fbpx
Leaking Bucket- Liquid Video Technologies

Unsecured Databases Leak 60 Million Records

Unsecured Databases Leak 60 Million Records of Scraped LinkedIn Data

Eight unsecured databases were found leaking approximately 60 million records of LinkedIn user information. While most of the information is publicly available, the databases contain the email addresses of the LinkedIn users.

Approximately two weeks ago, I was contacted by security researcher Sanyam Jain of the GDI foundation about something strange that he was seeing. Jain told BleepingComputer that he kept seeing unsecured databases containing the same LinkedIn data appearing and disappearing from the Internet under different IP addresses.

“According to my analysis the data has been removed every day and loaded on another IP. After some time the database becomes either inaccessible or I can no longer connect to the particular IP, which makes me think it was secured. It is very strange.”

Between all eight databases, there was a combined total of approximately 60 million records that contained what appeared to be scraped public information of LinkedIn users. The total size of all of the 8 DBs is 229 GB, with each database ranging between 25 GB to 32 GB.

Example Database
Example Database

As a test, Jain pulled my record from one of the databases and sent it to me for review. The data contained in this record included my LinkedIn profile information, including IDs, profile URLs, work history, education history, location, listed skills, other social profiles, and the last time the profile was updated.

Included in the profile was also my email address that I used when registering my LinkedIn account. It is not known how they gained access to this information as I have always had the LinkedIn privacy setting configured to not publicly display my email address.

Profile information for my record
Profile information for my record

After reviewing the data that was sent to me, I found all of the information to be accurate.

In addition to the above public information, each profile also contains what appears to be internal values that describe the type of LinkedIn subscription the user has and whether they utilize a particular email provider. These values are labeled “isProfessional”, “isPersonal”, “isGmail”, “isHotmail”, and “isOutlook”.

Internal Values
Internal Values

While we not able to determine who the database belonged to, we were able to contact Amazon who is hosting the databases for assistance in getting them secured. As of Monday, the databases were secured and are no longer accessible via the Internet.

LinkedIn states it’s not their database

After seeing that the database contained a user’s email addresses and what appeared to be possible internal values, BleepingComputer contacted LinkedIn to see if the database belonged to them.

After they reviewed my sample record, Paul Rockwell, head of Trust & Safety at LinkedIn, told us that this database does not belong to them, but they are aware of third-party databases containing scraped LinkedIn data.

“We are aware of claims of a scraped LinkedIn database. Our investigation indicates that a third-party company exposed a set of data aggregated from LinkedIn public profiles as well as other, non-LinkedIn sources. We have no indication that LinkedIn has been breached.”

When we followed up with questions as to why the databases would contain my email, we were told that in some cases an email address could be public and were provided a link to a privacy page that allows you to configure who can see a profile’s email address.

LinkedIn Email Privacy Settings
LinkedIn Email Privacy Settings

My settings only allow 1st degree connections to see my email address, so unless the scraper is posing as this type of connection, it is still not known how my email address was included in the database.

Article Provided By: BleepingComputer

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Drones Stealing Sensitive Data

Drones Stealing Sensitive Data

DHS warns of Chinese-made drones stealing sensitive data

  • Drones contain components that can steal sensitive data and share on a server accessed beyond the company itself.
  • An industry analysis has revealed that nearly 80% of the drones used in the US and Canada are from DJI, which is headquartered in Shenzhen, China.

The US Department of Homeland Security warns that Chinese-made drones might be sharing sensitive flight data to its manufacturers on a server accessible to the Chinese government.

Contents of the alert

The US Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has warned that drones are a “potential risk to an organization’s information” and that it contains components that can steal sensitive data and share on a server accessed beyond the company itself.

“Those concerns apply with equal force to certain Chinese-made (unmanned aircraft systems)-connected devices capable of collecting and transferring potentially revealing data about their operations and the individuals and entities operating them, as China imposes unusually stringent obligations on its citizens to support national intelligence activities,” the alert read, CNN reported.

Which drone manufacturers are suspect?

The alert did not specify any manufacturer. However, industry analysis has revealed that nearly 80% of the drones used in the US and Canada are from DJI, which is headquartered in Shenzhen, China.

Key takeaway

Users are warned to be cautious while purchasing drones from China and to take security measures like turning off the device’s internet connection and removing secure digital cards to avoid data theft.

