Tag Archives: Technology

Trump expected to sign cyber security executive order Tuesday: source

President Donald Trump signing executive orders

By Dustin Volz and Steve Holland

WASHINGTON (Reuters) – President Donald Trump is expected to sign an executive order on cyber security on Tuesday, two sources familiar with the situation said, marking the first action to address what he has called a top priority of his administration.

The order is expected to commission several different reviews of the government’s offensive and defensive cyber capabilities, according to one of the sources and a third briefed on a draft of the order that circulated last week.

The move follows a presidential campaign that was dominated by running storylines related to cyber security, including the hacking and subsequent leaking of Democratic emails as part of what U.S. intelligence agencies determined was a wide-ranging influence operation intended to help Trump win the White House and denigrate his challenger, Democrat Hillary Clinton.

For months Trump refused to accept the conclusions of the agencies that Russia was responsible, before stating at a press conference on January 11 that, “as far as hacking I think it was Russia.”

In his answer, Trump, then the president-elect, pivoted to say that “we also get hacked by other countries, and other people” while vowing to launch a government-wide review of vulnerabilities to cyber attacks.

The order is expected to also initiate a audit of several federal agencies’ cyber capabilities, seek input on how to improve protections for critical infrastructure, and review government efforts to attract and train a technically sophisticated workforce, according to two of the sources briefed on the draft, which was first published by the Washington Post.

The draft order would also seek ways to give the private sector incentives to adopt strong security measures.

(Reporting by Steve Holland and Dustin Volz; Editing by Chris Reese and Grant McCool)

Hong Kong securities brokers hit by cyber attacks, may face more: regulator

lock icon to represent cyber security

HONG KONG (Reuters) – Hong Kong’s securities regulator said brokers in the city had suffered cyber attacks and warned of possible further incidents across the industry.

Regulators in Hong Kong have been stepping up efforts over the past year to combat the growing menace of cyber attacks on companies. A survey in November showed the average number of such attacks detected by firms in mainland China and Hong Kong grew a whopping 969 percent between 2014 and 2016. [nL4N1DU35T]

In a circular to licensed firms late on Thursday, the Securities and Futures Commission (SFC) said it had been informed by the Hong Kong police that brokers had encountered so-called “distributed denial of service” (DDoS) attacks targeting their websites and received blackmails from criminals.

“The DDoS attacks have caused service disruption to the brokers for a short period. It is possible that similar cyber security incidents would be observed across the securities industry,” the SFC said in the notice.

Distributed denial of service (DDoS) attacks, among the most common on the Internet, involve cyber criminals using hijacked and virus-infected computers to target websites with data requests, until they are overwhelmed and unable to function.

The SFC urged firms in the financial center to implement protective measures, including reviews of the IT systems and DDoS mitigation plans.

(Reporting by Michelle Price; Editing by Himani Sarkar)

French central bank chief urges insurers to step up cyber risk coverage

man representing cyber attack

PARIS (Reuters) – France’s central bank governor called on French insurers to enhance cyber risk coverage for their clients, as hack attacks and data privacy laws in Europe spur rising demand.

“With the help of reinsurers, insurers should be able to meet demands of cyber risk coverage, a concern that affects all businesses,” Francois Villeroy de Galhau said during a conference in Paris.

Though growing fast, the European cyber insurance market remains dwarfed by that in the United States, but is likely to expand in the coming years as new EU regulations come into force requiring firms to disclose when they have been the victim of an attack.

Around 28 percent of companies in Europe have been subject to a cyber attack over the past 12 months, but only 13 percent of companies have purchased cyber insurance, Marsh & McLennan Co’s (MMC.N) Marsh broker unit said in a survey, published in October 2016.

The value of global cyber insurance premiums outstanding is estimated by Marsh & McLennan Co’s (MMC.N) Marsh broker unit to be around $3.5 billion with 3 billion coming from the United States, and around $300 million coming from Europe.

“Insurance companies should learn from their own experience … in order to create a more mature market in France and Europe for insurance against cyber risks,” Villeroy added.

