U.S. grand jury indicts woman on charges of being Russian agent

Public figure Maria Butina delivers a speech during a rally to demand the expanding of rights of Russian citizens, in this undated handout photo obtained by Reuters on July 17, 2018. Press Service of Civic Chamber of the Russian Federation/Handout via REUTERS

WASHINGTON (Reuters) – A U.S. grand jury returned an indictment against a Russian woman on Tuesday, and added a charge accusing her of acting as a Russian government agent while developing ties with American citizens and infiltrating political groups.

Maria Butina, who studied at American University in Washington and is a founder of the pro-gun Russian advocacy group Right to Bear Arms, was charged in a criminal complaint on Monday with conspiracy to take actions on behalf of the Russian government.

Tuesday’s grand jury indictment added a more serious charge of acting as an agent of the Russian government, which carries a maximum penalty of 10 years in prison. The conspiracy charge carries a maximum five-year prison term.

Butina has not been charged with espionage or with being a member of a Russian intelligence service.

She was arrested on Sunday and is scheduled to appear on Wednesday in federal court in Washington, the Justice Department said.

Public figure Maria Butina (R) attends a meeting of a group of experts, affiliated to the government of Russia, in this undated handout photo obtained by Reuters on July 17, 2018. Press Service of Civic Chamber of the Russian Federation/Handout via REUTERS

Public figure Maria Butina (R) attends a meeting of a group of experts, affiliated to the government of Russia, in this undated handout photo obtained by Reuters on July 17, 2018. Press Service of Civic Chamber of the Russian Federation/Handout via REUTERS

Robert Driscoll, an attorney for Butina, said she was not a Russian agent.

Butina is accused of operating at the direction of a high-level official of the Russian Central Bank who was recently sanctioned by the U.S. Treasury, the Justice Department said.

Court records did not name the official.

Butina has appeared in numerous photographs on her Facebook page with Alexander Torshin, the deputy head of Russia’s Central Bank who was sanctioned by the U.S. Treasury Department in April.

A person familiar with the matter has told Reuters that Butina worked for him as an assistant. Other media reported on a business relationship between Butina and Torshin.

Torshin did not reply to a request for comment on Monday and the Russian Central Bank declined to comment.

The Justice Department said in its complaint that Butina worked with two unnamed U.S. citizens and the Russian official to try to influence American politics and infiltrate a pro-gun rights organization.

The complaint did not name the group, however photos on her Facebook page showed that she attended events sponsored by the National Rifle Association. The NRA did not reply to a request for comment.

(Reporting by Eric Beech; Editing by Eric Walsh and Diane Craft)

UK defence minister says Russia looking to cause thousands of deaths in Britain

Russian President Vladimir Putin meets with employees during a visit to the Gorbunov Aviation factory in Kazan, Russia January 25, 2018. Sputnik/Alexei Nikolsky/Kremlin via

LONDON (Reuters) – Britain’s defence minister warned that Russia was looking to damage the British economy by attacking its infrastructure, a move he said could cause “thousands and thousands and thousands of deaths”, The Telegraph newspaper reported.

Relations between Russia and Britain are strained. Prime Minister Theresa May last year accused Moscow of military aggression and in December, Foreign Secretary Boris Johnson said there was evidence showing Russian meddling in Western elections.

Britain has also scrambled jets in recent months to intercept Russian jets near the United Kingdom’s airspace.

“The plan for the Russians won’t be for landing craft to appear in the South Bay in Scarborough, and off Brighton Beach,” defence minister Gavin Williamson, tipped as a possible successor to May, was quoted as saying by The Telegraph.

“What they are looking at doing is they are going to be thinking ‘How can we just cause so much pain to Britain?’. Damage its economy, rip its infrastructure apart, actually cause thousands and thousands and thousands of deaths, but actually have an element of creating total chaos within the country.”

