Pages Navigation Menu

The blog of DataDiggers

Categories Navigation Menu

Russian hacked ‘at least one’ Florida county prior to 2016 election

Posted by on Apr 18, 2019 in cybercrime, department of justice, election systems, fancy bear, Florida, Government, GRU, Hack, Homeland Security, phishing, presidential election, Security, Technology, United States | 0 comments

Russian operatives successfully targeted and hacked “at least one” Florida county government in the run up to the 2016 U.S. presidential election, according to new findings by the Special Counsel Robert Mueller.

The report, published Thursday by the Justice Department, said the county was targeted by the Russian intelligence service, known as the GRU. The hackers sent spearphishing emails to more than 120 email accounts used by county officials responsible for administering the election, the report said.

According to the findings:

In August 2016, GRU officers targeted employees of [REDACTED], a voting technology company that developed software used by numerous U.S. counties to manage voter rolls, and installed malware on the company network… the spearphishing emails contained an attached Word document coded with malicious software (commonly referred to as a Trojan) that permitted the GRU to access the infected computer.

The findings are a significant development from previous reporting that said Florida’s election systems were merely targets of the Russian operatives.

Sen. Bill Nelson (D-FL) was derided after he claimed just days before his eventual re-election that hackers had gained access to the state’s election systems. According to NBC News, some of Nelson’s assertions were based off classified information that was not yet public.

Nelson’s remarks came almost a year after The Intercept published a classified document — later discovered to have been sent by since-jailed NSA whistleblower and Reality Winner — showing that intelligence pointed to a concerted effort by the GRU to target election infrastructure. The NSA said the hackers sent emails impersonating voting technology company VR Systems to state government officials.

The Orlando Sentinel confirmed Thursday following the release of Mueller’s report’s that Volusia County was sent infected emails containing malware, suggesting Volusia County — north of Orlando — may have been the target.

Mueller’s report confirmed that the FBI investigated the incident.

The office of Florida’s secretary of state said that Florida’s voter registration system “was and remains secure,” and “official results or vote tallies were not changed.”

Two years later following the 2018 midterm elections, the Justice Department and Homeland Security said there was “no evidence” of vote hacking or tampering.


Source: The Tech Crunch

Read More

Chipotle customers are saying their accounts have been hacked

Posted by on Apr 17, 2019 in Apps, computer security, credential stuffing, data breach, data security, Food, Hack, multi-factor authentication, Password, Prevention, Privacy, Security, spokesperson | 0 comments

A stream of Chipotle customers have said their accounts have been hacked and are reporting fraudulent orders charged to their credit cards — sometimes totaling hundreds of dollars.

Customers have posted on several Reddit threads complaining of account breaches and many more have tweeted at @ChipotleTweets to alert the fast food giant of the problem. In most cases, orders were put through under a victim’s account and delivered to addresses often not even in the victim’s state.

Many of the customers TechCrunch spoke to in the past two days said they used their Chipotle account password on other sites. Chipotle spokesperson Laurie Schalow told TechCrunch that credential stuffing was to blame. Hackers take lists of usernames and passwords from other breached sites and brute-force their way into other accounts.

But several customers we spoke to said their password was unique to Chipotle. Another customer said they didn’t have an account but ordered through Chipotle’s guest checkout option.

Tweets from Chipotle customers. (Screenshot: TechCrunch)

When we asked Chipotle about this, Schalow said the company is “monitoring any possible account security issues of which we’re made aware and continue to have no indication of a breach of private data of our customers,” and reiterated that the company’s data points to credential stuffing.

It’s a similar set of complaints made by DoorDash customers last year, who said their accounts had been improperly accessed. DoorDash also blamed the account hacks on credential stuffing, but could not explain how some accounts were breached even when users told TechCrunch that they used a unique password on the site.

If credential stuffing is to blame for Chipotle account breaches, rolling out two-factor authentication would help prevent the automated login process — and, put an additional barrier between a hacker and a victim’s account.

But when asked if Chipotle has plans to roll out two-factor authentication to protect its customers going forward, spokesperson Schalow declined to comment. “We don’t discuss our security strategies.”

Chipotle reported a data breach in 2017 affecting its 2,250 restaurants. Hackers infected its point-of-sale devices with malware, scraping millions of payment cards from unsuspecting restaurant goers. More than a hundred fast food and restaurant chains were also affected by the same malware infections.

In August, three suspects said to be members of the FIN7 hacking and fraud group were charged with the credit card thefts.