 

By:  Ryan Stewart

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Next Generation Endpoint Security

Next Generation Endpoint Security

Getting Past the Hype of Next Generation Endpoint Security

We’ve heard the same story for years. Antivirus software is not effective in stopping cyber-attacks, as hackers have adapted their techniques to evade signature-based detections. Even next-generation antivirus, which applies techniques such as machine learning and behavioral analytics, is no more effective at protecting an organization than its older sibling. But why? The simple answer is that nearly all AV and NGAV solutions focus their primary value on the prevention of malicious files – an attack vector that is slowly but surely disappearing in favor of file-less capabilities and the subversion of users and trusted applications.

Worse than their hyper-focus on the irrelevant, they continue to rely on historical attack analysis as a basis for future detections which leaves them unable to make high fidelity preventions and detections in real-time. They lack the visibility and threat intelligence necessary to understand an attacker’s tactics and techniques, which means these so-called NGAV solutions lack the confidence in their ability to identify malicious activity. The evidence of this is when they introduce unnecessary latency with cloud and human analysis, which do not function at the speed required to defend against modern threats.

So where does that leave companies in their search for better protection?

A modern endpoint protection strategy must include prevention, detection, and response capabilities. Effective automation of threat intelligence for prevention, along with robust detection and response means security analysts can spend their time improving defenses instead of repeatedly reacting to incidents caused by the same lack of real-time capabilities and unnecessary latency.

The convergence of Endpoint Detection and Response (EDR) into the Endpoint Protection Platform (EPP) can replace core AV/NGAV capabilities, but can also improve protection against the following:

  • Malware variants, including malware-based ransomware
  • Obfuscated malware, unknown malware, and zero-day attacks
  • Malicious scripts that leverage PowerShell, Visual Basic, Perl, Python, and Java/JAR
  • Memory-resident attacks and other malware-less attacks
  • Malicious use of good software

Of the hundred plus endpoint security vendors, Endgame’s endpoint protection platform and single autonomous agent simplifies antivirus replacement through:

  • Earliest Prevention – Protection against exploits, malware, file-less attacks, and ransomware
  • Fastest Detection and Response – Stops all attacks at the earliest stages of the MITRE ATT&CK™ matrix
  • Automated Threat Hunting – Built in discovery, deployment, and dissolvable agent

Endgame’s Artemis, the first intelligent security assistant, elevates and accelerates operators and analysts by responding to plain English questions and commands.  With Artemis, analysts can prioritize, triage, and remediate alerts in minutes across hundreds of thousands of endpoints that would have otherwise taken hours or days with traditional tools.

In an extremely crowded market, endpoint security tools must provide a simple, cost-effective replacement for antivirus while increasing value. With Endgame, your organization can quickly prevent malware and modern attacks across the entire MITRE ATT&CK framework with a single, autonomous agent.

 

Next Generation Endpoint Security  By: Matt Alderman

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Cyber-Crime Gang Busted

Cyber-Crime Gang Busted

GozNym cyber-crime gang which stole millions busted

 

An international crime gang which used malware to steal $100m (£77m) from more than 40,000 victims has been dismantled.

A complex police operation conducted investigations in the US, Bulgaria, Germany, Georgia, Moldova, and Ukraine.

The gang infected computers with GozNym malware, which captured online banking details to access bank accounts.

The gang was put together from criminals who advertised their skills on online forums.

The details of the operation were revealed at the headquarters of the European police agency Europol in The Hague.

It said that the investigation was unprecedented, especially in terms of cross-border co-operation.

Cyber-crime service

Ten members of the network have been charged in Pittsburgh, US on a range of offenses, including stealing money and laundering those funds using the US and foreign bank accounts.

Five Russian nationals remain on the run, including one who developed the GozNym malware and oversaw its development and management, including leasing it to other cyber-criminals.

Various other gang members now face prosecution in other countries, including:

  • The leader of the network, along with his technical assistant, faces charges in Georgia
  • Another member, whose role was to take over different bank accounts, has been extradited to the US from Bulgaria to face trial
  • A gang member who encrypted GozNym malware to make sure it was not detected on networks faces prosecution in Moldova
  • Two more face charges in Germany for money-laundering

Among the victims were small businesses, law firms, international corporations, and non-profit organizations.

