Exclusive: U.S. widens surveillance to include ‘homegrown violent extremists’ – documents

Exclusive: U.S. widens surveillance to include 'homegrown violent extremists' - documents

By Dustin Volz

WASHINGTON (Reuters) – The U.S. government has broadened an interpretation of which citizens can be subject to physical or digital surveillance to include “homegrown violent extremists,” according to official documents seen by Reuters.

The change last year to a Department of Defense manual on procedures governing its intelligence activities was made possible by a decades-old presidential executive order, bypassing congressional and court review.

The new manual, released in August 2016, now permits the collection of information about Americans for counterintelligence purposes “when no specific connection to foreign terrorist(s) has been established,” according to training slides created last year by the Air Force Office of Special Investigations (AFOSI).

The slides were obtained by Human Rights Watch through a Freedom of Information Act request about the use of federal surveillance laws for counter-drug or immigration purposes and shared exclusively with Reuters.

The Air Force and the Department of Defense told Reuters that the documents are authentic.

The slides list the shooting attacks in San Bernardino, California, in December 2015 and Orlando, Florida, in June 2016 as examples that would fall under the “homegrown violent extremist” category. The shooters had declared fealty to Islamic State shortly before or during the attacks, but investigators found no actual links to the organization that has carried out shootings and bombings of civilians worldwide.

Michael Mahar, the Department of Defense’s senior intelligence oversight official, said in an interview that AFOSI and other military counterintelligence agencies are allowed to investigate both active duty and U.S. civilian personnel as long as there is a potential case connected to the military. Investigations of civilians are carried out cooperatively with the Federal Bureau of Investigation, Mahar said.

Executive order 12333, signed by former President Ronald Reagan in 1981 and later modified by former President George W. Bush, establishes how U.S. intelligence agencies such as the CIA are allowed to pursue foreign intelligence investigations. The order also allows surveillance of U.S. citizens in certain cases, including for activities defined as counterintelligence.

Under the previous Defense Department manual’s definition of counterintelligence activity, which was published in 1982, the U.S. government was required to demonstrate a target was working on behalf of the goals of a foreign power or terrorist group.

It was not clear what practical effect the expanded definition might have on how the U.S. government gathers intelligence. One of the Air Force slides described the updated interpretation as among several “key changes.”

‘CLOAK OF DARKNESS’

However, some former U.S. national security officials, who generally support giving agents more counterterrorism tools but declined to be quoted, said the change appeared to be a minor adjustment that was unlikely to significantly impact intelligence gathering.

Some privacy and civil liberties advocates who have seen the training slides disagreed, saying they were alarmed by the change because it could increase the number of U.S. citizens who can be monitored under an executive order that lacks sufficient oversight.

“What happens under 12333 takes place under a cloak of darkness,” said Sarah St. Vincent, a surveillance researcher with Human Rights Watch who first obtained the documents. “We have enormous programs potentially affecting people in the United States and abroad, and we would never know about these changes” without the documents, she said.

The National Security Act, a federal law adopted 70 years ago, states that Congress must be kept informed about significant intelligence activities. But the law leaves the interpretation of that to the executive branch.

The updated interpretation was motivated by recognition that some people who may pose a security threat do not have specific ties to a group such as Islamic State or Boko Haram, Mahar at the Defense Department said.

“The internet and social media has made it easier for terrorist groups to radicalize followers without establishing direct contact,” Mahar said.

“We felt that we needed the flexibility to target those individuals,” he said.

In August 2016, during the final months of former President Barack Obama’s administration, a Pentagon press release announced that the department had updated its intelligence collecting procedures but it made no specific reference to “homegrown violent extremists.”

The revision was signed off by the Department of Justice’s senior leadership, including the attorney general, and reviewed by the Privacy and Civil Liberties Oversight Board, a government privacy watchdog.

Mahar said that “homegrown violent extremist,” while listed in the Air Force training slide, is not an official phrase used by the Defense Department. It does not have a specific list of traits or behaviors that would qualify someone for monitoring under the new definition, Mahar said.

Hunches or intuition are not enough to trigger intelligence gathering, Mahar said, adding that a “reasonable belief” that a target may be advancing the goals of an international terrorist group to harm the United States is required.

