked day and night shifts corresponding to U.S. time zones.

Its funding was provided by Evgeny Prigozhin, a businessman who U.S. officials have said has extensive ties to Russia’s military and political establishment, and companies he controlled including Concord Management and Consulting and Concord Catering. Prigozhin has been described by Russian media as being close to President Vladimir Putin. He has been dubbed “Putin’s cook” because his catering business has organized banquets for Russia’s president.

The Russians targeted Americans with information warfare, adopting false online personas and creating hundreds of social media accounts to push divisive messages and spread distrust of candidates and America’s political system in general, the indictment said. They aimed to denigrate Clinton and support the candidacies of Trump, who won the Republican presidential nomination, and Bernie Sanders, her rival for the Democratic nomination.

HOW WERE AMERICANS UNWITTINGLY RECRUITED?

In Florida, a pivotal state in U.S. presidential elections, the Russians steered unwitting Americans to pro-Trump rallies they conceived and organized. The indictment said the Russians paid “a real U.S. person to wear a costume portraying Clinton in a prison uniform at a rally” and another “to build a cage large enough to hold an actress depicting Clinton in a prison uniform.”

The accused Russians used false Facebook persona “Matt Skier” to contact a real American to recruit for a “March for Trump” rally, offering “money to print posters and get a megaphone,” the indictment said. They created an Instagram account “Woke Blacks” to encourage African-Americans not to vote for “Killary,” saying, “We’d surely be better off without voting AT ALL.” Fake social media accounts were used to post messages saying American Muslims should refuse to vote for Clinton “because she wants to continue the war on Muslims in the Middle East.” Alternatively, they took out Facebook ads promoting a June 2016 rally in Washington, “Support Hillary. Save American Muslims” rally. They recruited an American to hold up a sign with a quote falsely attributed to Clinton that embraced Islamic sharia law, the indictment said.

Some of the accused Russians traveled around the United States to gather intelligence, the indictment said, visiting at least 10 states: California, Colorado, Georgia, Illinois, Louisiana, Michigan, Nevada, New Mexico, New York and Texas.

WHAT ROLE DID RUSSIAN MILITARY OFFICERS PLAY?

On July 13, 2018, Mueller charged 12 Russian military intelligence officers with hacking Democratic Party computer networks in 2016 to steal large amounts of data and then time their release to damage Clinton. The Russian hackers broke into the computer networks of the Clinton campaign and Democratic Party organizations, covertly monitoring employee computers and planting malicious code, as well as stealing emails and other documents, according to the indictment. [nL1N1U90YU]

Using fictitious online personas such as DCLeaks and Guccifer 2.0, the hackers released tens of thousands of stolen emails and documents. The Guccifer 2.0 persona communicated with Americans, including an unidentified person who was in regular contact with senior members of the Trump campaign, the indictment said. Guccifer 2.0 cooperated extensively with “Organization 1” – the WikiLeaks website – to discuss the timing of the release of stolen documents to “heighten their impact” on the election.

On or about July 27, 2016, the Russians tried to break into email accounts used by Clinton’s personal office and her campaign, the indictment said. The same day, candidate Trump told reporters: “Russia, if you are listening, I hope you’re able to find the 30,000 emails that are missing,” referring to emails from a private server Clinton had used when she was secretary of state.

To hide their identity, the Russians laundered money and financed their operation through cryptocurrencies including bitcoin, Mueller’s team said.

IS THE THREAT OVER?

The U.S. intelligence community’s 2019 Worldwide Threat Assessment report cited Russia’s continuing efforts to interfere in the American political system. It stated, “Russia’s social media efforts will continue to focus on aggravating social and racial tensions, undermining trust in authorities, and criticizing perceived anti-Russia politicians. Moscow may employ additional influence toolkits – such as spreading disinformation, conducting hack-and-leak operations or manipulating data – in a more targeted fashion to influence U.S. policy, actions and elections.”

The report said Russia and “unidentified actors” as recently as 2018 conducted cyber activity targeting U.S. election infrastructure, though there is no evidence showing “any compromise of our nation’s election infrastructure that would have prevented voting, changed vote counts or disrupted the ability to tally votes.”

