简体中文
One week to the U.S. presidential election and things are getting spicy.
It’s not just the rhetoric — hackers are actively working to disrupt the election, officials have said, and last week they came with a concrete example and an
unusually quick
pointing of blame.
On Wednesday night, Director of National Intelligence John Ratcliffe blamed Iran for an email operation designed to intimidate voters in Florida into voting for President Trump
“or else.”
Ratcliffe, who didn’t take any questions from reporters and has been accused of politicizing the typically impartial office
, said Iran had used voter registration data — which is largely public in the U.S. — to send emails that looked like they came from
the far-right group the Proud Boys. Google security researchers also linked the campaign
to Iran, which denied claims of its involvement. It’s estimated about 2,500 emails went through in the end, with the rest getting caught
in spam filters.
The announcement was lackluster in detail. But experts like John Hultquist, who heads intelligence analysis at FireEye-owned security firm
Mandiant,
said the incident
is “clearly aimed at undermining voter confidence,” just as the Russians attempted during the 2016 election.
THE BIG PICTURE
Twitter was hacked using a fake VPN portal, New York investigation finds
The hackers who broke into Twitter’s network used a fake VPN page to steal the credentials — and two-factor authentication code — of an employee, an
investigation
by New York’s Department of Financial Affairs found. The state tax division got involved after the hackers then hijacked user accounts using an internal “admin tool”
to spread a cryptocurrency scam.
In
a report
published last week, the department said the hackers called several Twitter employees and used social engineering to trick one employee into entering their username and password on a site that looked like the company’s VPN portal, which most employees use to access the network from home during the pandemic.
Twitter Hack Update: We knew the attackers used the phone pretended to be IT Support, but now we know the criminals specifically said they were calling about VPN issues, taking advantage of COVID-19 remote work strain. Sadly, these pretexts work often.
pic.twitter.com/fpE6Afcij1
Rachel Tobac (@RachelTobac)
October 20, 2020
“As the employee entered their credentials into the phishing website, the hackers would simultaneously enter the information into the real Twitter website. This false log-in generated a [two-factor authentication] notification requesting that the employees authenticate themselves, which some of the employees did,” wrote the report. Once onto the network using the employee’s VPN credentials, the hackers used that access to investigate how to access the company’s internal tools.
Twitter said in September that its employees
would receive hardware security keys
, which would make it far more difficult for a repeat phishing attack to be successful.
