US government agencies hacked; Russia a possible culprit

1 / 2
In this file photo taken on March 27, 2020, an exterior view of the building of US Department of the Treasury is seen in Washington, DC. (AFP / Olivier Douliery)
2 / 2
The US Treasury Department building viewed from the Washington Monument in Washington. (AP Photo/Patrick Semansky, file)
Short Url
Updated 14 December 2020

US government agencies hacked; Russia a possible culprit

  • Cybersecurity firm FireEye earlier disclosed that foreign government hackers had broken into its network and stolen the company’s own hacking tools
  • Hackers linked to Russia were able to break into the US State Department’s email system in 2014

WASHINGTON: Hackers broke into the networks of the Treasury and Commerce departments as part of a global cyberespionage campaign revealed just days after a leading global cybersecurity firm announced that it had been breached in an attack that industry experts said bore the hallmarks of Russian tradecraft.
The FBI and the Department of Homeland Security’s cybersecurity arm are investigating what experts and former officials said appeared to be a large-scale penetration of US government agencies — apparently the same monthslong cyberespionage campaign that also afflicted the prominent cybersecurity firm FireEye.
“This can turn into one of the most impactful espionage campaigns on record,” said cybersecurity expert Dmitri Alperovitch.
The hacks were revealed less than a week after FireEye disclosed that foreign government hackers had broken into its network and stolen the company’s own hacking tools. Many experts suspect Russia is responsible. FireEye’s customers include federal, state and local governments and top global corporations.
The apparent conduit for the Treasury and Commerce Department hacks — and the FireEye compromise — is a hugely popular piece of server software called SolarWinds. It is used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple US federal agencies who will now be scrambling to patch up their networks, said Alperovitch, the former chief technical officer of the cybersecurity firm CrowdStrike.
FireEye, without naming the breached agencies or other targets, said in a blog post that its investigation into the hack of its own network had identified “a global campaign” targeting governments and the private sector that, beginning in the spring, slipped malware into a SolarWinds software update.
The malware gave the hackers remote access to victims’ networks.
FireEye said it had notified “multiple organizations” globally where it saw indications of compromise. It said that the hacks did not seed self-propagating malware — like the 2016 NotPetya malware blamed on Russia that caused more than $10 billion in damage globally — and that any actual infiltration of an infected organization required “meticulous planning and manual interaction.”
The US government did not publicly identify Russia as the culprit behind the hacks, first reported by Reuters, and said little about who might be responsible. Cybersecurity experts said last week that they considered Russian state hackers to be the main suspect.
National Security Council spokesperson John Ullyot said in a statement that the government was “taking all necessary steps to identify and remedy any possible issues related to this situation.”
On its website, SolarWinds says it has 300,000 customers worldwide, including all five branches of the US military, the Pentagon, the State Department, NASA, the NSA, the Department of Justice and the White House. It says the 10 leading US telecommunications companies and top five US accounting firms are also among customers.
The government’s Cybersecurity and Infrastructure Security Agency said it was working with other agencies to help “identify and mitigate any potential compromises.”
President Donald Trump last month fired the director of CISA, Chris Krebs, after Krebs vouched for the integrity of the presidential election and disputed Trump’s claims of widespread electoral fraud.
In a tweet Sunday, Krebs said “hacks of this type take exceptional tradecraft and time,” adding that he believed that its impact was only beginning to be understood.
Federal government agencies have long been attractive targets for foreign hackers.
Hackers linked to Russia were able to break into the State Department’s email system in 2014, infecting it so thoroughly that it had to be cut off from the Internet while experts worked to eliminate the infestation.
Reuters earlier reported that a group backed by a foreign government stole information from Treasury and a Commerce Department agency responsible for deciding Internet and telecommunications policy.
The Treasury Department deferred comment to the National Security Council. A Commerce Department spokesperson confirmed a “breach in one of our bureaus” and said “we have asked CISA and the FBI to investigate.” The FBI had no immediate comment.
Austin, Texas-based SolarWinds confirmed Sunday in an email to The Associated Press that it a “potential vulnerability” related to updates released between March and June for software that helps organizations monitor their online networks for problems.
“We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state,” said SolarWinds CEO Kevin Thompson in a statement.
The compromise is critical because SolarWinds would give a hacker “God-mode” access to the network, making everything visible, said Alperovitch.
FireEye announced on Tuesday that it had been hacked, saying foreign state hackers with “world-class capabilities” broke into its network and stole offensive tools it uses to probe the defenses of its thousands of customers. The hackers “primarily sought information related to certain government customers,” FireEye CEO Kevin Mandia said in a statement, without naming them.
Former NSA hacker Jake Williams, the president of the cybersecurity firm Rendition Infosec, said FireEye surely told the FBI and other federal partners how it had been hacked and they determined that Treasury had been similarly compromised.
“I suspect that there’s a number of other (federal) agencies we’re going to hear from this week that have also been hit,” Williams added.
FireEye responded to the Sony and Equifax data breaches and helped Saudi Arabia thwart an oil industry cyberattack — and has played a key role in identifying Russia as the protagonist in numerous aggressions in the burgeoning netherworld of global digital conflict.
Neither Mandia nor a FireEye spokesperson said when the company detected the hack or who might be responsible. Mandia said there was no indication they got customer information from the company’s consulting or breach-response businesses or threat-intelligence data it collects.

