You are on page 1of 47

Discover Thomson Reuters

Directory of sites
Login
Contact
Support

World
Business
Markets
Politics
TV

Myanmar
Energy & Environment
Brexit
North Korea
Charged: The Future of Autos
Future of Money
Breakingviews

Cyber RiskApril 16, 2018 / 10:06 PM / 3 days ago


U.S., Britain blame Russia for global cyber attack

Jim Finkle, Doina Chiacu


4 Min Read

(Reuters) - The United States and Britain on Monday accused Russia of launching
cyber attacks on computer routers, firewalls and other networking equipment used by
government agencies, businesses and critical infrastructure operators around the
globe.

Washington and London issued a joint alert saying the campaign by Russian
government-backed hackers was intended to advance spying, intellectual property
theft and other “malicious” activities and could be escalated to launch offensive
attacks.
It followed a series of warnings by Western governments that Moscow is behind a
string of cyber attacks. The United States, Britain and other nations in February
accused Russia of releasing the “NotPetya” virus, which in 2017 crippled parts of
Ukraine’s infrastructure and damaged computers across the globe, costing companies
billions of dollars.
The Kremlin did not immediately respond to a request for comment. But Russia’s
embassy in London issued a statement citing British accusations of cyber threats
from Moscow as “striking examples of a reckless, provocative and unfounded policy
against Russia.”
Related Coverage

UK to Russia on alleged cyber campaign: 'You will not succeed'


Moscow has denied previous accusations that it carried out cyber attacks on the
United States and other countries.
U.S. intelligence agencies last year accused Russia of interfering in the 2016
election with a hacking and propaganda campaign supporting Donald Trump’s campaign
for president. Last month the Trump administration blamed Russia for a campaign of
cyber attacks that targeted the U.S. power grid.

American and British officials said that the attacks disclosed on Monday affected a
wide range of organizations including internet service providers, private
businesses and critical infrastructure providers. They did not identify victims or
provide details on the impact of the attacks.
“When we see malicious cyber activity, whether it be from the Kremlin or other
malicious nation-state actors, we are going to push back,” said Rob Joyce, the
White House cyber security coordinator.
Relations between Russia and Britain were already on edge after Prime Minister
Theresa May blamed Moscow for the March 4 nerve agent poisoning of former Russian
spy Sergei Skripal and his daughter Yulia in the city of Salisbury.
“This is yet another example of Russia’s disregard for international norms and
global order - this time through a campaign of cyber espionage and aggression,
which attempts to disrupt governments and destabilize business,” a British
government spokesman said in London.

Britain and the United States said they issued the new alert to help targets
protect themselves and persuade victims to share information with government
investigators so they can better understand the threat.
“We don’t have full insight into the scope of the compromise,” said U.S. Department
of Homeland Security cyber security official Jeanette Manfra.
The alert is not related to the suspected chemical weapons attack in a town in
Syria that prompted a U.S.-led military strike over the weekend targeting
facilities of the Russian-backed Syrian government, Joyce said.
Shortly after the announcement, the White House said Joyce would leave his post and
return to the U.S. National Security Agency.

A man poses inside a server room at an IT company in this June 19, 2017
illustration photo. REUTERS/Athit Perawongmetha/Illustration
U.S. and British officials warned that infected routers could be used to launch
future offensive cyber operations.
“They could be pre-positioning for use in times of tension,” said Ciaran Martin,
chief executive of the British government’s National Cyber Security Centre cyber
defense agency, who added that “millions of machines” were targeted.
Reporting by Jim Finkle and Doina Chiacu; Additional reporting by Estelle Shirbon
in London, John Walcott and Makini Brice in Washington and Jack Stubbs and Maxim
Rodionov in Moscow; Writing by Will Dunham; Editing by James Dalgleish
Our Standards:The Thomson Reuters Trust Principles.
AppsNewslettersReuters PlusAdvertising GuidelinesCookiesTerms of UsePrivacy

All quotes delayed a minimum of 15 minutes. See here for a complete list of
exchanges and delays.
© 2018 Reuters. All Rights Reserved.

Skip to Main Content


Official website of the Department of Homeland Security
Contact Us Quick Links Site Map A-Z Index

Topics How Do I? Get Involved News About DHS


Search form
Search

You are here


Home > Topics > Cybersecurity

Cybersecurity
Overview
Combating Cyber Crime
Securing Federal Networks
Protecting Critical Infrastructure
Cyber Incident Response
Cyber Safety
Cybersecurity Insurance
Cybersecurity Jobs
Cybersecurity Training & Exercises
Information Sharing
Stakeholder Engagement and Cyber Infrastructure Resilience
Education
EO 13800 Draft Report
What You Can Do
Cybersecurity
Our daily life, economic vitality, and national security depend on a stable, safe,
and resilient cyberspace.
Cyberspace and its underlying infrastructure are vulnerable to a wide range of risk
stemming from both physical and cyber threats and hazards. Sophisticated cyber
actors and nation-states exploit vulnerabilities to steal information and money and
are developing capabilities to disrupt, destroy, or threaten the delivery of
essential services.
On January 5, 2017, the U.S. Department of Commerce and the U.S. Department of
Homeland Security released a draft report to President Trump in response to the
Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical
Infrastructure issued on May 11, 2017. The report, which was created with broad
input from stakeholders and experts, summarizes the opportunities and challenges in
reducing the botnet threat, and offers supporting actions to be taken by both the
government and private sector in order to reduce the threat of automated cyber-
attacks. Learn More.

Cybersecurity Overview
Strengthening the security and resilience of cyberspace has become an important
homeland security mission.

Combating Cyber Crime


Today’s world is more interconnected than ever before. Yet, for all its advantages,
increased connectivity brings increased risk of theft, fraud, and abuse.

Securing Federal Networks


DHS works with each federal civilian department and agency to effectively respond
to ever-changing threats against their networks.

Protecting Critical Infrastructure


DHS draws on the Nation’s full range of expertise and resources to secure critical
infrastructure from cyber threats.

Cyber Incident Response


DHS provides assistance to potentially impacted entities, analyzes the potential
impact across critical infrastructure, investigates those responsible in
conjunction with law enforcement partners, and coordinates the national response to
significant cyber incidents.

Cybersecurity Insurance
Protects businesses and individuals from Internet-based risks and from risks
relating to information technology infrastructure and activities.

Information Sharing
Information sharing is essential to the protection of critical infrastructure and
to furthering cybersecurity for the nation.

Cyber Safety
Every time we connect to the Internet, we make decisions that affect our
cybersecurity.

Cybersecurity Education & Career Development


DHS is committed to strengthening the nation’s cybersecurity workforce through
standardizing roles and helping to ensure we have well-trained cybersecurity
workers today as well as a strong pipeline of future cybersecurity leaders of
tomorrow.

Cybersecurity Jobs at DHS


The demand for an experienced and qualified workforce to protect our Nation’s
networks and information systems has never been higher.

Cybersecurity and Privacy


DHS empowers its cybersecurity programs to succeed by integrating privacy
protections from the outset.

Cyber Research & Development


DHS continues to research and develop new innovative solutions to complex
cybersecurity problems.

Cybersecurity Information Sharing Act of 2015 Implementation


Information on implementation of the Cybersecurity Information Sharing Act of 2015
and DHS’s Automated Indicator Sharing (AIS) initiative.

Last Published Date: January 10, 2018


Cybersecurity News & Updates
Apr 13
Press Release
News Release: S&T Announces Release of Mobile Security R&D Program Guide Vol. 2
DHS S&T today released its 2018 Mobile Security Research and Development (R&D)
Program Guide that introduces the technology projects, goals and objectives and
their alignment with DHS and federal mobile security strategies and priorities.
Apr 13
Blog
Cyber Storm VI: Testing the Nation’s Ability to Respond to a Cyber Incident
Cyber threats to government networks and other critical infrastructure are one of
our Nation’s most pressing security challenges. Consequences from attacks threaten
the safety and security of the homeland, our economic competitiveness, and our way
of life. With the majority of critical infrastructure owned and operated by the
private sector, securing cyberspace is only possible through close collaboration,
what we described as a “Collective Defense” model of shared responsibility.
More News & Updates
Resource Directory
ESS Information-Sharing Initiative
Critical Infrastructure Resources
Analytic Report: Executive Order 13636 Cybersecurity Incentives Study
How to Secure Your Web Browser
Cybersecurity Insurance Reports
More Resources
Was this page helpful?
Yes No
You are here

Topics
Get Involved
How Do I?
News
About DHS
Site Links
DHS Components Accountability Privacy FOIA No Fear Act Accessibility Plain Writing
Plug-ins Inspector General The White House USA.gov
Back to Top

Skip to Main Content


Official website of the Department of Homeland Security
Contact Us Quick Links Site Map A-Z Index

Topics How Do I? Get Involved News About DHS


Search form
Search

You are here


Home > Topics > Cybersecurity > Executive Order on Strengthening the Cybersecurity
of Federal Networks and Critical Infrastructure