(Reporting by Doina Chiacu; Editing by Will Dunham)

U.S. initiative warns firms of hacking by China, other countries

FILE PHOTO: A Chinese flag flutters at Tiananmen Square in central Beijing, China June 8, 2018. REUTERS/Jason Lee

By Jonathan Landay

WASHINGTON (Reuters) – The Trump administration on Monday launched a drive to push U.S. firms to better protect their trade secrets from foreign hackers, following a slew of cases accusing individuals and companies of economic espionage for China.

U.S. companies hit by recent attacks included Hewlett Packard Enterprise Co and International Business Machines Corp

The National Counter-Intelligence and Security Center, which coordinates counter-intelligence efforts within the U.S. government, launched the outreach campaign to address persistent concerns that many companies are not doing enough to guard against cyber theft.

The Center is worried about cyber attacks on U.S. government agencies and the private sector from China, Russia, North Korea and Iran.

“Top corporate executives and directors should know the intent of our adversaries and what they are trying to do economically to gain the upper hand,” William Evanina, a veteran FBI agent who oversees the center, said in an interview. “We are not saying don’t invest in China or with China, but know the risk.”

The drive targets trade associations across the United States and their members. Videos, brochures and online informational materials describe the threat posed by cyber espionage and other methods used by foreign intelligence services.

One brochure details methods hackers use to break into computer networks and how they create fake social media accounts to deceive people into revealing work or personal details. It outlines ways to protect information, such as researching apps before downloading them and updating anti-virus software.

The first parts of this administration outreach effort called,”Know the Risk, Raise Your Shield,” focused mainly on federal workers. The new phase follows a series of cases announced by the U.S. government against individuals and firms for allegedly stealing government secrets and proprietary information from U.S. companies for China’s benefit.

Nine cases announced since July 2018 included the unsealing last month of an indictment of two alleged hackers linked to China’s main spy agency on charges that they stole confidential government and corporate data. The pair allegedly belonged to a hacking ring known as APT 10.

Evanina said the new campaign also focuses on what he called Moscow’s aggressive, persistent attacks on computer networks of critical U.S. infrastructure, which includes power grids and communications, financial and transportation systems.

China and Russia have repeatedly denied conducting such attacks.

The most serious threats now facing companies, Evanina said, are efforts to plant malicious software in components purchased from suppliers or to substitute counterfeit parts for genuine products.

Companies need to take greater care to counter those efforts and in vetting new hires because of the growing danger of employing people acting for foreign powers, he said.

(Reporting by Jonathan Landay; Editing by David Gregorio)

Chinese hacking against U.S. on the rise: U.S. intelligence official

A staff member sets up Chinese and U.S. flags for a meeting in Beijing, China April 27, 2018. REUTERS/Jason Lee

By Jim Finkle and Christopher Bing

NEW YORK (Reuters) – A senior U.S. intelligence official warned on Tuesday that Chinese cyber activity in the United States had risen in recent months, and the targeting of critical infrastructure in such operations suggested an attempt to lay the groundwork for future disruptive attacks.

”You worry they are prepositioning against critical infrastructure and trying to be able to do the types of disruptive operations that would be the most concern,” National Security Agency official Rob Joyce said in response to a question about Chinese hacking at a Wall Street Journal conference.

Joyce, a former White House cyber advisor for President Donald Trump, did not elaborate or provide an explanation of what he meant by critical infrastructure, a term the U.S. government uses to describe industries from energy and chemicals to financial services and manufacturing.

In the past, the U.S. government has openly blamed hackers from Iran, Russia or North Korea for disruptive cyberattacks against U.S. companies, but not China. Historically, Chinese hacking operations have been more covert and focused on espionage and intellectual property theft, according to charges filed by the Justice Department in recent years.

A spokesperson for Joyce said he was specifically referring to digital attacks against the U.S. energy, financial, transportation, and healthcare sectors in his speech on Tuesday.

The comments follow the arrest by Canadian authorities of Meng Wanzhou, chief financial officer of Chinese telecommunications giant Huawei Technologies, at the request of the United States on Dec. 1. Wanzhou was extradited and faces charges in the U.S. related to sanctions violations.

(Reporting by Jim Finkle and Christopher Bing; Editing by Bernadette Baum)

HSBC discloses customer accounts hacked at its U.S. bank

FILE PHOTO: The HSBC logo is seen on a top roof of the main branch in Beirut, Lebanon July 25, 2016. REUTERS/ Aziz Taher/File Photo

LONDON (Reuters) – Hackers breached some HSBC & HSBA. customers’ accounts in the United States in October and accessed their information, the bank said in a regulatory filing on Tuesday.