Cyber-Crime Gang Busted

Europol said it was a great example of cross-border co-operation | Image copyright Getty IMAGES

One of the things that the operation has highlighted is how common the selling of nefarious cyber-skills has become, says Prof Alan Woodward, a computer scientist from University of Surrey.

“The developers of this malware advertised their ‘product’ so that other criminals could use their service to conduct banking fraud.

“What is known as ‘crime as a service’ has been a growing feature in recent years, allowing organized crime gangs to switch from their traditional haunts of drugs to much more lucrative cyber-crime.”

What is GozNym?

It is a hybrid of two other pieces of malware, Nymaim, and Gozi.

The first of these is what is known as a “dropper”, software that is designed to sneak other malware on to a device and install it. Up until 2015, Nymaim was used primarily to get ransomware on to devices.

Gozi has been around since 2007. Over the years it has resurfaced with new techniques, all aimed at stealing financial information. It was used in concerted attacks on US banks.

Combining the two created what one expert called a “double-headed monster”.

Presentational grey line

Analysis: Anna Holligan, BBC Hague correspondent

Cyber-Crime Gang Busted

Scott Brady said the case represented a “milestone” in the fight against international cybercrime

 

Unsuspecting citizens thought they were clicking a simple link – instead, they gave hackers access to their most intimate details.

US attorney for the Western District of Pennsylvania, Scott Brady stood alongside prosecutors and cyber-crime fighters from five other nations inside Europol’s high-security headquarters, to announce the takedown of what he described as a “global conspiracy”.

The suspected ringleader used GozNym malware and contracted different cyber-crime services – hard to detect bulletproof hosting platforms, money mules and spammers – to control more than 41,000 computers and enable cyber-thieves to steal and whitewash an estimated $100m from victims’ bank accounts.

Gang members in four countries have been charged – a coup for cyber-crime fighters who say the discovery of this sophisticated scam demonstrates the borderless nature of cyber-crime and need for cross border co-operation to detect and disrupt these networks.

 

By: Jane Wakefield

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Phishing Scam Targets Instagram

Phishing Scam Targets Instagram

New Phishing scam called ‘The Hotlist’ now targets the Instagram users

 

  • The new scam operates in a similar manner as the recent ‘The Nasty List’ scam.
  • The scam begins with Instagram users receiving a message regarding a list of their ‘hot’ photos on Instagram.

A new phishing scam called ‘The Hotlist’ has been found targeting Instagram users lately. This new scam operates in a similar manner as the recent ‘The Nasty List’ scam.

How does it work – The scam begins with Instagram users receiving a message regarding a list of their ‘hot’ photos on Instagram. The message reads something like, “I just saw a few of your photos on the @The_HotList_95 and they are already upvoted to #26!”.

Once the recipients visit the message sender’s account, then they are displayed with a post that says ‘Everyone Is On Here Look’ and includes a description along with a link that reads ‘Check what position you’re in!’.

If users click on the link, then they are taken to a fake Instagram login page that is used by scammers to steal login credentials. The link typically ends with .me domain, Bleeping Computer reported.

What are the impacts – The scam is being used to steal Instagram account details of users. Once the scammers grab the login credentials, they can use them later to send further phishing messages to other Instagram users.

How to stay safe – Users can avoid falling victim to such Instagram phishing scams by:

  • Not entering their login credentials if they are on a page that does not belong to the Instagram website;
  • Verifying the profile of the sender/source before sharing any personal information;
  • Ignoring message from an unknown source that asks you to share sensitive details as it can be a phishing scam.

 

By:   Ryan Stewart

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Mid-April Security Alerts

Mid-April Security Alerts

Cisco Issues 31 Mid-April Security Alerts

Among them, two are critical and six are of high importance.

A busy month for Cisco router owners got busier yesterday when the networking giant introduced 31 new advisories and alerts. These announcements came on top of 11 high- and medium-impact vulnerabilities announced earlier in the month.

Of the 31 alerts, 23 are of medium impact, six are of high impact, and two are of critical impact to the organization and its security team.

Most of the medium-impact alerts are for cross-site scripting vulnerabilities, denial-of-service vulnerabilities, or vulnerabilities affecting unauthorized users and access. These were found on devices ranging from LAN controllers to wireless network access points to Cisco’s new Umbrella security framework.

