More stories

  • in

    Possible Cyberattack Disrupts The Philadelphia Inquirer

    The Inquirer, citing “anomalous activity” on its computer systems, said it was unable to print its regular Sunday edition and told staff members not to work in the newsroom at least through Tuesday.A possible cyberattack on The Philadelphia Inquirer disrupted the newspaper’s print operation over the weekend and prompted it to close its newsroom through at least Tuesday, when its staff will be covering an expensive and fiercely contested mayoral primary.Elizabeth H. Hughes, the publisher and chief executive of The Inquirer, said that the newspaper discovered “anomalous activity on select computer systems” on Thursday and “immediately took those systems offline.”But The Inquirer was unable to print its regular Sunday edition, the newspaper reported. Instead, print subscribers received a Sunday “early edition,” which went to press on Friday night. The newspaper also reported on Sunday that its ability to post and update stories on its website, Inquirer.com, was “sometimes slower than normal.”The Monday print editions of The Inquirer and The Philadelphia Daily News, which The Inquirer also publishes, were distributed as scheduled, Evan Benn, a company spokesman, said.But employees will not be permitted to work in the newsroom at least through Tuesday because access to The Inquirer’s internet servers has been disrupted, Ms. Hughes said in an email to the staff on Sunday evening that was shared with The New York Times.Ms. Hughes said that the company was looking for a co-working space for Tuesday, when The Inquirer will be covering a closely contested Democratic primary that is all but certain to determine the next mayor of Philadelphia — the largest city in Pennsylvania, a presidential swing state.“I truly don’t think it will impact it at all, short of us not being able to be together in the formal newsroom,” said Diane Mastrull, an editor who is president of The Newspaper Guild of Greater Philadelphia, the union that represents reporters, photographers and other staff members at The Inquirer. “Covid has certainly taught us to do our jobs remotely.”She said on Monday that the newspaper’s content management system, which staff members use to write and edit stories, was “operating with continued workarounds.”“I would not use the word ‘normal,’” Ms. Mastrull said.Ms. Hughes said that The Inquirer had notified the F.B.I. and had “implemented alternative processes to enable publication of print editions.”The newspaper was also working with Kroll, a corporate investigation firm, to restore its systems and to investigate the episode, Ms. Hughes said.The Inquirer, in its news story on the “apparent cyberattack,” said it was the most significant disruption to the publication of the newspaper since January 1996, when a major blizzard dropped more than 30 inches of snow on Philadelphia.The newspaper reported that Ms. Hughes, citing a continuing investigation, had declined to answer detailed questions about the episode, including who was behind it, whether The Inquirer or its employees appeared to have been specifically targeted, or whether any sensitive employee or subscriber information might have been compromised.In an email on Monday, Mr. Benn, the company spokesman, said: “As our investigation is ongoing, we are unable to provide additional information at this time. Should we discover that any personal data was affected, we will notify and support” anyone who might have been affected.Special Agent E. Edward Conway of the F.B.I. field office in Philadelphia said that while the agency was aware of the issue, it was the bureau’s practice not to comment on specific cyber incidents. “However, when the F.B.I. learns about potential cyberattacks, it’s customary that we offer our assistance in these matters,” Mr. Conway said in an email.Ms. Mastrull, who was working as an editor over the weekend, said that staff members had noticed on Saturday that they could not log on to the content management system.They were given a workaround, she said, but the process created “very, very difficult working conditions” as the staff covered the last weekend of campaign events before the primary, Taylor Swift concerts at Lincoln Financial Field and Game 7 of the Eastern Conference semifinals between the Boston Celtics and the Philadelphia 76ers.Employees were “a little concerned that there weren’t enough protections against this, and very frustrated that the company’s communication was lacking specifics,” Ms. Mastrull said.In 2018, The Los Angeles Times said that a cyberattack had disrupted its printing operations and those at newspapers in San Diego and Florida. Unnamed sources cited by The Los Angeles Times suggested that the newspaper might have been hit by ransomware — a pernicious attack that scrambles computer programs and files before demanding that the victim pay a ransom to unscramble them.The Guardian reported that it was hit by a ransomware attack in December in which the personal data of staff members in Britain was compromised. The Guardian reported that the attack forced it to close its offices for several months.In an email to the staff of The Inquirer on Sunday night, Ms. Mastrull summarized the day’s news and paid tribute to the staff members who covered it, “despite a publishing system rendered virtually inoperable.”“Now all we have to do is find some co-working space so we can cover a really important election Tuesday,” she wrote. “Can’t keep us down!” More