(Reporting by Maya Nikolaeva and Myriam Rivet; Editing by Leigh Thomas)

Saudi Arabia warns on cyber defense as Shamoon resurfaces

man on keyboard graphic

KHOBAR, Saudi Arabia (Reuters) – Saudi Arabia on Monday warned organizations in the kingdom to be on the alert for the Shamoon virus, which cripples computers by wiping their disks, as the labor ministry said it had been attacked and a chemicals firm reported a network disruption.

An alert from the telecoms authority seen by Reuters advised all parties to be vigilant for attacks from the Shamoon 2 variant of the virus that in 2012 crippled tens thousands of computers at oil giant Saudi Aramco.

Shamoon disrupts computers by overwriting the master book record, making it impossible for them to start up. Former U.S. Defense Secretary Leon Panetta said the 2012 Shamoon attack on Saudi Aramco was probably the most destructive cyber attack on a private business.

In the 2012 hacks, images of a burning U.S. flag were used to overwrite the drives of victims including Saudi Aramco and RasGas Co Ltd. In the recent attacks, an image of the body of 3-year-old drowned Syrian refugee Alan Kurdi was used in recent attacks, according to U.S. security researchers.

The Shamoon hackers were likely working on behalf of the Iranian government in the 2012 campaign and the more-recent attacks, said Adam Meyers, vice president with cyber security firm CrowdStrike. “It’s likely they will continue,” he said.

State-controlled Al Ekhbariya TV said on Twitter, using the hash tag #Shamoon, that several Saudi organizations had been targeted in recent cyber attacks.

The state news agency, meanwhile, said the labor ministry had been hit by a cyber attack, but that it did not impact its data.

Jubail-based Sadara Chemical Co, a joint venture firm owned by Saudi Aramco and U.S. company Dow Chemical, said it had experienced a network disruption on Monday morning and was working to resolve the issue.

The company made the disclosure on its official Twitter account after the warning by Al Ekhbariya TV, which cited the telecoms authority.

It did not say whether the disruption was due to a cyber attack but said as a precautionary measure it had stopped all services related to the network.

Other companies in Jubail, the hub of the Saudi petrochemicals industry, also experienced network disruptions, according to sources who were not authorized to publicly discuss the matter.

Those companies sought to protect themselves from the virus by shutting down their networks, said the sources, who declined to identify specific firms.

(Reporting by Reem Shamseddine. Additional reporting by Jim Finkle.; Writing By Maha El Dahan; Editing by Mark Potter and Andrew Hay)

Airbus CEO sees ‘flying car’ prototype ready by end of year

Chief executive discusses flying cars

MUNICH (Reuters) – Airbus Group plans to test a prototype for a self-piloted flying car as a way of avoiding gridlock on city roads by the end of the year, the aerospace group’s chief executive said on Monday.

Airbus last year formed a division called Urban Air Mobility that is exploring concepts such as a vehicle to transport individuals or a helicopter-style vehicle that can carry multiple riders. The aim would be for people to book the vehicle using an app, similar to car-sharing schemes.

“One hundred years ago, urban transport went underground, now we have the technological wherewithal to go above ground,” Airbus CEO Tom Enders told the DLD digital tech conference in Munich, adding he hoped the Airbus could fly a demonstration vehicle for single-person transport by the end of the year.

“We are in an experimentation phase, we take this development very seriously,” he said, adding that Airbus recognized such technologies would have to be clean to avoid further polluting congested cities.

He said using the skies could also reduce costs for city infrastructure planners. “With flying, you don’t need to pour billions into concrete bridges and roads,” he said.

Enders said Airbus, as the world’s largest maker of commercial helicopters, wanted to invest to make the most of new technologies such as autonomous driving and artificial intelligence, to usher in what amounts to an era of flying cars.

“If we ignore these developments, we will be pushed out of important segments of the business,” he said.

A spokesman for Airbus declined to say how much the company was investing in urban mobility.

(Reporting by Eric Auchard; Writing by Victoria Bryan; Editing by Ruth Pitchford)

Artificial leaf copies nature to manufacture medicine

Artificial leaf to produce medicine

By Ben Hirschler

(Reuters) – Dutch scientists have developed an artificial leaf that can act as a mini-factory for producing drugs, an advance that could allow medicines to be produced anywhere there is sunlight.