Biden’s Japan envoy pick vows to make Nissan executive case a priority

Updated 20 October 2021

Biden’s Japan envoy pick vows to make Nissan executive case a priority

  • Greg Kelly has denied charges he helped Carlos Ghosn hide 9.3 billion yen ($81.4 million) of Ghosn’s earnings over eight years through deferred payments
  • Rahm Emanuel, who President Joe Biden has nominated to be his ambassador to key US ally Japan, told senators he would deal with it as if he was a congressman and Kelly a constituent

WASHINGTON: Rahm Emanuel, nominee to be the next US ambassador to Tokyo, vowed at his Senate confirmation hearing on Wednesday to prioritize the case of an American former Nissan Motor executive who is facing a possible prison term in Japan.
In September, Japanese prosecutors asked a Tokyo court to send the executive, Greg Kelly, to prison for two years for his alleged part in helping Carlos Ghosn, Nissan’s ousted CEO, hide earnings.
When asked about the case, Emanuel, who President Joe Biden has nominated to be his ambassador to key US ally Japan, told senators he would deal with it as if he was a congressman and Kelly a constituent.
“I’ve already started to inquire about this and I want a report on my desk and ... if you start asking that, that goes from here to up here as a top priority,” he said.
“This is not just another piece of business to be checked out,” he said. “I’m going to be approaching this subject as a former US congressman, who knows what it means when you have a constituent at heart.”
Emanuel, the former mayor of Chicago, was responding to a question from Republican Senator William Hagerty of Tennessee, a former ambassador to Japan, who asked if he would make it a top priority to clear Kelly’s name.
Hagerty referred to Kelly as a “Tennessee citizen” and said he had been “deceived” into leaving the state to go to Japan where he was arrested in 2018, even though his lawyers believed he had committed no crime.
Hagerty said Japan was the number one investor in his home state and called the case “a real impediment” to the US-Japan economic relationship.
Japanese prosecutors called for the jail sentence for Kelly, who has been on bail in Japan since 2018, during closing arguments in a trial that began a last year.
A ruling in the case is expected next year, and if found guilty, Kelly could join two other Americans serving time in Japan after a court sentenced them in July for helping smuggle Ghosn out of Japan on a private jet hidden in luggage to Lebanon at the end of 2019, where he remains free as a fugitive.
Kelly has denied charges he helped Ghosn hide 9.3 billion yen ($81.4 million) of Ghosn’s earnings over eight years through deferred payments, saying that his only goal had been to retain a chief executive who could have been lured away by a rival automaker.
Both former Nissan executives allege they are victims of a boardroom coup by former colleagues worried that Ghosn would push through a merger between Nissan and Renault SA , its largest shareholder.

Death toll rises as unprecedented rainfall hits India’s Himalayan state

Updated 20 October 2021

Death toll rises as unprecedented rainfall hits India’s Himalayan state

  • Incessant rain has caused massive destruction in the state lying on the southern slope of the Himalaya mountain range
  • Ecologists blame unplanned development in the mountainous state for increasing climate-related disasters

NEW DELHI: Nearly 50 people have died in flash floods triggered by unprecedented heavy rains in the northern Indian state of Uttarakhand, authorities said on Wednesday, as environmentalist warn the Himalayan region is seeing the effects of climate change and rampant development.