The Kremlin, which under Vladimir Putin has clawed back some of the global influence lost when the Soviet Union collapsed, has denied meddling in elections in the West. It says anti-Russian hysteria is sweeping through the United States and Europe.

Williamson said Russia was look at ways to attack Britain.

“Why would they keep photographing and looking at power stations, why are they looking at the interconnectors that bring so much electricity and so much energy into our country,” he was quoted as saying.

“If you could imagine the domestic and industrial chaos that this would actually cause. What they would do is cause the chaos and then step back.”

“This is the real threat that I believe the country is facing at the moment,” he said.

The Russian Defence Ministry said on Friday that Williamson’s comments showed he had lost his understanding of what was reasonable, RIA news agency reported.

“It is likely he has lost his grasp on reason,” RIA quoted ministry spokesman Igor Konashenkov as saying.

(Reporting by Costas Pitas; editing by Stephen Addison)

U.S. House panel advances bill aimed at limiting NSA spying program

U.S. House panel advances bill aimed at limiting NSA spying program

By Dustin Volz

WASHINGTON (Reuters) – A U.S. House panel on Wednesday passed legislation seeking to overhaul some aspects of the National Security Agency’s warrantless internet surveillance program, overcoming criticism from civil liberties advocates that it did not include enough safeguards to protect Americans’ privacy.

The House Judiciary Committee voted 27-8 to approve the bill, which would partially restrict the U.S. government’s ability to review American data collected under the foreign intelligence program by requiring a warrant in some cases.

Lawmakers in both parties were sharply divided over whether the compromise proposal to amend what is known as Section 702 of the Foreign Intelligence Surveillance Act would enshrine sufficient privacy protections or possibly grant broader legal protections for the NSA’s surveillance regime.

“The ultimate goal here is to reauthorize a very important program with meaningful and responsible reforms,” Republican Bob Goodlatte, who chairs the committee, said. “If we do not protect this careful compromise, all sides of this debate risk losing.”

Passage of the House bill sets up a potential collision with two separate pieces of legislation advancing in the U.S. Senate, one favored by privacy advocates and one considered more acceptable to U.S. intelligence agencies.

Congress must renew Section 702 in some form before Dec. 31 or the program will expire.

U.S. intelligence officials consider Section 702 among the most vital of tools at their disposal to thwart threats to national security and American allies.

It allows the NSA to collect vast amounts of digital communications from foreign suspects living outside the United States.

But the program, classified details of which were exposed in 2013 by former NSA contractor Edward Snowden, incidentally gathers communications of Americans for a variety of technical reasons, including if they communicate with a foreign target living overseas. Those communications can then be subject to searches without a warrant, including by the Federal Bureau of Investigation.

The House bill, known as the USA Liberty Act, partially restricts the FBI’s ability to review American data collected under Section 702 by requiring the agency to obtain a warrant when seeking evidence of crime.

It does not mandate a warrant in other cases, such as requests for data related to counterterrorism or counter-espionage.

The committee rejected an amendment offered by Republican Representative Ted Poe and Democratic Representative Zoe Lofgren that would have generally required all searches of U.S. data collected through Section 702 to require a warrant. In 2014 and 2015 the full House of Representatives voted with strong bipartisan support to adopt such a measure, though it never became law.

“We have created a measure that has actually taken us backwards in terms of constitutional rights,” Lofgren said.

(Reporting by Dustin Volz; editing by James Dalgleish)

Exclusive: U.S. widens surveillance to include ‘homegrown violent extremists’ – documents

Exclusive: U.S. widens surveillance to include 'homegrown violent extremists' - documents

By Dustin Volz

WASHINGTON (Reuters) – The U.S. government has broadened an interpretation of which citizens can be subject to physical or digital surveillance to include “homegrown violent extremists,” according to official documents seen by Reuters.

The change last year to a Department of Defense manual on procedures governing its intelligence activities was made possible by a decades-old presidential executive order, bypassing congressional and court review.