The work taps into the ability of plants to use sunlight to feed themselves through photosynthesis, something industrial chemists have struggled to replicate because sunshine usually generates too little energy to fuel chemical reactions.

The leaf-inspired micro factory mimics nature’s efficiency at harvesting solar radiation by using new materials called luminescent solar concentrators with very thin channels through which liquid is pumped, exposing molecules to sunlight.

“Theoretically, you could use this device to make drug compounds with solar energy anywhere you want,” said lead researcher Timothy Noel at Eindhoven University of Technology.

By doing away with the need for a power grid, it may be possible one day to make malaria drugs in the jungle or even medicines on Mars in some future space colony, he believes.

The device, made from silicone rubber, can operate even when there is diffuse light, which means it will work under cloudy skies. However, there is still a way to go to scale up the process to make it commercially viable.

Noel and his colleagues, who published their research in the science journal Angewandte Chemie on Wednesday, are now trying to improve energy efficiency further and increase output.

Because the artificial leaf relies on micro-channels to bring chemicals into direct contact with sunlight, each unit needs to be small – but they could be easily linked together to increase production.

“You can make a whole tree with many, many different leaves placed in parallel,” Noel told Reuters. “These are very cheap things to make, so there is a lot of potential.”

He thinks the process could start to become broadly available to chemical engineers within five to 10 years.

It is not the first time that scientists have drawn inspiration from plants when considering novel ways to manufacture pharmaceuticals.

In 2012, the U.S. Food and Drug Administration approved a drug called Elelyso from Pfizer and Protalix Biotherapeutics for Gaucher disease, a rare genetic condition, made with genetically modified carrot cells.

Other researchers are also cultivating crops that have been specially bred to produce useful medicines and vaccines in their leaves.

Yahoo under scrutiny after latest hack, Verizon seeks new deal terms

Yahoo logo on smartphone

By Greg Roumeliotis and Jessica Toonkel

NEW YORK (Reuters) – Yahoo Inc <YHOO.O> came under renewed scrutiny by federal investigators and lawmakers on Thursday after disclosing the largest known data breach in history, prompting Verizon Communications Inc <VZ.N> to demand better terms for its planned purchase of Yahoo’s internet business.

Shares of the Sunnyvale, California-based internet pioneer fell more than 6 percent after it announced the breach of data belonging to more than 1 billion users late on Wednesday, following another large hack reported in September.

Verizon, which agreed to buy Yahoo’s core internet business in July for $4.8 billion, is now trying to persuade Yahoo to amend the terms of the acquisition agreement to reflect the economic damage from the two hacks, according to people familiar with the matter.

The U.S. No. 1 wireless carrier still expects to go through with the deal, but is looking for “major concessions” in light of the most recent breach, according to another person familiar with the situation.

Asked about the status of the deal, a Yahoo spokesperson said: “We are confident in Yahoo’s value and we continue to work towards integration with Verizon.”

Verizon had already said in October it was reviewing the deal after September’s breach disclosure. Late on Wednesday, it said it would “review the impact of this new development before reaching any final conclusions” about whether to proceed.

The company declined to comment beyond that statement on Thursday.

Verizon has threatened to go to court to get out of the deal if it is not repriced, citing a material adverse effect, said the people familiar with the matter, who asked not to be identified because the negotiations are confidential.

No court in Delaware, where Yahoo is incorporated, has ever found that a material adverse effect has occurred that would allow companies to terminate a merger agreement.

Nevertheless, the threat of a court case on the issue has been successfully used by companies to renegotiate deals, and experts said that some concessions from Yahoo are likely, given the magnitude of the cyber security breaches.

Renegotiating the deal’s price tag would be the simplest but also least likely scenario because the impact of the data breaches will not be apparent for some time, according to Erik Gordon, a professor at the University of Michigan’s Ross School of Business.

A more likely concession would be for Yahoo to agree to compensate Verizon after the close of the deal, based on the liabilities that occur. The two companies may also agree to extend the close of the deal to allow for more time for information to come in on the impact of the breaches, Gordon suggested.