The two critical alerts are for two very different vulnerabilities. In one, a vulnerability in Cisco IOS and IOS XE could allow an attacker to reload the system on a device (potentially replacing the legitimate system with one containing malicious code), or remotely execute code at a privilege level above the level of the user being spoofed to gain access.

This vulnerability is found in the Cisco Cluster Management Protocol (CMP) and was discovered when the documents in the infamous Vault 7 disclosurewere analyzed. That’s bad news because those documents have been available to hackers around the world for more than two years. And the news gets worse: Researchers at Cisco Talos have published a blog post showing this vulnerability has been exploited in the wild as part of a DNS hijacking campaign dubbed “Sea Turtle.”

Cisco already has released a software patch for this critical vulnerability, which has no operational workaround for successful remediation.

The second critical vulnerability could allow a remote attacker to gain access to applications running on a sysadmin virtual machine (VM) that is operating on Cisco ASR 9000 series Aggregation Services Routers. This vulnerability, Cisco says, was found during internal testing and has not yet been used in the wild. The source of the vulnerability – insufficient isolation of the management interface from internal applications – has been fixed in a pair of Cisco IOS XR software releases and does not, therefore, warrant a separate update, Cisco says.

Between the medium and critical vulnerabilities are six high-importance vulnerabilities that affect systems including telepresence video servers, wireless LAN controllers (three separate vulnerabilities), Aironet wireless access points, and the SNMP service.

 

Cisco ranks the severity of vulnerabilities using the Common Vulnerability Scoring System (CVSS) Version 3. Vulnerabilities with a CVSS score of 9.0 to 10.0 are critical, those in the range of 7.0 to 8.9 are high, and a score of 4.0 to 6.9 warrants a medium label. Anything ranking below medium is given an informational alert only.

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like to discuss how Liquid Video Technologies can help you secure your data or would like to discuss your next Home Security System, Networking, Access ControlFire, IT consultant or PCI Compliance, needs.  Please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Cyber Security Doesn't Discriminate

Cyber Security Doesn’t Discriminate

Russian hackers are targeting European embassies, according to new report

Russian hackers recently attacked a number of embassies in Europe by emailing malicious attachments disguised as official State Department documents to officials, according to a new report from Check Point Research.

The hackers targeted European embassies in Nepal, Guyana, Kenya, Italy, Liberia, Bermuda, and Lebanon, among others. They typically emailed the officials Microsoft Excel sheets with malicious macros that appeared to have originated from the United States State Department. Once opened, the hackers were able to gain full control of the infected computer by weaponizing installed software called Team Viewer, a popular remote access service.

“It is hard to tell if there are geopolitical motives behind this campaign by looking solely at the list of countries it was targeting,” the press release says, “since it was not after a specific region and the victims came from different places in the world.”

Government finance officials were also subject to these attacks, and Check Point notes that these victims were of particular interest to the hackers. “They all appear to be handpicked government officials from several revenue authorities,” the press release says.

The hackers appeared to be highly sophisticated, carefully planning out the attacks, using decoy documents tailored to their victim’s interests, and targeting specific government officials. At the same time, other stages of the attack were carried out with less caution leaving personal information and browsing history belonging to the perpetrator exposed.

Check Point identified several other similar attack campaigns, including some targeting Russian-speaking victims as well.

While Russian in origin, it’s unlikely that these attacks were state-sponsored. One perpetrator was traced back a hacking and carding forum and registered under the same username, “EvaPiks,” on both. EvaPiks posted instructions for how to carry out this kind of cyber attack on forums and advised other users as well.

Due to the attackers’ background in the illegal carding community, Check Point suggested that they could have been “financially motivated.”

Updated 4/22/19 at 12:20 p.m. EST: The previous headline suggested that the Russian hackers attacked U.S. embassies, when the attackers targeted European embassies. The article has been updated to clarify this.

 

By: Makena Kelly

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

 

As Threats Evolve So Should You

As Threats Evolve So Should You

Microsoft Office now the most targeted platform, as browser security improves

Microsoft Office has become cybercriminals’ preferred platform when carrying out attacks, and the number of incidents keeps increasing, Kaspersky Lab researchers said during the company’s annual conference, Security Analyst Summit, in Singapore. Boris Larin, Vlad Stolyarov and Alexander Liskin showed that the threat landscape has changed in the past two years and urged users to keep their software up-to-date and to avoid opening files that come from untrusted sources to reduce the risk of infection.