The updated Defense Department manual refers to any target “reasonably believed to be acting for, or in furtherance of, the goals or objectives of an international terrorist or international terrorist organization, for purposes harmful to the national security of the United States.”

Mahar said that in counterterrorism investigations, federal surveillance laws, including the Foreign Intelligence Surveillance Act, continue to govern electronic surveillance in addition to the limitations detailed in his department’s manual.

(Reporting by Dustin Volz; editing by Grant McCool)

Senators push bill requiring warrant for U.S. data under spy law

Senators push bill requiring warrant for U.S. data under spy law

By Dustin Volz

WASHINGTON (Reuters) – A bipartisan group of at least 10 U.S. senators plans to introduce on Tuesday legislation that would substantially reform aspects of the National Security Agency’s warrantless internet surveillance program, according to congressional aides.

The effort, led by Democrat Ron Wyden and Republican Rand Paul, would require a warrant for queries of data belonging to any American collected under the program. The bill’s introduction is likely to add uncertainty to how Congress will renew a controversial portion of a spying law due to expire on Dec. 31.

Section 702 of the Foreign Intelligence Surveillance Act is considered by U.S. intelligence officials to be among their most vital tools used to combat national and cyber security threats and help protect American allies.

It allows U.S. intelligence agencies to eavesdrop on and store vast amounts of digital communications from foreign suspects living outside the United States.

The surveillance program, classified details of which were exposed in 2013 by former NSA contractor Edward Snowden, also incidentally scoops up communications of Americans, including if they communicate with a foreign target living overseas.

Those communications can then be subject to searches without a warrant, including by the Federal Bureau of Investigation, a practice that the USA Rights Act authored by Wyden and Paul would end.

The measure is expected to be introduced with support from a wide berth of civil society groups, including the American Civil Liberties Union and FreedomWorks, a Wyden spokesman said.

It would renew Section 702 for four years with additional transparency and oversight provisions, such as allowing individuals to more easily raise legal challenges against the law and expand the oversight jurisdiction of the Privacy and Civil Liberties Oversight Board, a government privacy watchdog.

A bipartisan group of lawmakers in the House of Representatives earlier this month introduced legislation seeking to add privacy protections to Section 702, including a partial restriction to the FBI’s ability to access U.S. data when seeking evidence of a crime.

But that was criticized by privacy groups as too narrow.

Separately, the Senate Intelligence Committee is expected to privately vote on Tuesday on a bill to reauthorize Section 702 that privacy advocates say will lack their reform priorities.

Wyden sent a letter on Monday urging committee leaders to allow a public vote, saying the bill “will have enormous impact on the security, liberty, and constitutional rights of the American people” and should be debated in the open.

(Reporting by Dustin Volz; Editing by Leslie Adler)

U.S. lawmakers want to restrict internet surveillance on Americans

U.S. lawmakers want to restrict internet surveillance on Americans

By Dustin Volz

(Reuters) – A bipartisan group of U.S. lawmakers unveiled legislation on Wednesday that would overhaul aspects of the National Security Agency’s warrantless internet surveillance program in an effort to install additional privacy protections.

The bill, which will be formally introduced as soon as Thursday, is likely to revive debate in Washington over the balance between security and privacy, amid concerns among some lawmakers in both parties that the U.S. government may be too eager to spy on its own citizens.

The legislation, written by the House of Representatives Judiciary Committee, is seen by civil liberties groups as the best chance in Congress to reform the law, known as Section 702 of the Foreign Intelligence Surveillance Act, before its expiration on Dec. 31.

Senior U.S. intelligence officials consider Section 702 to be among the most vital tools they have to thwart threats to national security and American allies.

It allows U.S. intelligence agencies to eavesdrop on and store vast amounts of digital communications from foreign suspects living outside the United States.

But the program, classified details of which were exposed in 2013 by former NSA contractor Edward Snowden, also incidentally scoops up communications of Americans, including if they communicate with a foreign target living overseas. Those communications can then be subject to searches without a warrant by the Federal Bureau of Investigation.

A discussion draft of the legislation, a copy of which was seen by Reuters, partially restricts the FBI’s ability to access American data collected under Section 702 by requiring the agency to obtain a warrant when seeking evidence of a crime.

That limit would not apply, however, to requests of data that involve counterterrorism or counter-espionage.