Verizon shares rose 0.4 percent to close at $51.81, in line with the S&P 500 Index <.SPX>. Yahoo closed down 6.1 percent at $38.41.

BIGGEST BREACH

Yahoo said late on Wednesday that it had uncovered a 2013 cyber attack that compromised data of more than 1 billion user accounts, the largest known breach on record.

It said the data stolen may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.

The company added that some of its partners were affected. One such partner, Europe’s Sky Plc <SKYB.L>, said Yahoo provides email services to its 2.1 million Sky.com email account holders, but it was unclear how many of those accounts were affected.

The announcement followed Yahoo’s disclosure in September of a separate breach that affected over 500 million accounts, which the company said it believed was launched by different hackers.

The White House said on Thursday the U.S. Federal Bureau of Investigation was probing the breach. Several lawsuits seeking class-action status on behalf of Yahoo shareholders have been filed, or are in the works.

Meanwhile, Democratic Senator Mark Warner of Virginia said he was looking into Yahoo’s cyber security practices.

“This most-recent revelation warrants a separate follow-up and I plan to press the company on why its cyber defenses have been so weak as to have compromised over a billion users,” he said in a statement.

Warner, who will become the top Democrat on the Senate Intelligence Committee next year, described the hacks as “deeply troubling.”

New York Attorney General Eric Schneiderman urged anyone with a Yahoo account to change their passwords and security questions and said he is examining the breach’s circumstances and the company’s disclosures to law enforcement.

Germany’s cyber security authority, the Federal Office for Information Security (BSI), advised German consumers to consider switching to safer alternatives for email, and criticized Yahoo for failing to adopt modern encryption techniques to protect users’ personal data.

“Considering the repeated cases of data theft, users should look more closely at which services they want to use in the future and security should play a part in that decision,” BSI President Arne Schoenbohm said in a statement.

The latest breach drew widespread criticism from security experts, several advising consumers to close their Yahoo accounts.

“Yahoo has fallen down on security in so many ways I have to recommend that if you have an active Yahoo email account, either direct with Yahoo of via a partner like AT&T, get rid of it,” Stu Sjouwerman, chief executive of cyber security firm KnowBe4 Inc, said in a broadly distributed email.

A Yahoo spokesperson, in response to criticism of the company’s security measures, said on Thursday: “We’re committed to keeping our users secure, both by continuously striving to stay ahead of ever-evolving online threats and to keep our users and platforms secure.”

(Reporting by Greg Roumeliotis and Jessica Toonkel in New York and Dustin Volz in Washington; Additional reporting by Liana Baker, Anna Driver, Eric Auchard and Michael Erman; Writing by Jim Finkle and Jonathan Weber; Editing by Bill Trott and Bill Rigby)

U.S. proposes requiring vehicles to ‘talk’ to each other to avoid crashes

By David Shepardson

WASHINGTON (Reuters) – The U.S. Transportation Department on Tuesday proposed requiring all new cars and trucks to be able to “talk” to one another using short-range wireless technology to potentially avoid tens of thousands of crashes annually.

Regulators, which first announced plans to pursue requiring the technology in early 2014, are proposing to give automakers at least four years to comply from the time it is finalized and would require automakers to ensure all vehicles “speak the same language through a standard technology.”

The administration of President-elect Donald Trump will decide whether to finalize the proposal, which does not apply to larger vehicles like buses and tractor trailers.

The U.S. National Highway Traffic Safety Administration (NHTSA) estimates that talking vehicles could eliminate or reduce the severity of up to 80 percent of crashes where alcohol is not a factor, especially crashes at intersections or while changing lanes.

Last year, there were 6.3 million U.S. vehicle crashes. In October, NHTSA said U.S. traffic deaths jumped 10.4 percent in the first six months of 2016. The jump follows a spike in 2015, when road deaths rose 7.2 percent to 35,092, the highest full-year increase since 1966.

Talking cars and trucks would use dedicated short range communications to transmit data up to 300 meters, such as location, direction and speed, to nearby vehicles. That data would be updated and broadcast up to 10 times per second to nearby vehicles, which can identify risks and provide warnings to drivers to avoid imminent crashes.