Today, more than 70% of all the attacks Kaspersky Lab catches are targeting Microsoft Office, and only 14% take advantage of browser vulnerabilities. Two years ago, it was the opposite: Web-based vulnerabilities accounted for 45% of the attacks, while Microsoft Office had a 16% share.

Kaspersky researchers presented data showing increase in Microsoft Office exploits since 2016As Threats Evolve So Should You

Researchers said that this is because hacking browsers has become more expensive, as browser security has improved. “Browser developers put much effort into different kinds of security protections and mitigations,” Liskin said. “Attackers were looking for a new target, and MS Office has become a star.”

Liskin added that there are plenty of reasons why cybercriminals choose to attack the popular suite. “Microsoft Office has a huge number of different file formats,” he said. “It is deeply integrated into the Windows operating system.”

He also argued that when Microsoft created Office, it made several decisions that, in hindsight, aren’t optimal security-wise and are currently difficult to change. Making such alterations would have a significant impact on all the versions of the products, Liskin said.

The researchers pointed out that the most exploited vulnerabilities from the past two years are not in MS Office itself, but rather in related components. Two of those vulnerabilities, CVE-2017-11882 and CVE-2018-0802, exploit bugs found in Equation Editor. Cybercriminals prefer to use them because they can be found in every version of Microsoft Word released in the past 17 years. Moreover, building exploits for them does not require advanced skilled, because the Equation Editor binary lacks modern protections and mitigations. These are simple, logical vulnerabilities, the researchers said.

Exploit uses Internet Explorer to hack Office

Another interesting vulnerability is CVE-2018-8174. In this unusual case, the vulnerability was actually in Internet Explorer, but the exploit was found in an Office file. “The exploit was delivered as an obfuscated RTF document,” researcher Larin said. “This is the first exploit to use a vulnerability in Internet Explorer to hack Microsoft Office.”

The infection chain has three steps. First, the victim opens the malicious document. As they do this, a second stage of the exploit is downloaded: an HTML page that contains a VBScript code. This then triggers the third step, ause after free (UAF) vulnerability, and executes shellcode. UAF bugs are a type of memory corruption vulnerability that have been very successful in the past for browser exploitation. The technique works by referencing memory after it has been freed, causing the software to crash or allowing an attacker to execute code.

Cybercriminals act fast on Microsoft exploits

What intrigues Larin, Stolyarov and Liskin the most about the cases they’ve studied is how fast cybercriminals operate. Most incidents start with a Microsoft Office zero-day that’s used in a targeted campaign. Once it becomes public, it’s only a matter of days until exploits appear on the dark web. Sometimes, it can even be faster, as has happened with CVE-2017-11882, the first Office Equation Editor vulnerability Kaspersky Lab researchers uncovered. The publication of the proof of concept was followed by a massive spam campaign that began on the very same day.

Microsoft Office vulnerabilities might become even more common in the near future, as attackers continue to target the suite. Larin advised users to keep their software updated, and to pay attention to the files they receive from dubious email addresses. “Our best recommendation is not to open links and files received from untrusted sources, and have installed security solutions with advanced detection of exploits,” Larin added.

 

As Threats Evolve So Should You By Andrada Fiscutean

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

 

 

U.S. Patent Granted for Blockchain

U.S. Patent Granted for Blockchain

Blockchain Patent Granted to Cybersecurity Company Owned by U.S. Defense Contractor

 

Documents published by the United States Patent and Trademark Office (USPTO) on April 16 reveal that Texas-based cybersecurity company Forcepoint has been awarded a blockchain-related patent.

Forcepoint is owned by U.S. defense contractor Raytheon and private equity firm Vista Equity Partners, and Crunchbase estimates its yearly revenue to be $600 million.

The system described in the patent appears to be a complex user behavior monitoring and management system. The system would aim to store data about electronically-observable user interactions and then use this data to identify known good, anomalous and malevolent user actions to enhance the system’s cybersecurity.

Some versions of the system employ blockchain technology, according to the patent:

“In certain embodiments, the association of the additional context may be accomplished via a blockchain block within a user behavior profile blockchain […] implemented with appropriate time stamping to allow for versioning over time. ”

Furthermore, the patent also provides the possibility of storing user behavior data on the blockchain directly, noting that advantages of the solution are immutability and tamper-evident.