Cybersecurity
Overview
Combating Cyber Crime
Securing Federal Networks
Protecting Critical Infrastructure
Cyber Incident Response
Cyber Safety
Cybersecurity Insurance
Cybersecurity Jobs
Cybersecurity Training & Exercises
Information Sharing
Stakeholder Engagement and Cyber Infrastructure Resilience
Education
EO 13800 Draft Report
What You Can Do
Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical
Infrastructure
On January 5, 2017, the U.S. Department of Commerce and the U.S. Department of
Homeland Security released a draft report to President Trump in response to the
Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical
Infrastructure issued on May 11, 2017.
A Report to the President on Enhancing the Resilience of the Internet and
Communications Ecosystem Against Botnets and Other Automated, Distributed Threats |
PDF
The report, which was created with broad input from stakeholders and experts,
summarizes the opportunities and challenges in reducing the botnet threat, and
offers supporting actions to be taken by both the government and private sector in
order to reduce the threat of automated cyber-attacks.
Expand All Sections
Goals
Themes
Request for Comment

Last Published Date: January 10, 2018


Was this page helpful?
Yes No

You are here

Topics
Get Involved
How Do I?
News
About DHS
Site Links
DHS Components Accountability Privacy FOIA No Fear Act Accessibility Plain Writing
Plug-ins Inspector General The White House USA.gov
Back to Top

Discover Thomson Reuters

Directory of sites
Login
Contact
Support

World
Business
Markets
Politics
TV

Myanmar
Energy & Environment
Brexit
North Korea
Charged: The Future of Autos
Future of Money
Breakingviews

Cyber RiskMarch 23, 2018 / 7:39 PM / a month ago


U.S. charges, sanctions Iranians for global cyber attacks on behalf of Tehran

Dustin Volz
7 Min Read
WASHINGTON (Reuters) - The United States on Friday charged and sanctioned nine
Iranians and an Iranian company for attempting to hack into hundreds of
universities worldwide, dozens of firms and parts of the U.S. government, including
its main energy regulator, on behalf of Tehran’s government.

The cyber attacks, beginning in at least 2013, pilfered more than 31 terabytes of
academic data and intellectual property from 144 U.S. universities and 176
universities in 21 other countries, the U.S. Department of Justice said, describing
the campaign as one of the largest state-sponsored hacks ever prosecuted.
The U.S. Treasury Department said it was placing sanctions on the nine people and
the Mabna Institute, a company U.S. prosecutors characterized as designed to help
Iranian research organizations steal information.
U.S. Deputy Attorney General Rod Rosenstein said the nine Iranians were considered
fugitives who may face extradition in more than 100 countries if they travel
outside Iran.
Authorities “will aggressively investigate and prosecute hostile actors who attempt
to profit from America’s ideas by infiltrating our computer systems and stealing
intellectual property,” Rosenstein told a news conference.
The case “will disrupt the defendants’ hacking operations and deter similar
crimes,” he added.
The hackers were not accused of being directly employed by Iran’s government. They
were instead charged with criminal conduct waged primarily through the Mabna
Institute on behalf of the Islamic Revolutionary Guard Corps, the elite military
force assigned to defend Iran’s Shi’ite theocracy from internal and external
threats.
In Tehran, Iran’s foreign ministry spokesman Bahram Qasemi denounced the move as
“provocative, illegitimate, and without any justifiable reason and another sign of
the hostility of the (U.S.) ruling circles toward the Iranian nation”, state news
agency IRNA said.

The targeting of the Federal Energy Regulatory Commission, or FERC, was a matter of
special concern, U.S. Attorney Geoffrey Berman said, because it oversees the
interstate regulation of energy and holds details of some of the country’s “most
sensitive infrastructure.”
Hackers targeted email accounts of more than 100,000 professors worldwide, half in
the United States, and compromised about 8,000, prosecutors said. Hackers also
targeted the U.S. Labor Department, the United Nations and the computer systems of
the U.S. states Hawaii and Indiana, prosecutors said.
Friday’s actions are part of an effort by senior cyber security officials at the
White House and across the U.S. government to blame foreign countries for malicious
hacks.
They were announced a day after U.S. President Donald Trump named John Bolton, a
former U.S. ambassador to the United Nations who is deeply skeptical of the 2015
international nuclear accord with Iran, as his new national security adviser.
Trump himself has repeatedly cast doubt on the nuclear deal, in which the U.S. and
other world powers eased sanctions in exchange for Tehran putting limits on its
nuclear program.
INTERNET FIRMS ALERTED
The Department of Justice on Friday privately warned major internet infrastructure
companies to expect attacks from Iran, an executive at one company who received the
alert said.
The officials said the most likely retaliation would be denial of service attacks
on websites, which are not destructive but disrupt commerce and communication.
Britain’s National Cyber Security Centre said on Twitter the Mabna Institute was
“almost certainly responsible for cyber attacks targeting universities around the
world.”
The sanctions and charges were the fourth time in the past few months the Trump
administration has blamed a foreign government for major cyber attacks, a practice
that was rare under the Obama administration.
Last week, the administration accused the Russian government of cyber attacks
stretching back at least two years that targeted the U.S. power grid.
Washington imposed new sanctions on 19 Russians and five groups, including Moscow’s
intelligence services, for meddling in the 2016 U.S. election and other cyber
attacks.
Friday’s indictment in U.S. District Court in New York said the Iranian hackers did
extensive background research of university professors before sending them
“spearphishing” emails tailored to academic interests and scholarly publications.
The emails purported to be from professors at another university and indicated the
sender had read an article written by them, prosecutors said.

U.S. Deputy Attorney General Rod Rosenstein speaks at a news conference with other
law enforcement officials at the Justice Department to announce nine Iranians
charged with conducting massive cyber theft campaign, in Washington, U.S., March
23, 2018. REUTERS/Yuri Gripas
The emails would then direct recipients to click on links to related articles
directing them to a malicious internet domain that appeared similar to the victims’
actual university portal, where they would be prompted to enter their login
credentials.
Once accounts were compromised, the hackers would steal reams of academic data and
intellectual property related to science and technology, engineering, social
sciences and medicine, the indictment said.
Stolen data was obtained to benefit Iran’s Revolutionary Guard and sold in Iran
through the websites Megapaper and Gigapaper to universities there, prosecutors
said.
‘PASSWORD SPRAYING’
Hackers targeted and compromised employee email accounts at 36 U.S.-based companies
and 11 companies in countries including Britain, Germany and Italy, prosecutors
said.
Victim companies in the United states included two media and entertainment
companies, one law firm, 11 technology firms, and two bank and investment firms,
among others.
Unlike the precise targeting of academics, companies were subjected to a broad
technique known as “password spraying” that uncovers lists of company email
accounts online and then tries to hack into them with common default passwords.
Once inside, the hackers would steal entire email mailboxes.

Slideshow (6 Images)
The Treasury Department also put sanctions on another Iranian, Behzad Mesri.
Sometimes known as “Skote Vahshat,” Mesri was charged in 2017 with hacking cable TV
network HBO to leak unaired episodes of the fantasy drama Game of Thrones.
Mesri is still at large, officials said.
The Obama administration in 2016 indicted seven Iranians for distributed-denial-of-
service attacks on dozens of U.S. banks and for trying to shut down a New York dam.
Those hackers were also accused of working on behalf of Iran’s government.
None of the Iranians indicted in 2016 have been arrested or extradited, a Justice
Department spokesman said.
Reporting by Dustin Volz and Joseph Menn; additional reporting by Lisa Lambert,
Timothy Gardner, Susan Heavey and Dubai newsroom; Editing by Grant McCool and
Clarence Fernandez
Our Standards:The Thomson Reuters Trust Principles.

AppsNewslettersReuters PlusAdvertising GuidelinesCookiesTerms of UsePrivacy

All quotes delayed a minimum of 15 minutes. See here for a complete list of
exchanges and delays.
© 2018 Reuters. All Rights Reserved.

Discover Thomson Reuters

Directory of sites
Login
Contact
Support

World
Business
Markets
Politics
TV
Myanmar
Energy & Environment
Brexit
North Korea
Charged: The Future of Autos
Future of Money
Breakingviews

PoliticsApril 18, 2018 / 2:04 AM / 2 days ago


U.S. official warns of 'unintended consequences' of European data privacy law

Dustin Volz, Joseph Menn


4 Min Read

SAN FRANCISCO (Reuters) - U.S. Department of Homeland Security Secretary Kirstjen


Nielsen warned on Tuesday that a European data privacy law taking effect next month
may have “unintended consequences” that harm the United States’ ability to protect
itself from cyber attacks.

FILE PHOTO: Department of Homeland Security (DHS) Secretary Kirstjen Nielsen


testifies before a House Homeland Security Subcommittee hearing on FY2019
Department of Homeland Security on Capitol Hill in Washington, U.S., April 11,
2018. REUTERS/Yuri Gripas
The European Union law, called the General Data Protection Regulation (GDPR), is
the biggest overhaul of online privacy since the birth of the internet, giving
Europeans the right to know what data is stored on them and the right to have it
deleted.
Online data privacy is important and contextual across borders and different
cultures, Nielsen said during a keynote appearance at the RSA cyber security
conference in San Francisco.
But “what we don’t want are the unintended consequences of preventing the research
community to be able to give us a heads up on (cyber) threats that are coming our
way,” she said.
“In other words, through trying to protect a citizen’s privacy we eliminate the
ability of many of the vendors and researchers who otherwise have access to data to
see the trends in attacks,” Nielsen said.

