Decrypted: How Twitter was hacked, GitHub DMCA backfires

One week to the U.S. presidential election and things are getting spicy.

It’s not just the rhetoric — hackers are actively working to disrupt the election, officials have said, and last week they came with a concrete example and an unusually quick pointing of blame.

On Wednesday night, Director of National Intelligence John Ratcliffe blamed Iran for an email operation designed to intimidate voters in Florida into voting for President Trump “or else.” Ratcliffe, who didn’t take any questions from reporters and has been accused of politicizing the typically impartial office, said Iran had used voter registration data — which is largely public in the U.S. — to send emails that looked like they came from the far-right group the Proud Boys. Google security researchers also linked the campaign to Iran, which denied claims of its involvement. It’s estimated about 2,500 emails went through in the end, with the rest getting caught in spam filters.

The announcement was lackluster in detail. But experts like John Hultquist, who heads intelligence analysis at FireEye-owned security firm Mandiant, said the incident is “clearly aimed at undermining voter confidence,” just as the Russians attempted during the 2016 election.

 


THE BIG PICTURE

Twitter was hacked using a fake VPN portal, New York investigation finds

The hackers who broke into Twitter’s network used a fake VPN page to steal the credentials — and two-factor authentication code — of an employee, an investigation by New York’s Department of Financial Affairs found. The state tax division got involved after the hackers then hijacked user accounts using an internal “admin tool” to spread a cryptocurrency scam.

In a report published last week, the department said the hackers called several Twitter employees and used social engineering to trick one employee into entering their username and password on a site that looked like the company’s VPN portal, which most employees use to access the network from home during the pandemic.

“As the employee entered their credentials into the phishing website, the hackers would simultaneously enter the information into the real Twitter website. This false log-in generated a [two-factor authentication] notification requesting that the employees authenticate themselves, which some of the employees did,” wrote the report. Once onto the network using the employee’s VPN credentials, the hackers used that access to investigate how to access the company’s internal tools.

Twitter said in September that its employees would receive hardware security keys, which would make it far more difficult for a repeat phishing attack to be successful.

Open-source YouTube download tool hit by DMCA takedown, but backfires


Speak Your Mind

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Get in Touch

350FansLike
100FollowersFollow
281FollowersFollow
150FollowersFollow

Recommend for You

Oh hi there 👋
It’s nice to meet you.

Subscribe and receive our weekly newsletter packed with awesome articles that really matters to you!

We don’t spam! Read our privacy policy for more info.

You might also like

Givaudan Sales Growth Accelerates In Third Quarter As Perfumes...

Flavour and fragrance maker Givaudan said likeforlike sales growth accelerated to 3.1% in the...

MDH’s Dharampal Gulati dies: Story of the ‘spice king’...

New Delhi: MDH owner ‘Mahashay’ Dharampal Gulati died on December 3. Gulati, 98, suffered...

OPEC+ May Hold Extraordinary October Meeting If Oil Market...

MOSCOW/LONDON/DUBAI: OPEC+ could hold an extraordinary meeting in October if oil markets weaken further,...