Incessant rain since Monday has caused flooding, landslides, and massive destruction in the state lying on the southern slope of the Himalaya mountain range, in what is a second devastating incident related to extreme weather this year. In February, a portion of the Nanda Devi glacier broke off in Uttarakhand’s Chamoli district, triggering an avalanche and flooding that killed dozens of people.

"There has been massive damage. It will take time to return to normalcy," Uttarakhand chief minister Pushkar Singh Dhami told reporters on Wednesday. "Roads were washed away, there were landslides, rivers changed their routes, villages were affected, bridges collapsed."

The amount of rain that fell on the region, especially its famous tourist destination and hill station Nainital was abnormal, according to the Indian Meteorological Department (IMD).

"This was an unprecedented rain at this time of the year. Normally, the monsoon is retreating at this time and chances of rain are slim, but this amount of rain is unheard of in recent history," Dr. Rajendra Kumar Jenamani of the IMD told Arab News.

Ecologists have been warning for years that the Himalayas are warming at an alarming pace, melting ice trapped in glaciers, elevating the risk of devastating floods and landslides. Nearby populations are vulnerable, as the region’s ecosystem has also become too fragile for construction projects.

Nainital-based journalist and environmental researcher Kavita Upadhyay said the local community has not recorded incidents that had brought devastation as large as that caused by Monday and Tuesday downpours.

"We received more than 500-millimeter rainfall in 24 hours, and this is the maximum in recorded history," she told Arab News. "When we get 60-milimeter rainfall it is called heavy rainfall, imagine the magnitude of 500 millimeters."

Upadhyay blamed unplanned development for the disaster.

"One would hear the word 'climate change' but I am not an expert on that, but what we do know is that extreme weather events have been increasing," she said. "The reason for the disaster is definitely the way development is happening in Uttarakhand. Be it roads, houses or expanding tourism, big infrastructure projects like that. I don’t think authorities have taken into account that extreme weather events will happen."

Delhi-based environmentalist Vimlendu Jha said the extreme weather incidents occurring in Uttarakhand were an indication of a "climate crisis."

"We cannot call it climate change because change is a moderate word. Here we are talking about the climate crisis which is causing extreme rainfall and also a lot of rainfall in a small period of time," he said.

Referring to previous climate-related disasters in the region, Jha said in each case devastation was happening as unplanned development — including of hydroelectric power plants and roads for which thousands of trees had been cut — was causing "nature’s fury."

"The reason why it got scaled up and extreme this time is because of the overall destruction of the local ecology," Jha said. "These are the reason we are witnessing this kind of nature’s fury."


Syrian family sue EU border agency over removal from Greece

Updated 20 October 2021

Syrian family sue EU border agency over removal from Greece

  • They say they were tricked into boarding a plane after they were told it was destined for Athens but instead it took them to Turkey
  • First-of-its-kind case will test the accountability of the EU’s border agency, Frontex, which blames Greek authorities for the deportation

LONDON: A Syrian family is taking the EU’s border agency to the European Court of Justice to seek damages for their deportation from Greece to Turkey, which occurred after they had lodged an asylum claim.

They say they were tricked into boarding a deportation flight by EU and Greek officials five years ago, after they were told they would be flown to Athens but were instead taken to Turkey.

Prakken d’Oliveira, a Dutch law firm specializing in human rights cases, said on Wednesday that it has filed a lawsuit against Frontex, the EU agency responsible for border enforcement, and is seeking damages on behalf of the family. The deportation amounted to a violation of their human rights, the firm said, and Frontex operated the flight that carried it out.

The incident was the first recorded case of expulsion of asylum seekers after the EU reached a deal with Turkey in 2016 that explicitly stated that people arriving in Greece would have access to a fair asylum procedure.

“Frontex has acknowledged there were human rights violations. (It) has accepted that the refugees never got the chance to have their asylum request processed,” said Lisa-Marie Komp, one of the lawyers representing the family.

