In what appears to be a massive coordinated strike against Reddit, hackers took over dozens of pages on Friday afternoon, using their access to plaster pro-Donald Trump imagery across subreddits with huge followings.
Coming just over three weeks after hackers used access to high-profile Twitter accounts to tweet a bitcoin scam, the wave of Reddit compromises has a similarly eye-popping reach. Reddit communities with well over a million members—including r/space, r/food, and r/NFL—were all defaced with Make America Great Again campaign banners and other pro-Trump signage.
Sometime on Friday morning, hackers began breaking into the accounts of the moderators of dozens of subreddits, ranging from the popular channels cited above to more niche fare like r/beerporn. They used that access not only to splash the pro-Trump imagery all over the page, but in many cases posted a MAGA missive from the moderator’s account with the subject “We Stand With Donald Trump #MIGA2020.”
No matter which browser you prefer—Chrome, Firefox, Edge, Safari, Opera, or any of the others—it will almost certainly offer an incognito or private mode, one which ostensibly keeps your web browsing secret. (Google Chrome still shows a hat-and-glasses icon when you go incognito, as if you’re now in disguise.)
Incognito or private mode does indeed keep certain aspects of your browsing private, but it’s important to be aware of what it hides and erases from your computer or phone and what it doesn’t. Once you understand exactly what these modes do in your browser, you’ll know when they can be most useful.
What Incognito Mode Does
Perhaps the easiest way to think about incognito mode is that as soon as you close the incognito window, your web browser forgets the session ever happened: Nothing is kept in your browsing history, and any cookies that have been created (those little bits of data that log some of your actions online) are promptly wiped.
Cookies are what keep items in your Amazon shopping cart even if you forget about them for days, for example, and they also help sites to remember if you’ve visited them before—which is why you normally only get pestered to sign up for a site’s newsletter the first time you arrive. You might notice if you visit all your favorite sites in incognito mode, you won’t get recognized, and are then asked to sign up for a whole load of newsletters and special offers all over again.
The US Department of Justice just issued a press release entitled simply, “Three Individuals Charged for Alleged Roles in Twitter Hack.”
In some ways, the Twitter hack referred to, which happened just two weeks ago on 2020-07-15, was tiny.
In a world in which data breaches involving millions, hundreds of millions and even billions of accounts aren’t unusual, the fact that Twitter lost control of just 45 accounts seems, at first glance, almost inconsequential. (Estimates suggest that Twitter has about one third of a billion active users.)
But there are two reasons why that’s not the case.
Three individuals were charged on Friday for allegedly hijacking a string of high-profile Twitter accounts after hoodwinking the social network’s staff.
It is claimed a social-engineering-driven phishing campaign against Twitter employees led to hacking spreethe brief takeover on July 15 of 45 out of 130 targeted prominent accounts to promote a Bitcoin scam. Accounts belonging to Bill Gates, Elon Musk, Kanye West, Joe Biden, Barack Obama, Jeff Bezos, Mike Bloomberg, Warren Buffett, Benjamin Netanyahu, and Kim Kardashian, and to companies like Apple, Uber, and various cryptocurrency exchanges were among those commandeered.
The hijacked accounts were used to urge Twitter users to donate Bitcoin to a specific address, with the promise that a larger sum would be returned. Those involved collected more than $100,000 worth of cryptocurrency. The miscreants also managed to access the Twitter Direct Messages in 36 accounts, and to download Twitter account data for seven accounts.
The account takeovers attracted national and international attention, and elicited concern that the social network’s lax internal security could threaten social stability and national security.
On July 15, a Discord user with the handle Kirk#5270 made an enticing proposition. “I work for Twitter,” they said, according to court documents released Friday. “I can claim any name, let me know if you’re trying to work.” It was the beginning of what would, a few hours later, turn into the biggest known Twitter hack of all time. A little over two weeks later, three individuals have been charged in connection with the heists of accounts belonging to Bill Gates, Elon Musk, Barack Obama, Apple, and more—along with nearly $120,000 in bitcoin.
Friday afternoon, after an investigation that included the FBI, IRS, and Secret Service, the Department of Justice charged UK resident Mason Sheppard and Nima Fazeli, of Orlando, Florida in connection with the Twitter hack. A 17-year-old, Graham Ivan Clark, was charged separately with 30 felonies in Hillsborough County, Florida, including 17 counts of communications fraud. Together, the criminal complaints filed in the cases offer a detailed portrait of the day everything went haywire—and how poorly the alleged attackers covered their tracks. All three are currently in custody.