While some U.S. officials have in recent months raised concerns publicly about the
European law, Nielsen is the most senior Trump administration official yet to do
so.
Her remarks suggest that any attempts by the U.S. Congress to legislate
comprehensive privacy protections would face hurdles from the Trump administration.

Calls for new digital privacy rights in American law have increased after
disclosures that the political consultancy Cambridge Analytica obtained data on
more than 87 million Facebook users from quizzes that were supposed to be for
academic research.

Among the Trump administration’s concerns are limitations the law seeks to impose
on accessing data about website registrations that can often offer clues for
investigators pursuing cyber criminals.
The strong limits on what can be done with data on users are a source of concern
for security professionals in government, internet companies and outside forensics
and investigations providers.
As things stand, many European uses and others who sign on to online services
housed within the region would not be giving companies explicit permission to use
their data in probes of fraud or other criminal activity, security experts told
Reuters this week.
Unless the GDPR is amended, companies and outside investigators will lose access to
material that many users have not realized they were giving up.
The experts said that they were working on ways to recover access to some of that
material, which they declined to detail. The most straightforward would be an
explicit declaration when users join what data could be used as evidence against
people that harm them or against the users themselves.

On Monday, White House cyber coordinator Rob Joyce on Twitter said that GDPR would
“undercut a key tool for identifying malicious domains on the internet.”
He added: “Cyber criminals are celebrating GDPR.”
Joyce said at a conference last month that U.S. officials were trying to persuade
European regulators to allow a carve out in the law for security researchers to
continue collecting data pertinent to data breaches or other cyber crime
investigations.
Reporting by Dustin Volz and Joseph Menn in San Francisco; Editing by Alistair Bell
Our Standards:The Thomson Reuters Trust Principles.

AppsNewslettersReuters PlusAdvertising GuidelinesCookiesTerms of UsePrivacy


All quotes delayed a minimum of 15 minutes. See here for a complete list of
exchanges and delays.
© 2018 Reuters. All Rights Reserved.

Discover Thomson Reuters

Directory of sites
Login
Contact
Support

World
Business
Markets
Politics
TV

Myanmar
Energy & Environment
Brexit
North Korea
Charged: The Future of Autos
Future of Money
Breakingviews

PoliticsApril 18, 2018 / 2:04 AM / 2 days ago


U.S. official warns of 'unintended consequences' of European data privacy law

Dustin Volz, Joseph Menn


4 Min Read

EUGDPR.org
The Regulation
The Process
More Resources
Our Partners

FAQs
How to prepare?
Is my organization affected?
What does Brexit mean for GDPR?
This website is a resource to educate the public about the main elements of the
General Data Protection Regulation (GDPR)

After four years of preparation and debate the GDPR was finally approved by the EU
Parliament on 14 April 2016. Enforcement date: 25 May 2018 - at which time those
organizations in non-compliance may face heavy fines.

The EU General Data Protection Regulation (GDPR) replaces the Data Protection
Directive 95/46/EC and was designed to harmonize data privacy laws across
Europe, to protect and empower all EU citizens data privacy and to reshape the way
organizations across the region approach data privacy. The key articles of the
GDPR, as well as information on its business impact, can be found throughout this
site.
GDPR Portal: Site Overview

Quick Links

The EU General Data Protection Regulation (GDPR) is the most important change in
data privacy regulation in 20 years -
we're here to make sure you're
prepared.
GDPR Key Changes
Summary of key changes

EU GDPR Portal: Powered by Trunomi


Disclaimer: This is not an offical EU Commission or Government resource. This is a
education portal and the information contained within this portal does in no way
constitute legal advice. Any person who intends to rely upon or use the information
contained herein in any way is solely responsible for independently verifying the
information and obtaining independent expert advice if required.

EUGDPR.org
The Regulation
The Process
More Resources
Our Partners

The aim of the GDPR is to protect all EU citizens from privacy and data breaches in
an increasingly data-driven world that is vastly different from the time in which
the 1995 directive was established. Although the key principles of data privacy
still hold true to the previous directive, many changes have been proposed to the
regulatory policies; the key points of the GDPR as well as information on the
impacts it will have on business can be found below.

Increased Territorial Scope (extra-territorial applicability)


Arguably the biggest change to the regulatory landscape of data privacy comes with
the extended jurisdiction of the GDPR, as it applies to all companies processing
the personal data of data subjects residing in the Union, regardless of the
company’s location. Previously, territorial applicability of the directive was
ambiguous and referred to data process 'in context of an establishment'. This topic
has arisen in a number of high profile court cases. GPDR makes its applicability
very clear - it will apply to the processing of personal data by controllers and
processors in the EU, regardless of whether the processing takes place in the EU
or not. The GDPR will also apply to the processing of personal data of data
subjects in the EU by a controller or processor not established in the EU, where
the activities relate to: offering goods or services to EU citizens (irrespective
of whether payment is required) and the monitoring of behaviour that takes place
within the EU. Non-Eu businesses processing the data of EU citizens will also have
to appoint a representative in the EU.

Penalties
Under GDPR organizations in breach of GDPR can be fined up to 4% of annual global
turnover or €20 Million (whichever is greater). This is the maximum fine that can
be imposed for the most serious infringements e.g.not having sufficient customer
consent to process data or violating the core of Privacy by Design concepts.
There is a tiered approach to fines e.g. a company can be fined 2% for not having
their records in order (article 28), not notifying the supervising authority and
data subject about a breach or not conducting impact assessment. It is important to
note that these rules apply to both controllers and processors -- meaning 'clouds'
will not be exempt from GDPR enforcement.

Consent
The conditions for consent have been strengthened, and companies will no longer be
able to use long illegible terms and conditions full of legalese, as the request
for consent must be given in an intelligible and easily accessible form, with the
purpose for data processing attached to that consent. Consent must be clear and
distinguishable from other matters and provided in an intelligible and easily
accessible form, using clear and plain language. It must be as easy to withdraw
consent as it is to give it.

Data Subject Rights

Breach Notification
Under the GDPR, breach notification will become mandatory in all member states
where a data breach is likely to “result in a risk for the rights and freedoms of
individuals”. This must be done within 72 hours of first having become aware of the
breach. Data processors will also be required to notify their customers, the
controllers, “without undue delay” after first becoming aware of a data breach.

Right to Access
Part of the expanded rights of data subjects outlined by the GDPR is the right for
data subjects to obtain from the data controller confirmation as to whether or not
personal data concerning them is being processed, where and for what purpose.
Further, the controller shall provide a copy of the personal data, free of charge,
in an electronic format. This change is a dramatic shift to data transparency and
empowerment of data subjects.

Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles the data subject to
have the data controller erase his/her personal data, cease further dissemination
of the data, and potentially have third parties halt processing of the data. The
conditions for erasure, as outlined in article 17, include the data no longer being
relevant to original purposes for processing, or a data subjects withdrawing
consent. It should also be noted that this right requires controllers to compare
the subjects' rights to "the public interest in the availability of the data" when
considering such requests.

Data Portability
GDPR introduces data portability - the right for a data subject to receive the
personal data concerning them, which they have previously provided in a 'commonly
use and machine readable format' and have the right to transmit that data to
another controller.

Privacy by Design
Privacy by design as a concept has existed for years now, but it is only just
becoming part of a legal requirement with the GDPR. At it’s core, privacy by design
calls for the inclusion of data protection from the onset of the designing of
systems, rather than an addition. More specifically - 'The controller
shall..implement appropriate technical and organisational measures..in an effective
way.. in order to meet the requirements of this Regulation and protect the rights
of data subjects'. Article 23 calls for controllers to hold and process only the
data absolutely necessary for the completion of its duties (data minimisation), as
well as limiting the access to personal data to those needing to act out the
processing.

Data Protection Officers


Currently, controllers are required to notify their data processing activities with
local DPAs, which, for multinationals, can be a bureaucratic nightmare with
most Member States having different notification requirements. Under GDPR it will
not be necessary to submit notifications / registrations to each local DPA of data
processing activities, nor will it be a requirement to notify / obtain approval for
transfers based on the Model Contract Clauses (MCCs). Instead, there will be
internal record keeping requirements, as further explained below, and DPO
appointment will be mandatory only for those controllers and processors whose core
activities consist of processing operations which require regular and systematic
monitoring of data subjects on a large scale or of special categories of data or
data relating to criminal convictions and offences. Importantly, the DPO:
Must be appointed on the basis of professional qualities and, in particular, expert
knowledge on data protection law and practices
May be a staff member or an external service provider
Contact details must be provided to the relevant DPA
Must be provided with appropriate resources to carry out their tasks and maintain
their expert knowledge
Must report directly to the highest level of management
Must not carry out any other tasks that could results in a conflict of interest.
GDPR Key Changes
An overview of the main changes under GPDR and how they differ from the previous
directive
EU GDPR Portal: Powered by Trunomi
Disclaimer: This is not an offical EU Commission or Government resource. This is a
education portal and the information contained within this portal does in no way
constitute legal advice. Any person who intends to rely upon or use the information
contained herein in any way is solely responsible for independently verifying the
information and obtaining independent expert advice if required.