She said it is critical that the EU agency is held accountable for its actions and added: “If it is to be given such a far-reaching mandate, then there should be effective possibilities to hold it to account. And if that is not possible, what it will amount to is the undermining of the basic principle of rule of law.

“Beside the fate of the family, what is so fundamental is that this is the first time the European court of justice will get the opportunity to rule whether Frontex can be held accountable.”

The action is the first of its kind brought before the Luxembourg-based tribunal. It will highlight the practice of illegal pushbacks and other methods that campaigners argue deny asylum seekers their rights.

Frontex has faced accusations of “actively destroying” the fundamental principles on which the EU was built by participating in the pushbacks.

The Syrian family, who have not been named for security reasons, said they were tricked into boarding the deportation flight after submitting asylum claims on the Greek island of Leros.

“I never knew I was (going to be) deported to Turkey,” the then 33-year-old father told reporters at the time. “The policemen said, ‘Leave your dinner, get your stuff, we will take you to a police station for the night and (then) tomorrow morning to Athens.’”

The family, which included four children between the ages of one and seven, were forced to sit separately on the flight. They identified representatives of the EU border agency by the insignia on their guards’ uniforms.

“They were in a very vulnerable position,” Komp said. “The treatment of the children on the flight was itself in contravention of the rights of the child, enshrined in article 24 of the charter of fundamental rights of the EU.

“The bottom line is they didn’t take any measures to check whether it was legal to take this family out of Greece.”

The family, from the Kurdish town of Kobani in Syria, are now living in northern Iraq, fearing persecution in war-torn Syria if they return home.

Frontex has blamed “national authorities” for the incident, arguing that its role was merely to provide “means of transport, trained escorts, translators and medical personnel.”

An investigation into the incident, the results of which were published 19 months later, found that the asylum claim was registered 11 days before the flight that took the family to Turkey but was only logged on the electronic police system a day after they were deported.

Yiannis Mouzalas, who was the minister in charge of Greek migration policy at the time, said he ordered an inquiry into the case when it became clear that “violations” had occurred.

“An asylum request was lodged and it was evident the process had been violated and something illegal had happened,” he said.

Mouzalas said he had no knowledge of the outcome of the inquiry because he subsequently left his post, but added: “I do know it was the responsibility of the competent Greek authorities (to remove them), not Frontex which transported them.”

‘Sweet day’ for Afghan sportswomen fleeing Taliban rule on latest flight

Updated 20 October 2021

‘Sweet day’ for Afghan sportswomen fleeing Taliban rule on latest flight

  • The female footballers, basketball players and others were among 369 passengers on the plane to Qatar
  • Flying alongside the athletes were expat Afghans who were visiting their homeland and were caught off guard by the speed of the Taliban victory

KABUL: Afghan women athletes expressed relief and optimism Wednesday as they fled Taliban rule on the latest flight out of Kabul, with one calling it a “sweet day for all of us.”
The female footballers, basketball players and others were among 369 passengers on the plane to Qatar, including more than 55 who were evacuated in coordination with global football body FIFA which is organizing next year’s World Cup in the Gulf monarchy.
The semi-regular flight to Doha, arranged by the Qatar government, has become a rare lifeline for Afghans with passports and visas since the Taliban seized power in August.
Wednesday’s flight was the most packed yet, and included several women athletes including 28-year-old basketballer Tahera Yousofi from Herat, who is heading to Canada.
“Today is a very, very sweet day for all of us because after many, many weeks our trek starts and we are very happy,” she told AFP.
Tahera used to play and train regularly in Afghanistan and has competed internationally, but since the hard-line Taliban returned this has proved impossible.
“The Taliban government don’t let us play and don’t let us get a job and we have to vacate this country, unfortunately,” she said.
Sports were banned when the Taliban last ruled Afghanistan from 1996 to 2001, and since their return women’s freedoms have again been abruptly curtailed.
Flying alongside the athletes were expat Afghans who were visiting their homeland and were caught off guard by the speed of the Taliban victory.
Aside from Afghans, the passengers included citizens from the United States, Germany, Britain, Belgium, Ireland, the Netherlands, Canada, Japan and others.
Several families brought young children and babies, and some were so exhausted they fell asleep almost on take-off.
Sef and Zohra Amiri, 22 and 26, had planned a two-week visit from their home in Britain but ended up trapped for a fearful two and a half months.
“Finally we got the phone call from the British Embassy to help us to get out of here. Now we can finally breathe and we can fly wherever we want to go and (do) whatever we want to do,” said Zohra.
Since the Taliban took control of Kabul, the family has been trapped in their compound — particularly the women.
“My auntie went outside and the Taliban broke her foot. So that was really scary for us, really sad for us. As a woman we want all freedoms for us, like boys,” Zohra said.
The Qatari flights began on August 31 and depart around twice a week, carrying hundreds of passengers each time, including Afghans at risk under the new regime.
The Taliban have complained that the ongoing departure of many educated middle-class citizens and employees of the former US-backed government is a brain drain undermining their effort to stabilize the country.
But they have promised the international community not to interfere with the departure of Afghans with legitimate papers, despite reports of intimidation, and have cooperated with the Qatar air bridge.
On arrival in Qatar, the passengers are taken to a compound where they have access to Covid-19 testing and can rest and prepare for onward travel to their final destination.
Qatar says it “will continue to work with international partners on efforts that ensure freedom of movement in Afghanistan, including through serving as an active mediator between various parties.”

