US government agencies hacked; Russia a possible culprit

US government agencies hacked; Russia a possible culprit
1 / 2
In this file photo taken on March 27, 2020, an exterior view of the building of US Department of the Treasury is seen in Washington, DC. (AFP / Olivier Douliery)
US government agencies hacked; Russia a possible culprit
2 / 2
The US Treasury Department building viewed from the Washington Monument in Washington. (AP Photo/Patrick Semansky, file)
Short Url
Updated 14 December 2020

US government agencies hacked; Russia a possible culprit

US government agencies hacked; Russia a possible culprit
  • Cybersecurity firm FireEye earlier disclosed that foreign government hackers had broken into its network and stolen the company’s own hacking tools
  • Hackers linked to Russia were able to break into the US State Department’s email system in 2014

WASHINGTON: Hackers broke into the networks of the Treasury and Commerce departments as part of a global cyberespionage campaign revealed just days after a leading global cybersecurity firm announced that it had been breached in an attack that industry experts said bore the hallmarks of Russian tradecraft.
The FBI and the Department of Homeland Security’s cybersecurity arm are investigating what experts and former officials said appeared to be a large-scale penetration of US government agencies — apparently the same monthslong cyberespionage campaign that also afflicted the prominent cybersecurity firm FireEye.
“This can turn into one of the most impactful espionage campaigns on record,” said cybersecurity expert Dmitri Alperovitch.
The hacks were revealed less than a week after FireEye disclosed that foreign government hackers had broken into its network and stolen the company’s own hacking tools. Many experts suspect Russia is responsible. FireEye’s customers include federal, state and local governments and top global corporations.
The apparent conduit for the Treasury and Commerce Department hacks — and the FireEye compromise — is a hugely popular piece of server software called SolarWinds. It is used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple US federal agencies who will now be scrambling to patch up their networks, said Alperovitch, the former chief technical officer of the cybersecurity firm CrowdStrike.
FireEye, without naming the breached agencies or other targets, said in a blog post that its investigation into the hack of its own network had identified “a global campaign” targeting governments and the private sector that, beginning in the spring, slipped malware into a SolarWinds software update.
The malware gave the hackers remote access to victims’ networks.
FireEye said it had notified “multiple organizations” globally where it saw indications of compromise. It said that the hacks did not seed self-propagating malware — like the 2016 NotPetya malware blamed on Russia that caused more than $10 billion in damage globally — and that any actual infiltration of an infected organization required “meticulous planning and manual interaction.”
The US government did not publicly identify Russia as the culprit behind the hacks, first reported by Reuters, and said little about who might be responsible. Cybersecurity experts said last week that they considered Russian state hackers to be the main suspect.
National Security Council spokesperson John Ullyot said in a statement that the government was “taking all necessary steps to identify and remedy any possible issues related to this situation.”
On its website, SolarWinds says it has 300,000 customers worldwide, including all five branches of the US military, the Pentagon, the State Department, NASA, the NSA, the Department of Justice and the White House. It says the 10 leading US telecommunications companies and top five US accounting firms are also among customers.
The government’s Cybersecurity and Infrastructure Security Agency said it was working with other agencies to help “identify and mitigate any potential compromises.”
President Donald Trump last month fired the director of CISA, Chris Krebs, after Krebs vouched for the integrity of the presidential election and disputed Trump’s claims of widespread electoral fraud.
In a tweet Sunday, Krebs said “hacks of this type take exceptional tradecraft and time,” adding that he believed that its impact was only beginning to be understood.
Federal government agencies have long been attractive targets for foreign hackers.
Hackers linked to Russia were able to break into the State Department’s email system in 2014, infecting it so thoroughly that it had to be cut off from the Internet while experts worked to eliminate the infestation.
Reuters earlier reported that a group backed by a foreign government stole information from Treasury and a Commerce Department agency responsible for deciding Internet and telecommunications policy.
The Treasury Department deferred comment to the National Security Council. A Commerce Department spokesperson confirmed a “breach in one of our bureaus” and said “we have asked CISA and the FBI to investigate.” The FBI had no immediate comment.
Austin, Texas-based SolarWinds confirmed Sunday in an email to The Associated Press that it a “potential vulnerability” related to updates released between March and June for software that helps organizations monitor their online networks for problems.
“We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state,” said SolarWinds CEO Kevin Thompson in a statement.
The compromise is critical because SolarWinds would give a hacker “God-mode” access to the network, making everything visible, said Alperovitch.
FireEye announced on Tuesday that it had been hacked, saying foreign state hackers with “world-class capabilities” broke into its network and stole offensive tools it uses to probe the defenses of its thousands of customers. The hackers “primarily sought information related to certain government customers,” FireEye CEO Kevin Mandia said in a statement, without naming them.
Former NSA hacker Jake Williams, the president of the cybersecurity firm Rendition Infosec, said FireEye surely told the FBI and other federal partners how it had been hacked and they determined that Treasury had been similarly compromised.
“I suspect that there’s a number of other (federal) agencies we’re going to hear from this week that have also been hit,” Williams added.
FireEye responded to the Sony and Equifax data breaches and helped Saudi Arabia thwart an oil industry cyberattack — and has played a key role in identifying Russia as the protagonist in numerous aggressions in the burgeoning netherworld of global digital conflict.
Neither Mandia nor a FireEye spokesperson said when the company detected the hack or who might be responsible. Mandia said there was no indication they got customer information from the company’s consulting or breach-response businesses or threat-intelligence data it collects.