The narrower restriction on what some have called a “backdoor search loophole” has disappointed some civil liberties groups. Several organizations sent a letter this week saying they would not support legislation that did not require a warrant for all queries of American data collected under Section 702.

The legislation would also renew the program for six years and codify the National Security Agency’s decision earlier this year to halt the collection of communications that merely mentioned a foreign intelligence target. But that codification would end in six years as well, meaning NSA could potentially resume the activity in 2023.

The spy agency has said it lost some operational capability by ending so-called “about” collection due to privacy compliance issues and has lobbied against a law that would make its termination permanent.

Republican senators introduced a bill earlier this year to renew Section 702 without changes and make it permanent, a position backed by the White House and intelligence agencies.

But that effort is expected to face major resistance in the House, where an influential conservative bloc of Republicans earlier this year said it opposed renewal unless major changes were made, reflecting disagreement within the majority party.

Separately, Senators John Cornyn, the No. 2 Republican in the chamber, and Democratic Senator Dianne Feinstein are working on Section 702 legislation that may also be introduced this week and include fewer reforms.

Democratic Senator Ron Wyden and Republican Senator Rand Paul are also planning to introduce a bill that would require a warrant for any query of Section 702 involving data belonging to an American.

(Reporting by Dustin Volz; Editing by Peter Cooney and Lisa Shumaker)

NSA says it would need to scale down spying program ahead of expiration

FILE PHOTO: An illustration picture shows the logo of the U.S. National Security Agency on the display of an iPhone, June 7, 2013. REUTERS/Pawel Kopczynski/Illustration/File photo

By Dustin Volz

WASHINGTON (Reuters) – The U.S. National Security Agency would need to begin winding down what it considers its most valuable intelligence program before its expiration at year-end if the U.S. Congress leaves its reauthorization in limbo, the agency’s deputy director said on Friday.

The possibility the U.S. government may begin losing access to the surveillance authority even before it would officially lapse on Dec. 31 is likely to increase pressure on lawmakers to quickly renew the law.

“We would have to be looking to work with our mission partners in the government as well as the companies to start scaling down in advance,” George Barnes, the deputy director of the NSA, said at the George Washington University Center for Cyber & Homeland Security event.

“We would, definitely. The last thing we would want to do is conduct any operation … if we did not have an active statute in place,” Barnes said in response to a question asked by Reuters. “We would have to work the dates backwards to make sure we didn’t cross the line.”

Asked about the remarks by Barnes, an NSA spokesman said the agency fully expects Congress to reauthorize the program.

The law, Section 702 of the Foreign Intelligence Surveillance Act, allows U.S. intelligence agencies to eavesdrop on, and store vast amounts of, digital communications from foreign suspects living outside of the United States.

It is considered a critical national security tool by U.S. officials, who say it supports priorities ranging from counterterrorism to cyber security.

But the program, classified details of which were exposed by 2013 by former NSA contractor Edward Snowden, also incidentally scoops up communications of Americans for a variety of technical reasons, including if they communicate with a foreign target living overseas. Those communications can then be subject to searches from analysts without a warrant.

The scenario articulated by Barnes resembles one that occurred two years ago, when portions of a separate law, the Patriot Act, that allowed the NSA to collect bulk domestic phone metadata were expiring.

Gridlocked over whether to enact reforms, U.S. lawmakers briefly let that Patriot Act lapse. The NSA said it had to begin winding down the program about a week before its expiration.

A bipartisan group of lawmakers in Congress is working on legislation to reform aspects of Section 702, but many Republicans, supported by the White House, want to renew the law without changes and make it permanent.

(Reporting by Dustin Volz; Editing by Steve Orlofsky)

Saudis urged to report on each other’s social media activity

A Saudi man explores a website on his laptop in Riyadh February 11, 2014. REUTERS/Faisal Al Nasser

(Reuters) – Saudi Arabia is urging people to report subversive social media activity via a phone app, part of an apparent crackdown on potential government critics before demonstrations called for by exiled opposition figures.

A message sent on a Twitter account run by the interior ministry late on Tuesday called on citizens and residents to monitor each other for what it called “information crimes”.

“When you notice any account on social networks publishing terrorist or extremist ideas, please report it immediately via the application #We’re_all_security”, it said, referring to a mobile phone app launched last year to enable civilians to report traffic violations and burglaries.