As Cointelegraph recently reported, digital payments giant PayPal has won a cybersecurity patentto protect users from crypto ransomware.

Also, at the beginning of the current month, global consulting company Accenture has patentedtwo solutions focused on blockchain interoperability.

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

 

 

Things Aren't As They Seem

Things Aren’t As They Seem

Mueller report details how Russians reached millions of US Facebook and Twitter users and brought them out to real-life rallies

Special counsel Robert Mueller’s report released Thursday says Russia’s Internet Research Agency, or IRA, reached millions of U.S. users on Twitter, Facebook and Instagram leading up to the 2016 presidential election. Russian operatives also communicated with the Trump campaign under false identities “without revealing their Russian association” and interacted with prominent pro-Trump activists to arrange political rallies, “confederate” events and even a #KidsforTrump organization, the report says.

“IRA-controlled Twitter accounts separately had tens of thousands of followers, including multiple U.S. political figures, who retweeted IRA-created content,” the report says. Facebook has estimated that IRA-controlled accounts reached up to 126 million people, with Twitter notifying 1.4 million people they may have been in contact with a Russia-controlled account.

The Mueller document gives a fuller picture of how both technical and in-person intelligence operatives worked together to influence sentiment leading up to the 2016 election.

An odyssey that ramped up in 2014

Russian operatives had been dabbling in social media until around 2014, when they consolidated their efforts under a single program known internally as the “translator department,” according to the report. They later began sending operatives to the U.S. to further the election goals of the program.

In June 2014, four members of the department lied to the U.S. State Department, claiming to be “friends who met at a party.” Two of them, Anna Bogacheva and Aleksandra Krylova, received visas to enter the U.S. In 2016, other operatives were seen holding up signs at an event near the White House purportedly celebrating the birthday of Yevgeniy Prigozhin, a Russian tycoon alleged to have funded some of the interference campaigns and their associated social media ad buys.

On Twitter, the IRA program broke its operation into two strategies: creating real Twitter accounts meant to represent “individual U.S. personas,” and a separate, IRA-controlled network of automated Twitter bots “that enabled the IRA to amplify existing content on Twitter.”

One of the IRA accounts, which claimed to be that of a Trump supporter from Texas, had 70,000 followers. Another anti-immigration persona had 24,000 followers. A third, called @march_for_trump, organized a series of rallies in support of Trump across the U.S. The accounts posted 175,993 tweets, though the report says only 8.4% of those were election-related.

“U.S. media outlets also quoted tweets from IRA-controlled accounts and attributed them to the reactions of real U.S. persons,” the report says.

Influential conservatives also interacted with the accounts, including TV commentator Sean Hannity, Roger Stone, former U.S. Ambassador to Russia Michael McFaul and Michael Flynn Jr.

From Twitter to real life

“The Office identified dozens of U.S. rallies organized by the IRA,” the report says. “The earliest evidence … was a ‘confederate rally’ in November 2015. The IRA continued to organize rallies even after the 2016 U.S. presidential election.”

Many of the rallies drew few participants, while others drew hundreds. “The reach and success of these rallies was closely monitored” by the Russian team, the report says.

The report clarifies that in the cases in which a pro-Trump, IRA-organized rally also coordinated with Trump’s campaign, the campaign was not aware of the origins of the organizers. “The IRA’s contacts included requests for signs and other materials to use at rallies, as well as requests to promote the rallies and help coordinate logistics.”

“The investigation has not identified evidence that any Trump campaign official understood the requests were coming from foreign nationals,” the report says.

Another two-part campaign, against Hillary Clinton

As with the IRA’s Twitter strategy, Russia’s GRU intelligence agency broke its campaign of interference against Hillary Clinton’s presidential campaign into two parts. One group developed specialized malware — malicious software used, in this case, to monitor communications. A second group was charged with honing and launching mass spearphishing operations, meant to identify key targets within Clinton’s campaign and craft believable emails persuading them to click and, therefore, install the custom malware.

The GRU officers sent hundreds of these emails to Clinton staffers, including official campaign accounts and Google accounts used by staffers.

 

Things Aren't As They Seem By: Kate Fazzini

 

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

1 2 3 4