Despite his claims on the morning of July 15, Kirk#5270 was not a Twitter employee. He did, however, have access to Twitter’s internal administrative tools, which he showed off by sharing screenshots of accounts like “@bumblebee,” “@sc,” “@vague,” and “@R9.” (Short handles are a popular target among certain hacking communities.) Another Discord user who went by “ever so anxious#0001” soon began lining up buyers; Kirk#5270 shared the address of a Bitcoin wallet where proceeds could be directed. Offers included $5,000 for “@xx,” which would later be compromised.
That same morning, someone going by “Chaewon” on the forum OGUsers started advertising access to any Twitter account. In a post titled “Pulling email for any Twitter/Taking Requests,” Chaewon listed prices as $250 to change the email address associated with any account, and up to $3,000 for account access. The post directs users to “ever so anxious#0001” on Discord; over the course of seven hours, starting at around 7:16 am ET, the “ever so anxious#0001” account discussed the takeover of at least 50 user names with Kirk#5270, according to court documents. In that same Discord chat, “ever so anxious#0001” said his OGUsers handle was Chaewon, suggesting the two were the same individual.
Kirk#5270 allegedly received similar help from a Discord user going by Rolex#0373, although that person was skeptical at first. “Just sounds too good to be true,” he wrote, according to chat transcripts investigators obtained via warrant. Later, to help back up his claim, Kirk#5270 appears to have changed the email address tied to the Twitter account @foreign to an email address belonging to Rolex#0373. Like Chaewon, Rolex#0373 then agreed to help broker deals on OGUsers—where his user name was Rolex—with prices starting at $2,500 for especially sought-after account names. In exchange, Rolex got to keep @foreign for himself.
The Council of the European Union has imposed its first-ever sanctions against persons or entities involved in various cyber-attacks targeting European citizens, and its member states.
The directive has been issued against six individuals and three entities responsible for or involved in various cyber-attacks, out of which some publicly known are ‘WannaCry’, ‘NotPetya’, and ‘Operation Cloud Hopper,’ as well as an attempted cyber-attack against the organization for the prohibition of chemical weapons.
Out of the six individuals sanctioned by the EU include two Chinese citizens and four Russian nationals. The companies involved in carrying out cyberattacks include an export firm based in North Korea, and technology companies from China and Russia.
The sanctions imposed include a ban on persons traveling to any EU countries and a freeze of assets on persons and entities.
TrickBot’s Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels.
TrickBot is a multi-purpose Windows malware platform that uses different modules to perform various malicious activities, including information stealing, password stealing, Windows domain infiltration, and malware delivery.
TrickBot is rented by threat actors who use it to infiltrate a network and harvest anything of value. It is then used to deploy ransomware such as Ryuk and Conti to encrypt the network’s devices as a final attack.
At the end of 2019, both SentinelOne and NTT reported a new TrickBot framework called Anchor that utilizes DNS to communicate with its command and control servers.
Named Anchor_DNS, the malware is used on high-value, high-impact targets with valuable financial information.
In addition to the ransomware deployments via Anchor infections, the TrickBot Anchor actors also use it as a backdoor in APT-like campaigns that target point-of-sale and financial systems.
TrickBot’s Anchor backdoor malware is ported to Linux
Historically, Anchor has been a Windows malware. Recently a new sample has been discovered by Stage 2 Security researcher Waylon Grange that shows that Anchor_DNS has been ported to a new Linux backdoor version called ‘Anchor_Linux.’
Advanced Intel’s Vitali Kremez analyzed a sample of the new Anchor_Linux malware found by Intezer Labs.
Kremez told BleepingComputer that, when installed, Anchor_Linux will configure itself to run every minute using the crontab entry.
Mozilla Thunderbird 78.1 is now rolling out today to all supported platforms as the first point release to the latest major Mozilla Thunderbird 78 release with a bunch of exciting new features.
As you know, Mozilla Thunderbird 78 arrived two weeks ago with many exciting changes, including OpenPGP support, new minimum runtime requirements for Linux systems, DM support for Matrix, a new, centralized Account Hub, Lightning integration, and support for the Red Hat Enterprise Linux 7 operating system series.