Hours later, the public prosecutor tweeted a section of the kingdom’s terrorism law which states: “Endangering national unity, obstructing the Basic Law of governance or some of its articles, and harming the state’s reputation or status are terrorist crimes.”

Exiled Saudi critics have called for demonstrations on Friday to galvanize opposition to the royal family and at least a dozen prominent clerics, intellectuals and activists, including prominent Islamist cleric Sheikh Salman al-Awdah, have been detained this week, activists say.

Protests are banned in Saudi Arabia as are political parties. Unions are illegal, the press is controlled and criticism of the royal family can lead to prison.

Riyadh says it does not have political prisoners, while top officials have said monitoring activists is needed to maintain social stability.

The detentions reported by activists follow widespread speculation, denied by officials, that King Salman intends to abdicate to his son, Crown Prince Crown Prince Mohammed bin Salman, who dominates economic, diplomatic and domestic policy.

It also coincides with growing tensions with Qatar over its alleged support of Islamists, including the Muslim Brotherhood which is listed by Riyadh as a terrorist organization.

Some Twitter users expressed support for the government’s approach, using the “We’re all Security” hashtag.

“No flattery, no silence whether for a relative or friend in securing the homeland,” said one. “Defend your security. Chaos starts with calls for freedom and reform. Do not believe them.”

IDEOLOGICAL THREAT

The government has not clearly acknowledged this week’s detentions or responded to requests for comment.

But state news agency SPA said on Tuesday authorities had uncovered “intelligence activities for the benefit of foreign parties” by a group of people it did not identify.

A Saudi security source told Reuters the suspects were accused of “espionage activities and having contacts with external entities including the Muslim Brotherhood”, which Riyadh has classified as a terrorist organization.

The government toughened its stance on dissent following the Arab Spring in 2011 after it averted unrest by offering billions of dollars in handouts and state spending.

But the Brotherhood, which represents an ideological threat to Riyadh’s dynastic system of rule, has gained power elsewhere in the region.

Since the kingdom’s founding, the ruling Al Saud family has enjoyed a close alliance with clerics of the ultra-conservative Wahhabi school of Islam. In return, the clerics have espoused a political philosophy that demands obedience to the ruler.

By contrast the Muslim Brotherhood advances an active political doctrine urging revolutionary action, which flies in the face of Wahhabi teaching.

The Brotherhood-inspired Sahwa movement in the 1990s agitated to bring democracy to Saudi Arabia and criticized the ruling family for corruption, social liberalization and working with the West, including allowing U.S. troops into the kingdom during the 1991 Iraq war.

The Sahwa were largely undermined by a mixture of repression and co-optation but remain active.

The al-Saud family has always regarded Islamist groups as the biggest internal threat to its rule over a country in which appeals to religious sentiment cannot be lightly dismissed and an al Qaeda campaign a decade ago killed hundreds.

Saudi Arabia, the United Arab Emirates, Bahrain and Egypt cut diplomatic and transport links with Qatar in June over its alleged support for Islamist militants, a charge that Doha denies.

(Editing by Timothy Heritage)

Exclusive: India and Pakistan hit by spy malware – cybersecurity firm

FILE PHOTO: A Symantec security app is seen on a phone in this illustration photo taken May 23, 2017. REUTERS/Thomas White/Illustration/File Photo

By Rahul Bhatia

MUMBAI (Reuters) – Symantec Corp, a digital security company, says it has identified a sustained cyber spying campaign, likely state-sponsored, against Indian and Pakistani entities involved in regional security issues.

In a threat intelligence report that was sent to clients in July, Symantec said the online espionage effort dated back to October 2016.

The campaign appeared to be the work of several groups, but tactics and techniques used suggest that the groups were operating with “similar goals or under the same sponsor”, probably a nation state, according to the threat report, which was reviewed by Reuters. It did not name a state.

The detailed report on the cyber spying comes at a time of heightened tensions in the region.

India’s military has raised operational readiness along its border with China following a face-off in Bhutan near their disputed frontier, while Indo-Pakistan tensions are also simmering over the disputed Kashmir region.

A spokesman for Symantec said the company does not comment publicly on the malware analysis, investigations and incident response services it provides clients.

