July 27 (Reuters) – The European Union found evidence that smartphones used by some of its staff were compromised by an Israeli company’s spy software, the bloc’s top justice official said in a letter seen by Reuters.
In a July 25 letter sent to European lawmaker Sophie in ‘t Veld, EU Justice Commissioner Didier Reynders said iPhone maker Apple had told him in 2021 that his iPhone had possibly been hacked using Pegasus, a tool developed and sold to government clients by Israeli surveillance firm NSO Group.
The warning from Apple triggered the inspection of Reynders’ personal and professional devices as well as other phones used by European Commission employees, the letter said.
Register now for FREE unlimited access to Reuters.com
Register
Though the investigation did not find conclusive proof that Reynders’ or EU staff phones were hacked, investigators discovered “indicators of compromise” – a term used by security researchers to describe that evidence exists showing a hack occurred.
Reynders’ letter did not provide further detail and he said “it is impossible to attribute these indicators to a specific perpetrator with full certainty.” It added that the investigation was still active.
Messages left with Reynders, the European Commission, and Reynders’ spokesman David Marechal were not immediately returned.
An NSO spokeswoman said the firm would willingly cooperate with an EU investigation.
“Our assistance is even more crucial, as there is no concrete proof so far that a breach occurred,” the spokeswoman said in a statement to Reuters. “Any illegal use by a customer targeting activists, journalists, etc., is considered a serious misuse.”
NSO Group is being sued by Apple Inc (AAPL.O) for violating its user terms and services agreement.
LAWMAKERS’ QUESTIONS
Reuters first reported in April that the European Union was investigating whether phones used by Reynders and other senior European officials had been hacked using software designed in Israel. Reynders and the European Commission declined to comment on the report at the time.
Reynders’ acknowledgement in the letter of hacking activity was made in response to inquiries from European lawmakers, who earlier this year formed a committee to investigate the use of surveillance software in Europe.
Last week the committee announced that its investigation found 14 EU member states had purchased NSO technology in the past.
Reynders’ letter – which was shared with Reuters by in ‘t Veld, the committee’s rapporteur – said officials in Hungary, Poland and Spain had been or were in the process of being questioned about their use of Pegasus.
In ‘t Veld said it was imperative to find out who targeted the EU Commission, suggesting it would be especially scandalous if it were found that an EU member state was responsible.
The European Commission also raised the issue with Israeli authorities, asking them to take steps to “prevent the misuse of their products in the EU,” the letter said.
A spokesperson for the Israeli Ministry of Defense did not immediately respond to a request for comment.
Apple’s alerts, sent late last year, told targeted users that a hacking tool, dubbed ForcedEntry, may have been used against their devices to download spyware. Apple said in a lawsuit that ForcedEntry had been the work of NSO Group. Reuters also previously reported that another, smaller Israeli firm named QuaDream had developed a nearly identical tool.
In November, the administration of U.S. President Joe Biden gave NSO Group a designation that makes it harder for U.S. companies to do business with them, after determining that its phone-hacking technology had been used by foreign governments to “maliciously target” political dissidents around the world.
NSO, which has kept its client list confidential, has said that it sells its products only to “vetted and legitimate” government clients.
Register now for FREE unlimited access to Reuters.com
Register
Reporting by Raphael Satter and Christopher Bing in Washington; editing by Grant McCool
Our Standards: The Thomson Reuters Trust Principles.
PALO ALTO, Calif., June 24 (Reuters) – The technology industry is bracing for the uncomfortable possibility of having to hand over pregnancy-related data to law enforcement, in the wake of the U.S. Supreme Court’s decision on Friday to overturn the Roe v. Wade precedent that for decades guaranteed a woman’s constitutional right to an abortion. read more
As state laws limiting abortion kick in after the ruling, technology trade representatives told Reuters they fear police will obtain warrants for customers’ search history, geolocation and other information indicating plans to terminate a pregnancy. Prosecutors could access the same via a subpoena, too.
The concern reflects how the data collection practices of companies like Alphabet Inc’s (GOOGL.O) Google, Facebook parent Meta Platforms Inc (META.O) and Amazon.com Inc (AMZN.O) have the potential to incriminate abortion-seekers for state laws that many in Silicon Valley oppose.
Register now for FREE unlimited access to Reuters.com
Register
“It is very likely that there’s going to be requests made to those tech companies for information related to search histories, to websites visited,” said Cynthia Conti-Cook, a technology fellow at the Ford Foundation.
Google declined to comment. Representatives for Amazon and Meta did not immediately respond to requests for comment.
Folders containing medical records of abortions that took place inside Tulsa Women’s Clinic, prior to Oklahoma’s abortion ban, are pictured in Tulsa, Oklahoma, U.S. June 20, 2022. REUTERS/Liliana Salgado/File Photo
Read More
Technology has long gathered – and at times revealed – sensitive pregnancy-related information about consumers. In 2015, abortion opponents targeted ads saying “Pregnancy Help” and “You Have Choices” to individuals entering reproductive health clinics, using so-called geofencing technology to identify smartphones in the area.
More recently, Mississippi prosecutors charged a mother with second-degree murder after her smartphone showed she had searched for abortion medication in her third trimester, local media reported. Conti-Cook said, “I can’t even imagine the depth of information that my phone has on my life.”
While suspects unwittingly can hand over their phones and volunteer information used to prosecute them, investigators may well turn to tech companies in the absence of strong leads or evidence. In United States v. Chatrie, for example, police obtained a warrant for Google location data that led them to Okello Chatrie in an investigation of a 2019 bank robbery.