UK hospitals on the edge as government resists fresh COVID measures

Updated 20 October 2021

UK hospitals on the edge as government resists fresh COVID measures

  • Javid announced deals for two experimental COVID-19 antivirals
  • Britain has the eighth biggest death toll globally from COVID-19, with 139,000 fatalities

LONDON: Britain's health minister Sajid Javid on Wednesday resisted calls from doctors for fresh measures to halt a rising wave of COVID-19 infections despite their warnings that hospitals are on the edge of being overwhelmed.
Britain reported 223 new deaths from COVID-19 on Tuesday, the highest daily figure since March, and cases are the highest in Europe, with nearly 50,000 new infections reported on Wednesday.
Javid announced deals for two experimental COVID-19 antivirals, one developed by Merck and Ridgeback Therapeutics and another by Pfizer, doubling down on a strategy of relying on vaccines and drugs to limit the damage this winter, instead of restrictions.
But he warned that people should get vaccinated and take up booster shots when offered, or else "Plan B", involving limited steps such as mask mandates, a work from home order and vaccination passes to get into venues, might be enacted.
"We're looking closely at the data, and we won't be implementing our Plan B of contingency measures at this point," he said, adding that 5 million people aged over 16 remained unvaccinated and that cases could reach 100,000 cases a day.
"If we want to secure these freedoms for the long term, then the best thing that we can do is come forward (for a shot), once again, when that moment comes."
Britain has the eighth biggest death toll globally from COVID-19, with 139,000 fatalities. But it also had a quick start to its vaccine programme and Prime Minister Boris Johnson has lifted almost all restrictions in England, ending social distancing measures and mask mandates.
Johnson's government has said it is relying on vaccinations, including booster shots for the vulnerable, to avoid winter lockdowns, having already shut the economy three times.
But the rollout has stalled, slipping behind several other European countries, while the booster programme is off to a slow start.
"COVID-19 cases are rising and winter is drawing closer. If you have not been vaccinated, now is the time. If you are offered a booster please take up the offer," Chief Medical Officer Chris Whitty said, adding that masks in crowded indoor spaces remained important.
Doctors have expressed concern that an increase in numbers going into hospital, combined with pressures on the National Health Service (NHS) from seasonal viruses, could leave hospitals unable to deal with long waiting lists and function normally.
Matthew Taylor, chief executive of the NHS Confederation, called for more measures.
"This is the middle of October. Things are only going to get worse," Taylor told BBC radio.
"The health service is right at the edge ... if you push much further we will not be able to provide the level of service that people need to have."
Javid said he did not believe the pressure on the NHS had become unsustainable, and added the government would act if that changed.
Andrew Pollard, the head of the Oxford Vaccine Group, said the risk was mainly in the unvaccinated.
He added that a subvariant of Delta that is growing in England was unlikely to change the picture. Javid said there was no reason to believe the subvariant posed a greater threat than Delta.