Discover Thomson Reuters

Directory of sites
Login
Contact
Support

World
Business
Markets
Politics
TV
Myanmar
Energy & Environment
Brexit
North Korea
Charged: The Future of Autos
Future of Money
Breakingviews

World NewsApril 17, 2018 / 6:56 PM / 2 days ago


Germany examines cases resembling U.S., UK warnings on Russia cyber attacks

Reuters Staff
1 Min Read

BERLIN (Reuters) - Germany’s BSI cyber protection agency is examining specific


cases in Germany which resemble methods highlighted by the United States and
Britain in warnings about Russian cyber attacks, it said on Tuesday.
“Concrete incidents in Germany, whose methods strongly resemble those pointed to by
the United States and United Kingdom are known to the BSI,” it said in a statement,
adding it had analyzed the cases, informed the relevant organizations and initiated
action via the national cyber defense center.

Reporting by Andrea Shalal; Writing by Madeline Chambers; Editing by Michael


Nienaber
Our Standards:The Thomson Reuters Trust Principles.

AppsNewslettersReuters PlusAdvertising GuidelinesCookiesTerms of UsePrivacy


All quotes delayed a minimum of 15 minutes. See here for a complete list of
exchanges and delays.
© 2018 Reuters. All Rights Reserved.

Discover Thomson Reuters

Directory of sites
Login
Contact
Support

World
Business
Markets
Politics
TV

Myanmar
Energy & Environment
Brexit
North Korea
Charged: The Future of Autos
Future of Money
Breakingviews

Technology NewsApril 15, 2018 / 3:35 AM / 5 days ago


UK could launch retaliatory cyber attack on Russia if infrastructure targeted:
Sunday Times

Reuters Staff
2 Min Read
LONDON (Reuters) - Britain would consider launching a cyber attack against Russia
in retaliation if Russia targeted British national infrastructure, the Sunday Times
reported, citing unnamed security sources.

A Russian flag is seen on the laptop screen in front of a computer screen on which
cyber code is displayed, in this illustration picture taken March 2, 2018.
REUTERS/Kacper Pempel/Illustration
Britain’s relations with Russia are at a historic low, after it blamed Russia for a
nerve agent attack on former Russian spy Sergei Skripal and his daughter in
England, prompting mass expulsions of diplomats.

Russia has denied involvement, and on Saturday also condemned strikes against Syria
by Western powers, which Britain took part in.

Cyber security has become a focal point of the strained relations. On Thursday, a
British spy chief said that his GCHQ agency would “continue to expose Russia’s
unacceptable cyber behaviour”, adding there would be increasing demand for its
cyber expertise.

The Sunday Times also said that British spy officials had been preparing for
Russia-backed hackers to release embarrassing information on politicians and other
high-profile people since the attack on the Skripals.
Reporting by Alistair Smout; editing by Jonathan Oatis
Our Standards:The Thomson Reuters Trust Principles.

AppsNewslettersReuters PlusAdvertising GuidelinesCookiesTerms of UsePrivacy


All quotes delayed a minimum of 15 minutes. See here for a complete list of
exchanges and delays.
© 2018 Reuters. All Rights Reserved.

Discover Thomson Reuters

Directory of sites
Login
Contact
Support

World
Business
Markets
Politics
TV

Myanmar
Energy & Environment
Brexit
North Korea
Charged: The Future of Autos
Future of Money
Breakingviews

Cyber RiskApril 7, 2018 / 9:45 PM / 11 days ago


Iran hit by global cyber attack that left U.S. flag on screens

Reuters Staff
3 Min Read

DUBAI (Reuters) - Hackers have attacked networks in a number of countries including


data centers in Iran where they left the image of a U.S. flag on screens along with
a warning: “Don’t mess with our elections”, the Iranian IT ministry said on
Saturday.

FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code
in this illustration picture taken on March 1, 2017. REUTERS/Kacper
Pempel/Illustration/File Photo
“The attack apparently affected 200,000 router switches across the world in a
widespread attack, including 3,500 switches in our country,” the Communication and
Information Technology Ministry said in a statement carried by Iran’s official news
agency IRNA.
The statement said the attack, which hit internet service providers and cut off web
access for subscribers, was made possible by a vulnerability in routers from Cisco
which had earlier issued a warning and provided a patch that some firms had failed
to install over the Iranian new year holiday.
A blog published on Thursday by Nick Biasini, a threat researcher at Cisco’s Talos
Security Intelligence and Research Group, said: “Several incidents in multiple
countries, including some specifically targeting critical infrastructure, have
involved the misuse of the Smart Install protocol...

“As a result, we are taking an active stance, and are urging customers, again, of
the elevated risk and available remediation paths.”
On Saturday evening, Cisco said those postings were a tool to help clients identify
weaknesses and repel a cyber attack.

Iran’s IT Minister Mohammad Javad Azari-Jahromi posted a picture of a computer


screen on Twitter with the image of the U.S. flag and the hackers’ message. He said
it was not yet clear who had carried out the attack.
Azari-Jahromi said the attack mainly affected Europe, India and the United States,
state television reported.
“Some 55,000 devices were affected in the United States and 14,000 in China, and
Iran’s share of affected devices was 2 percent,” Azari-Jahromi was quoted as
saying.
In a tweet, Azari-Jahromi said the state computer emergency response body MAHER had
shown “weaknesses in providing information to (affected) companies” after the
attack which was detected late on Friday in Iran.

Hadi Sajadi, deputy head of the state-run Information Technology Organisation of


Iran, said the attack was neutralized within hours and no data was lost.
Reporting by Dubai newsroom, additional reporting by Dustin Volz in Washington;
editing by Ros Russell and G Crosse
Our Standards:The Thomson Reuters Trust Principles.

AppsNewslettersReuters PlusAdvertising GuidelinesCookiesTerms of UsePrivacy


All quotes delayed a minimum of 15 minutes. See here for a complete list of
exchanges and delays.
© 2018 Reuters. All Rights Reserved.

Edition:
United States

Business
Markets
World
Politics
Tech
Commentary
Breakingviews
Money
Life
Pictures
Video

Cybersecurity

Stay a Step Ahead of Today’s Bigger, Badder Cyberthreats

Choose your weapon: Staying ahead of the cyberthreats of today and tomorrow.
Continue Reading
Cybersecurity Video

U.S. blames Russia for cyber attacks on power grid (2:21)


More headlines
Four things driving the Cybersecurity Economy 10:50am EDT
The cyber economy is on a roll: Here are four big technological shifts that are
driving it.
U.S. official warns of 'unintended consequences' of European data privacy law Apr
17 2018
SAN FRANCISCO U.S. Department of Homeland Security Secretary Kirstjen Nielsen
warned on Tuesday that a European data privacy law taking effect next month may
have "unintended consequences" that harm the United States' ability to protect
itself from cyber attacks.
Tech firms, including Microsoft, Facebook, vow not to aid government cyber attacks
Apr 17 2018
SAN FRANCISCO Microsoft, Facebook and more than 30 other global technology
companies on Tuesday announced a joint pledge not to assist any government in
offensive cyber attacks.
Germany examines cases resembling U.S., UK warnings on Russia cyber attacks Apr 17
2018
BERLIN Germany's BSI cyber protection agency is examining specific cases in Germany
which resemble methods highlighted by the United States and Britain in warnings
about Russian cyber attacks, it said on Tuesday.
Moscow says basis for allegations of Russian cyber campaign unclear Apr 17 2018
MOSCOW The Kremlin said on Tuesday it did not understand the basis for British and
U.S. allegations that Russia was conducting a global cyber espionage campaign.
White House cyber czar to leave, return to NSA Apr 16 2018
SAN FRANCISCO White House cyber security coordinator Rob Joyce will leave his post
and return to the National Security Agency, a White House official said on Monday.
U.S., Britain blame Russia for global cyber attack Apr 16 2018
The United States and Britain on Monday accused Russia of launching cyber attacks
on computer routers, firewalls and other networking equipment used by government
agencies, businesses and critical infrastructure operators around the globe.
| Video
UK to Russia on alleged cyber campaign: 'You will not succeed' Apr 16 2018
LONDON The British government on Monday condemned what it and the United States
have described as a Russian government-backed campaign of cyber espionage as
another example of Moscow's disregard for international rules.
Bangladesh eyes settlement in U.S. cyber heist suit ahead of its own case Apr 16
2018
NEW YORK/DHAKA An Ecuadorian bank and Wells Fargo have reached an out-of-court
settlement over a 2015 cyber heist, providing a possible precedent for the
Bangladesh central bank's planned suit to recover $66 million still lost in one of
the world's biggest such cases.
UK could launch retaliatory cyber attack on Russia if infrastructure targeted:
Sunday Times Apr 14 2018
LONDON Britain would consider launching a cyber attack against Russia in
retaliation if Russia targeted British national infrastructure, the Sunday Times
reported, citing unnamed security sources.
Oxygen device maker Inogen discloses customer data breach Apr 13 2018
Oxygen supply device maker Inogen Inc said on Friday it was notifying 30,000
existing and former customers following a data breach that led to improper access
of personal details of some rental clients.
Cyber, regulation biggest risks for Europe's businesses: survey Apr 12 2018
LONDON Cyber and regulatory risk have become the biggest concerns for European
business executives, overtaking political and economic risk, after several large
cyber attacks and ahead of a major shake-up in data regulation, a survey showed on
Friday.
West Virginia sues Equifax over data breach Apr 12 2018
West Virginia sued Equifax Inc on Thursday for failing to safeguard consumer
information of hundreds of thousands of state residents and for delaying alerting
the public to a breach that exposed the personal data of about 148 million people,
the state's attorney general said.
U.S. group sets up framework to keep customers' financial data secure Apr 12 2018
The Securities Industry and Financial Markets Association (SIFMA), a trade group
for the U.S. financial industry, released a framework on Thursday aimed at ensuring
customers' private data remains safe when they give third parties access to it.
Uber expands settlement with FTC related to cyberattack Apr 12 2018
WASHINGTON The U.S. Federal Trade Commission said on Thursday the ride-hailing
company Uber Technologies Inc had agreed to expand its proposed settlement with the
agency over charges it deceived consumers about its privacy and data security
practices.
Sequoia Capital's Raanan launches cyber-focused fund Apr 12 2018
TEL AVIV Gili Raanan, general partner at Sequoia Capital Israel, has raised $50
million for a new venture capital fund called Cyberstarts.
Internet of Things security firm Armis raises $30 million Apr 09 2018
TEL AVIV U.S.-Israeli Armis, a provider of Internet of Things (IoT) enterprise
security, said on Monday it raised $30 million in financing, bringing the total it
has raised to $47 million.
Arizona election database targeted in 2016 by criminals, not Russia: source Apr 08
2018
WASHINGTON A hack on an Arizona election database during the 2016 U.S. presidential
campaign was carried out by suspected criminal actors and not the Russian
government, a senior Trump administration official told Reuters on Sunday.
Iran hit by global cyber attack that left U.S. flag on screens Apr 08 2018
DUBAI Hackers have attacked networks in a number of countries including data
centers in Iran where they left the image of a U.S. flag on screens along with a
warning: "Don't mess with our elections", the Iranian IT ministry said on Saturday.