“From a safety perspective, this is a no brainer,” said U.S. Transportation Secretary Anthony Foxx.

NHTSA Administrator Mark Rosekind said vehicles would protect privacy by only exchanging safety information and would ensure hackers can’t intercept signals.

The rule would not require vehicles currently on U.S. roads to be retrofitted with the technology. Foxx said owners couldn’t turn off the technology but could turn off warnings.

The Alliance of Automobile Manufacturers, a trade group representing General Motors Co, Toyota Motor Corp, Volkswagen AG  and other major automakers, noted the system is already being tested. The group said it would study the proposal. Automakers are pushing to ensure that a portion of the spectrum reserved for connected vehicles is not used by other companies for other wireless device use. The U.S. Federal Communication Commission has begun testing potential sharing options.

Separately, the Federal Highway Administration plans to issue guidance for vehicle-to-infrastructure communications, which will help planners allow vehicles to “talk” to roadway infrastructure such as traffic lights.

(Reporting by David Shepardson; Editing by David Gregorio)

Exclusive: Top U.S. spy agency has not embraced CIA assessment on Russia hacking – sources

Padlock with the word hack, a representation of cyber attacks

By Mark Hosenball and Jonathan Landay

WASHINGTON (Reuters) – The overseers of the U.S. intelligence community have not embraced a CIA assessment that Russian cyber attacks were aimed at helping Republican President-elect Donald Trump win the 2016 election, three American officials said on Monday.

While the Office of the Director of National Intelligence (ODNI) does not dispute the CIA’s analysis of Russian hacking operations, it has not endorsed their assessment because of a lack of conclusive evidence that Moscow intended to boost Trump over Democratic opponent Hillary Clinton, said the officials, who declined to be named.

The position of the ODNI, which oversees the 17 agency-strong U.S. intelligence community, could give Trump fresh ammunition to dispute the CIA assessment, which he rejected as “ridiculous” in weekend remarks, and press his assertion that no evidence implicates Russia in the cyber attacks.

Trump’s rejection of the CIA’s judgment marks the latest in a string of disputes over Russia’s international conduct that have erupted between the president-elect and the intelligence community he will soon command.

An ODNI spokesman declined to comment on the issue.

“ODNI is not arguing that the agency (CIA) is wrong, only that they can’t prove intent,” said one of the three U.S. officials. “Of course they can’t, absent agents in on the decision-making in Moscow.”

The Federal Bureau of Investigation, whose evidentiary standards require it to make cases that can stand up in court, declined to accept the CIA’s analysis – a deductive assessment of the available intelligence – for the same reason, the three officials said.

The ODNI, headed by James Clapper, was established after the Sept. 11, 2001, attacks on the recommendation of the commission that investigated the attacks. The commission, which identified major intelligence failures, recommended the office’s creation to improve coordination among U.S. intelligence agencies.

In October, the U.S. government formally accused Russia of a campaign of cyber attacks against American political organizations ahead of the Nov. 8 presidential election. Democratic President Barack Obama has said he warned Russian President Vladimir Putin about consequences for the attacks.

Reports of the assessment by the CIA, which has not publicly disclosed its findings, have prompted congressional leaders to call for an investigation.

Obama last week ordered intelligence agencies to review the cyber attacks and foreign intervention in the presidential election and to deliver a report before he turns power over to Trump on Jan. 20.

The CIA assessed after the election that the attacks on political organizations were aimed at swaying the vote for Trump because the targeting of Republican organizations diminished toward the end of the summer and focused on Democratic groups, a senior U.S. official told Reuters on Friday.

Moreover, only materials filched from Democratic groups – such as emails stolen from John Podesta, the Clinton campaign chairman – were made public via WikiLeaks, the anti-secrecy organization, and other outlets, U.S. officials said.

“THIN REED”

The CIA conclusion was a “judgment based on the fact that Russian entities hacked both Democrats and Republicans and only the Democratic information was leaked,” one of the three officials said on Monday.