The new manual, released in August 2016, now permits the collection of information about Americans for counterintelligence purposes “when no specific connection to foreign terrorist(s) has been established,” according to training slides created last year by the Air Force Office of Special Investigations (AFOSI).

The slides were obtained by Human Rights Watch through a Freedom of Information Act request about the use of federal surveillance laws for counter-drug or immigration purposes and shared exclusively with Reuters.

The Air Force and the Department of Defense told Reuters that the documents are authentic.

The slides list the shooting attacks in San Bernardino, California, in December 2015 and Orlando, Florida, in June 2016 as examples that would fall under the “homegrown violent extremist” category. The shooters had declared fealty to Islamic State shortly before or during the attacks, but investigators found no actual links to the organization that has carried out shootings and bombings of civilians worldwide.

Michael Mahar, the Department of Defense’s senior intelligence oversight official, said in an interview that AFOSI and other military counterintelligence agencies are allowed to investigate both active duty and U.S. civilian personnel as long as there is a potential case connected to the military. Investigations of civilians are carried out cooperatively with the Federal Bureau of Investigation, Mahar said.

Executive order 12333, signed by former President Ronald Reagan in 1981 and later modified by former President George W. Bush, establishes how U.S. intelligence agencies such as the CIA are allowed to pursue foreign intelligence investigations. The order also allows surveillance of U.S. citizens in certain cases, including for activities defined as counterintelligence.

Under the previous Defense Department manual’s definition of counterintelligence activity, which was published in 1982, the U.S. government was required to demonstrate a target was working on behalf of the goals of a foreign power or terrorist group.

It was not clear what practical effect the expanded definition might have on how the U.S. government gathers intelligence. One of the Air Force slides described the updated interpretation as among several “key changes.”

‘CLOAK OF DARKNESS’

However, some former U.S. national security officials, who generally support giving agents more counterterrorism tools but declined to be quoted, said the change appeared to be a minor adjustment that was unlikely to significantly impact intelligence gathering.

Some privacy and civil liberties advocates who have seen the training slides disagreed, saying they were alarmed by the change because it could increase the number of U.S. citizens who can be monitored under an executive order that lacks sufficient oversight.

“What happens under 12333 takes place under a cloak of darkness,” said Sarah St. Vincent, a surveillance researcher with Human Rights Watch who first obtained the documents. “We have enormous programs potentially affecting people in the United States and abroad, and we would never know about these changes” without the documents, she said.

The National Security Act, a federal law adopted 70 years ago, states that Congress must be kept informed about significant intelligence activities. But the law leaves the interpretation of that to the executive branch.

The updated interpretation was motivated by recognition that some people who may pose a security threat do not have specific ties to a group such as Islamic State or Boko Haram, Mahar at the Defense Department said.

“The internet and social media has made it easier for terrorist groups to radicalize followers without establishing direct contact,” Mahar said.

“We felt that we needed the flexibility to target those individuals,” he said.

In August 2016, during the final months of former President Barack Obama’s administration, a Pentagon press release announced that the department had updated its intelligence collecting procedures but it made no specific reference to “homegrown violent extremists.”

The revision was signed off by the Department of Justice’s senior leadership, including the attorney general, and reviewed by the Privacy and Civil Liberties Oversight Board, a government privacy watchdog.

Mahar said that “homegrown violent extremist,” while listed in the Air Force training slide, is not an official phrase used by the Defense Department. It does not have a specific list of traits or behaviors that would qualify someone for monitoring under the new definition, Mahar said.

Hunches or intuition are not enough to trigger intelligence gathering, Mahar said, adding that a “reasonable belief” that a target may be advancing the goals of an international terrorist group to harm the United States is required.

The updated Defense Department manual refers to any target “reasonably believed to be acting for, or in furtherance of, the goals or objectives of an international terrorist or international terrorist organization, for purposes harmful to the national security of the United States.”

