Tag Archives: Hackers

Russia’s Election Hackers Are Back—and Targeting George Soros

Russia’s Election Hackers Are Back—and Targeting George SorosSean Gallup/GettyThe Russian intelligence agency behind 2016’s election attacks is training its sights on billionaire financier George Soros, The Daily Beast has learned. The move comes hot on the heels of a surge in U.S.-focused hacking by Russia’s Main Intelligence Directorate with similarities to 2016 in targeting and methodology. Laura Silber, chief communications officer for Soros’ Open Society Foundations, confirmed the hack attempt, but couldn’t provide additional details over the weekend. “We were aware of an attack,” Silber told the Daily Beast.Last month Microsoft quietly seized a new batch of 10 deceptive domain names the company says were set up by the hackers known as Fancy Bear,  the group intelligence officials and independent analysts have long attributed to Russia’s Main Intelligence Directorate, the GRU. Those web addresses imitate genuine domains used for Microsoft services like Sharepoint, an unmistakable sign that they were intended for use in phishing attacks, in which a victim is tricked into typing their password into a fake login page. Mueller Finally Solves Mysteries About Russia’s ‘Fancy Bear’ HackersOne domain targets a Singapore-based investment firm, and another references the Berlin anti-corruption organization Transparency International, which Russia has targeted before. Others are generic or ambiguous in their targeting.  But one seized domain, soros-my-sharepoint[.]com, jumps out as a clear reference to Soros, a past GRU target from Russia’s 2016 election interference.  An additional four phishing domains registered in the same time frame appear to target Soros’ Open Society Foundations, said Kyle Ehmke, an intelligence researcher at the Arlington, Virginia-based cybersecurity firm ThreatConnect.  Those domains haven’t been seized and ThreatConnect hasn’t found enough evidence to definitively link them to the Russian hackers, said Ehmke. The Kremlin’s targeting of Soros and his organization carries echoes of 2016, when the GRU dumped 2,500 files stolen from the Open Society Foundations for the debut of “DC Leaks”, the fake leak site the spies created for their 2016 election interference campaign. “SOROS INTERNAL FILES – BIG DATA”, the site announced at the time.Some of the stolen files were reportedly altered to create the appearance that Soros was secretly financing Russian opposition candidates, making the leak politically useful to Vladmir Putin. More importantly, the Soros dump earned DC Leaks instant credibility in American right-wing circles, where the 88-year-old Hungarian-American philanthropist plays the role of villainous global puppet-master in countless conspiracy theories. Russia’s Internet Research Agency—the so-called “troll farm, later indicted by Special Counsel Robert Mueller—pushed the same trope on its Facebook and Instagram feeds in the run-up to election day. One meme featured a close-up of Soros against a backdrop of anti-Trump picketers. “No lives matter for those who sponsoring [sic] anti Trump protests,” the caption read. Another imagined Soros confronting the late Senator John McCain. “Hey Johnny, I’m paying you a fortune. I don’t care how much cancer you have, get back to DC and backstab Trump.”The Soros targeting comes in the wave of what one expert describes as a fresh wave of Fancy Bear attempts against political nonprofits in the U.S. that ran from last December to March or April of this year, using similar tactics to the mass phishing campaign that famously ensnared Hillary Clinton’s campaign chief in 2016. “It’s a similar type of activity to what hit Podesta,” said Robert Johnston, the former Marine Corp captain who investigated the 2016 DNC breach, and now heads the financial cybersecurity firm Adlumin. “These were against political organizations and NGOs. The FBI has reached out to of bunch of them.”Putin’s Hackers Now Under Attack—From MicrosoftIn 2016 Microsoft sued Fancy Bear in federal court in Virginia and won, unopposed, an injunction allowing the company to seize any web addresses registered by the GRU’s hackers that imitate a Microsoft product or service.  The company has seized over 100 domains so far.Experts caution that Russia’s hackers have always cast a wide net, and there’s no way to tell what their motives are in revisiting old haunts now. It may be pure intelligence gathering, or the opening salvo of a 2020 election interference campaign.“We don't know whether they are ultimately looking to compromise targets for influence operations, internal intelligence uses, or both,” said Ehmke.Either way, Russia likely views its 2016 efforts as a success, and is certain to try for an encore. “I think you should absolutely anticipate a very vocal Russian interference in the 2020 elections,” said Johnston.Read more at The Daily Beast.Got a tip? Send it to The Daily Beast hereGet our top stories in your inbox every day. Sign up now!Daily Beast Membership: Beast Inside goes deeper on the stories that matter to you. Learn more.