Amazon, for instance, complied at least partially with 75% of search warrants, subpoenas and other court orders demanding data on U.S. customers, the company disclosed for the three years ending in June 2020. It complied fully with 38%. Amazon has said it must comply with “valid and binding orders,” but its goal is to provide “the minimum” that the law requires.
Eva Galperin, cybersecurity director at the Electronic Frontier Foundation, said on Twitter on Friday, “The difference between now and the last time that abortion was illegal in the United States is that we live in an era of unprecedented digital surveillance.”
Register now for FREE unlimited access to Reuters.com
Register
Reporting by Jeffrey Dastin and Katie Paul in Palo Alto, Calif., Paresh Dave in Oakland, Calif., and Stephen Nellis
Editing by Anna Driver and Matthew Lewis
Our Standards: The Thomson Reuters Trust Principles.
June 6 (Reuters) – Elon Musk on Monday warned that he might walk away from his $44 billion offer to acquire Twitter Inc (TWTR.N) if the social media network failed to provide data on spam and fake accounts.
In a letter to Twitter, the billionaire reiterated his request for details on bot accounts and said he reserved all rights to terminate the merger as the company was in a “clear material breach” of its obligations by not providing him with the information.
Twitter shares fell as much as 5.6% to $37.92 and were trading at a steep discount to Musk’s offer of $54.20 per share, suggesting that investors did not expect the deal to close at the agreed price. The stock was last down 2%, while Tesla rose 1.2%.
Register now for FREE unlimited access to Reuters.com
Register
“Twitter has and will continue to cooperatively share information with Musk to consummate the transaction in accordance with the terms of the merger agreement,” the company said in a statement.
It intends to close the deal at the agreed price and terms, Twitter added
Musk put the deal “temporarily on hold” in mid-May, saying he will not move forward with the offer until Twitter showed proof that spam bots account for less than 5% of its total users.
Since then, the takeover saga has seen several twists and turns, raising questions about Musk’s intentions to complete the deal at the set price.
Although Musk has extensively used the social-media platform to air his views on the deal and the company, this is the first time that he has formally threatened to walk away.
An image of Elon Musk is seen on smartphone placed on printed Twitter logos in this picture illustration taken April 28, 2022. REUTERS/Dado Ruvic/Illustration
Read More
“It’s fairly obvious that he has buyer’s remorse and he is trying whatever to get a reduction in price, and I think he may succeed,” said Dennis Dick, a proprietary trader at Bright Trading LLC.
“You can see the sell-off in social media stocks and he has realized that he overpaid … all these are tactics just to get a reduction in price.”
Musk has questioned the accuracy of Twitter’s public filings about spam accounts, claiming they must be at least 20% of the user base. Twitter has disagreed, with Chief Executive Parag Agrawal providing details on how the company handles spam accounts in one of his recent tweets.
A self proclaimed free-speech absolutist, Musk has said one of his priorities will be to remove “spam bots” from the platform. The Tesla Inc (TSLA.O) CEO owns 9.6% of Twitter and has over 95 million followers on the network.
As part of the deal, Musk is contractually obligated to pay a $1 billion break-up fee – a sliver of his fortune of $219 billion estimated by Forbes – if he does not complete the deal. Twitter can sue for “specific performance” to force Musk to complete the deal and obtain a settlement from him as a result. read more
In his letter, Musk said he needed the data to conduct his own analysis of Twitter users and did not believe in the company’s “lax testing methodologies.”
“He is trying to walk away from the Twitter deal, this is the first shot across the bow,” Wedbush analyst Dan Ives said.
Musk has lined up several high-profile investors, including Saudi Arabian investor Prince Alwaleed bin Talal and Sequoia Capital, to fund the deal.
Elon Musk threatens to walk away from deal
Register now for FREE unlimited access to Reuters.com
Register
Reporting by Nivedita Balu in Bengaluru; Additional reporting by Tiyashi Datta; Writing by Sweta Singh; Editing by Anil D’Silva
Our Standards: The Thomson Reuters Trust Principles.
WASHINGTON, June 2 (Reuters) – Consumer advocates on Thursday urged U.S. regulators to investigate video game maker Electronic Arts Inc (EA.O) for what they say was the misleading use of a digital “loot box” that “aggressively” urges players to spend more money while playing a popular soccer game.
The groups Fairplay, Center for Digital Democracy and 13 other organizations urged the Federal Trade Commission to probe the EA game “FIFA: Ultimate Team”.
In the game, players build a soccer team using avatars of real players and compete against other teams. In a letter to the FTC, the groups said the game usually costs $50 to $100 but that the company pushed push players to spend more.
Register now for FREE unlimited access to Reuters.com
Register
“It entices players to buy packs in search of special players,” said the letter sent by these groups along with the Consumer Federation of America and Massachusetts Council on Gaming and Health and others.
The packs, or loot boxes, are packages of digital content sometimes purchased with real money that give the purchaser a potential advantage in a game. They can be purchased with digital currency, which can obscure how much is spent, they said.
“The chances of opening a coveted card, such as a Player of the Year, are miniscule unless a gamer spends thousands of dollars on points or plays for thousands of hours to earn coins,” the groups said in the letter.
Electronic Arts said in a statement on Thursday that of the game’s millions of players, 78% have not made an in-game purchase.
“Spending is always optional,” a company spokesperson said in an email statement. “We encourage the use of parental controls, including spend controls, that are available for every major gaming platform, including EA’s own platforms.”