Mahar said that in counterterrorism investigations, federal surveillance laws, including the Foreign Intelligence Surveillance Act, continue to govern electronic surveillance in addition to the limitations detailed in his department’s manual.

(Reporting by Dustin Volz; editing by Grant McCool)

Senators push bill requiring warrant for U.S. data under spy law

Senators push bill requiring warrant for U.S. data under spy law

By Dustin Volz

WASHINGTON (Reuters) – A bipartisan group of at least 10 U.S. senators plans to introduce on Tuesday legislation that would substantially reform aspects of the National Security Agency’s warrantless internet surveillance program, according to congressional aides.

The effort, led by Democrat Ron Wyden and Republican Rand Paul, would require a warrant for queries of data belonging to any American collected under the program. The bill’s introduction is likely to add uncertainty to how Congress will renew a controversial portion of a spying law due to expire on Dec. 31.

Section 702 of the Foreign Intelligence Surveillance Act is considered by U.S. intelligence officials to be among their most vital tools used to combat national and cyber security threats and help protect American allies.

It allows U.S. intelligence agencies to eavesdrop on and store vast amounts of digital communications from foreign suspects living outside the United States.

The surveillance program, classified details of which were exposed in 2013 by former NSA contractor Edward Snowden, also incidentally scoops up communications of Americans, including if they communicate with a foreign target living overseas.

Those communications can then be subject to searches without a warrant, including by the Federal Bureau of Investigation, a practice that the USA Rights Act authored by Wyden and Paul would end.

The measure is expected to be introduced with support from a wide berth of civil society groups, including the American Civil Liberties Union and FreedomWorks, a Wyden spokesman said.

It would renew Section 702 for four years with additional transparency and oversight provisions, such as allowing individuals to more easily raise legal challenges against the law and expand the oversight jurisdiction of the Privacy and Civil Liberties Oversight Board, a government privacy watchdog.

A bipartisan group of lawmakers in the House of Representatives earlier this month introduced legislation seeking to add privacy protections to Section 702, including a partial restriction to the FBI’s ability to access U.S. data when seeking evidence of a crime.

But that was criticized by privacy groups as too narrow.

Separately, the Senate Intelligence Committee is expected to privately vote on Tuesday on a bill to reauthorize Section 702 that privacy advocates say will lack their reform priorities.

Wyden sent a letter on Monday urging committee leaders to allow a public vote, saying the bill “will have enormous impact on the security, liberty, and constitutional rights of the American people” and should be debated in the open.

(Reporting by Dustin Volz; Editing by Leslie Adler)

U.S. lawmakers want to restrict internet surveillance on Americans

U.S. lawmakers want to restrict internet surveillance on Americans

By Dustin Volz

(Reuters) – A bipartisan group of U.S. lawmakers unveiled legislation on Wednesday that would overhaul aspects of the National Security Agency’s warrantless internet surveillance program in an effort to install additional privacy protections.

The bill, which will be formally introduced as soon as Thursday, is likely to revive debate in Washington over the balance between security and privacy, amid concerns among some lawmakers in both parties that the U.S. government may be too eager to spy on its own citizens.

The legislation, written by the House of Representatives Judiciary Committee, is seen by civil liberties groups as the best chance in Congress to reform the law, known as Section 702 of the Foreign Intelligence Surveillance Act, before its expiration on Dec. 31.

Senior U.S. intelligence officials consider Section 702 to be among the most vital tools they have to thwart threats to national security and American allies.

It allows U.S. intelligence agencies to eavesdrop on and store vast amounts of digital communications from foreign suspects living outside the United States.

But the program, classified details of which were exposed in 2013 by former NSA contractor Edward Snowden, also incidentally scoops up communications of Americans, including if they communicate with a foreign target living overseas. Those communications can then be subject to searches without a warrant by the Federal Bureau of Investigation.