Symantec did not identify the likely sponsor of the attack. But it said that governments and militaries with operations in South Asia and interests in regional security issues would likely be at risk from the malware. The malware utilizes the so-called “Ehdoor” backdoor to access files on computers.

“There was a similar campaign that targeted Qatar using programs called Spynote and Revokery,” said a security expert, who requested anonymity. “They were backdoors just like Ehdoor, which is a targeted effort for South Asia.”

CLICKBAIT

To install the malware, Symantec found, the attackers used decoy documents related to security issues in South Asia. The documents included reports from Reuters, Zee News, and the Hindu, and were related to military issues, Kashmir, and an Indian secessionist movement.

The malware allows spies to upload and download files, carry out processes, log keystrokes, identify the target’s location, steal personal data, and take screenshots, Symantec said, adding that the malware was also being used to target Android devices.

In response to frequent cyber-security incidents, India in February established a center to help companies and individuals detect and remove malware. The center is operated by the Indian Computer Emergency Response Team (CERT-In).

Gulshan Rai, the director general of CERT-In, declined to comment specifically on the attack cited in the Symantec report, but added: “We took prompt action when we discovered a backdoor last October after a group in Singapore alerted us.” He did not elaborate.

Symantec’s report said an investigation into the backdoor showed that it was constantly being modified to provide “additional capabilities” for spying operations.

A senior official with Pakistan’s Federal Investigation Agency said it had not received any reports of malware incidents from government information technology departments. He asked not to be named due to the sensitivity of the matter.

A spokesman for FireEye, another cybersecurity company, said that based on an initial review of the malware, it had concluded that an internet protocol address in Pakistan had submitted the malware to a testing service. The spokesman requested anonymity, citing company policy.

Another FireEye official said the attack reported by Symantec was not surprising.

“South Asia is a hotbed of geopolitical tensions, and wherever we find heightened tensions we expect to see elevated levels of cyber espionage activity,” said Tim Wellsmore, FireEye’s director of threat intelligence for the Asia Pacific region.

The Symantec report said the ‘Ehdoor’ backdoor was initially used in late 2016 to target government, military and military-affiliated targets in the Middle East and elsewhere.

(Reporting by Rahul Bhatia. Additional reporting by Jeremy Wagstaff in Singapore.; Editing by Euan Rocha and Philip McClellan)

Exclusive: Moscow lawyer who met Trump Jr. had Russian spy agency as client

Russian lawyer Natalia Veselnitskaya speaks during an interview in Moscow, Russia November 8, 2016. REUTERS/Kommersant Photo/Yury Martyanov

By Maria Tsvetkova and Jack Stubbs

MOSCOW (Reuters) – The Russian lawyer who met Donald Trump Jr. after his father won the Republican nomination for the 2016 U.S. presidential election counted Russia’s FSB security service among her clients for years, Russian court documents seen by Reuters show.

The documents show that the lawyer, Natalia Veselnitskaya, successfully represented the FSB’s interests in a legal wrangle over ownership of an upscale property in northwest Moscow between 2005 and 2013.

The FSB, successor to the Soviet-era KGB service, was headed by Vladimir Putin before he became Russian president.

There is no suggestion that Veselnitskaya is an employee of the Russian government or intelligence services, and she has denied having anything to do with the Kremlin.

But the fact she represented the FSB in a court case may raise questions among some U.S. politicians.

The Obama administration last year sanctioned the FSB for what it said was its role in hacking the election, something Russia flatly denies.

Charles Grassley, Republican chairman of the Senate Judiciary Committee, has raised concerns about why Veselnitskaya gained entry into the United States. Veselnitskaya represented a Russian client accused by U.S. prosecutors of money laundering in a case that was settled in May this year after four years.

Veselnitskaya did not reply to emailed Reuters questions about her work for the FSB. But she later posted a link to it on her Facebook page on Friday.

“Is it all your proof? You disappointed me,” she wrote in a post.

“Dig in court databases again! You’ll be surprised to find among my clients Russian businessmen… as well as citizens and companies that had to defend themselves from accusations from the state…”

Veselnitskaya added that she also had U.S. citizens as clients.

The FSB did not respond to a request for comment.

Reuters could not find a record of when and by whom the lawsuit – which dates back to at least 2003 – was first lodged. But appeal documents show that Rosimushchestvo, Russia’s federal government property agency, was involved. It did not immediately respond to a request for comment.