The spokesperson also said the company created a dashboard so players would track how much time they played, how many packs they opened and what purchases were made.
The FTC, which goes after companies engaged in deceptive behavior, held a workshop on loot boxes in 2019. In a “staff perspective” which followed, the agency noted that video game microtransactions have become a multibillion-dollar market.
Register now for FREE unlimited access to Reuters.com
Register
Reporting by Diane Bartz in Washington
Editing by David Gregorio and Matthew Lewis
Our Standards: The Thomson Reuters Trust Principles.
WASHINGTON/LONDON, May 25 (Reuters) – A new website that published leaked emails from several leading proponents of Britain’s exit from the European Union is tied to Russian hackers, according to a Google cybersecurity official and the former head of UK foreign intelligence.
The website – titled “Very English Coop d’Etat” – says it has published private emails from former British spymaster Richard Dearlove, leading Brexit campaigner Gisela Stuart, pro-Brexit historian Robert Tombs, and other supporters of Britain’s divorce from the EU, which was finalized in January 2020.
The site contends that they are part of a group of hardline pro-Brexit figures secretly calling the shots in the United Kingdom.
Register now for FREE unlimited access to Reuters.com
Register
Reuters could not immediately verify the authenticity of the emails, but two victims of the leak on Wednesday confirmed that they had been targeted by hackers and blamed the Russian government.
“I am well aware of a Russian operation against a Proton account which contained emails to and from me,” said Dearlove, referring to the privacy-focused email service ProtonMail.
Dearlove, who led Britain’s foreign spy service – known as MI6 – between 1999 and 2004, told Reuters the leaked material should be treated with caution given “the context of the present crisis in relations with Russia.”
Tombs said in an email he and his colleagues were “aware of this Russian disinformation based on illegal hacking.” He declined further comment. Stuart, who chaired Britain’s Vote Leave campaign in 2016, did not return emails.
Shane Huntley, who directs Google’s Threat Analysis Group, told Reuters that the “English Coop” website was linked to what the Alphabet Inc (GOOGL.O)-owned company knew as “Cold River,” a Russia-based hacking group.
“We’re able to see that through technical indicators,” Huntley said.
Huntley said that the entire operation – from Cold River’s hacking attempts to publicizing the leaks – had “clear technical links” between one another.
The Russian embassies in London and Washington did not return emails seeking comment.
Britain’s Foreign Office, which handles media queries for MI6, declined comment. Other Brexit supporters whose emails were suspected of being disseminated on the website also did not respond to emails.
‘LOOKS VERY FAMILIAR’
How the emails were obtained is unknown and the website hosting them made no effort to explain who was behind the leak. The leaked messages mainly appear to have been exchanged using ProtonMail. ProtonMail declined comment.
Reuters was unable to independently verify Google’s assessment about a Russian link to the website, but Thomas Rid, a cybersecurity expert at Johns Hopkins University, said the site was reminiscent of past hack-and-leak operations attributed to Russian hackers.
“What jumps out at me is how similar the M.O. is to Guccifer 2 and DCLeaks,” he said, referring to two of the sites that disseminated leaked emails stolen from Democrats in the run-up to the 2016 U.S. presidential election.
“It looks very familiar in some ways, including the sloppiness,” he said.
If the leaked messages are in fact authentic it would mark the second time in three years that suspected Kremlin spies have stolen private emails from a senior British national security official and published them online.
In 2019, classified U.S.-UK trade documents were leaked ahead of Britain’s election after being stolen from the email account of former trade minister Liam Fox, Reuters previously reported. UK officials never confirmed the specifics of the operation, but then-British foreign minister Dominic Raab said the hack-and-leak was an effort by the Kremlin to interfere in the Britain’s election, a charge that Moscow denied.
The “English Coop” site makes a variety of allegations, including one that Dearlove was at the center of a conspiracy by Brexit hardliners to oust former British Prime Minister Theresa May, who had negotiated a withdrawal agreement with the European Union in early 2019, and replace her with Johnson, who took a more uncompromising position.
Dearlove said that the emails captured a “legitimate lobbying exercise which, seen through this antagonistic optic, is now subject to distortion.”
He declined further comment.
Johnson, who took over from May later in 2019, has staked out a tough stance on Russia’s invasion of Ukraine, committing hundreds of millions of dollars of military equipment to the government in Kyiv. In April, Johnson visited the capital for a televised walkabout with Ukrainian President Volodymyr Zelenskiy. read more
Johnson was officially banned from Russian soil on April 16. Internet domain records show the “Coop” website was registered three days later. Its URL included the words “sneaky strawhead” in an apparent knock at Johnson’s tousled hairstyle.
Rid said that while journalists should not shy away from covering authenticated material exposed by the leak, they should still tread very carefully.
“If the leak has newsworthy detail, then it is also newsworthy to point out that the material comes from an adversarial intelligence agency, especially in a time of war,” said Rid.
Register now for FREE unlimited access to Reuters.com
Register
Reporting by Raphael Satter and Christopher Bing in Washington and James Pearson in London; editing by Chris Sanders and Grant McCool
Our Standards: The Thomson Reuters Trust Principles.
May 20 (Reuters) – President Vladimir Putin said on Friday that the number of cyber attacks on Russia by foreign “state structures” had increased several times over and that Russia must bolster its cyber defences by reducing the use of foreign software and hardware.