Husband of detained Iranian-British woman on hunger strike

Husband of detained Iranian-British woman on hunger strike
Updated 24 October 2021

Husband of detained Iranian-British woman on hunger strike

Husband of detained Iranian-British woman on hunger strike
  • Richard Ratcliffe started his fast on Sunday outside the British government’s Foreign Office in central London
  • He plans to maintain a “constant vigil” by sleeping in a tent outside the building’s main entrance

LONDON: The husband of UK charity worker Nazanin Zaghari-Ratcliffe, who has been detained more than five years in Iran, has gone on a hunger strike again after a court decided she has to spend another year in prison.
Richard Ratcliffe started his fast on Sunday outside the British government’s Foreign Office in central London.
He plans to maintain a “constant vigil” by sleeping in a tent outside the building’s main entrance in an effort to pressure Prime Minister Boris Johnson to secure the release of his wife and other detained dual British-Iranian nationals, Amnesty International said.
Zaghari-Ratcliffe served five years in prison after being taken into custody at Tehran’s airport in April 2016 and convicted of plotting the overthrow of Iran’s government, a charge that she, her supporters and rights groups deny.
In May, she was sentenced to an additional year in prison on charges of spreading “propaganda against the system” for having participated in a protest outside the Iranian Embassy in London in 2009 — a decision upheld this month by an appeals court. The verdict includes a one-year travel ban, meaning she wouldn’t be able to leave Iran until 2023.
Ratcliffe went on a 15-day hunger strike two years ago outside the Iranian Embassy, a move he credits with getting their 7-year-old daughter Gabriella released.
“We are now giving the UK government the same treatment. In truth, I never expected to have to do a hunger strike twice. It is not a normal act,” Ratcliffe said on his change.org petition.
He said Iran remains the “primary abuser” in Nazanin’s case, but the “UK is also letting us down.”
“It is increasingly clear that Nazanin’s case could have been solved many months ago – but for other diplomatic agendas. The PM needs to take responsibility for that.”
Zaghari-Ratcliffe was employed by the Thomson Reuters Foundation, the charitable arm of the news agency, and was arrested as she was returning home to Britain after visiting family. Rights groups accuse Iran of holding dual-nationals as bargaining chips for money or influence in negotiations with the West, something Tehran denies.
Iran doesn’t recognize dual nationalities, so detainees like Zaghari-Ratcliffe can’t receive consular assistance.