It was not immediately clear how many accounts were breached or whether any money was stolen.

“HSBC regrets this incident, and we take our responsibility for protecting our customers very seriously.” an HSBC spokeswoman said. “We have notified customers whose accounts may have experienced unauthorized access and offered them one year of credit monitoring and identify theft protection service.”

(Reporting by Lawrence White; Editing by David Goodman)

What is Russia’s GRU military intelligence agency?

A general view shows the headquarters of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation, formerly known as the Main Intelligence Directorate (GRU), in Moscow, Russia October 4, 2018. REUTERS/Stringer

By Guy Faulconbridge

LONDON (Reuters) – The West has accused Russia’s military intelligence agency (GRU) of running what it described as a global hacking campaign, targeting institutions from sports anti-doping bodies to a nuclear power company and the chemical weapons watchdog.

What is GRU and what does it do?

What is the GRU?

Russia’s military intelligence service is commonly known by the Russian acronym GRU, which stands for the Main Intelligence Directorate. Its name was formally changed in 2010 to the Main Directorate (or just GU) of the general staff, but its old acronym – GRU – is still more widely used.

Its published aims are the supply of military intelligence to the Russian president and government. Additional aims include ensuring Russia’s military, economic and technological security.

The GRU answers directly to the chief of the general staff, Valery Gerasimov, and the Russian defense minister, Sergei Shoigu, each of whom are thought to have access to Russia’s portable nuclear briefcase.

Russia’s two other main intelligence and security services were both created from the Soviet-era KGB: the Foreign Intelligence Service, or SVR, and the Federal Security Service, or FSB.

What are the GRU’s capabilities?

According to a Western assessment of GRU seen by Reuters, the GRU has a long-running program to run ‘illegal’ spies – those who work without diplomatic cover and who live under an assumed identity for years until orders from Moscow.

“It has a long-running program of ‘illegals’ reserved for the most sensitive or deniable tasks across the spectrum of GRU operations,” the assessment said.

The GRU is seen as a major Russian cyber player.

“It plays an increasingly important role in Russia’s development of Information Warfare (both defensive and offensive),” according to the Western assessment.

“It is an aggressive and well-funded organization which has the direct support of – and access to – [Russian President Vladimir] Putin, allowing freedom in its activities and leniency with regards to diplomatic and legislative scrutiny,” according to the assessment.

The GRU also has a considerable special forces unit. They are the elite of the Russian military.

“I don’t like rankings but the GRU is in the top levels of this business,” Onno Eichelsheim, director of the Netherlands Defence Intelligence and Security Service, told Reuters. “They are a very real threat.”

What are Western claims about GRU?

– The United States sanctioned GRU officers including its chief, Igor Korobov, for cyber attempts to interfere in the 2016 presidential election. Russia denied meddling in the election.

– Britain said two GRU officers attempted to murder former GRU double agent Sergei Skripal with Novichok. Russia denied any involvement.

– Britain said GRU was behind the BadRabbit attack of 2017, the hack of the Democratic National Committee in 2016, and attacks on the computer systems of both the Foreign Office and the Defence Science and Technology Laboratory in 2018. Russia said the accusations were fiction.

– The Netherlands said it caught four GRU cyberspies trying to hack into the Organization for the Prohibition of Chemical Weapons. It said the same group, known as unit 26165, had targeted the investigation into the downing of Malaysia Airlines flight MH-17.

– The United States charged seven GRU officers with plots to hack the World Anti-Doping Agency which had exposed a Russian doping program.

– GRU played a significant role in the 2014 annexation of Crimea, the conflict in Ukraine and the 2008 conflict with Georgia.

Note: The GRU does not have its own public web site and does not comment publicly on its actions. Its structure, staff numbers and financing are state secrets.

What is GRU’s history?

Russian spies trace their history back to at least the reign of Ivan the Terrible in the 16th Century, who established a feared espionage service.

The GRU was founded as the Registration Directorate in 1918 after the Bolshevik Revolution. Soviet state founder Vladimir Lenin insisted on its independence from other secret services, which saw it as a rival.

While the once mighty KGB was broken up during the 1991 collapse of the Soviet Union, the GRU remained intact.

GRU officers played a significant role in some of the key junctures of the Cold War and post-Soviet history – from the Cuban Missile crisis to Afghan war and the annexation of Crimea.

