Twitter Accounts of US Media Under Attack by Large Campaign

A previously reported campaign purportedly carried out by Turkish hacker group “Ayyildiz Tim” targeting high-profile, verified Twitter accounts with the purpose of spreading Turkish political propaganda appears to have escalated within the last 24 hour…

A previously reported campaign purportedly carried out by Turkish hacker group “Ayyildiz Tim” targeting high-profile, verified Twitter accounts with the purpose of spreading Turkish political propaganda appears to have escalated within the last 24 hours. McAfee Advanced Threat Research has investigated the new events and discovered the following. On January 13, the Twitter account of the Indian ambassador to the United Nations was taken over and spread pro-Pakistan and pro-Turkey postings:

What seemed to be a single event soon became a targeted campaign that we discovered in cooperation with our partner SocialSafeGuard. Combining their technology and our threat researchers, we started to build a timeline of events:

 

In each case in this timeline, the account was restored after several hours.

Once the accounts were compromised, the attackers direct-messaged the account contacts with propaganda for their cause or with a link to convince them to click on a phishing site that would harvest the Twitter credentials of the victim.

One example of such a site is hxxp://fox-news.medianewsonline.com/.

Visiting the page shows the following:

If we look at the source code of the page, we discover several Turkish-language segments. Focusing on the domains used for the phishing sites, we discovered more registered sites. Some examples:

  • mypressonline.com
  • official-twitter-jp.mypressonline.com
  • feedbac-verifv.mypressonline.com

Who is behind this campaign? According to the messages used, the Turkish hacker group “Ayyildiz Tim” (AYT) claims to be responsible for the attacks. The group was founded in 2002 and advocates Turkish state ideology. In the following example, we see the background image of Greta van Susteren has changed to one of the many wallpapers used by the group:

We advise journalists in particular, as well as others in high-profile positions, to follow appropriate safeguards to protect their accounts.

  • https://help.twitter.com/en/managing-your-account/two-factor-authentication

We are aware that one of the tactics from this group is to use Direct Messaging to communicate with other prominent Twitter accounts. There is also evidence that private messaging history has been accessed from certain compromised accounts of prominent figures, along with other sensitive or confidential information such as private phone numbers and emails.  If you receive a message, even from someone you know or trust, be aware that the message may not be from the person you know. It is potentially directing you to malicious content.

You absolutely should verify through an alternate channel that the link is safe to click.

The post Twitter Accounts of US Media Under Attack by Large Campaign appeared first on McAfee Blogs.

Trump has an iPhone with one app: Twitter

Enlarge (credit: Andrew Harrer/Bloomberg via Getty Images)
Early in March, President Donald Trump surrendered his personal Android phone—the phone from which scores of controversial Twitter posts had been launched. Based on Twitter metadata, Trum…

Enlarge (credit: Andrew Harrer/Bloomberg via Getty Images)

Early in March, President Donald Trump surrendered his personal Android phone—the phone from which scores of controversial Twitter posts had been launched. Based on Twitter metadata, Trump retired the Android device after expressing outrage over the DNC's failure to let the FBI search its servers and taunting Arnold Schwarzenegger on March 5. The next day, he replaced it with an iPhone.

According to a report from Axios' Mike Allen, Twitter is the only application running on Trump's new iPhone. And on his current overseas trip, staff have tried to limit his screen time in order to reduce the volume of his 140-character missives, Allen wrote:

Read 3 remaining paragraphs | Comments

Clinton campaign chief’s iPhone was hacked and wiped, photos suggest

Enlarge
Unconfirmed evidence builds a strong case that an Apple iCloud account belonging to Hillary Clinton’s campaign chief, John Podesta, was accessed and possibly erased by hackers less than 12 hours after his password was published on WikiLeaks…

Enlarge

Unconfirmed evidence builds a strong case that an Apple iCloud account belonging to Hillary Clinton's campaign chief, John Podesta, was accessed and possibly erased by hackers less than 12 hours after his password was published on WikiLeaks.

So far, Clinton campaign officials have confirmed only the compromise of Podesta's Twitter account after it was used to urge followers to vote for Republican nominee Donald Trump. Several screenshots circulating online, however, strongly suggest that the iCloud account tied to Podesta's iPhone was also illegally accessed by people who tried—and possibly succeeded—to wipe the device of all its data. The images raise the specter that no one inside the Clinton campaign locked down the Podesta iCloud account in the hours following the WikiLeaks dump. iCloud accounts often provide a wealth of sensitive information, including real-time whereabouts, contacts, and confidential messages. Clinton officials didn't respond to an e-mail seeking comment for this post.

The screenshots began appearing on Wednesday night, less than 12 hours after a new batch of Podesta e-mails published on WikiLeaks revealed that his iCloud password was "Runner4567." Researchers can't be certain how the iCloud and Twitter accounts were compromised, but several descriptions, such as this one of now-deleted threads on the 4chan discussion board, claim participants who saw the WikiLeaks post discovered that "Runner4567" remained a working password and used it to illegally access Podesta's iCloud account.

Read 7 remaining paragraphs | Comments

Be wary of claims that 32 million Twitter passwords are circulating online

It’s doubtful that all of them are usable against active Twitter accounts.

(credit: Matthew Keys)

The jury is still out, but at this early stage, there's good reason to doubt the legitimacy of claims that more than 32 million Twitter passwords are circulating online.

The purported dump went live on Wednesday night on LeakedSource, a site that bills itself as a breach notification service. The post claimed that the 32.88 million Twitter credentials contain plaintext passwords and that of the 15 records LeakedSource members checked, all 15 were found to be valid. Twitter Trust and Info Security Officer Michael Coates has said his team investigated the list, and he remains "confident that our systems have not been breached."

Lending credibility to Coates's claim, Twitter has long used the bcrypt hash function to store hashes. Bcrypt hashes are so slow and computationally costly to crack that it would have required infeasible amounts of time and effort for anyone to decipher the underlying plaintext. As of press time, there were no reports of a mass reset of Twitter users' passwords, either.

Read 3 remaining paragraphs | Comments