Yahoo News – Latest News & Headlines

Mueller Says Hackers Spread ‘Putin’s Chef’ Case Evidence Online

Mueller Says Hackers Spread ‘Putin’s Chef’ Case Evidence OnlineMueller’s team said Wednesday that “non-sensitive” evidence that had been shared exclusively with Concord’s U.S. law firm, Reed Smith LLP, ended up in an online file-sharing portal, apparently as a result of a hacking operation targeting the law firm. “We’ve got access to the Special Counsel Mueller’s probe database as we hacked Russian server with info from the Russian troll case Concord LLC v. Mueller,” a posting from a newly created Twitter account named @HackingRedstone said on Oct. 22, 2018, according to Mueller’s filing. “You can view all the files Mueller had about the IRA and Russian collusion.



Yahoo News – Latest News & Headlines

Mueller Says Hackers Spread ‘Putin’s Chef’ Case Evidence Online

Mueller Says Hackers Spread ‘Putin’s Chef’ Case Evidence OnlineMueller’s team said Wednesday that “non-sensitive” evidence that had been shared exclusively with Concord’s U.S. law firm, Reed Smith LLP, ended up in an online file-sharing portal, apparently as a result of a hacking operation targeting the law firm. “We’ve got access to the Special Counsel Mueller’s probe database as we hacked Russian server with info from the Russian troll case Concord LLC v. Mueller,” a posting from a newly created Twitter account named @HackingRedstone said on Oct. 22, 2018, according to Mueller’s filing. “You can view all the files Mueller had about the IRA and Russian collusion.



Yahoo News – Latest News & Headlines

Decade-old flaw in Twitter allows hackers to spread ISIS propaganda using old accounts, report claims

Decade-old flaw in Twitter allows hackers to spread ISIS propaganda using old accounts, report claimsTerrorists are allegedly exploiting a decade-old vulnerability in Twitter's systems to hijack dormant accounts and spread propaganda online. According to TechCrunch, there has been a resurgence in the number of accounts being hacked in recent weeks, many of which had been inactive for years. The hackers are reportedly using the fact that, prior to this summer, those opening an account with Twitter did not need to confirm their email addresses, meaning there are a number of accounts on the platform not linked to real email addresses or expired addresses. This allows hackers to then create the email address, and so gain access to the attached account. Security experts said this issue was "all too well known", but that it was hard for Twitter to manage the problem. "Twitter could expire accounts after a certain period of dormancy, but legacy accounts that were created without real associated emails will be vulnerable to this sort of hijack," said Robert Pritchard, the former cyber-security researcher at GCHQ and founder of The Cyber Security Expert. Alan Woodward, a computer scientist from the University of Surrey, agreed that "there has been some evidence of this before but it’s difficult to see how you stop it unless you disable any Twitter account that has been inactive for more than a certain period". "When the accounts are set up with common email services they can be effectively taken over." Monthly active users TechCrunch said it had been alerted to a number of the hijacked accounts by a security researcher known as WauchulaGhost. The site said those accounts had been spreading propaganda, including videos of Islamic State fighters and messages supporting violence, such as one said to have read: "With your cars, let’s go pack, you bomb, go with a bomb, you go in any way." Many of the accounts have since been deleted, it added. WauchulaGhost said: "A lot of these older dormant accounts never created the email they have listed on the account. All someone has to do is create it and take over the account. At the moment Islamic State is using this flaw to spread their propaganda." Technology intelligence – newsletter promo – RHS Twitter had signalled it was aware of the issue in June, introducing the requirement for new accounts to be confirmed with either email addresses or phone numbers. "This is an important change to defend against people who try to take advantage of our openness," Twitter had said at the time. Between January and June, it had suspended a total of 205,156 accounts which had violated its policy prohibiting the promotion of terrorism.  Following the report on Wednesday, a spokesman for Twitter said: "Reusing email addresses in this manner is not a new issue for Twitter or other online services. For our part, our teams are aware and are working to identify solutions that can help keep Twitter accounts safe and secure."