The websites of many state-owned companies and news websites have suffered sporadic hacking attempts since Russia sent its armed forces into Ukraine on Feb. 24, often to show information that is at odds with Moscow’s official line on the conflict.
“Targeted attempts are being made to disable the internet resources of Russia’s critical information infrastructure,” Putin said, adding that media and financial institutions had been targeted.
Register now for FREE unlimited access to Reuters.com
Register
“Serious attacks have been launched against the official sites of government agencies. Attempts to illegally penetrate the corporate networks of leading Russian companies are much more frequent as well,” he said.
In a meeting with the Security Council, Putin said that Russia would need to improve information security in key sectors and switch to using domestic technology and equipment.
“Restrictions on foreign IT, software and products have become one of the tools of sanctions pressure on Russia,” Putin said. “A number of Western suppliers have unilaterally stopped technical support of their equipment in Russia.”
He said cases of programmes getting blocked after being updated were becoming more frequent.
DATA LEAKS
State communications regulator Roskomnadzor on Wednesday said it had blocked a website that was hosting the personal data of a number of companies’ clients. It did not name the companies.
Russia’s second-biggest bank VTB (VTBR.MM) was quoted by media as saying some customers’ phone numbers had been leaked but there was no risk to their funds.
E-commerce player Wildberries and online marketplace Avito denied reports in Russian media that their data had been leaked.
A data leak in early March exposed the personal details of more than 58,000 people on tech giant Yandex’s (YNDX.O) food delivery app, Yandex.Eda. read more
Yandex.Eda competitor Delivery Club on Friday apologised to users after it suffered a data leak on orders placed by users.
“The data includes information about orders and does not affect bank details. We are doing our best to prevent the dissemination of the data,” TASS news agency quoted the company as saying.
Hacking attacks this month kept video-hosting site RuTube offline for three days and altered satellite television menus in Moscow on Victory Day, when Russia celebrated the 77th anniversary of the Soviet Union’s victory over Nazi Germany. read more
Moscow has long sought to improve its domestic internet infrastructure, even disconnecting itself from the global internet during tests last summer.
However, the unprecedented Western barrage of sanctions imposed in response to Moscow’s military campaign in Ukraine has increased the pressure to make Russia’s IT systems more resilient.
Register now for FREE unlimited access to Reuters.com
Register
Reporting by Reuters; Editing by Kevin Liffey
Our Standards: The Thomson Reuters Trust Principles.
April 27 (Reuters) – Russian government hackers carried out multiple cyber operations against Ukraine that appeared to support Moscow’s military attacks and online propaganda campaigns, Microsoft (MSFT.O) said in a report on Wednesday.
The reported intrusions – some of which have not been previously disclosed – suggest that hacking has played a bigger role in the conflict than what has been publicly known.
The digital onslaught, which Microsoft said began one year prior to Russia’s Feb. 24 invasion, may have laid the groundwork for different military missions in the war-torn territory, researchers found.
Register now for FREE unlimited access to Reuters.com
Register
Between Feb. 23 and April 8, Microsoft said, it observed a total of 37 Russian destructive cyberattacks inside Ukraine.
The Russian Embassy in Washington did not immediately return a message seeking comment.
The findings underscore how modern warfare can combine digital and kinetic strikes, experts said.
“Russian generals and spies have tried to make cyberattacks part of their war effort while they’ve struggled on the battlefield,” said Thomas Rid, a professor of Strategic Studies at the Paul H. Nitze School of Advanced International Studies at Johns Hopkins University.
Microsoft said Russia’s hacking and military operations worked in “tandem against a shared target set.” The tech company said it could not determine whether this correlation was driven by coordinated decision-making or simply because of shared goals.
For example, a timeline published by Microsoft showed that on March 1 – the same day a Russian missile was fired at Kyiv’s TV tower – media companies in the capital were hit by destructive hacks and cyberespionage.
In another case, the company’s cybersecurity research team recorded “suspected Russian actors” lurking on Ukrainian critical infrastructure in the northeast city of Sumy, two weeks before widespread electricity shortages were reported in the area on March 3.
The next day, Microsoft said, Russian hackers broke into a government network in the central Ukrainian city of Vinnytsia. Two days later, missiles leveled the city’s airport.
Victor Zhora, a top Ukrainian cybersecurity official, said on Wednesday that he continues to see Russian cyberattacks on local telecom companies and energy grid operators.
“I believe that they can organize more attacks on these sectors,” Zhora told reporters. “We shouldn’t underestimate Russian hackers but we probably should not over-estimate their potential.”
He thanked Microsoft, the U.S. government and multiple European allies for their cybersecurity support.
Since the start of the war, academics and analysts have said Russia appeared to be less active in the cyber domain against Ukraine than expected. The Microsoft report reveals a flurry of malicious cyber activity, although its impact in most cases has been either unclear or not immediately evident.
Two weeks ago the U.S. government publicly exposed a cyberweapon, known as Pipedream, that was designed to damage industrial control systems. While the tool hasn’t been attributed to Russia, it is viewed as highly dangerous and its discovery coincides with the Ukraine conflict.
Register now for FREE unlimited access to Reuters.com
Register
Reporting by Raphael Satter, Christopher Bing and James Pearson; Editing by Howard Goller
Our Standards: The Thomson Reuters Trust Principles.
VILNIUS, April 22 (Reuters) – In April 2021, Russia’s financial intelligence unit met in Moscow with the regional head of Binance, the world’s largest crypto exchange. The Russians wanted Binance to agree to hand over client data, including names and addresses, to help them fight crime, according to text messages the company official sent to a business associate.