The public was given a rare chance to see parts of the GRU’s Moscow headquarters when Putin visited it in 2006. He was shown taking part in shooting practice.

(Editing by Richard Balmforth)

Dutch government says it disrupted Russian attempt to hack chemical weapons watchdog

Dutch Minister of Defence Ank Bijleveld speaks during a news conference in The Hague, Netherlands, October 4, 2018. REUTERS/Piroschka van de Wouw

By Anthony Deutsch and Stephanie van den Berg

THE HAGUE (Reuters) – Dutch authorities disrupted an attempt in April by Russian intelligence agents to hack the Organization for the Prohibition of Chemical Weapons, Defence Minister Ank Bijleveld said on Thursday.

At a news conference in The Hague, Bijleveld called on Russia to cease its cyber activities aimed at “undermining” Western democracies.

She noted that the U.S. Department of Justice is expected to issue indictments of suspected Russian spies later on Thursday, in part due to information gleaned from the Dutch operation.

According to a presentation by the head of the Netherlands’ military intelligence agency, four Russians arrived in the Netherlands on April 10 and were caught on the 13th with spying equipment at a hotel next to the OPCW headquarters.

The men were not successful in breaching OPCW systems, the minister said.

At a presentation, Dutch Major General Onno Eichelsheim showed the antennae, laptops and other equipment the men intended to use to breach the OPCW’s wifi network. He said the spies were caught red-handed and attempted to destroy some of their own equipment to conceal what they had been doing.

At the time, the OPCW was working to verify the identity of the substance used in the March attack in Salisbury, Britain, on former Russian spy Sergei Skripal and his daughter Yulia. It was also seeking to verify the identity of a substance used in an attack in Douma, Syria.

The four Russians in the Netherlands were detained in April and expelled to Russia and not immediately prosecuted because the operation was considered military, not police, Eichelsheim said.

The men, who were also believed to have spied on the investigation into the 2014 downing of Malaysia Airlines flight MH17 had planned to travel on from the Netherlands to a laboratory in Spiez, Switzerland used by the OPCW to analyze chemical weapons samples, he said.

They were instead “put on a flight to Moscow,” said Bijleveld.

Eichelsheim warned against being naive and considering the Netherlands as relatively safe from Russian cyber attacks.

Russian military intelligence “is active here in the Netherlands … where a lot of international organizations are (based),” Eichelsheim said.

(Reporting by Toby Sterling; Editing by Janet Lawrence)

U.S. judge will not force Georgia to use paper ballots despite concerns

FILE PHOTO: Georgia Secretary of State Brian Kemp speaks with visitors to the state capitol about the "SEC primary" involving a group of southern states voting next month in Atlanta, Georgia February 24, 2016. REUTERS/Letitia Stein/File Photo

By Gina Cherelus

(Reuters) – A federal judge will not force Georgia to use paper ballots for the November election, citing the potential for last-minute confusion, but expressed concern that the state’s electronic machines could be vulnerable to hacking.

U.S. District Judge Amy Totenberg said in a ruling late on Monday that while it is important for citizens to know their ballots are properly counted, voters also must rely on a smooth process, especially in a fast-approaching election race.

“Ultimately, any chaos or problems that arise in connection with a sudden rollout of a paper ballot system with accompanying scanning equipment may swamp the polls with work and voters – and result in voter frustration and disaffection from the voting process,” Totenberg said in a 46-page decision.

The state’s November contests include a gubernatorial race that is among the most high-profile in the country. Democrat Stacey Abrams faces Secretary of State Brian Kemp, who is responsible for the state’s elections and is named as a defendant in the lawsuit.

If elected, Abrams would be the first black female governor in the United States.

Georgia is one of five states that use touchscreen machines with no paper record.

Voting rights groups and individual voters sued Georgia officials in 2017, alleging that the electronic machines are highly vulnerable to hacking and cannot be audited or verified. The judge’s decision to reject their request to require paper ballots in November does not affect the underlying lawsuit, which will continue.

An attorney for the plaintiffs, David Cross, said that while they were disappointed the judge had not imposed paper ballots for November, her decision was nevertheless a victory because she agreed the current election system is “woefully inadequate and insecure.”