A discussion draft of the legislation, a copy of which was seen by Reuters, partially restricts the FBI’s ability to access American data collected under Section 702 by requiring the agency to obtain a warrant when seeking evidence of a crime.

That limit would not apply, however, to requests of data that involve counterterrorism or counter-espionage.

The narrower restriction on what some have called a “backdoor search loophole” has disappointed some civil liberties groups. Several organizations sent a letter this week saying they would not support legislation that did not require a warrant for all queries of American data collected under Section 702.

The legislation would also renew the program for six years and codify the National Security Agency’s decision earlier this year to halt the collection of communications that merely mentioned a foreign intelligence target. But that codification would end in six years as well, meaning NSA could potentially resume the activity in 2023.

The spy agency has said it lost some operational capability by ending so-called “about” collection due to privacy compliance issues and has lobbied against a law that would make its termination permanent.

Republican senators introduced a bill earlier this year to renew Section 702 without changes and make it permanent, a position backed by the White House and intelligence agencies.

But that effort is expected to face major resistance in the House, where an influential conservative bloc of Republicans earlier this year said it opposed renewal unless major changes were made, reflecting disagreement within the majority party.

Separately, Senators John Cornyn, the No. 2 Republican in the chamber, and Democratic Senator Dianne Feinstein are working on Section 702 legislation that may also be introduced this week and include fewer reforms.

Democratic Senator Ron Wyden and Republican Senator Rand Paul are also planning to introduce a bill that would require a warrant for any query of Section 702 involving data belonging to an American.

(Reporting by Dustin Volz; Editing by Peter Cooney and Lisa Shumaker)

NSA says it would need to scale down spying program ahead of expiration

FILE PHOTO: An illustration picture shows the logo of the U.S. National Security Agency on the display of an iPhone, June 7, 2013. REUTERS/Pawel Kopczynski/Illustration/File photo

By Dustin Volz

WASHINGTON (Reuters) – The U.S. National Security Agency would need to begin winding down what it considers its most valuable intelligence program before its expiration at year-end if the U.S. Congress leaves its reauthorization in limbo, the agency’s deputy director said on Friday.

The possibility the U.S. government may begin losing access to the surveillance authority even before it would officially lapse on Dec. 31 is likely to increase pressure on lawmakers to quickly renew the law.

“We would have to be looking to work with our mission partners in the government as well as the companies to start scaling down in advance,” George Barnes, the deputy director of the NSA, said at the George Washington University Center for Cyber & Homeland Security event.

“We would, definitely. The last thing we would want to do is conduct any operation … if we did not have an active statute in place,” Barnes said in response to a question asked by Reuters. “We would have to work the dates backwards to make sure we didn’t cross the line.”

Asked about the remarks by Barnes, an NSA spokesman said the agency fully expects Congress to reauthorize the program.

The law, Section 702 of the Foreign Intelligence Surveillance Act, allows U.S. intelligence agencies to eavesdrop on, and store vast amounts of, digital communications from foreign suspects living outside of the United States.

It is considered a critical national security tool by U.S. officials, who say it supports priorities ranging from counterterrorism to cyber security.

But the program, classified details of which were exposed by 2013 by former NSA contractor Edward Snowden, also incidentally scoops up communications of Americans for a variety of technical reasons, including if they communicate with a foreign target living overseas. Those communications can then be subject to searches from analysts without a warrant.

The scenario articulated by Barnes resembles one that occurred two years ago, when portions of a separate law, the Patriot Act, that allowed the NSA to collect bulk domestic phone metadata were expiring.

Gridlocked over whether to enact reforms, U.S. lawmakers briefly let that Patriot Act lapse. The NSA said it had to begin winding down the program about a week before its expiration.

A bipartisan group of lawmakers in Congress is working on legislation to reform aspects of Section 702, but many Republicans, supported by the White House, want to renew the law without changes and make it permanent.