At the time, the agency, known as Rosfinmonitoring or Rosfin, was seeking to trace millions of dollars in bitcoin raised by jailed Russian opposition leader Alexei Navalny, a person familiar with the matter said. Navalny, whose network Rosfinmonitoring added that month to a list of terrorist organisations, said the donations were used to finance efforts to expose corruption inside President Vladimir Putin’s government.
Binance’s head of Eastern Europe and Russia, Gleb Kostarev, consented to Rosfin’s request to agree to share client data, the messages showed. He told the business associate that he didn’t have “much of a choice” in the matter.
Register now for FREE unlimited access to Reuters.com
Register
Kostarev didn’t comment for this article. Binance told Reuters it had never been contacted by Russian authorities regarding Navalny. It said that before the war it was “actively seeking compliance in Russia,” which would have required it to respond to “appropriate requests from regulators and law enforcement agencies.”
The encounter, which has not been previously reported, was part of behind-the-scenes efforts by Binance to build ties with Russian government agencies as it sought to boost its growing business in the country, Reuters reporting shows. This account of those efforts is based on interviews with over 10 people familiar with Binance’s operations in Russia, including former employees, ex-business partners and crypto industry executives, and a review of text messages that Kostarev sent to people outside the company.
Binance has continued to operate in Russia since Putin ordered his troops into Ukraine on Feb. 24, despite requests from the government in Kyiv to Binance and other exchanges to ban Russian users. Other major payment and fintech companies, such as PayPal and American Express, have halted services in Russia since the Kremlin launched what it calls a “special operation” to demilitarise and “denazify” Ukraine. One of Binance’s main rivals in Russia, EXMO.com, said on Monday it would no longer serve Russian and Belarusian clients and was selling its Russia business. Some smaller crypto exchanges remain.
CEO Changpeng Zhao, widely known by his initials CZ, has said he is against the war and “politicians, dictators that start the wars” but not against “the people on both sides of Ukraine and Russia that are suffering.” Zhao didn’t comment for this article. Binance referred Reuters to Zhao’s previous statements on the matter.
Legal representatives for Binance told Reuters that “active engagement with the Russian government has now stopped due to the conflict.” On Thursday Binance told users it was limiting services for major clients in Russia because of the latest European Union sanctions on Moscow.
Binance’s trading volumes in Russia have boomed since the war began, data from a top industry research firm shows, as Russians turned to crypto to protect their assets from Western sanctions and a devaluing rouble. In one recent message to an industry contact, Kostarev said Binance’s priority was to ensure the market stayed open, so the exchange wasn’t “making a fuss.” He didn’t elaborate.
Asked by Reuters to clarify Kostarev’s message, Binance said the war and economic crisis could accelerate crypto’s adoption among working-class Russian citizens looking for alternative payment means. Binance added that it is aggressively applying sanctions imposed by Western governments, but would not unilaterally “freeze millions of innocent users’ accounts.”
Reuters Graphics Reuters Graphics
THE FREEDOM OF MONEY
Since its launch five years ago in Shanghai, Binance has grown to dominate the unregulated Russian crypto sector with an estimated four-fifths of all trading volumes, market data shows. Binance said it doesn’t comment on “external data projections” and, as a private company, doesn’t share such information publicly.
Zhao, in 2019, told Russians that Binance’s mission there was to increase the “freedom of money” and “protect users.” Russians flocked to the platform, seeing it as an alternative to a banking system closely monitored by a state they distrusted.
In line with a draft law to regulate crypto companies, Binance agreed with Rosfinmonitoring to set up a local unit in Russia through which authorities can request client data, the Kostarev messages reviewed by Reuters show. Asked whether it had proceeded to set up this local unit, Binance responded, “Should we consider establishing a local entity in Russia in the future, Binance will never share data without a legitimate law enforcement request.”
Navalny’s chief of staff, Leonid Volkov, told Reuters that Russia’s proposed regulatory framework could let the Kremlin identify the opposition group’s crypto donors. Since Navalny’s arrest in January 2021, his anti-corruption foundation has publicly encouraged backers to donate via Binance, telling them this was the safest way to do so because, unlike with bank transfers, authorities would not know donors’ identities.
“These people will be in danger,” said Volkov, who runs the foundation from Lithuania. If Binance wants to protect its customers, Volkov went on, it should “never do anything with the Russian government.” The Kremlin declined to comment on Navalny’s crypto fundraising or Binance’s operations.
In response to Reuters’ questions, Binance said that before the war it was supportive of legislation that would bring clarity to regulation. But the Ukraine conflict and Western sanctions on many Russian banks had made it “virtually impossible for any platform to initiate or consider future plans in the region.”
People close to Binance said it supported the draft law because, once passed, crypto exchanges would be required to partner with Russian banks, allowing customers to deposit and trade significantly more funds.
The finance ministry said in early April it had finished drafting its “bill on the regulation of digital currencies.” People involved in the discussions say the government wants to move quickly to write the bill into law. One lawmaker told parliament’s official newspaper last month the crypto legislation would help mitigate damage to the Russian economy from sanctions.
Among the agencies helping develop the law is Rosfinmonitoring, responsible for combating money laundering and terrorist financing. Though nominally independent, it acts as an arm of the Federal Security Service (FSB), the main successor to the Soviet-era KGB, five people who have interacted with Rosfin said. Rosfin’s director, Yury Chikhanchin, is a security services veteran, according to his official biography.