  • in

    Meta Manager Was Hacked With Spyware and Wiretapped in Greece

    Artemis Seaford, a dual U.S.-Greek national, was targeted with a cyberespionage tool while also under a wiretap by the Greek spy agency in a case that shows the spread of illicit snooping in Europe.A U.S. and Greek national who worked on Meta’s security and trust team while based in Greece was placed under a yearlong wiretap by the Greek national intelligence service and hacked with a powerful cyberespionage tool, according to documents obtained by The New York Times and officials with knowledge of the case.The disclosure is the first known case of an American citizen being targeted in a European Union country by the advanced snooping technology, the use of which has been the subject of a widening scandal in Greece. It demonstrates that the illicit use of spyware is spreading beyond use by authoritarian governments against opposition figures and journalists, and has begun to creep into European democracies, even ensnaring a foreign national working for a major global corporation.The simultaneous tapping of the target’s phone by the national intelligence service and the way she was hacked indicate that the spy service and whoever implanted the spyware, known as Predator, were working hand in hand.The latest case comes as elections approach in Greece, which has been rocked by a mounting wiretapping and illegal spyware scandal since last year, raising accusations that the government has abused the powers of its spy agency for illicit purposes.The Predator spyware that infected the device is marketed by an Athens-based company and has been exported from Greece with the government’s blessing, in possible breach of European Union laws that consider such products potential weapons, The New York Times found in December.The Greek government has denied using Predator and has legislated against the use of spyware, which it has called “illegal.”“The Greek authorities and security services have at no time acquired or used the Predator surveillance software. To suggest otherwise is wrong,” Giannis Oikonomou, the government spokesman, said in an email. “The alleged use of this software by nongovernmental parties is under ongoing judicial investigation.”“Greece was among the first countries in Europe that passed legislation banning the sale, use and possession of malware in December 2022, which has the most severe legal consequences and strict penalties for individuals and legal entities involved in such an offense,” Mr. Oikonoumou continued. “The same legislation includes provisions on restructuring of the National Intelligence Service, additional safeguards for legal surveillance and modernizing procedures on confidentiality of communications.”European Union lawmakers have launched their own investigation.Prime Minister Kyriakos Mitsotakis of Greece has come under pressure to explain how and why Predator was sold from Greece and used in Greece, supposedly without the government’s knowledge, against members of his own government, opposition politicians and journalists.Prime Minister Kyriakos Mitsotakis of Greece, center, during a parliamentary debate in January. He has been under pressure to explain how and why Predator spyware was sold from Greece and used in Greece.Petros Giannakouris/Associated PressHe has insisted that the Greek government had nothing to do with the cyber-surveillance tool, but that opaque actors may have used it behind the authorities’ backs.The latest case centers on Artemis Seaford, a Harvard and Stanford Law graduate, who worked from 2020 to the end of 2022 as a Trust and Security manager at Meta, the parent company of Facebook, while living in Greece.In her role at Meta, Ms. Seaford worked on policy questions relating to cybersecurity and she also maintained working relations with Greek as well as other European officials.After she saw her name on a leaked list of spyware targets in the Greek news media last November, she took her phone to The Citizen Lab at the University of Toronto, the world’s foremost forensics experts on spyware.The lab report, which was reviewed by The New York Times, found that Ms. Seaford’s mobile phone had been hacked with the Predator spyware in September 2021 for at least two months.“This does not preclude the possibility of other infections, or of an infection period extending beyond 2021-11-16,” the forensic report by Citizen Lab said.Ms. Seaford on Friday filed a lawsuit in Athens against anyone found responsible for the hack. The suit compels prosecutors to open an investigation.Ms. Seaford also filed a request with the Greek Authority for the Protection of the Privacy of Telecommunications, an independent constitutional watchdog, asking them to determine whether the Greek national intelligence service, known as the EYP, had wiretapped her phone..css-1v2n82w{max-width:600px;width:calc(100% – 40px);margin-top:20px;margin-bottom:25px;height:auto;margin-left:auto;margin-right:auto;font-family:nyt-franklin;color:var(–color-content-secondary,#363636);}@media only screen and (max-width:480px){.css-1v2n82w{margin-left:20px;margin-right:20px;}}@media only screen and (min-width:1024px){.css-1v2n82w{width:600px;}}.css-161d8zr{width:40px;margin-bottom:18px;text-align:left;margin-left:0;color:var(–color-content-primary,#121212);border:1px solid var(–color-content-primary,#121212);}@media only screen and (max-width:480px){.css-161d8zr{width:30px;margin-bottom:15px;}}.css-tjtq43{line-height:25px;}@media only screen and (max-width:480px){.css-tjtq43{line-height:24px;}}.css-x1k33h{font-family:nyt-cheltenham;font-size:19px;font-weight:700;line-height:25px;}.css-1hvpcve{font-size:17px;font-weight:300;line-height:25px;}.css-1hvpcve