Taliban kill three ‘Daesh kidnappers’ in shootout

Taliban kill three ‘Daesh kidnappers’ in shootout
Updated 24 October 2021

Taliban kill three ‘Daesh kidnappers’ in shootout

Taliban kill three ‘Daesh kidnappers’ in shootout
  • The clash erupted in Herat when the new Taliban government's fighters cornered the gang in a high-rise building
  • An interior ministry spokesman said the three Daesh-Khorasan members were involved in major kidnappings

HERAT: Taliban forces fought a three-hour gun battle with a group of alleged Daesh kidnappers on Sunday, killing three of them, officials said.
The clash erupted in the western Afghan city of Herat when the new Taliban government's fighters cornered the gang in a high-rise building, Herat Police Command said in a statement.
Local residents said they heard light and heavier weapons used in the fighting. Police said three Daesh members were killed and two Taliban were wounded in the clash.
Videos circulating on social media appeared to show that at least one suspect was shot dead after he had been detained and disarmed, during a scuffle with his captors.
The footage also showed victorious Taliban forces driving through town with three corpses exposed on the back of a pick-up truck, as cheering supporters followed on scooters.
Interior ministry spokesman Qari Sayed Khosti tweeted the three Daesh-Khorasan members were involved in major kidnappings across Herat province.
"Special forces surrounded them, and they started firing. The men were killed in a shootout with security forces."
The Taliban seized power in Afghanistan in mid-August, overthrowing the previous US-backed government, and have vowed to restore stability after a 20-year war.
But their efforts have been undermined by a series of attacks claimed by Daesh-K, another hardline Sunni extremist group that has a bitter rivalry with the Taliban.


Man shot dead in Kashmir as security tight for minister’s visit

Man shot dead in Kashmir as security tight for minister’s visit
Updated 24 October 2021

Man shot dead in Kashmir as security tight for minister’s visit

Man shot dead in Kashmir as security tight for minister’s visit
  • The victim, a milk seller in Kashmir, is the 12th civilian killed by militants or security forces this month
  • Amit Shah, India’s home minister, has been in Kashmir since Saturday

SRINAGAR: Indian paramilitaries shot dead a civilian in Kashmir on Sunday, residents said, as authorities tightened security across the disputed territory for a visit by a top Indian minister.
The victim, a milk seller in the southern Kashmir Valley, is the 12th civilian killed by militants or security forces this month as attacks increase in the Muslim-majority region.
New Delhi has about 500,000 troops and paramilitaries in Kashmir seeking to contain a rebel movement agitating for independence or the region’s merger with Pakistan.
Police said the man was hit in “crossfire” during “militant action” near a police paramilitary camp in the village of Zainapora and that the incident was being investigated.
Villagers told AFP the man had been fatally shot without provocation.
Amit Shah, India’s home minister and effective deputy to Prime Minister Narendra Modi, has been in Kashmir since Saturday, adding to security concerns.
It is Shah’s first trip to the Himalayan region — also claimed by Pakistan — since New Delhi canceled Kashmir’s semi-autonomy in August 2019 and placed it under direct rule.
His visit follows a series of targeted killings by militants, with minority Hindus and Sikhs as well as migrant workers from elsewhere in India the main targets.
Sandbag bunkers have been erected across Kashmir’s main city of Srinagar and snipers positioned on rooftops around the building where Shah is staying.
Police have in recent days impounded hundreds of motorbikes in the city and intensified checks on pedestrians including women and children. Motorbikes have been used for drive-by killings.
India’s chief of defense staff General Bipin Rawat said security monitoring was being intensified to thwart attacks by rebels.
Kashmir has been divided between India and Pakistan since their independence in 1947.
Rebels launched an insurgency in 1989 and the fighting has left tens of thousands dead, mainly civilians.


Ethiopia launches air strike on Tigray’s ‘western front’

Ethiopia launches air strike on Tigray’s ‘western front’
Updated 24 October 2021

Ethiopia launches air strike on Tigray’s ‘western front’

Ethiopia launches air strike on Tigray’s ‘western front’
  • The seventh aerial bombardment in the war-hit region this last week

ADDIS ABABA: Ethiopia’s military launched an air strike on a rebel-held facility in Tigray’s west on Sunday, a government official said, the seventh aerial bombardment in the war-hit region in a week.