Technology News
U.S. ban on sales to ZTE triggers patriotic rhetoric in China
Exclusive: Facebook to put 1.5 billion users out of reach of new EU privacy law |
Lyft to offset emissions from rides with projects combating climate change
TSMC's smartphone warning points squarely at Apple: analysts
Qualcomm concessions insufficient to clinch NXP deal: commerce ministry

Related Topics:
Technology

Follow Reuters:
Follow Us On Twitter
Follow Us On Facebook
Follow Us On RSS
Follow Us On Instagram
Follow Us On YouTube
Follow Us On LinkedIn
Subscribe: Feeds | Newsletters | Podcasts | Apps
Reuters Plus | Reuters News Agency | Brand Attribution Guidelines | Careers
Reuters, the news and media division of Thomson Reuters, is the world’s largest
international multimedia news provider reaching more than one billion people every
day. Reuters provides trusted business, financial, national, and international news
to professionals via Thomson Reuters desktops, the world's media organizations, and
directly to consumers at Reuters.com and via Reuters TV. Learn more about Thomson
Reuters products:
Eikon
Information, analytics and exclusive news on financial markets - delivered in an
intuitive desktop and mobile interface
Elektron
Everything you need to empower your workflow and enhance your enterprise data
management
World-Check
Screen for heightened risk individuals and entities globally to help uncover hidden
risks in business relationships and human networks
Westlaw
Build the strongest argument relying on authoritative content, attorney-editor
expertise, and industry defining technology
ONESOURCE
The most comprehensive solution to manage all your complex and ever-expanding tax
and compliance needs
CHECKPOINT
The industry leader for online information for tax, accounting and finance
professionals

All quotes delayed a minimum of 15 minutes. See here for a complete list of
exchanges and delays.
© 2018 Reuters. All Rights Reserved.
Site Feedback Corrections Advertising Guidelines Cookies Terms of Use Privacy
Policy

Discover Thomson Reuters

Directory of sites
Login
Contact
Support

World
Business
Markets
Politics
TV

Myanmar
Energy & Environment
Brexit
North Korea
Charged: The Future of Autos
Future of Money
Breakingviews

Technology NewsApril 15, 2018 / 11:26 PM / 4 days ago


Germany says it has to assume Russia behind recent cyber attack

Reuters Staff
1 Min Read
BERLIN (Reuters) - The German government has to assume that a cyber attack on its
Foreign Ministry stemmed from Russia, Foreign Minister Heiko Maas told the
broadcaster ZDF on Sunday.

German Foreign Minister Heiko Maas speaks at a news conference in Brussels,


Belgium, April 13, 2018. REUTERS/Yves Herman
Maas listed a series of what he called problematic actions by Moscow, including the
lack of progress in implementing a ceasefire in eastern Ukraine, a poison gas
attack in Britain, Moscow’s support of the Syrian government, Russia’s efforts to
influence Western elections, and the cyber attack.
“We had an attack on the Foreign Ministry where we have to assume that it stemmed
from Russia,” he said. “We can’t just wish all that away ... And I think it’s not
only reasonable but necessary to point out that we do not view those as
constructive contributions.”

Reporting by Andrea Shalal; Editing by Kevin Liffey


Our Standards:The Thomson Reuters Trust Principles.

AppsNewslettersReuters PlusAdvertising GuidelinesCookiesTerms of UsePrivacy


All quotes delayed a minimum of 15 minutes. See here for a complete list of
exchanges and delays.
© 2018 Reuters. All Rights Reserved.

Discover Thomson Reuters

Directory of sites
Login
Contact
Support

World
Business
Markets
Politics
TV

Myanmar
Energy & Environment
Brexit
North Korea
Charged: The Future of Autos
Future of Money
Breakingviews

Technology NewsJune 5, 2015 / 2:57 AM / 3 years ago


Cyber attack hits 4 million current, former U.S. federal workers

Doina Chiacu, Matt Spetalnick


3 Min Read
WASHINGTON (Reuters) - Hackers breached the computers of the U.S. government agency
that collects personnel information for federal workers in a massive cyber attack
that compromised the data of about 4 million current and former employees, U.S.
officials said on Thursday.

An illustration picture shows a projection of binary code on a man holding a laptop


computer, in an office in Warsaw June 24, 2013. REUTERS/Kacper Pempel
A U.S. law enforcement source told Reuters a foreign entity or government was
believed to be behind the cyber intrusion against the Office of Personnel
Management (OPM), and media reports said authorities suspected it originated in
China.
The Federal Bureau of Investigation said it had launched a probe and would hold the
culprits accountable.
Related Coverage

U.S. probe possible China link to hacking of federal personnel office: source

Foreign entity or government believed behind U.S. data breach: law enforcement
official
OPM detected new malicious activity affecting its information systems in April and
the Department of Homeland Security said it concluded at the beginning of May that
the agency’s data had been compromised.

The breach affected OPM’s IT systems and its data stored at the Department of the
Interior’s data center, which is a shared service center for federal agencies, a
DHS official said on condition of anonymity. The official would not comment on
whether other agencies’ data had been affected.
OPM had previously been the victim of another cyberattack, as have various federal
government computer systems at the State Department, the U.S. Postal Service and
the White House.
“The FBI is working with our interagency partners to investigate this matter,” the
bureau said in a statement. “We take all potential threats to public and private
sector systems seriously, and will continue to investigate and hold accountable
those who pose a threat in cyberspace.”

A law-enforcement official, speaking on condition of anonmity, said the cyber


attack was believed to have been launched from outside the United States, but would
neither confirm nor deny that it had originated in China.
The U.S. government has long raised concerns about cyber spying and theft emanating
from China and has urged Beijing to do more to curb the problem. China has denied
U.S. accusations.
There was no immediate comment from the White House on the latest cyber attack.

Since the intrusion, OPM said it had implemented additional security precautions
for its networks. It said it would notify the 4 million people affected and offer
credit monitoring and identity theft services to the people affected.
“The last few months have seen a series of massive data breaches that have affected
millions of Americans,” U.S. Rep. Adam Schiff, the ranking Democrat on the House
Permanent Select Committee on Intelligence, said in a statement.
But he called the latest intrusion “among the most shocking because Americans may
expect that federal computer networks are maintained with state of the art
defenses.”
“It’s clear that a substantial improvement in our cyber databases and defenses is
perilously overdue,” Schiff added.
Additional reporting by Mark Hosenball, Peter Cooney and Jeff Mason; Writing by
Matt Spetalnick and Doina Chiacu; Editing by Peter Cooney
Our Standards:The Thomson Reuters Trust Principles.
AppsNewslettersReuters PlusAdvertising GuidelinesCookiesTerms of UsePrivacy

All quotes delayed a minimum of 15 minutes. See here for a complete list of
exchanges and delays.
© 2018 Reuters. All Rights Reserved.

Discover Thomson Reuters

Directory of sites
Login
Contact
Support

World
Business
Markets
Politics
TV

Myanmar
Energy & Environment
Brexit
North Korea
Charged: The Future of Autos
Future of Money
Breakingviews

Technology NewsSeptember 7, 2016 / 9:40 AM / 2 years ago


U.S. personnel management hack preventable, congressional probe finds

Dustin Volz
3 Min Read

WASHINGTON (Reuters) - The U.S. Office of Personnel Management (OPM) did not follow
rudimentary cyber security recommendations that could have mitigated or even
prevented major attacks that compromised sensitive data belonging to more than 22
million people, a congressional investigation being released on Wednesday has
found.