em{font-style:italic;}.css-1hvpcve strong{font-weight:bold;}.css-1hvpcve a{font-weight:500;color:var(–color-content-secondary,#363636);}.css-1c013uz{margin-top:18px;margin-bottom:22px;}@media only screen and (max-width:480px){.css-1c013uz{font-size:14px;margin-top:15px;margin-bottom:20px;}}.css-1c013uz a{color:var(–color-signal-editorial,#326891);-webkit-text-decoration:underline;text-decoration:underline;font-weight:500;font-size:16px;}@media only screen and (max-width:480px){.css-1c013uz a{font-size:13px;}}.css-1c013uz a:hover{-webkit-text-decoration:none;text-decoration:none;}What we consider before using anonymous sources. Do the sources know the information? What’s their motivation for telling us? Have they proved reliable in the past? Can we corroborate the information? Even with these questions satisfied, The Times uses anonymous sources as a last resort. The reporter and at least one editor know the identity of the source.Learn more about our process.Two people with direct knowledge of the case said that Ms. Seaford had in fact been wiretapped by the Greek spy service from August 2021, the month before the spyware hack, and for several months into 2022.They spoke on condition of anonymity because it is illegal for them to publicly comment on EYP operations.It could take a minimum of three years for Ms. Seaford to be informed of the spy agency wiretap under Greek laws that the government has twice changed since a flurry of wiretapping cases have come to light.Ms. Seaford is now is the fourth known person to file suit in Greece involving the spyware, after an investigative reporter and two opposition politicians.In the first case, an investigative reporter, Thanasis Koukakis, in 2020 similarly asked the constitutional watchdog authority to inform him whether he had also been placed under a wiretap.Thanasis Koukakis, an investigative journalist, has taken the Greek government to the European Court of Human Rights over a change in Greece’s surveillance law. Angelos Tzortzinis/Agence France-Presse — Getty ImagesBefore Mr. Koukakis could get a formal answer, the government quickly passed a law in 2021 that drastically curbs citizens’ rights to be informed if they had been under surveillance by the national intelligence service. Mr. Koukakis has taken the Greek government to the European Court of Human Rights over the change in the law.The Greek government has since come under pressure to restore some recourse for citizens to learn about being wiretapped and seek redress if their surveillance had been abusive.Under a law passed last year, a citizen who has been targeted by the spy agency can now be informed — but only if they ask, and subject to the approval of a committee, and no earlier than three years after the end of the wiretap.It is under those new conditions that Ms. Seaford’s surveillance by the Greek national intelligence service may one day be officially confirmed.“Targets of abusive surveillance should have the right to know what happened to them and have means of redress just like every other crime,” Ms. Seaford said in an interview.She maintains that there is no reasonable explanation for her being targeted. Wiretapping in Greece is permitted only for national security reasons or serious criminal investigations.More than a year after her surveillance by the Greek intelligence service and the illegal spyware infection of her mobile device, no charges have been brought against her, and she has not been asked to cooperate with the authorities on any investigation.“In my case, I do not know why I was targeted, but I cannot see any reasonable national security concerns behind it,” Ms. Seaford said. Meta and the U.S. embassy in Athens declined to comment.Ms. Seaford’s targeting by the Greek spy agency and some elements of her case were earlier reported by the Greek newspaper Documento.In Ms. Seaford’s case, it appears that information gleaned from the wiretap may have assisted the ruse used to implant the spyware, according to the timeline established by the forensic analysis and submitted to the Greek prosecutor.Demonstrators in Athens last year protesting revelations of the phone tapping of a political leader and journalists by the Greek National Intelligence Service. The scandal has become an issue in coming elections.Orestis Panagiotou/EPA, via ShutterstockIn September 2021, Ms. Seaford booked an appointment for a booster shot of the Covid-19 vaccine through the official Greek government vaccination platform.She got an automated SMS with her appointment details on Sept. 17, just after midnight. Five hours later, at 05:31 a.m., documents show, she received another SMS asking her to confirm the appointment by clicking on a link.This was the infected link that put Predator in her phone. The details for the vaccination appointment in the infected text message were correct, indicating that someone had reviewed the authentic earlier confirmation and drafted the infected message accordingly.The sender also appeared to be the state vaccine agency, while the infected URL mimicked that of the vaccination platform.Ms. Seaford, who has been reluctant to get dragged into Greek party politics, where the surveillance scandal has become a point of bitter debate, said the question of spyware and surveillance abuse should be a nonpartisan issue.“My hope is that my case and others like mine will not just be instrumentalized, shut down to avoid political cost for some, or, conversely, elevated for the political gain of others,” she said. More