Veselnitskaya and her firm Kamerton Consulting represented “military unit 55002” in the property dispute, the documents show.

A public list of Russian legal entities shows the FSB, Russia’s domestic intelligence agency, founded the military unit whose legal address is behind the FSB’s own headquarters.

Reuters was unable to establish if Veselnitskaya did any other work for the FSB or confirm who now occupies the building at the center of the case.

‘MASS HYSTERIA’ OVER MEETING

President Donald Trump’s eldest son eagerly agreed in June 2016 to meet Veselnitskaya, a woman he was told was a Russian government lawyer who might have damaging information about Democratic White House rival Hillary Clinton, according to emails released by Trump Jr.

Veselnitskaya has said she is a private lawyer and has never obtained damaging information about Clinton. Dmitry Peskov, a spokesman for the Kremlin, has said she had “nothing whatsoever to do with us.”

Veselnitskaya has also said she is ready to testify to the U.S. Congress to dispel what she called “mass hysteria” about the meeting with Trump Jr.

The case in which Veselnitskaya represented the FSB was complex; appeals courts at least twice ruled in favor of private companies which the FSB wanted to evict.

The FSB took over the disputed office building in mid-2008, a person who worked for Atos-Component, a firm that was evicted as a result, told Reuters, on condition of anonymity.

The building was privatized after the 1991 Soviet collapse, but the Russian government said in the lawsuit in which Veselnitskaya represented the FSB that the building had been illegally sold to private firms.

The businesses were listed in the court documents, but many of them no longer exist and those that do are little-known firms in the electric components business.

Elektronintorg, an electronic components supplier, said on its website that it now occupied the building. Elektronintorg is owned by state conglomerate Rostec, run by Sergei Chemezov, who, like Putin, worked for the KGB and served with him in East Germany.

When contacted by phone, an unnamed Elektronintorg employee said he was not obliged to speak to Reuters. Rostec, responding to a request for comment, said that Elektronintorg only had a legal address in the building but that its staff were based elsewhere.

When asked which organization was located there, an unidentified man who answered a speakerphone at the main entrance laughed and said: “Congratulations. Ask the city administration.”

(Reporting by Maria Tsvetkova and Jack Stubbs; additional reporting by Polina Nikolskaya, Gleb Stolyarov and Darya Korsunskaya in Moscow; Editing by Andrew Osborn, Mike Collett-White and Grant McCool)

Half of German companies hit by sabotage, spying in last two years, BSI says

FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on March 1, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

BERLIN (Reuters) – More than half the companies in Germany have been hit by spying, sabotage or data theft in the last two years, the German IT industry association Bitkom said on Friday, and estimated the attacks caused around 55 billion euros’ worth of damage a year.

Several high-profile attacks have occurred recently, such as the WannaCry ransomware attacks in May and a virus dubbed “NotPetya” that halted production at some companies for more than a week. Others lost millions of euros to organized crime in a scam called “CEO Fraud”.

Some 53 percent of companies in Germany have been victims of industrial espionage, sabotage or data theft in the last two years, Bitkom found – up from 51 percent in a 2015 study.

At the same time, the damage caused rose by 8 percent to around 55 billion euros a year, the survey of 1,069 managers and people responsible for security in various sectors found.

Arne Schoenbohm, president of Germany’s BSI federal cyber agency, said many big companies and especially those operating critical infrastructure were generally well-prepared for cyber attacks. But many smaller and medium-sized companies did not take the threat seriously enough, he said.

“The high number of companies affected clearly shows that we still have work to do on cyber security in Germany,” he said in a statement on Friday.

The BSI urged companies in Europe’s largest economy to make information security a top priority and said all companies need to report serious IT security incidents, even if anonymously.

Schoenbohm told Reuters in an interview that hardware and software makers should do their part to shore up cyber security and patch weaknesses in software more quickly once identified.

“There’s still a lot of work to be done,” he said. “We have to be careful that we don’t focus solely on industry and computer users, but also look at the producers and quality management.”

Some 62 percent of companies affected found those behind the attacks were either current or former employees. Forty-one percent blamed competitors, customers, suppliers or service providers for the attacks, Bitkom said.

Foreign intelligence agencies were found to be responsible in 3 percent of the cases, it said.