A lock icon, signifying an encrypted Internet connection, is seen on an Internet


Explorer browser in a photo illustration in Paris April 15, 2014. REUTERS/Mal
Langsdon
Two breaches at the federal agency detected in 2014 and 2015 were made worse by lax
security culture and ineffective leadership, which failed to harness available
tools that could have stopped or limited the intrusions, according to the report
from the Republicans on the U.S. House of Representatives’ Committee on Oversight
and Government Reform, a copy of which was seen by Reuters.
“The OPM data breach and the resulting generational national security consequences
cannot happen again,” said Republican Representative Jason Chaffetz, the
committee’s chairman, in the report.
The investigation faulted OPM - which manages employment matters for the federal
government, including background checks for most agencies - for not moving more
quickly to address early signs of an attack, allowing hackers to later siphon off
reams of personnel data.

It also said OPM ignored repeated inspector general reports dating back to 2005
that warned of cyber security shortcomings.
Representative Elijah Cummings, the top Democrat on the oversight panel, rejected
the report’s findings in a memo to other Democrats. He claimed the report had
factual deficiencies and did not account for mistakes made by federal contractors.

U.S. intelligence officials have linked the Chinese government to both OPM
breaches, an accusation Beijing has denied.
Though the Republican report credits OPM with improving its cyber security over the
past year, it also includes suggestions for the federal government to address
vulnerabilities.
They include longer retention of qualified chief information officers, reduction of
the use of social security numbers, and a “zero trust model” of information
security that enforces strict controls on what data users inside a network can
access.
In a blog post set to be published on Wednesday, Beth Cobert, acting director of
OPM, said she disagreed with aspects of the congressional investigation, which
“does not fully reflect where this agency stands today.”

OPM has achieved “significant progress” over the past year to improve cyber
security, Cobert said, including requirements for multi-factor authentication,
modernized information technology infrastructure, a new senior cyber security
adviser, and the formation of a new organization responsible for background checks
on employees and contractors, she said in the blog post, a copy of which was seen
by Reuters before publication.
That new entity, the National Background Investigations Bureau, is intended to
replace OPM’s Federal Investigative Services. It will have its information systems
handled by the Pentagon and is expected to be operational by Oct. 1.
Reporting by Dustin Volz; Editing by Bill Rigby
Our Standards:The Thomson Reuters Trust Principles.

AppsNewslettersReuters PlusAdvertising GuidelinesCookiesTerms of UsePrivacy

All quotes delayed a minimum of 15 minutes. See here for a complete list of
exchanges and delays.
© 2018 Reuters. All Rights Reserved.

Discover Thomson Reuters


Directory of sites
Login
Contact
Support

World
Business
Markets
Politics
TV

Myanmar
Energy & Environment
Brexit
North Korea
Charged: The Future of Autos
Future of Money
Breakingviews

Technology NewsDecember 2, 2015 / 12:10 PM / 2 years ago


China's Xinhua says U.S. OPM hack was not state-sponsored

Paul Carsten, Mark Hosenball


6 Min Read

BEIJING/WASHINGTON (Reuters) - China’s official Xinhua news agency said on


Wednesday an investigation into a massive U.S. computer breach last year that
compromised data on more than 22 million federal workers found that the hacking
attack was criminal, not state-sponsored.

An illustration picture shows a projection of binary code on a man holding a laptop


computer, in an office in Warsaw June 24, 2013. REUTERS/Kacper Pempel
In an article about a meeting in Washington between top U.S. and Chinese officials
on cyber security issues, Xinhua said the breach at the U.S. Office of Personnel
Management (OPM) was among the cases discussed.
The report did not give details of who conducted the investigation or whether both
U.S. and Chinese officials agreed with the conclusion.
The Cyberspace Administration of China, the country’s Internet regulator, did not
immediately reply to a request for comment. In Washington, OPM referred inquiries
to the U.S. Department of Homeland Security, which also did not immediately respond
to a request for comment.
White House spokesman Josh Earnest would not comment on the results of the U.S.-
Chinese talks but called the dialogue “an important step” toward addressing
longstanding U.S. concerns about Chinese cyber espionage.
U.S. intelligence chief James Clapper in June said the OPM cyber attack was carried
out by Chinese hackers but did not specifically accuse China’s government. Clapper
told a Washington intelligence conference: “You have to kind of salute the Chinese
for what they did,” given the difficulty of the intrusion.
However, U.S. officials have said privately they believe Chinese government
entities were behind the breach, which involved the compromise of sensitive
personal data submitted to OPM by applicants for U.S. government security
clearances, as well as field reports generated by security investigators.
The breach exposed the names, Social Security numbers and addresses of more than 22
million current and former U.S. federal employees and contractors, as well as 5.6
million fingerprints.

John Hultquist, a cyber espionage expert with iSight Partners, said his firm
believed the intrusion was conducted by hackers working for China’s government,
based on digital evidence and the hackers’ other targets, including health insurer
Anthem.
“We can’t attribute it directly to a specific intelligence organization or office
building in Beijing, (but) the writing is on the wall in terms of the evidence we
do have,” said Hultquist, whose firm provides cyber intelligence to the U.S.
government.
One reason U.S. officials are reluctant to accuse the Chinese government publicly
of hacking American security clearance data, officials and private experts have
said, is that this is the sort of spying done by most if not all major foreign
intelligence agencies including U.S. agencies.
James Lewis, an expert with the Center for Strategic and International Studies
think tank, said China’s latest claims suggest authorities there likely will say
they have arrested hackers behind the OPM attack and claim they are criminals.
‘TRADITIONAL KABUKI’
“It’s a face-saving way of saying, ‘It wasn’t us and we’ll put them in jail,’”
Lewis said. “Traditional kabuki in espionage is you write off your agents when it’s
politically useful to do so.”

Lewis said in October that shortly before Chinese president Xi Jinping visited the
United States, Chinese officials told their American counterparts that Beijing had
detained at least two hackers who breached U.S. computer networks.
Reuters reported in October that Chinese officials told their U.S. counterparts
that one suspect was involved in the OPM breach.
U.S. officials have said that they are unaware of any evidence demonstrating that
the hacked OPM data had been used for any nefarious purposes.
Lewis said there also was no evidence the stolen OPM data had appeared for sale on
black markets, another indication the hacking was carried out by individuals
working with or for China’s government.
The Pentagon’s chief arms buyer, Frank Kendall, said on Wednesday that while he was
not aware of Xinhua’s claim, he remained very concerned about Chinese hacking of
U.S. weapons systems.
“China is not the only source of some of our cyber attacks, but it’s certainly one
of the major sources of cyber attacks,” Kendall said. “This is a problem that is
not going to go away.”
OPM’s director resigned in July in the aftermath of the agency’s disclosure that it
had fallen victim to two cyber attacks.
Top U.S. and Chinese officials convened this week in Washington for the first round
of cyber security talks following the signing of a bilateral anti-hacking accord in
September.

The two sides reached a broad agreement on the joint fight against cyber crimes,
and will set up a hotline for these issues, according to Xinhua and CCTV, China’s
state-operated national broadcaster.
The next meeting is scheduled for June, Xinhua said.
Along with the OPM hack, officials from the two countries identified other cases to
work on, reached further consensus on fighting cyber terrorism and agreed on
programs to boost the fight against cyber crimes, Xinhua said, without giving
further details.
Additional reporting by Michael Martina and Shanghai Newsroom, Andrea Shalal in
Washington, Joseph Menn in San Francisco and Jim Finkle in Boston.; Editing by
Kazunori Takada, Ryan Woo, Kevin Drawbaugh and Jonathan Weber.
Our Standards:The Thomson Reuters Trust Principles.

AppsNewslettersReuters PlusAdvertising GuidelinesCookiesTerms of UsePrivacy

All quotes delayed a minimum of 15 minutes. See here for a complete list of
exchanges and delays.
© 2018 Reuters. All Rights Reserved.

Discover Thomson Reuters

Directory of sites
Login
Contact
Support

World
Business
Markets
Politics
TV

Myanmar
Energy & Environment
Brexit
North Korea
Charged: The Future of Autos
Future of Money
Breakingviews

U.S.August 25, 2017 / 4:13 AM / 8 months ago


Chinese national arrested in Los Angeles on U.S. hacking charge

Joseph Menn
3 Min Read

SAN FRANCISCO (Reuters) - U.S. authorities on Thursday accused a Chinese national


visiting the United States of providing malware that has been linked to the theft
of security clearance records of millions of American government employees.
Yu Pingan of Shanghai was arrested on Monday at Los Angeles airport after a federal
criminal complaint accused him of conspiring with others wielding malicious
software known as Sakula, a Justice Department spokesman said on Thursday.
The complaint said the group attacked a series of unnamed U.S. companies using
Sakula, the same rare program involved in U.S. Office of Personnel Management (OPM)
hacks detected in 2014 and 2015. The filing did not mention the OPM hacks.
The arrest could provide information on the OPM hacks which U.S. officials have
blamed on the Chinese government.
In an FBI affidavit linked to the complaint, an FBI agent said he believed Yu
provided versions of Sakula to two unnamed men that he knew would be used to carry
out attacks on the firms.