Marshall Billingslea, a former head of the Financial Action Task Force, a global watchdog which sets standards for authorities combating financial crime, told a conference last year that Rosfin was “firmly under control of the FSB” to ensure that only state-sanctioned transactions were made into and out of Russia. Billingslea said it was “no surprise” to see Rosfin declare Navalny’s network a terrorist organisation after his arrest.
Rosfin, in a written response to Reuters’ questions, said it fully complies with international standards of operational independence in areas including regulating the activities of virtual asset service providers. Chikhanchin didn’t comment.
At least one other crypto exchange did not agree to provide client data to Rosfin due to concerns about how the information could be used and the FSB’s influence on the unit, according to a person familiar with the discussions. Others in Russia’s crypto sector said they were also sceptical about the draft law.
“No one knows if the proposed local office system will be used for good or bad,” said Mike Bystroff, a partner at the Moscow-based Digital Rights Center law firm, who represented Binance when it successfully challenged a ban on its website in January 2021.
Binance’s willingness to engage with Rosfin through 2021 contrasted with its approach elsewhere. Some national regulators have accused the company of withholding information. Britain’s regulator said in August last year a Binance UK unit was “not capable of being effectively supervised” after it refused to answer questions about Binance’s global business. Liechtenstein’s regulator, in a 2020 report, said Binance’s dealings with the body were “non-transparent” as it declined to provide financial information on request. In an article published in January, Reuters reported that Binance cancelled plans to seek a licence in Malta in 2019 due to Zhao’s concerns about the level of financial disclosure required.
Lawyers for Binance said it was “false equivalency” to conflate “distinct issues of our client’s responsiveness to law enforcement disclosure requests, with licensing applications for its own business that would involve wholly different types of disclosures.” Binance said it was “the most active participant in the industry” working with law enforcement to “develop best practices, mitigate/thwart new methods of criminality and prevent illicit proceeds from entering the marketplace.”
Binance said any suggestion that it refuses to share data with authorities making legitimate requests is “absolutely false.” It said it has strict policies and procedures to assess such requests and reserves the right to decline “when there is no legal purpose.”
“DON’T BE AFRAID”
Zhao first travelled to Russia as Binance CEO in October 2019. At a tech forum in Moscow, he told an audience to stop being “a slave” to traditional finance. His slideshow cited the 18th century philosopher Jean-Jacques Rousseau: “A man is born free, but everywhere he is in chains.”
Binance targeted Russia for expansion, noting in a 2018 blog post the country’s “hyperactive” crypto community. The exchange partnered with Belize-based payment company Advcash to enable users to deposit and withdraw roubles using bank cards. Advcash said the partnership is still active.
Binance gradually took a commanding share of the Russian crypto market. By mid-2021, Binance’s trading volumes in Russia had made it the exchange’s second-largest market globally after China, including among “VIP” clients who trade large amounts of crypto, a person with direct knowledge of the company’s data said. In March this year, Binance processed almost 80% of all rouble-to-crypto trades, according to data from researcher CryptoCompare, worth some 85 billion roubles ($1.1 billion).
“People just trusted it. It was always a step ahead of competitors,” said Maksim Sukhonosik, a Russian crypto trader and co-founder of blockchain consulting firm Colibri Group.
However, in 2020, Binance began drawing the attention of Russian authorities, who were at the time hostile to cryptocurrencies. Russia’s communications watchdog banned its website for allegedly carrying prohibited material about buying crypto. Binance challenged the decision in court and the ban was withdrawn in January 2021, according to statements Binance posted in its Telegram group for Russian users.
Binance told Reuters the lawsuit was dismissed on procedural grounds because the firm wasn’t properly notified. The regulator did not respond to requests to comment.
Navalny was arrested that month on his return to Russia, after recovering from poisoning with the nerve agent Novichok. He, along with the U.S. and British governments, blamed the FSB for the attack, an accusation Russia rejects. The FSB did not respond to questions for this article.
A core part of Russian prosecutors’ case against Navalny was the financing of his foundation. At his trial, they accused him of stealing over 350 million roubles, then worth some $4.8 million, that the foundation received as donations. Navalny denied the charge. Volkov told Reuters that security forces interrogated thousands of supporters who donated through Russian banks. None of these donors had used digital currencies, he said.
Navalny’s crypto fundraising surged after his arrest. The more than 670 bitcoin that supporters have donated via Binance and other exchanges would now be worth almost $28 million, according to blockchain data, though Volkov said the real amount raised is less because the bitcoins were sold upon receipt at a lower price.
When a Russian court outlawed Navalny’s foundation in June 2021, ruling it to be an “extremist organisation,” the network told supporters on Twitter to “learn how to use cryptocurrencies” and recommended they open Binance accounts. In a later how-to guide, the foundation advised donors to upload identity cards to Binance to verify their accounts, noting there were no instances yet of any crypto exchange providing information to Russian authorities. “You don’t need to be afraid,” the guide said.
After the explosion in Navalny’s bitcoin donations, the FSB started exploring how to identify his crypto donors, according to the person familiar with the matter. The FSB, the person said, instructed Rosfin to find a way to achieve that goal. Responding to questions from Reuters, Rosfin said it is prohibited from disclosing measures to combat terrorist financing. It said Navalny was involved in “terrorist activity.”