  • in

    L.A. Drops Criminal Charges Against Election Software Executive

    Before the arrest of its founder and chief executive, Eugene Yu, Konnech repeatedly denied keeping data outside the United States, including in statements to The New York Times.Emily Elconin for The New York TimesLos Angeles County dropped criminal charges against the top executive of an elections technology company on Wednesday, bringing to an abrupt end an unusual case that became the focus of Americans who distrust the country’s electoral system.The district attorney’s office said in a statement that it had dropped the case against the executive, Eugene Yu, because of concerns about the “pace of the investigation” and the “potential bias in the presentation” of evidence in the case. The office said the county had assembled a new team to “determine whether any criminal activity occurred.”The prosecutors did not respond to questions about the decision.“Mr. Yu is an innocent man,” Gary Lincenberg, Mr. Yu’s lawyer, said in a statement, adding that “conspiracy theorists” were using the arrest to “further their political agenda.”Last month, Los Angeles prosecutors accused Mr. Yu, the chief executive of Konnech, a small election software company in Michigan, of storing data about poll workers on servers in China, a breach of the company’s contract with the county. The charges related only to poll worker data and had no impact on votes or election results.Mr. Yu, 64, has repeatedly denied sending data to China. The New York Times published an article about the claims and his denials as a part of its coverage of misinformation and elections. Los Angeles prosecutors arrested Mr. Yu the day after the article was published.The abrupt dismissal left several unanswered questions about the case and Mr. Yu’s suspected activities. The district attorney’s office did not clarify whether the company had, in fact, stored data in China. It was also not clear whether additional criminal or civil charges could be filed against Mr. Yu or Konnech from Los Angeles County or dozens of other counties that use Konnech’s election management software.Konnech has about 20 employees in the United States and about 20 customers. It plays no role in the tabulation or counting of votes in American elections. But some election deniers have suggested that Konnech gave the Chinese government a back door to manipulate America’s election process.True the Vote, an organization that claims to be devoted to uncovering election fraud, said at a conference this summer that its team had found and downloaded Konnech’s poll worker data from servers in China. It provided no evidence that it had downloaded the data, but said it had delivered a hard drive to the Federal Bureau of Investigation.Konnech sued True the Vote, along with Catherine Engelbrecht, its founder, and Gregg Phillips, an election denier and longtime associate of the group, accusing them of defamation and hacking. The pair were briefly jailed last week after refusing to release the name of a person involved in the suspected hack of Konnech’s data.In an earlier court filing, Mr. Phillips said he had spoken with the grand jury in Los Angeles County that eventually indicted Mr. Yu. More