Twenty-one percent believed hobby hackers were responsible while 7 percent attributed attacks to organized crime.

(Reporting by Michelle Martin, Andrea Shalal and Thorsten Severin; Editing by Larry King and Hugh Lawson)

Despite hacking charges, U.S. tech industry fought to keep ties to Russia spy service

FILE PHOTO: Police guard the FSB headquarters during an opposition protest in Moscow, Russia, on March 5, 2012. REUTERS/Mikhail Voskresensky/File Photo

(Editors note: Attention to language in paragraph 22 that may be offensive to some readers.)

By Joel Schectman, Dustin Volz and Jack Stubbs

WASHINGTON/MOSCOW (Reuters) – As U.S. officials investigated in January the FSB’s alleged role in election cyber attacks, U.S. technology firms were quietly lobbying the government to soften a ban on dealing with the Russian spy agency, people with direct knowledge of the effort told Reuters.

New U.S. sanctions put in place by former President Barack Obama last December – part of a broad suite of actions taken in response to Russia’s alleged meddling in the 2016 presidential election – had made it a crime for American companies to have any business relationship with the FSB, or Federal Security Service.

U.S. authorities had accused the FSB, along with the GRU, Russia’s military intelligence agency, of orchestrating cyber attacks on the campaign of Democratic presidential candidate Hillary Clinton, a charge Moscow denies.

But the sanctions also threatened to imperil the Russian sales operations of Western tech companies. Under a little-understood arrangement, the FSB doubles as a regulator charged with approving the import to Russia of almost all technology that contains encryption, which is used in both sophisticated hardware as well as products like cellphones and laptops.

Worried about the sales impact, business industry groups, including the U.S.-Russia Business Council and the American Chamber of Commerce in Russia, contacted U.S. officials at the American embassy in Moscow and the Treasury, State and Commerce departments, according to five people with direct knowledge of the lobbying effort.

The campaign, which began in January and proved successful in a matter of weeks, has not been previously reported.

In recent years, Western technology companies have acceded to increasing demands by Moscow for access to closely guarded product security secrets, including source code, Reuters reported last week.[nL1N1JK1ZF] Russia’s information technology market is expected to reach $18.4 billion this year, according to market researcher International Data Corporation.

The sanctions would have meant the Russian market was “dead for U.S. electronics” said Alexis Rodzianko, president of the American Chamber of Commerce in Russia, who argued against the new restrictions. “Every second Russian has an iPhone, iPad, so they would all switch to Samsungs,” he said.

A spokesman for the U.S. Commerce Department Bureau of Industry and Security declined to comment. A State Department official said Washington considered a range of factors before amending the FSB sanction and regularly works with U.S. companies to assess the impact of such policies.

The lobbyists argued the sanction could have stopped the sale of cars, medical devices and heavy equipment, all of which also often contain encrypted software, according to a person involved in the lobbying effort. The goal of the sanctions was to sever U.S. business dealings with the FSB – not end American technology exports to Russia entirely, the industry groups argued.

“The sanction was against a government agency that has many functions, only one of them being hacking the U.S. elections,” said Rodzianko.

The lobbyists assembled representatives from the tech, automotive and manufacturing sectors to make the case to the U.S. Treasury Department, said the person involved in the lobbying effort.

The industry groups did not argue against the intent of the sanction but asked for a narrow exception that would allow them to continue to seek regulatory approvals from the FSB while still keeping in place the broader ban on doing business with the spy agency.

“PUNISHMENT FOR VERY BAD ACTS”

The industry groups represent a number of technology firms with a large presence in Russia, including Cisco and Microsoft.

Reuters was unable to determine which companies were directly involved in the lobbying. Microsoft said it did not ask for changes to the sanctions. In a statement, Cisco said it also did not seek any changes to the sanction but had asked the Treasury Department for clarification on how it applied.

In order to get encrypted technology into Russia, companies need to obtain the blessing of the FSB, a process that can sometimes take months or even years of negotiation. Before granting that approval, the agency can demand sensitive security data about the product, including source code – instructions that control the basic operations of computer equipment.

The United States has accused Russia of a growing number of cyber attacks against the West. U.S. officials say they are concerned that Moscow’s reviews of product secrets could be used to find vulnerabilities to hack into the products.