Reuters Graphics Reuters Graphics
“OUT OF THE SHADOWS”
In April 2021, a Russian non-profit organisation called the Digital Economy Development Fund invited Binance to a private meeting with Rosfin at a government building in Moscow, according to the invitation seen by Reuters. The organisation is headed by a former top advisor to Putin on internet policy, German Klimenko, and was set up in 2019 to develop Russian technologies. The fund’s website says one of its partners is the Russian trade and industry ministry. Kostarev, the Binance director, chairs the fund’s committee on digital currencies.
Neither the Digital Economy Development Fund nor Klimenko responded to emails seeking comment.
Another exchange, OKX, originally Chinese but now based in the Seychelles, was also invited, a person familiar with the meeting said. An OKX spokesperson said the company declined the invitation, without giving a reason.
At the meeting, according to Kostarev’s messages, Rosfin said it wanted exchanges to register with the agency so they could receive its requests for client information. Kostarev wrote to the business associate to say he didn’t view the demand as a problem. He told the associate the FSB was interested in crypto, too. He didn’t elaborate.
Asked about Kostarev’s meeting with Rosfin, Binance said, “We did not work with, collaborate, nor partner with that organization.” Five months later, Rosfin sent Binance a questionnaire, reviewed by Reuters, seeking more information on the exchange’s background checks on clients and its “preferred channel of communication” with authorities for requests on crypto transactions. Asked about this communication, the firm said, “Binance takes its compliance obligations seriously and welcomes opportunities to consult with regulators.”
Kostarev told the business associate in a message around the time of the questionnaire that Binance was stepping up efforts to engage with the government on crypto regulation. Rosfin was prepared to support Binance in this, Kostarev wrote.
But the Russian central bank was opposed to Moscow regulating cryptocurrencies and allowing the market to flourish out of concern that it would encourage criminal activity. Many of the world’s central banks, whose mission includes controlling money supply, have similar qualms about the wild world of crypto. Governor Elvira Nabiullina told Russia’s parliament in November “a responsible state should not stimulate their distribution.” A spokeswoman for the central bank declined to comment.
In January of this year, Binance announced it had hired a senior central bank official, Olga Goncharova, as a director for the Greater Russia region. Goncharova would build “systematic interaction” with authorities in Russia, Binance said.
After Nabiullina proposed a ban on crypto use on Russian territory later that month, Kostarev told the business associate in a message that Binance was “in a war” with the central bank. All other Russian government agencies wanted to legalise digital currencies, Kostarev said. Support for crypto was indeed building in Moscow. Following Nabiullina’s call for a ban, a top official at the finance ministry publicly backed the law that would require crypto exchanges to turn over names of their customers, saying it was necessary to ensure “transparency.”
Putin then intervened. In a televised meeting with ministers on Jan. 26, he asked the government and central bank to reach a “unanimous opinion” on crypto regulation. He noted Russia had “certain competitive advantages” in the sector, such as surplus electricity, the most crucial input for the power-hungry creation of cryptocurrency.
Two weeks later, the government approved a plan for crypto regulation, drawn up by agencies including Rosfin and the FSB, that would bring the “industry out of the shadows.”
Kostarev tweeted in response to an article on the announcement, “Finally some good news.”
In a document describing the proposed regulatory framework, the government said that without such a system law enforcement “will not be able to respond effectively to offences and crimes.” The government would create a database of cryptocurrency wallets related to terrorism financing, the government said, and exchanges would have to disclose information about their customers to Rosfin. The finance ministry submitted an early version of the draft law on Feb. 18.
Six days later, Russian forces invaded Ukraine. Binance’s rouble trading exploded as Western nations imposed sanctions on Russia and the Kremlin limited foreign currency withdrawals. CryptoCompare’s data shows Binance’s average daily volume for rouble transactions for the initial three weeks of the war was almost four times higher than during the month before.
On Binance’s Russian Telegram group, some volunteer customer representatives, known as Binance Angels, endorsed traders’ posts thanking Binance for not blocking accounts, including one message asking Binance not to “fall for this war crap.” Binance has enlisted hundreds of Angels around the world to promote the exchange to local crypto traders.
“Binance does not interfere in politics,” one Angel wrote. Binance told Reuters that Angels are not spokespeople for the company.
Binance also drew praise from Putin’s United Russia party. One lawmaker, Alexander Yakubovsky, speaking to the official parliament newspaper on March 14, called Binance the “leading experts in our country” advising politicians on crypto regulation. The company “is under strong pressure from countries unfriendly to Russia,” he said. Binance said they had never met or communicated with Yakubovsky and his opinions were his own.
($1 = 78.2830 roubles)
((Reporting by Angus Berwick in Vilnius and London and Tom Wilson in London; edited by Janet McBride))
Register now for FREE unlimited access to Reuters.com
Register
Our Standards: The Thomson Reuters Trust Principles.
WASHINGTON, March 25 (Reuters) – The Federal Communications Commission (FCC) on Friday added Russia’s AO Kaspersky Lab, China Telecom (Americas) Corp (0728.HK) and China Mobile International USA (0941.HK) to its list of communications equipment and service providers deemed threats to U.S. national security.
The regulator last year designated five Chinese companies including Huawei Technologies Co (HWT.UL) and ZTE Corp (000063.SZ) as the first firms on the list, which was mandated under a 2019 law. Kaspersky is the first Russian company listed.
FCC Commissioner Brendan Carr said the new designations “will help secure our networks from threats posed by Chinese and Russian state-backed entities seeking to engage in espionage and otherwise harm America’s interests.”