(Reporting by Dustin Volz; Editing by Steve Orlofsky)

Saudis urged to report on each other’s social media activity

A Saudi man explores a website on his laptop in Riyadh February 11, 2014. REUTERS/Faisal Al Nasser

(Reuters) – Saudi Arabia is urging people to report subversive social media activity via a phone app, part of an apparent crackdown on potential government critics before demonstrations called for by exiled opposition figures.

A message sent on a Twitter account run by the interior ministry late on Tuesday called on citizens and residents to monitor each other for what it called “information crimes”.

“When you notice any account on social networks publishing terrorist or extremist ideas, please report it immediately via the application #We’re_all_security”, it said, referring to a mobile phone app launched last year to enable civilians to report traffic violations and burglaries.

Hours later, the public prosecutor tweeted a section of the kingdom’s terrorism law which states: “Endangering national unity, obstructing the Basic Law of governance or some of its articles, and harming the state’s reputation or status are terrorist crimes.”

Exiled Saudi critics have called for demonstrations on Friday to galvanize opposition to the royal family and at least a dozen prominent clerics, intellectuals and activists, including prominent Islamist cleric Sheikh Salman al-Awdah, have been detained this week, activists say.

Protests are banned in Saudi Arabia as are political parties. Unions are illegal, the press is controlled and criticism of the royal family can lead to prison.

Riyadh says it does not have political prisoners, while top officials have said monitoring activists is needed to maintain social stability.

The detentions reported by activists follow widespread speculation, denied by officials, that King Salman intends to abdicate to his son, Crown Prince Crown Prince Mohammed bin Salman, who dominates economic, diplomatic and domestic policy.

It also coincides with growing tensions with Qatar over its alleged support of Islamists, including the Muslim Brotherhood which is listed by Riyadh as a terrorist organization.

Some Twitter users expressed support for the government’s approach, using the “We’re all Security” hashtag.

“No flattery, no silence whether for a relative or friend in securing the homeland,” said one. “Defend your security. Chaos starts with calls for freedom and reform. Do not believe them.”

IDEOLOGICAL THREAT

The government has not clearly acknowledged this week’s detentions or responded to requests for comment.

But state news agency SPA said on Tuesday authorities had uncovered “intelligence activities for the benefit of foreign parties” by a group of people it did not identify.

A Saudi security source told Reuters the suspects were accused of “espionage activities and having contacts with external entities including the Muslim Brotherhood”, which Riyadh has classified as a terrorist organization.

The government toughened its stance on dissent following the Arab Spring in 2011 after it averted unrest by offering billions of dollars in handouts and state spending.

But the Brotherhood, which represents an ideological threat to Riyadh’s dynastic system of rule, has gained power elsewhere in the region.

Since the kingdom’s founding, the ruling Al Saud family has enjoyed a close alliance with clerics of the ultra-conservative Wahhabi school of Islam. In return, the clerics have espoused a political philosophy that demands obedience to the ruler.

By contrast the Muslim Brotherhood advances an active political doctrine urging revolutionary action, which flies in the face of Wahhabi teaching.

The Brotherhood-inspired Sahwa movement in the 1990s agitated to bring democracy to Saudi Arabia and criticized the ruling family for corruption, social liberalization and working with the West, including allowing U.S. troops into the kingdom during the 1991 Iraq war.

The Sahwa were largely undermined by a mixture of repression and co-optation but remain active.

The al-Saud family has always regarded Islamist groups as the biggest internal threat to its rule over a country in which appeals to religious sentiment cannot be lightly dismissed and an al Qaeda campaign a decade ago killed hundreds.

Saudi Arabia, the United Arab Emirates, Bahrain and Egypt cut diplomatic and transport links with Qatar in June over its alleged support for Islamist militants, a charge that Doha denies.