  • in

    How a Tiny Elections Company Became a Conspiracy Theory Target

    At an invitation-only conference in August at a secret location southeast of Phoenix, a group of election deniers unspooled a new conspiracy theory about the 2020 presidential outcome.Using threadbare evidence, or none at all, the group suggested that a small American election software company, Konnech, had secret ties to the Chinese Communist Party and had given the Chinese government backdoor access to personal data about two million poll workers in the United States, according to online accounts from several people at the conference.In the ensuing weeks, the conspiracy theory grew as it shot around the internet. To believers, the claims showed how China had gained near complete control of America’s elections. Some shared LinkedIn pages for Konnech employees who have Chinese backgrounds and sent threatening emails to the company and its chief executive, who was born in China.“Might want to book flights back to Wuhan before we hang you until dead!” one person wrote in an email to the company.In the two years since former President Donald J. Trump lost his re-election bid, conspiracy theorists have subjected election officials and private companies that play a major role in elections to a barrage of outlandish voter fraud claims.But the attacks on Konnech demonstrate how far-right election deniers are also giving more attention to new and more secondary companies and groups. Their claims often find a receptive online audience, which then uses the assertions to raise doubts about the integrity of American elections.Unlike other election technology companies targeted by election deniers, Konnech, a company based in Michigan with 21 employees in the United States and six in Australia, has nothing to do with collecting, counting or reporting ballots in American elections. Instead, it helps clients like Los Angeles County and Allen County, Ind., with basic election logistics, such as scheduling poll workers.Konnech said none of the accusations were true. It said that all the data for its American customers were stored on servers in the United States and that it had no ties to the Chinese government.But the claims have had consequences for the firm. Konnech’s founder and chief executive, Eugene Yu, an American citizen who immigrated from China in 1986, went into hiding with his family after receiving threatening messages. Other employees also feared for their safety and started working remotely, after users posted details about Konnech’s headquarters, including the number of cars in the company’s parking lot.“I’ve cried,” Mr. Yu wrote in an email. “Other than the birth of my daughter, I hadn’t cried since kindergarten.”The company said the ordeal had forced it to conduct costly audits and could threaten future deals. It hired Reputation Architects, a public relations and crisis management company, to help navigate the situation.After the conspiracy theorists discovered that DeKalb County in Georgia was close to signing a contract with Konnech, officials there received emails and comments about the company, claiming it had “foreign ties.” The county Republican Party chairwoman, Marci McCarthy, heard from so many members about Konnech that she echoed parts of the conspiracy theory at a public comment period during the county’s elections board meeting.“We have a lot of questions about this vendor,” Ms. McCarthy said.The county signed the contract soon after the meeting.“It’s a completely fabricated issue,” Dele Lowman Smith, the elections board chair, said in an interview. “It’s absolutely bizarre, but it’s part of the tone and tenor of what we’re having to deal with leading up to the elections.”Although Konnech is a new target, the people raising questions about the company include some names notorious for spreading election falsehoods.The recent conference outside Phoenix was organized by True the Vote, a nonprofit founded by the prominent election denier Catherine Engelbrecht. She was joined onstage by Gregg Phillips, an election fraud conspiracy theorist who often works with the group. The pair achieved notoriety this year after being featured in “2000 Mules,” a widely debunked documentary claiming that a mysterious army of operatives influenced the 2020 presidential