Yu’s court-appointed attorney, Michael Berg, said Yu was a teacher with no


affiliation with China’s government.
“He says he has no involvement in this whatsoever,” Berg said, adding that Yu came
to Los Angeles for a conference.
The Justice Department and San Diego FBI declined to comment further.
Chinese Foreign Ministry spokeswoman Hua Chunying told a regular press briefing on
Friday that she was not aware of the situation, but that China actively seeks to
guarantee overseas Chinese individuals’ legal rights. China opposes of all forms
criminal internet activity, she added.
The court filings said Sakula had rarely been seen before the attacks on U.S.
companies and Yu knew the software he was providing would be used in the hacks
carried out between 2010 and 2015.
Though the victims are not named, some companies appeared to be in the aerospace
and energy industries.
Adam Meyers, vice president at U.S. security firm CrowdStrike, said software flaws
and one of the internet protocol addresses cited in the complaint matched up with
attacks on a U.S. turbine manufacturer, Capstone Turbine, and a French aircraft
supplier.
Meyers said Sakula could be used by multiple groups, but that all of the known
targets would be of interest to the Chinese government.

The OPM breach was a subject of U.S.-China talks, and the Chinese government
previously told American diplomats it had arrested some criminals in the case.
Yu remains in jail pending a court hearing on his detention next week.
Reporting by Joseph Menn; Additional reporting by Michael Martina in Beijing;
Editing by Andrew Hay
Our Standards:The Thomson Reuters Trust Principles.

AppsNewslettersReuters PlusAdvertising GuidelinesCookiesTerms of UsePrivacy

All quotes delayed a minimum of 15 minutes. See here for a complete list of
exchanges and delays.
© 2018 Reuters. All Rights Reserved.

Discover Thomson Reuters

Directory of sites
Login
Contact
Support

World
Business
Markets
Politics
TV

Myanmar
Energy & Environment
Brexit
North Korea
Charged: The Future of Autos
Future of Money
Breakingviews

IntelDecember 2, 2015 / 12:31 PM / 2 years ago


UPDATE 3-China's Xinhua says U.S. OPM hack was not state-sponsored

Reuters Staff
6 Min Read

* U.S., China officials meet this week for cyber crime talks
* Investigation found U.S. OPM hack was criminal - Xinhua
* No details of who conducted the investigation (Adds White House statement,
paragraph 5)
By Paul Carsten and Mark Hosenball
BEIJING/WASHINGTON, Dec 2 (Reuters) - China’s official Xinhua news agency said on
Wednesday an investigation into a massive U.S. computer breach last year that
compromised data on more than 22 million federal workers found that the hacking
attack was criminal, not state-sponsored.
In an article about a meeting in Washington between top U.S. and Chinese officials
on cyber security issues, Xinhua said the breach at the U.S. Office of Personnel
Management (OPM) was among the cases discussed.
The report did not give details of who conducted the investigation or whether both
U.S. and Chinese officials agreed with the conclusion.
The Cyberspace Administration of China, the country’s Internet regulator, did not
immediately reply to a request for comment. In Washington, OPM referred inquiries
to the U.S. Department of Homeland Security, which also did not immediately respond
to a request for comment.
The White House said Susan Rice, President Barack Obama national security adviser,
and Lisa Monaco, his counterterrorism adviser, met on Wednesday with a Chinese
official to discuss cyber issues and “to underscore the importance of full
adherence” to commitments made during Chinese President Xi Jinping’s visit to
Washington in September.
U.S. intelligence chief James Clapper in June said the OPM cyber attack was carried
out by Chinese hackers but did not specifically accuse China’s government. Clapper
told a Washington intelligence conference: “You have to kind of salute the Chinese
for what they did,” given the difficulty of the intrusion.

However, U.S. officials have said privately they believe Chinese government
entities were behind the breach, which involved the compromise of sensitive
personal data submitted to OPM by applicants for U.S. government security
clearances, as well as field reports generated by security investigators.
The breach exposed the names, Social Security numbers and addresses of more than 22
million current and former U.S. federal employees and contractors, as well as 5.6
million fingerprints.
John Hultquist, a cyber espionage expert with iSight Partners, said his firm
believed the intrusion was conducted by hackers working for China’s government,
based on digital evidence and the hackers’ other targets, including health insurer
Anthem.
“We can’t attribute it directly to a specific intelligence organization or office
building in Beijing, (but) the writing is on the wall in terms of the evidence we
do have,” said Hultquist, whose firm provides cyber intelligence to the U.S.
government.
One reason U.S. officials are reluctant to accuse the Chinese government publicly
of hacking American security clearance data, officials and private experts have
said, is that this is the sort of spying done by most if not all major foreign
intelligence agencies including U.S. agencies.
James Lewis, an expert with the Center for Strategic and International Studies
think tank, said China’s latest claims suggest authorities there likely will say
they have arrested hackers behind the OPM attack and claim they are criminals.
‘TRADITIONAL KABUKI’
“It’s a face-saving way of saying, ‘It wasn’t us and we’ll put them in jail,’”
Lewis said. “Traditional kabuki in espionage is you write off your agents when it’s
politically useful to do so.”

Lewis said in October that shortly before Xi visited the United States, Chinese
officials told their American counterparts that Beijing had detained at least two
hackers who breached U.S. computer networks.
Reuters reported in October that Chinese officials told their U.S. counterparts
that one suspect was involved in the OPM breach.
U.S. officials have said that they are unaware of any evidence demonstrating that
the hacked OPM data had been used for any nefarious purposes.
Lewis said there also was no evidence the stolen OPM data had appeared for sale on
black markets, another indication the hacking was carried out by individuals
working with or for China’s government.
The Pentagon’s chief arms buyer, Frank Kendall, said on Wednesday that while he was
not aware of Xinhua’s claim, he remained very concerned about Chinese hacking of
U.S. weapons systems.
“China is not the only source of some of our cyber attacks, but it’s certainly one
of the major sources of cyber attacks,” Kendall said. “This is a problem that is
not going to go away.”
OPM’s director resigned in July in the aftermath of the agency’s disclosure that it
had fallen victim to two cyber attacks.
Top U.S. and Chinese officials convened this week in Washington for the first round
of cyber security talks following the signing of a bilateral anti-hacking accord in
September.
The two sides reached a broad agreement on the joint fight against cyber crimes,
and will set up a hotline for these issues, according to Xinhua and CCTV, China’s
state-operated national broadcaster.
The next meeting is scheduled for June, Xinhua said.

Along with the OPM hack, officials from the two countries identified other cases to
work on, reached further consensus on fighting cyber terrorism and agreed on
programs to boost the fight against cyber crimes, Xinhua said, without giving
further details. (Additional reporting by Michael Martina and Shanghai Newsroom,
Andrea Shalal in Washington, Joseph Menn in San Francisco and Jim Finkle in
Boston.; Editing by Kazunori Takada, Ryan Woo, Kevin Drawbaugh and Jonathan Weber.)
Our Standards:The Thomson Reuters Trust Principles.

AppsNewslettersReuters PlusAdvertising GuidelinesCookiesTerms of UsePrivacy

All quotes delayed a minimum of 15 minutes. See here for a complete list of
exchanges and delays.
© 2018 Reuters. All Rights Reserved.

Discover Thomson Reuters

Directory of sites
Login
Contact
Support
World
Business
Markets
Politics
TV

Myanmar
Energy & Environment
Brexit
North Korea
Charged: The Future of Autos
Future of Money
Breakingviews

Technology NewsFebruary 26, 2013 / 11:25 PM / 5 years ago


Researchers say Stuxnet was deployed against Iran in 2007

Jim Finkle
5 Min Read

SAN FRANCISCO (Reuters) - Researchers at Symantec Corp have uncovered a version of


the Stuxnet computer virus that was used to attack Iran’s nuclear program in
November 2007, two years earlier than previously thought.

Iranian soldiers stand guard on an anti-aircraft machine gun inside the Natanz
uranium enrichment facility, 322km (200 miles) south of Iran's capital Tehran March
9, 2006. REUTERS/Raheb
Stuxnet, which is widely believed to have been developed by the United States and
Israel, was discovered in 2010 after it was used to attack a uranium enrichment
facility at Natanz, Iran. It was the first publicly known example of a virus being
used to attack industrial machinery.
Symantec researchers said on Tuesday they have uncovered a piece of code, which
they called “Stuxnet 0.5,” among the thousands of versions of the virus they
recovered from infected machines.
They found evidence Stuxnet 0.5 was in development as early as 2005, when Iran was
still setting up its uranium enrichment facility, and the virus was deployed in
2007, the same year the Natanz facility went online.
“It is really mind blowing that they were thinking about creating a project like
that in 2005,” Symantec researcher Liam O’Murchu told Reuters.
Security experts who reviewed Symantec’s 18-page report on Stuxnet 0.5 said it
showed the cyber weapon was already powerful enough to cripple output at Natanz as
far back as six years ago.
“This attack could have damaged many centrifuges without destroying so many that
the plant operator would have become suspicious,” said a report by the Institute
for Science and International Security, which is led by former United Nations
weapons inspector David Albright and closely monitors Iran’s nuclear program.