Georgia has used direct-recording electronic (DRE) voting machines exclusively since 2002. The machines have drawn criticism from various advocacy groups and federal agencies, including U.S. Department of Homeland Security officials who called the systems a “national security concern” in March, according to Totenberg.

“Plaintiffs shine a spotlight on the serious security flaws and vulnerabilities in the state’s DRE system,” Totenberg said in the court order.

A representative from Kemp’s office did not immediately respond to a request for comment on Tuesday. Kemp on Monday said that Georgia’s electronic voting machines are secure and that switching to paper ballots would cause “chaos,” according to the Atlantic Journal-Constitution newspaper.

(Reporting by Gina Cherelus in New York; Editing by Joseph Ax and Susan Thomas)

Exclusive: Iran-based political influence operation – bigger, persistent, global

FILE PHOTO: Silhouettes of mobile users are seen next to a screen projection of Instagram logo in this picture illustration taken March 28, 2018. REUTERS/Dado Ruvic/Illustration

By Jack Stubbs and Christopher Bing

LONDON/WASHINGTON (Reuters) – An apparent Iranian influence operation targeting internet users worldwide is significantly bigger than previously identified, Reuters has found, encompassing a sprawling network of anonymous websites and social media accounts in 11 different languages.

Facebook and other companies said last week that multiple social media accounts and websites were part of an Iranian project to covertly influence public opinion in other countries. A Reuters analysis has identified 10 more sites and dozens of social media accounts across Facebook, Instagram, Twitter and YouTube.

U.S.-based cybersecurity firm FireEye Inc and Israeli firm ClearSky reviewed Reuters’ findings and said technical indicators showed the web of newly-identified sites and social media accounts – called the International Union of Virtual Media, or IUVM – was a piece of the same campaign, parts of which were taken down last week by Facebook Inc, Twitter Inc and Alphabet Inc.

IUVM pushes content from Iranian state media and other outlets aligned with the government in Tehran across the internet, often obscuring the original source of the information such as Iran’s PressTV, FARS news agency and al-Manar TV run by the Iran-backed Shi’ite Muslim group Hezbollah.

PressTV, FARS, al-Manar TV and representatives for the Iranian government did not respond to requests for comment. The Iranian mission to the United Nations last week dismissed accusations of an Iranian influence campaign as “ridiculous.”

The extended network of disinformation highlights how multiple state-affiliated groups are exploiting social media to manipulate users and further their geopolitical agendas, and how difficult it is for tech companies to guard against political interference on their platforms.

In July, a U.S. grand jury indicted 12 Russians whom prosecutors said were intelligence officers, on charges of hacking political groups in the 2016 U.S. presidential election. U.S. officials have said Russia, which has denied the allegations, could also attempt to disrupt congressional elections in November.

Ben Nimmo, a senior fellow at the Atlantic Council’s Digital Forensic Research Lab who has previously analyzed disinformation campaigns for Facebook, said the IUVM network displayed the extent and scale of the Iranian operation.

“It’s a large-scale amplifier for Iranian state messaging,” Nimmo said. “This shows how easy it is to run an influence operation online, even when the level of skill is low. The Iranian operation relied on quantity, not quality, but it stayed undetected for years.”

FURTHER INVESTIGATIONS

Facebook spokesman Jay Nancarrow said the company is still investigating accounts and pages linked to Iran and had taken more down on Tuesday.

“This is an ongoing investigation and we will continue to find out more,” he said. “We’re also glad to see that the information we and others shared last week has prompted additional attention on this kind of inauthentic behavior.”

Twitter referred to a statement it tweeted on Monday shortly after receiving a request for comment from Reuters. The statement said the company had removed a further 486 accounts for violating its terms of use since last week, bringing the total number of suspended accounts to 770.

“Fewer than 100 of the 770 suspended accounts claimed to be located in the U.S. and many of these were sharing divisive social commentary,” Twitter said.

Google declined to comment but took down the IUVM TV YouTube account after Reuters contacted the company with questions about it. A message on the page on Tuesday said the account had been “terminated for a violation of YouTube’s Terms of Service.”

IUVM did not respond to multiple emails or social media messages requesting comment.

The organization does not conceal its aims, however. Documents on the main IUVM website  said its headquarters are in Tehran and its objectives include “confronting with remarkable arrogance, western governments, and Zionism front activities.”