Yahoo News – Latest News & Headlines

Charging of Chinese hackers signals aggressive new cyber strategy here to stay

Charging of Chinese hackers signals aggressive new cyber strategy here to stayThe Justice Department indicted two Chinese nationals allegedly involved in an international hacking scheme that targeted “dozens of companies in the United States and around the world,” Deputy Attorney General Rod Rosenstein announced Thursday.



Yahoo News – Latest News & Headlines

U.S. indicts Iranian hackers responsible for deploying 'SamSam' ransomware

U.S. indicts Iranian hackers responsible for deploying 'SamSam' ransomwareThe United States on Wednesday indicted two Iranians for launching a major cyber attack using ransomware known as “SamSam” and sanctioned two others for helping exchange the ransom payments from Bitcoin digital currency into rials. The 34-month long hacking scheme wreaked havoc on hospitals, schools, companies and government agencies, including the cities of Atlanta, Georgia, and Newark, New Jersey, causing over $ 30 million in losses to victims and allowing the alleged hackers to collect over $ 6 million in ransom payments. The deployment of the SamSam ransomware represented some of the highest profile cyber attacks on U.S. soil, including one in 2016 that forced Hollywood Presbyterian Hospital in Los Angeles to turn away patients and one last year that shut down Atlanta courts and much of its city government.



Yahoo News – Latest News & Headlines

White House pledges to step up cyber offence on hackers

White House pledges to step up cyber offence on hackersThe White House warned foreign hackers on Thursday it will increase offensive measures as part of a new national cyber security strategy. The move comes as U.S. intelligence officials expect a flurry of digital attacks ahead of the Nov. 6 midterm elections. The strategy provides federal agencies with new guidance for how to protect themselves and the private data of Americans, White House National Security Adviser John Bolton told reporters.



Yahoo News – Latest News & Headlines

Hackers demanding bitcoin ransom attack Atlanta city computers

Hackers demanding bitcoin ransom attack Atlanta city computersHackers demanding ransom payable in bitcoin have attacked computers of the Atlanta city government in the southern US state of Georgia, officials say. The ransomware assault shut down multiple internal and external applications for the city, including apps that people use to pay bills and access court-related information, Mayor Keisha Lance Bottoms told a news conference Thursday. A ransom note sent to the city gave instructions for paying to free up files encrypted by the hackers.



Yahoo News – Latest News & Headlines

Putin Tells Megyn Kelly Russia Will 'Never, Never' Extradite Accused Hackers to the United States

Putin Tells Megyn Kelly Russia Will 'Never, Never' Extradite Accused Hackers to the United StatesIn an exclusive interview with Megyn Kelly, Russian President Vladimir Putin says that the his government had nothing to do with any meddling in the 2016 election.



Yahoo News – Latest News & Headlines

Hackers Messaged Donald Trump With Former Fox News Hosts' Twitter Accounts

Hackers Messaged Donald Trump With Former Fox News Hosts' Twitter AccountsThe Twitter accounts of two former Fox News hosts were hacked on Tuesday, resulting in both of their feeds being filled with Turkish propaganda supporting the country’s controversial president.



Yahoo News – Latest News & Headlines