“(It was) a thin reed upon which to base an analytical judgment,” the official added.

Republican Senator John McCain said on Monday there was “no information” that Russian hacking of American political organizations was aimed at swaying the outcome of the election.

“It’s obvious that the Russians hacked into our campaigns,” McCain said. “But there is no information that they were intending to affect the outcome of our election and that’s why we need a congressional investigation,” he told Reuters.

McCain questioned an assertion made on Sunday by Republican National Committee Chairman Reince Priebus, tapped by Trump to be his White House chief of staff, that there were no hacks of computers belonging to Republican organizations.

“Actually, because Mr. Priebus said that doesn’t mean it’s true,” said McCain. “We need a thorough investigation of it, whether both (Democratic and Republican organizations) were hacked into, what the Russian intentions were. We cannot draw a conclusion yet. That’s why we need a thorough investigation.”

In an angry letter sent to ODNI chief Clapper on Monday, House Intelligence Committee Chairman Devin Nunes said he was “dismayed” that the top U.S. intelligence official had not informed the panel of the CIA’s analysis and the difference between its judgment and the FBI’s assessment.

Noting that Clapper in November testified that intelligence agencies lacked strong evidence linking Russian cyber attacks to the WikiLeaks disclosures, Nunes asked that Clapper, together with CIA and FBI counterparts, brief the panel by Friday on the latest intelligence assessment of Russian hacking during the election campaign.

(Editing by Yara Bayoumy and Jonathan Oatis)

FBI to gain expanded hacking powers as Senate effort to block fails

Password on Computer Screen

By Dustin Volz

WASHINGTON (Reuters) – A last-ditch effort in the Senate to block or delay rule changes that would expand the U.S. government’s hacking powers failed Wednesday, despite concerns the changes would jeopardize the privacy rights of innocent Americans and risk possible abuse by the incoming administration of President-elect Donald Trump.

Democratic Senator Ron Wyden attempted three times to delay the changes, which will take effect on Thursday and allow U.S. judges will be able to issue search warrants that give the FBI the authority to remotely access computers in any jurisdiction, potentially even overseas. His efforts were blocked by Senator John Cornyn of Texas, the Senate’s second-ranking Republican.

The changes will allow judges to issue warrants in cases when a suspect uses anonymizing technology to conceal the location of his or her computer or for an investigation into a network of hacked or infected computers, such as a botnet.

Magistrate judges can currently only order searches within the jurisdiction of their court, which is typically limited to a few counties.

In a speech from the Senate floor, Wyden said that the changes to Rule 41 of the federal rules of criminal procedure amounted to “one of the biggest mistakes in surveillance policy in years.”

The government will have “unprecedented authority to hack into Americans’ personal phones, computers and other devices,” Wyden said.

He added that such authority, which was approved by the Supreme Court in a private vote earlier this year, but was not subject to congressional approval, was especially troubling in the hands of an administration of President-elect Trump, a Republican who has “openly said he wants the power to hack his political opponents the same way Russia does.”

Democratic Senator Chris Coons of Delaware and Republican Senator Steve Daines of Montana also delivered speeches voicing opposition to the rule changes.

The U.S. Justice Department has pushed for the changes to the federal rules of criminal procedure for years, arguing they are procedural in nature and the criminal code needed to be modernized for the digital age.

In an effort to address concerns, U.S. Assistant Attorney General Leslie Caldwell wrote a blog post this week arguing that the benefits given to authorities from the rule changes outweighed any potential for “unintended harm.”

“The possibility of such harm must be balanced against the very real and ongoing harms perpetrated by criminals – such as hackers, who continue to harm the security and invade the privacy of Americans through an ongoing botnet, or pedophiles who openly and brazenly discuss their plans to sexually assault children,” Caldwell wrote.

A handful of judges in recent months had dismissed evidence brought as part of a sweeping FBI child pornography sting, saying the search warrants used to hack suspects’ computers exceeded their jurisdiction.

The new rules are expected to make such searches generally valid.

Blocking the changes would have required legislation to pass both houses of Congress, then be signed into law by the president.

(Reporting by Dustin Volz, editing by G Crosse)