One week to the U.S. presidential election and things are getting spicy.
It’s not just the rhetoric — hackers are actively working to disrupt the election, officials have said, and last week they came with a concrete example and an unusually quick pointing of blame.
On Wednesday night, Director of National Intelligence John Ratcliffe blamed Iran for an email operation designed to intimidate voters in Florida into voting for President Trump “or else.” Ratcliffe, who didn’t take any questions from reporters and has been accused of politicizing the typically impartial office, said Iran had used voter registration data — which is largely public in the U.S. — to send emails that looked like they came from the far-right group the Proud Boys. Google security researchers also linked the campaign to Iran, which denied claims of its involvement. It’s estimated about 2,500 emails went through in the end, with the rest getting caught in spam filters.
The announcement was lackluster in detail. But experts like John Hultquist, who heads intelligence analysis at FireEye-owned security firm Mandiant, said the incident is “clearly aimed at undermining voter confidence,” just as the Russians attempted during the 2016 election.
THE BIG PICTURE
Twitter was hacked using a fake VPN portal, New York investigation finds
The hackers who broke into Twitter’s network used a fake VPN page to steal the credentials — and two-factor authentication code — of an employee, an investigation by New York’s Department of Financial Affairs found. The state tax division got involved after the hackers then hijacked user accounts using an internal “admin tool” to spread a cryptocurrency scam.
In a report published last week, the department said the hackers called several Twitter employees and used social engineering to trick one employee into entering their username and password on a site that looked like the company’s VPN portal, which most employees use to access the network from home during the pandemic.
“As the employee entered their credentials into the phishing website, the hackers would simultaneously enter the information into the real Twitter website. This false log-in generated a [two-factor authentication] notification requesting that the employees authenticate themselves, which some of the employees did,” wrote the report. Once onto the network using the employee’s VPN credentials, the hackers used that access to investigate how to access the company’s internal tools.
Twitter said in September that its employees would receive hardware security keys, which would make it far more difficult for a repeat phishing attack to be successful.