In this news, we discuss the EXCLUSIVE-‘Dumb mistake’ exposed Iranian hand behind fake Proud Boy U.S. election emails -sources.
Government analysts and private sector investigators were able to quickly blame Iranian hackers for a wave of thousands of threatening emails aimed at US voters due to errors in a video attached to some of the messages, according to four people familiar with the matter. .
These failures provided the U.S. government with a rare opportunity to identify and publicly announce responsibility for a malicious cyber operation within days, which typically requires months of technical analysis and additional intelligence. “Either they made a stupid mistake or they wanted to get caught,” said a senior US government official, who asked not to be identified. “We are not concerned that this activity is some kind of false flag due to other supporting evidence. It was Iran.
Attribution to Iranian hackers does not necessarily mean that a group is working at the behest of the government there. Iranian officials have denied the US claims. “These accusations are nothing more than another scenario to undermine the confidence of voters in the security of the American elections, and are absurd,” said Alireza Miryousefi, spokesperson for Iran’s mission to the United Nations. At New York.
US Director of National Intelligence John Ratcliffe said on Wednesday that Russia and Iran both tried to interfere https://www.reuters.com/article/us-usa-election-security/us- intelligence-agencies-say-iran-russia-have-tried-to-interfere-in-the-election-2020-idUSKBN2763E3 in the campaign for the November 3 election. U.S. intelligence agencies are still analyzing exactly who in Iran commanded the operation and its intent, three of the sources said. Hours after the video was released this week, which claimed to be from a far-right American group known as The Proud Boys, intelligence officials and major messaging platform providers such as Google and Microsoft Corp of Alphabet Inc, began to closely analyze the computer code that appeared in the hacker video.
While the emails, which demanded that voters change their Republic Party affiliation and vote for President Donald Trump or “we’ll come after you,” appeared to be from info @ officialproudboys.com, the address was inauthentic, security analysts said. In a statement to CNN, a spokesperson for Proud Boys said it “certainly wasn’t” his group. It has not been previously reported how security analysts used the information from the video to attribute the email pattern.
A Microsoft spokesperson declined to comment on the company’s collaboration with law enforcement. A Google statement Wednesday evening said the activity was “Iran-related.” A Google spokesperson said Thursday the company was in contact with the FBI. Blur attempts
The hackers were unable to hide all incriminating information despite their attempts to scramble aspects of the video to hide their identity, the sources said. The video showed the hackers’ computer screen as they typed commands to allegedly hack into a voter registration system. Investigators noticed revealing computer code snippets, including file paths, file names, and an Internet Protocol (IP) address.
Security analysts found that the IP address, hosted through an online service called Worldstream, dates back to previous Iranian hacking activity, the sources said. Analysts then crossed those clues left in the video with data from other intelligence streams, including communications interceptions, the government official said.
“This public disclosure of the government’s attribution to Iran has been made at breakneck speed, compared to the usual process that takes months and often years,” said Dmitri Alperovich, co-founder of cybersecurity firm CrowdStrike. . Earlier this week, the US Department of Justice accused Russia of a plethora of malicious cyber attacks, some dating back to 2015.
Two cybersecurity experts, who spoke on condition of anonymity, independently said they had seen Iranian hackers use the infrastructure of Dutch company Worldstream to launch cyber attacks in recent months. Worldstream’s chief legal officer Wouter van Zwieten said in a statement that the account associated with the intellectual property in question was suspended after Reuters made contact and the Netherlands National Cyber Security Center was investigating.
“They just informed us that the particular IP address is now officially registered by them and ready to be investigated under Dutch law,” van Zwieten said. The Natiional Cyber Security Center did not immediately return an email requesting comment. Van Zwieten said the server used by the hackers was only put into operation on October 6 and had not raised any complaints so far. The company said it did not have access to the content on its servers.
In addition to sending thousands of emails to voters in states like Florida, the hackers also attempted to share links to the video through fake accounts on Facebook and Twitter. “We halted an attempt by a single fake account to spread information related to what appears to be an influence operation primarily focused on disseminating false claims via email, ” Facebook said in a statement.
A Twitter The spokesperson said, “We have moved quickly to proactively and permanently suspend a small number of accounts and limit media sharing specific to this coordinated campaign.”
- Government analysts and private sector investigators were able to quickly blame Iranian hackers for a wave of thousands of threatening emails aimed at American voters due to errors in a video attached to some of the messages, according to four people familiar with the matter. . These failures provided the U.S. government with a rare opportunity to identify and publicly announce blame for a malicious cyber operation within days, typically requiring months of technical analysis and additional intelligence.
- EXCLUSIVE – ‘Stupid mistake’ exposed Iranian hand behind fake US election emails from Proud Boy – Sources