(Editing by Timothy Heritage)

Exclusive: India and Pakistan hit by spy malware – cybersecurity firm

FILE PHOTO: A Symantec security app is seen on a phone in this illustration photo taken May 23, 2017. REUTERS/Thomas White/Illustration/File Photo

By Rahul Bhatia

MUMBAI (Reuters) – Symantec Corp, a digital security company, says it has identified a sustained cyber spying campaign, likely state-sponsored, against Indian and Pakistani entities involved in regional security issues.

In a threat intelligence report that was sent to clients in July, Symantec said the online espionage effort dated back to October 2016.

The campaign appeared to be the work of several groups, but tactics and techniques used suggest that the groups were operating with “similar goals or under the same sponsor”, probably a nation state, according to the threat report, which was reviewed by Reuters. It did not name a state.

The detailed report on the cyber spying comes at a time of heightened tensions in the region.

India’s military has raised operational readiness along its border with China following a face-off in Bhutan near their disputed frontier, while Indo-Pakistan tensions are also simmering over the disputed Kashmir region.

A spokesman for Symantec said the company does not comment publicly on the malware analysis, investigations and incident response services it provides clients.

Symantec did not identify the likely sponsor of the attack. But it said that governments and militaries with operations in South Asia and interests in regional security issues would likely be at risk from the malware. The malware utilizes the so-called “Ehdoor” backdoor to access files on computers.

“There was a similar campaign that targeted Qatar using programs called Spynote and Revokery,” said a security expert, who requested anonymity. “They were backdoors just like Ehdoor, which is a targeted effort for South Asia.”

CLICKBAIT

To install the malware, Symantec found, the attackers used decoy documents related to security issues in South Asia. The documents included reports from Reuters, Zee News, and the Hindu, and were related to military issues, Kashmir, and an Indian secessionist movement.

The malware allows spies to upload and download files, carry out processes, log keystrokes, identify the target’s location, steal personal data, and take screenshots, Symantec said, adding that the malware was also being used to target Android devices.

In response to frequent cyber-security incidents, India in February established a center to help companies and individuals detect and remove malware. The center is operated by the Indian Computer Emergency Response Team (CERT-In).

Gulshan Rai, the director general of CERT-In, declined to comment specifically on the attack cited in the Symantec report, but added: “We took prompt action when we discovered a backdoor last October after a group in Singapore alerted us.” He did not elaborate.

Symantec’s report said an investigation into the backdoor showed that it was constantly being modified to provide “additional capabilities” for spying operations.

A senior official with Pakistan’s Federal Investigation Agency said it had not received any reports of malware incidents from government information technology departments. He asked not to be named due to the sensitivity of the matter.

A spokesman for FireEye, another cybersecurity company, said that based on an initial review of the malware, it had concluded that an internet protocol address in Pakistan had submitted the malware to a testing service. The spokesman requested anonymity, citing company policy.

Another FireEye official said the attack reported by Symantec was not surprising.

“South Asia is a hotbed of geopolitical tensions, and wherever we find heightened tensions we expect to see elevated levels of cyber espionage activity,” said Tim Wellsmore, FireEye’s director of threat intelligence for the Asia Pacific region.

The Symantec report said the ‘Ehdoor’ backdoor was initially used in late 2016 to target government, military and military-affiliated targets in the Middle East and elsewhere.

(Reporting by Rahul Bhatia. Additional reporting by Jeremy Wagstaff in Singapore.; Editing by Euan Rocha and Philip McClellan)

Exclusive: Moscow lawyer who met Trump Jr. had Russian spy agency as client

Russian lawyer Natalia Veselnitskaya speaks during an interview in Moscow, Russia November 8, 2016. REUTERS/Kommersant Photo/Yury Martyanov

By Maria Tsvetkova and Jack Stubbs

MOSCOW (Reuters) – The Russian lawyer who met Donald Trump Jr. after his father won the Republican nomination for the 2016 U.S. presidential election counted Russia’s FSB security service among her clients for years, Russian court documents seen by Reuters show.