“Today the western front of (Mai Tsebri) which was serving as a training and military command post for the terrorist group TPLF has been the target of an air strike,” government spokeswoman Selamawit Kassa said, referring to the Tigray People’s Liberation Front (TPLF).

Prime Minister Abiy Ahmed’s government has been locked in a war against the TPLF since last November, though Tigray itself had seen little combat since late June, when the rebels seized control of much of Ethiopia’s northernmost region and the military largely withdrew.

But on Monday Ethiopia’s air force launched two strikes on Tigray’s capital Mekele that the UN said killed three children and wounded several other people.

Since then there have been three more strikes on Mekele and another targeting what the government described as a weapons cache in the town of Agbe, about 80 kilometers (50 miles) to the west.

The strikes coincide with ramped-up fighting in Amhara region, south of Tigray.

They have drawn rebukes from Western powers, with the US last week condemning “the continuing escalation of violence, putting civilians in harm’s way.”

A strike Friday on Mekele forced a UN flight carrying 11 humanitarian personnel to turn back to Ethiopian capital Addis Ababa, and the UN subsequently announced it was suspending its twice-weekly flights to the region.

The conflict has spurred fears of widespread starvation, as the UN estimates it has pushed 400,000 people in Tigray into famine-like conditions.


Islamists suspend march under agreement with Pakistan government

Islamists suspend march under agreement with Pakistan government
Updated 24 October 2021

Islamists suspend march under agreement with Pakistan government

Islamists suspend march under agreement with Pakistan government
  • Pakistan government had agreed to drop pending charges against the party's leader
  • The head of the Islamist Tehreek-e-Labiak party was arrested last year amid demonstrations against France over the publication of caricatures of Islam’s Prophet Mohammad

LAHORE: A radical Islamist party agreed Sunday to suspend for three days its march of thousands toward the capital Islamabad after Pakistan agreed to drop pending charges against the party's leader.
Party supporters Saturday departed the eastern city of Lahore, clashing for a second straight day with police who lobbed tear gas into the crowd. The group began its journey a day earlier with the goal of reaching Islamabad to pressure the government to release Saad Rizvi, head of the Islamist Tehreek-e-Labiak Pakistan party. Rizvi was arrested last year amid demonstrations against France over the publication of caricatures of Islam’s Prophet Mohammad.
Raja Basharat, provincial law minister, told The Associated Press that under the agreement Punjab will withdraw charges against Rizvi and release all those detained during the protest march by Tuesday.
Rizvi had been detained pre-emptively on a charge of inciting people to assemble unlawfully. It was unclear when he would be released.
Basharat also said the agreement stipulates that the federal government will honor a previous agreement with the TLP to address diplomatic ties with France over the publication of the caricatures.
Sajid Saifi, spokesman for Rizvi’s party, confirmed the minister’s account and said thousands of party supporters will stay in the town of Mureedke waiting for the release of party leaders and members who have been detained.
Pakistan Interior Minister Shaikh Rashid Ahmed told reporters that the TLP's demand that the French ambassador to Pakistan be expelled over the caricatures would be taken to a parliamentary committee in the coming days.
Basharat, Ahmed and Religious Affairs Minister Noorul Haq Qadri took part in the talks with the TLP executive council.
Violent clashes erupted between security forces and the Islamists in Lahore killing at least two police and injuring about a dozen, police said. Saifi claimed four party supporters were killed by police fire and “many” others were injured. Police said the demonstrators torched several police vehicles there.
Ahmed said the government was unaware of any deaths of TLP supporters.
Rizvi’s party gained prominence in Pakistan’s 2018 elections, campaigning on the single issue of defending the country’s blasphemy law, which calls for the death penalty for anyone who insults Islam. It has a history of staging violent protests to pressure the government to accept its demands.