Probably the most exciting new feature in Mozilla Thunderbird 78 is support for the OpenPGP open standard of PGP encryption, which lets users send encrypted emails without relying on a third-party add-on. However, OpenPGP support wasn’t feature complete in the Thunderbird 78 release and it was disable by default.
With the Thunderbird 78.1 point release, Mozilla says that OpenPGP support is now feature complete, including the new Key Wizard, the ability to search online for OpenPGP keys, and many other goodies. But it’s still disable by default to allow more time for testing, so you need to enable it manually to take full advantage of the new Thunderbird release.
Apart from the fully featured OpenPGP functionality, the Mozilla Thunderbird 78.1 point release introduces a new search filed in the Preferences tab to help you more easily find the settings you want to modify.
Over the past few years, online disinformation has taken evolutionary leaps forward, with the Internet Research Agency pumping out artificial outrage on social media and hackers leaking documents—both real and fabricated—to suit their narrative. More recently, Eastern Europe has faced a broad campaign that takes fake news ops to yet another level: hacking legitimate news sites to plant fake stories, then hurriedly amplifying them on social media before they’re taken down.
On Wednesday, security firm FireEye released a report on a disinformation-focused group it’s calling Ghostwriter. The propagandists have created and disseminated disinformation since at least March 2017, with a focus on undermining NATO and the US troops in Poland and the Baltics; they’ve posted fake content on everything from social media to pro-Russian news websites. In some cases, FireEye says, Ghostwriter has deployed a bolder tactic: hacking the content management systems of news websites to post their own stories. They then disseminate their literal fake news with spoofed emails, social media, and even op-eds the propagandists write on other sites that accept user-generated content.
For years, free speech and press freedoms have been under attack in Turkey. The country has the distinction of being the world’s largest jailer of journalists and has in recent years been cracking down on online speech. Now, a new law, passed by the Turkish Parliament on the 29th of July, introduces sweeping new powers and takes the country another giant step towards further censoring speech online. The law was ushered through parliament quickly and without allowing for opposition or stakeholder inputs and aims for complete control over social media platforms and the speech they host. The bill was introduced after a series of allegedly insulting tweets aimed at President Erdogan’s daughter and son-in-law and ostensibly aims to eradicate hate speech and harassment online. Turkish lawyer and Vice President of Ankara Bar Association IT, Technology & Law Council Gülşah Deniz-Atalar called the law “an attempt to initiate censorship to erase social memory on digital spaces.”
Once ratified by President Erdogan, the law would mandate social media platforms with more than a million daily users to appoint a local representative in Turkey, which activists are concerned will enable the government to conduct even more censorship and surveillance. Failure to do so could result in advertisement bans, steep penalty fees, and, most troublingly, bandwidth reductions. Shockingly, the legislation introduces new powers for Courts to order Internet providers to throttle social media platforms’ bandwidth by up to 90%, practically blocking access to those sites. Local representatives would be tasked with responding to government requests to block or take down content. The law foresees that companies would be required to remove content that allegedly violates “personal rights” and the “privacy of personal life” within 48 hours of receiving a court order or face heavy fines. It also includes provisions that would require social media platforms to store users’ data locally, prompting fears that providers would be obliged to transmit those data to the authorities, which experts expect to aggravate the already rampant self-censorship of Turkish social media users.
While Turkey has a long history of Internet censorship, with several hundred thousand websites currently blocked, this new law would establish unprecedented control of speech online by the Turkish government. When introducing the new law, Turkish lawmakers explicitly referred to the controversial German NetzDG law and a similar initiative in France as a positive example.
Germany’s Network Enforcement Act, or NetzDG for short, claims to tackle “hate speech” and illegal content on social networks and passed into law in 2017 (and has been tightened twice since). Rushedly passed amidst vocal criticism from lawmakers, academia and civil experts, the law mandates social media platforms with one million users to name a local representative authorized to act as a focal point for law enforcement and receive content take down requests from public authorities. The law mandates social media companies with more than two million German users to remove or disable content that appears to be “manifestly illegal” within 24 hours of having been alerted of the content. The law has been heavily criticized in Germany and abroad, and experts have suggested that it interferes with the EU’s central Internet regulation, the e-Commerce Directive. Critics have also pointed out that the strict time window to remove content does not allow for a balanced legal analysis. Evidence is indeed mounting that NetzDG’s conferral of policing powers to private companies continuously leads to takedowns of innocuous posts, thereby undermining the freedom of expression.