APP STORE AND SATIRICAL CARTOONS

IUVM uses its network of websites – including a YouTube channel, breaking news service, mobile phone app store, and a hub for satirical cartoons mocking Israel and Iran’s regional rival Saudi Arabia – to distribute content taken from Iranian state media and other outlets which support Tehran’s position on geopolitical issues.

Reuters recorded the IUVM network operating in English, French, Arabic, Farsi, Urdu, Pashto, Russian, Hindi, Azerbaijani, Turkish and Spanish.

Much of the content is then reproduced by a range of alternative media sites, including some of those identified by FireEye last week as being run by Iran while purporting to be domestic American or British news outlets.

For example, an article run by in January by Liberty Front Press – one of the pseudo-U.S. news sites exposed by FireEye – reported on the battlefield gains made by the army of Iranian ally Syrian President Bashar al-Assad. That article was sourced to IUVM but actually lifted from two FARS news agency stories.

FireEye analyst Lee Foster said iuvmpress.com, one of the biggest IUVM websites, was registered in January 2015 with the same email address used to register two sites already identified as being run by Iran. ClearSky said multiple IUVM sites were hosted on the same server as another website used in the Iranian operation.

(Reporting by Jack Stubbs in LONDON, Christopher Bing in WASHINGTON; Additional reporting by Bozorgmehr Sharafedin in LONDON; Editing by Damon Darlin and Grant McCool)

More U.S. states deploy technology to track election hacking attempts

FILE PHOTO: A man types into a keyboard during the Def Con hacker convention in Las Vegas, Nevada, U.S. on July 29, 2017. REUTERS/Steve Marcus/File Photo

By Christopher Bing

WASHINGTON (Reuters) – A majority of U.S. states has adopted technology that allows the federal government to see inside state computer systems managing voter data or voting devices in order to root out hackers.

Two years after Russian hackers breached voter registration databases in Illinois and Arizona, most states have begun using the government-approved equipment, according to three sources with knowledge of the deployment. Voter registration databases are used to verify the identity of voters when they visit polling stations.

The rapid adoption of the so-called Albert sensors, a $5,000 piece of hardware developed by the Center for Internet Security https://www.cisecurity.org, illustrates the broad concern shared by state government officials ahead of the 2018 midterm elections, government cybersecurity experts told Reuters.

CIS is a nonprofit organization based in East Greenbush, N.Y., that helps governments, businesses and organization fight computer intrusions.

“We’ve recently added Albert sensors to our system because I believe voting systems have tremendous vulnerabilities that we need to plug; but also the voter registration systems are a concern,” said Neal Kelley, chief of elections for Orange County, California.

“That’s one of the things I lose sleep about: It’s what can we do to protect voter registration systems?”

As of August 7, 36 of 50 states had installed Albert at the “elections infrastructure level,” according to a Department of Homeland Security official. The official said that 74 individual sensors across 38 counties and other local government offices have been installed. Only 14 such sensors were installed before the U.S. presidential election in 2016.

“We have more than quadrupled the number of sensors on state and county networks since 2016, giving the election community as a whole far greater visibility into potential threats than we’ve ever had in the past,” said Matthew Masterson, a senior adviser on election security for DHS.

The 14 states that do not have a sensor installed ahead of the 2018 midterm elections have either opted for another solution, are planning to do so shortly or have refused the offer because of concerns about federal government overreach. Those 14 states were not identified by officials.

But enough have installed them that cybersecurity experts can begin to track intrusions and share that information with all states. The technology directly feeds data about cyber incidents through a non-profit cyber intelligence data exchange and then to DHS.

“When you start to get dozens, hundreds of sensors, like we have now, you get real value,” said John Gilligan, the chief executive of CIS.

“As we move forward, there are new sensors that are being installed literally almost every day. Our collective objective is that all voter infrastructure in states has a sensor.”

Top U.S. intelligence officials have predicted that hackers working for foreign governments will target the 2018 and 2020 elections.

Maria Benson, a spokesperson for the National Association of Secretaries of States, said that in some cases installations have been delayed because of the time spent working out “technical and contractual arrangements.”

South Dakota and Wyoming are among the states without Albert fully deployed to protect election systems, a source with knowledge of the matter told Reuters.

The South Dakota Secretary of State’s office did not respond to a request for comment. The Wyoming Secretary of State’s office said it is currently considering expanding use of the sensors.

(Reporting by Chris Bing; Editing by Damon Darlin and Dan Grebler)