The documents show that the lawyer, Natalia Veselnitskaya, successfully represented the FSB’s interests in a legal wrangle over ownership of an upscale property in northwest Moscow between 2005 and 2013.

The FSB, successor to the Soviet-era KGB service, was headed by Vladimir Putin before he became Russian president.

There is no suggestion that Veselnitskaya is an employee of the Russian government or intelligence services, and she has denied having anything to do with the Kremlin.

But the fact she represented the FSB in a court case may raise questions among some U.S. politicians.

The Obama administration last year sanctioned the FSB for what it said was its role in hacking the election, something Russia flatly denies.

Charles Grassley, Republican chairman of the Senate Judiciary Committee, has raised concerns about why Veselnitskaya gained entry into the United States. Veselnitskaya represented a Russian client accused by U.S. prosecutors of money laundering in a case that was settled in May this year after four years.

Veselnitskaya did not reply to emailed Reuters questions about her work for the FSB. But she later posted a link to it on her Facebook page on Friday.

“Is it all your proof? You disappointed me,” she wrote in a post.

“Dig in court databases again! You’ll be surprised to find among my clients Russian businessmen… as well as citizens and companies that had to defend themselves from accusations from the state…”

Veselnitskaya added that she also had U.S. citizens as clients.

The FSB did not respond to a request for comment.

Reuters could not find a record of when and by whom the lawsuit – which dates back to at least 2003 – was first lodged. But appeal documents show that Rosimushchestvo, Russia’s federal government property agency, was involved. It did not immediately respond to a request for comment.

Veselnitskaya and her firm Kamerton Consulting represented “military unit 55002” in the property dispute, the documents show.

A public list of Russian legal entities shows the FSB, Russia’s domestic intelligence agency, founded the military unit whose legal address is behind the FSB’s own headquarters.

Reuters was unable to establish if Veselnitskaya did any other work for the FSB or confirm who now occupies the building at the center of the case.

‘MASS HYSTERIA’ OVER MEETING

President Donald Trump’s eldest son eagerly agreed in June 2016 to meet Veselnitskaya, a woman he was told was a Russian government lawyer who might have damaging information about Democratic White House rival Hillary Clinton, according to emails released by Trump Jr.

Veselnitskaya has said she is a private lawyer and has never obtained damaging information about Clinton. Dmitry Peskov, a spokesman for the Kremlin, has said she had “nothing whatsoever to do with us.”

Veselnitskaya has also said she is ready to testify to the U.S. Congress to dispel what she called “mass hysteria” about the meeting with Trump Jr.

The case in which Veselnitskaya represented the FSB was complex; appeals courts at least twice ruled in favor of private companies which the FSB wanted to evict.

The FSB took over the disputed office building in mid-2008, a person who worked for Atos-Component, a firm that was evicted as a result, told Reuters, on condition of anonymity.

The building was privatized after the 1991 Soviet collapse, but the Russian government said in the lawsuit in which Veselnitskaya represented the FSB that the building had been illegally sold to private firms.

The businesses were listed in the court documents, but many of them no longer exist and those that do are little-known firms in the electric components business.

Elektronintorg, an electronic components supplier, said on its website that it now occupied the building. Elektronintorg is owned by state conglomerate Rostec, run by Sergei Chemezov, who, like Putin, worked for the KGB and served with him in East Germany.

When contacted by phone, an unnamed Elektronintorg employee said he was not obliged to speak to Reuters. Rostec, responding to a request for comment, said that Elektronintorg only had a legal address in the building but that its staff were based elsewhere.

When asked which organization was located there, an unidentified man who answered a speakerphone at the main entrance laughed and said: “Congratulations. Ask the city administration.”

(Reporting by Maria Tsvetkova and Jack Stubbs; additional reporting by Polina Nikolskaya, Gleb Stolyarov and Darya Korsunskaya in Moscow; Editing by Andrew Osborn, Mike Collett-White and Grant McCool)