ALTERNATE APPROACH
Although it is unclear what damage Stuxnet 0.5 might have caused, Symantec said it
was designed to attack the Natanz facility by opening and closing valves that feed
uranium hexafluoride gas into centrifuges, without the knowledge of the operators
of the facility.
Previously dissected versions of Stuxnet are all believed to have been used to
sabotage the enrichment process by changing the speeds of those gas-spinning
centrifuges without the knowledge of their operators.
“The report provides even more concrete evidence that the United States has been
activity trying to derail the Iranian nuclear program since it was restarted under
President Mahmoud Ahmadinejad’s reign,” said John Bumgarner, an expert on cyber
weapons who works as chief technology officer with the U.S. Cyber Consequences
Unit.
The Natanz facility has been the subject of intense scrutiny by the United States,
Israel and allies, who charge that Iran is trying to build a nuclear bomb.

The United States began building a complex cyber weapon during the George W. Bush
administration to prevent Tehran from acquiring nuclear weapons, U.S. officials
familiar with the program have told Reuters. The government has declined to comment
on the reports and has launched investigations into leaks on its cyber programs.
Since Stuxnet’s discovery in 2010, security researchers have uncovered a handful of
other sophisticated pieces of computer code they believe were developed in tandem
to engage in espionage and warfare. These include Flame, Duqu and Gauss.
Stuxnet 0.5 was written using much of the same code as Flame, according to
Symantec’s report, which was published at the RSA security conference in San
Francisco, an event attended by more than 20,000 security professionals.
Symantec said it has now uncovered four versions of Stuxnet and there are likely
others that have not been discovered yet. Researchers at Symantec and elsewhere are
still trying to understand the full extent of the virus’s capabilities.
“This fills in some of the gaps,” said O’Murchu.
He said the researchers found no evidence to prove who was behind Stuxnet.
Later versions of Stuxnet, which manipulates industrial control software known as
Step 7 from Siemens AG, used more sophisticated methods to infect computer systems,
he said.

Siemens previously said it plugged the security holes that allowed Stuxnet to
breach its software. A company spokesman had no immediate comment on Symantec’s
latest research.
Reporting By Jim Finkle in San Francisco. Additional reporting by Mark Hosenball in
Washington. Editing by Andre Grenon; Editing by Tiffany Wu and Steve Orlofsky
Our Standards:The Thomson Reuters Trust Principles.

AppsNewslettersReuters PlusAdvertising GuidelinesCookiesTerms of UsePrivacy


All quotes delayed a minimum of 15 minutes. See here for a complete list of
exchanges and delays.
© 2018 Reuters. All Rights Reserved.

Discover Thomson Reuters

Directory of sites
Login
Contact
Support

World
Business
Markets
Politics
TV

Myanmar
Energy & Environment
Brexit
North Korea
Charged: The Future of Autos
Future of Money
Breakingviews

World NewsFebruary 16, 2018 / 2:59 AM / 2 months ago


U.S. blames Russia for crippling 2017 'NotPetya' cyber attack

Dustin Volz
2 Min Read
WASHINGTON (Reuters) - The United States on Thursday publicly blamed Russia for
carrying out the so-called NotPetya cyber attack last year that crippled government
and business computers in Ukraine before spreading around the world.

FILE PHOTO - White House Press Secretary Sarah Huckabee Sanders speaks during a
news briefing at the White House in Washington, U.S., February 12, 2018.
REUTERS/Yuri Gripas
The statement by the White House came hours after the British government attributed
the attack to Russia, a conclusion already reached and made public by many private
sector cyber security experts.

The attack in June of 2017 “spread worldwide, causing billions of dollars in damage
across Europe, Asia and the Americas,” White House Press Secretary Sarah Sanders
said in a statement.

“It was part of the Kremlin’s ongoing effort to destabilise Ukraine and
demonstrates ever more clearly Russia’s involvement in the ongoing conflict,”
Sanders added. “This was also a reckless and indiscriminate cyber attack that will
be met with international consequences.”

Earlier on Thursday Russia denied an accusation by the British government that it


was behind the attack, saying it was part of a “Russophobic” campaign that it said
was being waged by some Western countries.
Reporting by Dustin Volz; Editing by Susan Heavey and Bill Rigby
Our Standards:The Thomson Reuters Trust Principles.

AppsNewslettersReuters PlusAdvertising GuidelinesCookiesTerms of UsePrivacy


All quotes delayed a minimum of 15 minutes. See here for a complete list of
exchanges and delays.
© 2018 Reuters. All Rights Reserved.

Discover Thomson Reuters

Directory of sites
Login
Contact
Support

World
Business
Markets
Politics
TV

Myanmar
Energy & Environment
Brexit
North Korea
Charged: The Future of Autos
Future of Money
Breakingviews

Cyber RiskFebruary 16, 2018 / 2:44 AM / 2 months ago


White House blames Russia for 'reckless' NotPetya cyber attack

Dustin Volz, Sarah Young


5 Min Read
WASHINGTON/LONDON (Reuters) - The White House on Thursday blamed Russia for the
devastating ‘NotPetya’ cyber attack last year, joining the British government in
condemning Moscow for unleashing a virus that crippled parts of Ukraine’s
infrastructure and damaged computers in countries across the globe.

A customer waits while a cashier writes out a purchase receipt for store records,
as many business have turned off their digital tills after cases of cyber attacks
on business, at a store in Kiev, Ukraine, June 28, 2017. REUTERS/Gleb Garanich
The attack launched in June 2017 by the Russian military “spread worldwide, causing
billions of dollars in damage across Europe, Asia and the Americas,” White House
Press Secretary Sarah Sanders said in a statement.
“It was part of the Kremlin’s ongoing effort to destabilize Ukraine and
demonstrates ever more clearly Russia’s involvement in the ongoing conflict,”
Sanders said. “This was also a reckless and indiscriminate cyber attack that will
be met with international consequences.”
The strongly worded but brief statement was the first time the U.S. government has
blamed Russia for what is considered one of the worst cyber attacks on record. Many
private sector security experts had fingered Moscow months ago.
The statement came days after leaders of U.S. intelligence agencies again warned
that Russia, and potentially other adversaries, were likely to attempt to use cyber
means to meddle in the U.S. midterm elections in November.
Experts said the White House vow of a response needed to be met with clear action,
especially because U.S. President Donald Trump has sought to improve relations with
his Russian counterpart, Vladimir Putin, and has at times appeared dismissive of
the cyber threat posed by Russia.
Related Coverage

Kremlin rejects U.S. accusation that Russia is behind cyber attack


The U.S. government is “reviewing a range of options,” a senior White House
official said when asked what consequences Russia would face.
It was not clear what those options were, nor what was meant by “international
consequences.”
Earlier on Thursday Russia denied being behind the attack, saying the accusations
were part of a “Russophobic” campaign that it said was being waged by some Western
countries.
The White House had intended to release a statement about ‘NotPetya’ at the same
time as London, but those plans were delayed due to a school shooting in Florida,
according to three sources familiar with the matter.

‘EMPTY PROMISE’?
The U.S. government has been quicker to blame other nations, most notably North
Korea, for destructive cyber attacks, including the WannaCry ransomware attack in
May 2017.
Some administration officials have worried that publicly blaming Russia without
imposing some cost could raise questions about why the United States was not
retaliating, said two sources familiar with the internal debate.
Others argued that because the United States also conducts covert cyberspace
operations that could not be discussed in public, the statement attributing blame
to Moscow required no elaboration, the sources said.
In addition to covert operations, retaliation could take the form of further
sanctions on Russia or other diplomatic penalties.
Trump has resisted the conclusion of U.S. intelligence agencies that Moscow also
meddled in the 2016 U.S. presidential election. After he met Putin in Vietnam last
November, Trump said he believed the Russian leader when he denied his government
interfered in the election.

Democrats and some Republicans have criticized the Trump administration for not
imposing sanctions that were passed unanimously by Congress last summer and were
intended to punish Moscow for meddling in the 2016 election.
“With Russia, if we are promised consequences, people are going to be looking for
tangible proof” of a response, said Kenneth Geers, a security researcher at the
cyber firm Comodo and former U.S. intelligence official who works at NATO’s think
tank on cyber defense.
“Otherwise it seems like a real empty promise.”
The NotPetya attack started in Ukraine, where it crippled government and business
computers before spreading around Europe and the world, halting operations at
ports, factories and offices.
Britain’s foreign ministry said in a statement released earlier in the day that the
attack originated from the Russian military.
“The decision to publicly attribute this incident underlines the fact that the UK
and its allies will not tolerate malicious cyber activity,” the ministry said in a
statement.

“The attack masqueraded as a criminal enterprise but its purpose was principally to
disrupt,” it said.
“Primary targets were Ukrainian financial, energy and government sectors. Its
indiscriminate design caused it to spread further, affecting other European and
Russian business.”
Reporting by Dustin Volz in WASHINGTON and Sarah Young in LONDON; Additional
reporting by Katya Golubkova in MOSCOW, Andrea Shalal in MUNICH, Teis Jensen in
COPENHAGEN, and Steve Holland and John Walcott in WASHINGTON; Editing by Mary
Milliken, Bill Rigby and Daniel Wallis
Our Standards:The Thomson Reuters Trust Principles.

AppsNewslettersReuters PlusAdvertising GuidelinesCookiesTerms of UsePrivacy


All quotes delayed a minimum of 15 minutes. See here for a complete list of
exchanges and delays.
© 2018 Reuters. All Rights Reserved.