Register now for FREE unlimited access to Reuters.com
Register
U.S. officials have long said that running Kaspersky software could open American networks to malign activity from Moscow and banned Kaspersky’s flagship antivirus product from federal networks in 2017. Moscow-based Kaspersky has consistently denied being a tool of the Russian government,
In naming Kaspersky, the FCC announcement did not cite Russia’s invasion of Ukraine or recent warnings by President Joe Biden of potential cyberattacks by Russia in response to U.S. sanctions and support of Ukraine.
Kaspersky said in a statement that it was disappointed in the FCC decision, arguing it was “made on political grounds.” The move was “unsubstantiated and is a response to the geopolitical climate rather than a comprehensive evaluation of the integrity of Kaspersky’s products and services,” the company said.
The Chinese Embassy in Washington said Friday that the FCC “abused state power and maliciously attacked Chinese telecom operators again without factual basis. The U.S. should immediately stop its unreasonable suppression of Chinese companies.
“China will take necessary measures to resolutely safeguard the legitimate rights and interests of Chinese companies,” it added.
The Chinese companies did not immediately comment.
In October, the FCC revoked the U.S. authorization for China Telecom (Americas), saying it “is subject to exploitation, influence and control by the Chinese government.” [nL1N2RM1QE]
The FCC cited its prior decisions to deny or revoke the Chinese telecom companies’ ability to operate in United States in its decision to add them to the threat list.
The FCC also revoked the U.S. authorizations of China Unicom (0762.HK) and Pacific Networks and its wholly owned subsidiary ComNet.
In 2019, the FCC rejected China Mobile’s bid to provide U.S. telecommunications services, citing national security risks.
Inclusion on the “covered list” means money from the FCC’s $8 billion annual Universal Service Fund may not be used to purchase or maintain products from the companies. The fund supports telecommunications for rural areas, low-income consumers, and facilities such as schools, libraries and hospitals.
The FCC last year also named Hytera Communications (002583.SZ), Hangzhou Hikvision Digital Technology (002415.SZ) and Dahua Technology (002236.SZ) as security threats.
FCC Chair Jessica Rosenworcel said the agency worked closely with U.S. national security agencies to update the list and will add additional companies if warranted.
Register now for FREE unlimited access to Reuters.com
Register
Reporting by David Shepardson and Raphael Satter
Editing by Jonathan Oatis, Cynthia Osterman and Leslie Adler
Our Standards: The Thomson Reuters Trust Principles.
Okta logo is displayed in this illustration taken March 22, 2022. REUTERS/Dado Ruvic/Illustration – RC2R7T9UY7RP
Register now for FREE unlimited access to Reuters.com
Register
LONDON/WASHINGTON, March 24 (Reuters) – Police in Britain have arrested seven people following a series of hacks by the Lapsus$ hacking group which targeted major firms including Okta Inc (OKTA.O) and Microsoft Corp (MSFT.O), City of London Police said on Thursday.
San Francisco-based Okta Inc, whose authentication services are used by some of the world’s biggest companies to provide access to their networks, said on Tuesday it had been hit by hackers and some customers may have been affected. read more
“The City of London Police has been conducting an investigation with its partners into members of a hacking group,” Detective Inspector Michael O’Sullivan said in an emailed statement in response to a question about the Lapsus$ hacking group.
Register now for FREE unlimited access to Reuters.com
Register
The ransom-seeking gang had posted a series of screenshots of Okta’s internal communications on their Telegram channel late on Monday.
“Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation,” O’Sullivan said.
News of the digital breach had knocked Okta shares down about 11 percent amid criticism of the digital authentication firm’s slow response to the intrusion. read more
Shares of Okta were trading down 4.8% on Thursday.
City of London Police did not directly name Lapsus$ in its statement. A spokeswoman said none of the seven people arrested had been formally charged, pending investigation.
WHO ARE LAPSUS$?
Last month, Lapsus$ leaked proprietary information about U.S. chipmaker Nvidia Corp (NVDA.O) to the Web. read more
More recently the group has purported to have leaked source code from several big tech firms, including Microsoft, which on Tuesday confirmed that one of its accounts had been compromised.
Lapsus$ have not responded to repeated requests for comment on their Telegram channel and by email.
A teenager living near Oxford, England, is suspected of being behind some of the more notable attacks, Bloomberg News reported on Wednesday.
Reached by phone, the father of the teenager – who cannot be named because they are a minor – declined to comment. Reuters confirmed that cybersecurity researchers investigating Lapsus$ believe the teenager was involved in the group, according to three people familiar with the matter.
In a blog post on Thursday, Unit 42, a research team at Palo Alto Networks, described Lapsus$ as an “attack group” motivated by notoriety rather than financial gain.
Unlike other groups, they do not rely on the deployment of ransomware – malicious software to encrypt their victims’ networks, a hallmark of digital extortionists – and instead manually lay waste to their targets’ networks.
Along with Unit 221b, a separate security consultancy, the Palo Alto researchers said they had identified the “primary actor” behind Lapsus$ in 2021 and had been “assisting law enforcement in their efforts to prosecute this group”.
“The teenager we identified as being in control of Lapsus$ is particularly instrumental,” Allison Nixon, chief research officer at Unit 221b, told Reuters.
“Not just for their leadership role, but for the vital intel they must possess on other members”.
Register now for FREE unlimited access to Reuters.com
Register
Reporting by James Pearson in London and Raphael Satter in Washington; Additional reporting by Christopher Bing; Editing by Catherine Evans, Raissa Kasolowsky, Jonathan Oatis and David Gregorio
Our Standards: The Thomson Reuters Trust Principles.