Some U.S. government officials rejected the industry groups’ arguments. They openly embraced the prospect of any ripple effect that cut further trade with Russia.

Kevin Wolf was assistant secretary at the Commerce Department and oversaw export control policy when the FSB sanction was put in place. Wolf said within days of the sanction taking effect, Commerce received numerous calls from industry groups and companies warning of the unintended consequences.

But for Wolf, who was “furious” with Moscow over the alleged cyber attacks, any additional curbs on trade with Russia was a bonus rather than an unintended downside.

“I said, ‘Great, terrific, fuck ’em … The whole point is to interfere with trade’,” recounted Wolf. “The sanction was meant to impose pain (on Russia) and send a signal as punishment for very bad acts.”

Wolf left the Commerce Department when President Donald Trump took office on Jan. 20.

Other officials felt that the impact on legitimate trade was too great. “The intention of the sanction was not to cut off tech trade with Russia,” said a U.S. official with direct knowledge of the process.

The lobbyists had also argued that since the sanctions only applied to U.S. technology makers, it would put them at a disadvantage to European and Asian companies who would still be able to interact with the FSB and sell products in Russia.

“We were asking for a narrow technical fix that would give a fair deal for American companies,” Dan Russell, CEO of the U.S.-Russia Business Council, said in an interview.

The advocacy worked. State and Treasury officials began working to tweak the sanction in January before Obama left office, according to people involved in the process.

On Feb. 2, the Treasury Department created an exception to the sanction, about two weeks after Trump took office, to allow tech companies to continue to obtain approvals from the FSB.

(Reporting by Joel Schectman and Dustin Volz in Washington and Jack Stubbs in Moscow; Editing by Ross Colvin)

Mexico opposition officials targeted by government spying: report

A Mexican flag is seen over the city of Tijuana, Mexico from San Ysidro, a district of San Diego, California, U.S., April 21, 2017. REUTERS/Mike Blake

By Michael O’Boyle

MEXICO CITY (Reuters) – Three senior opposition officials in Mexico, including a party leader, were targeted with spying software sold to governments to fight criminals and terrorists, according to a report by researchers at the University of Toronto.

The officials, who included conservative National Action Party (PAN) head Ricardo Anaya, received text messages linked to software known as Pegasus, which Israeli company NSO Group only sells to governments, the report by Citizen Lab said.

Mexican President Enrique Pena Nieto has asked the attorney general’s office to investigate charges that the government spied on private citizens, saying he wanted to get to the bottom of the accusations that he called “false.”

Last week, Citizen Lab, a group of researchers at the University of Toronto’s Munk School, identified 12 activists, human-rights lawyers and journalists who had also seen attempts to infect their phones with the powerful spyware.

John Scott-Railton, one of a group of researchers at Citizen Lab who have spent five years tracking the use of such spyware by governments against civilians, said Mexico’s case was notable for the number of targets and the intensity of efforts.

“What we have already provided, in our prior reporting, is strong circumstantial evidence implicating the government of Mexico,” he said.

Anaya, PAN Senator Roberto Gil Zuarth and Fernando Rodriguez, the PAN’s communications secretary, received infectious messages in June 2016, when lawmakers were discussing anti-corruption legislation, the report said.

The PAN officials did not immediately respond to a request for comment on the report, which was published on Citizen Lab’s website: http://bit.ly/2sl8UiH.

Pena Nieto’s office said in a statement that it “categorically refuses to allow any of its agencies to carry out surveillance or intervention of communications” except for fighting organized crime or national security threats, and only with court authorization.

Mexico’s government purchased about $80 million worth of spyware from NSO Group, according to a report by the New York Times last week.

The spying allegations have added to the problems facing Pena Nieto, whose popularity has waned due to rising violence and signs of widespread corruption.

Among the previous targets who Citizen Lab identified were Carmen Aristegui, a journalist who in 2014 helped reveal that Pena Nieto’s wife had acquired a house from a major government contractor, as well as lawyers representing the families of 43 students who disappeared and were apparently massacred in 2014.

At least nine of the people who were targeted filed charges with authorities on June 19. On June 22, Pena Nieto promised a thorough investigation and insisted that Mexico was a democracy that tolerated critical voices.

The president’s office said in its latest statement that any new allegations would be added to the current investigation.

(Editing by Lisa Von Ahn and Frank Jack Daniel)