election.Ms. Engelbrecht and Mr. Phillips claimed at the conference and in livestreams that they investigated Konnech in early 2021. Eventually, they said, the group’s team gained access to Konnech’s database by guessing the password, which was “password,” according to the online accounts from people who attended the conference. Once inside, they told attendees, the team downloaded personal information on about 1.8 million poll workers.A Truth Social account shared the conspiracy theory about Konnech that Gregg Phillips, left on the stage, and Catherine Engelbrecht presented at an event in Arizona in August.Truth SocialThe pair said they had notified the Federal Bureau of Investigation of their findings. According to their story, the agents briefly investigated their claim before turning on the group and questioning whether it had hacked the data.The F.B.I.’s press office said the agency “does not comment on complaints or tips we may or may not receive from the public.”Konnech said in a statement that True the Vote’s claim it had access to a database of 1.8 million poll workers was impossible because, among other reasons, the company had records on fewer than 240,000 poll workers at the time. And the records on those workers are not kept on a single database.The company said it had not detected any data breach, but declined to provide details about its technology, citing security concerns.Konnech once owned Jinhua Yulian Network Technology, a subsidiary out of China, where programmers developed and tested software. But the company said its employees there had always used “generic ‘dummy’ data created specifically for testing purposes.” Konnech closed the subsidiary in 2021 and no longer has employees in China.Konnech sued True the Vote last month, accusing it of defamation, violation of the federal Computer Fraud and Abuse Act, theft and other charges.The judge in the case granted Konnech’s request for an emergency temporary restraining order against the group, writing that Konnech faced “irreparable harm” and that there was a risk that True the Vote would destroy evidence. The order also required True the Vote to explain how it had supposedly gained access to Konnech’s data.True the Vote, Ms. Engelbrecht and Mr. Phillips said they could not comment because of a restraining order issued against them.But in a livestream on social media, Ms. Engelbrecht said the allegations by Konnech were meritless. “True the Vote looks forward to a public conversation about Konnech’s attempts to silence examination of its activities through litigation,” she said.Since the restraining order, True the Vote, Ms. Engelbrecht and Mr. Phillips have told Konnech a new version of their story, changing several important details.Mr. Phillips had explained in a podcast on Aug. 22 that “my analysts” had gained access to the data. But in a letter shared with Konnech’s lawyers, the group claimed that a third party who “was not contracted to us or paid by us” had approached them, claiming it had Konnech’s data. That person, who was unnamed except in a sealed court filing, presented only a “screen share” of “certain elements” of the data. They added that while the group had been provided with a hard drive containing the data, they “did not view the contents,” instead sharing it with the F.B.I.“True the Vote has never obtained or held any data as described in your petition,” they wrote. “This is just one of many inaccuracies contained therein.”The lawsuit did little to slow believers, who continued attacking Konnech. Some employees left the company, citing stress from the crisis, Mr. Yu said. The departures added to the workload among remaining staff just a few weeks before the midterm election.As True the Vote blanketed Konnech’s customers with information requests last year, Mr. Yu sent an email to Ms. Engelbrecht offering his help. True the Vote released that email exchange, including his unredacted email address and phone number, and a trove of other documents related to the company. That gave conspiracy theorists an easy way to target Mr. Yu with threatening messages. He now calls the email he sent naïve.“As we did more research into who they were, it became more and more clear that they had no interest in the truth,” he said. “For them, the truth is inconvenient.”Alexandra Berzon More