Category: Risk Assessment

May 25 2017

E-mails phished from Russian critic were “tainted” before being leaked

Enlarge / This fraudulent e-mail was sent in a successful attempt to phish the Gmail password for reporter David Satter. (credit: Citizen Lab)

E-mails stolen in a phishing attack on a prominent critic of Russian President Vladimir Putin were manipulated before being published on the Internet. That's according to a report published Thursday, which also asserts that the e-mails were manipulated in order to discredit a steady stream of unfavorable articles.

The phishing attack on journalist David Satter's Gmail account was strikingly similar to the one that hit Hillary Clinton presidential campaign chairman John Podesta last year. The attack on Satter looked almost identical to the security warnings Google sends when attackers obtain a subscriber's password. Code embedded inside led Satter to a credential-harvesting site that was disguised to look like Google's password-reset page. With that, the site automatically downloaded all of Satter's private correspondence.

Thursday's report from the University of Toronto's Citizen Lab stopped short of saying Russia's government was behind the phishing attack and subsequent manipulation of Satter's e-mail. US intelligence officials, however, have determined that Russia was behind the attacks on Podesta and other Democratic officials. Thursday's report also said the same attack on Satter targeted 218 other individuals, including a former Russian Prime Minister, members of cabinets from Europe and Eurasia, ambassadors, high-ranking military officers, and CEOs of energy companies.

Read 4 remaining paragraphs | Comments

May 25 2017

Florida GOP consultant admits he worked with Guccifer 2.0, analyzing hacked data

(credit: DonkeyHotey)

A Florida GOP campaign consultant who runs a blog under a pseudonym directly contacted the hackers behind the breach of the Democratic National Committee and the Democratic Congressional Campaign Committee, and he solicited material from them. The Wall Street Journal reports that Aaron Nevins set up a Dropbox account specifically for “Guccifer 2.0” to drop files into, and he received 2.5 GB of data from the Democratic Party breaches—including the “get out the vote” strategy for congressional candidates in Florida.

Nevins analyzed the data and posted his analysis on his blog, HelloFLA.com. Guccifer 2.0 sent a link to the blog to Trump backer Roger Stone, who was also in communication with the hackers, according to Stone. Nevins told the Journal that the hackers didn't understand what they had until he explained its value.

Some of the most valuable data, Nevins said, was the Democratic Party's voter turnout models. “Basically, if this was a war, this is the map to where all the troops are deployed,” Nevins told the person or persons behind the Guccifer 2.0 account. He also told them, “This is probably worth millions of dollars."

Read 2 remaining paragraphs | Comments

May 25 2017

Florida GOP consultant admits he worked with Guccifer 2.0, analyzing hacked data

(credit: DonkeyHotey)

A Florida GOP campaign consultant who runs a blog under a pseudonym directly contacted the hackers behind the breach of the Democratic National Committee and the Democratic Congressional Campaign Committee, and he solicited material from them. The Wall Street Journal reports that Aaron Nevins set up a Dropbox account specifically for “Guccifer 2.0” to drop files into, and he received 2.5 GB of data from the Democratic Party breaches—including the “get out the vote” strategy for congressional candidates in Florida.

Nevins analyzed the data and posted his analysis on his blog, HelloFLA.com. Guccifer 2.0 sent a link to the blog to Trump backer Roger Stone, who was also in communication with the hackers, according to Stone. Nevins told the Journal that the hackers didn't understand what they had until he explained its value.

Some of the most valuable data, Nevins said, was the Democratic Party's voter turnout models. “Basically, if this was a war, this is the map to where all the troops are deployed,” Nevins told the person or persons behind the Guccifer 2.0 account. He also told them, “This is probably worth millions of dollars."

Read 2 remaining paragraphs | Comments

May 24 2017

A wormable code-execution bug has lurked in Samba for 7 years. Patch now!

Enlarge (credit: Guido Sorarù)

Maintainers of the Samba networking utility just patched a critical code-execution vulnerability that could pose a severe threat to users until the fix is widely installed.

The seven-year-old flaw, indexed as CVE-2017-7494, can be reliably exploited with just one line of code to execute malicious code, as long as a few conditions are met. Those requirements include vulnerable computers that (a) make file- and printer-sharing port 445 reachable on the Internet, (b) configure shared files to have write privileges, and (c) use known or guessable server paths for those files. When those conditions are satisfied, remote attackers can upload any code of their choosing and cause the server to execute it, possibly with unfettered root privileges depending on the vulnerable platform.

"All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it," Samba maintainers wrote in an advisory published Wednesday. They urged anyone using a vulnerable version to install a patch as soon as possible.

Read 9 remaining paragraphs | Comments