Source: The Tech Crunch

Read More

Researchers obtain a command server used by North Korean hacker group

Posted by on Mar 4, 2019 in computer security, cyberattacks, Cyberwarfare, Europe, Government, Hack, hacker, malware, McAfee, North Korea, Security, Sony, United Kingdom, United States | 0 comments

In a rare move, government officials have handed security researchers a seized server believed to be used by North Korean hackers to launch dozens of targeted attacks last year.

Known as Operation Sharpshooter, the server was used to deliver a malware campaign targeting governments, telecoms, and defense contractors — first uncovered in December. The hackers sent malicious Word document by email that would when opened run macro-code to download a second-stage implant, dubbed Rising Sun, which the hackers used to conduct reconnaissance and steal user data.

The Lazarus Group, a hacker group linked to North Korea, was the prime suspect given the overlap with similar code previously used by hackers, but a connection was never confirmed.

Now, McAfee says it’s confident to make the link.

“This was a unique first experience in all my years of threat research and investigations,” said Christiaan Beek, lead scientist and senior principal engineer at McAfee, told TechCrunch in an email. “In having visibility into an adversary’s command-and-control server, we were able to uncover valuable information that lead to more clues to investigate,” he said.

The move was part of an effort to better understand the threat from the nation state, which has in recent years been blamed for the 2016 Sony hack and the WannaCry ransomware outbreak in 2017, as well as more targeted attacks on global businesses.

In the new research seen by TechCrunch out Sunday, the security firm’s examination of the server code revealed Operation Sharpshooter was operational far longer than first believed — dating back to September 2017 — and targeted a broader range of industries and countries, including financial services and critical infrastructure in Europe, the U.K. and the U.S.

The modular command and control structure of the Rising Sun malware. (Image: McAfee)

The research showed that server, operating as the malware’s command and control infrastructure, was written in the PHP and ASP web languages, used for building websites and web-based applications, making it easily deployed and highly scalable.

The back-end has several components used to launch attacks on the hackers’ targets. Each component has a specific role, such as the implant downloader, which hosts and pulls the implant from another downloader; and the the command interpreter, which operates the Rising Sun implant through an intermediate hacked server to help hide the wider command structure.

The researchers say that the hackers use a factory-style approach to building the Rising Sun, a modular type of malware that was pieced together different components over several years. “These components appear in various implants dating back to 2016, which is one indication that the attacker has access to a set of developed functionalities at their disposal,” said McAfee’s research. The researchers also found a “clear evolutionary” path from Duuzer, a backdoor used to target South Korean computers as far back as 2015, and also part of the same family of malware used in the Sony hack, also attributed to North Korea.

Although the evidence points to the Lazarus Group, evidence from the log files show a batch of IP addresses purportedly from Namibia, which researchers can’t explain.

“It is quite possible that these unobfuscated connections may represent the locations that the adversary is operating from or testing in,” the research said. “Equally, this could be a false flag,” such as an effort to cause confusion in the event that the server is compromised.

The research represents a breakthrough in understanding the adversary behind Operation Sharpshooter. Attribution of cyberattacks is difficult at best, a fact that security researchers and governments alike recognize, given malware authors and threat groups share code and leave red herrings to hide their identities. But obtaining a command and control server, the core innards of a malware campaign, is telling.

Even if the goals of the campaign are still a mystery, McAfee’s chief scientist Raj Samani said the insight will “give us deeper insights in investigations moving forward.”


Source: The Tech Crunch

Read More

Australia’s government and political parties hit by cyber attack from ‘sophisticated state actor’

Posted by on Feb 18, 2019 in Australia, China, computer security, Cyberwarfare, Hack, Hillary Clinton, John Podesta, national security, presidential election, TC, United States | 0 comments

The Australia government suffered a cyber attack that it suspects is the work of a “sophisticated state actor,” according to the country’s Prime Minister.

PM Scott Morrison said today the computer network of the country’s parliament, and those belonging to Liberal, Labor and Nationals parties, were targeted by an attack which took place a few weeks ago, The Sydney Morning Herald reports. Australia is months away federal elections which will take place in May.

Morrison said there is “no evidence of any electoral interference.”

“We have put in place a number of measures to ensure the integrity of our electoral system,” he said, adding that security services “acted decisively to confront it.”

There is apparently no indication that data was accessed following the attack.

Where exactly it originated from remains unclear.

Sources told SMH that the sophistication of the attack was “unprecedented,” but nobody in the government is naming suspects. Reportedly, the incident sports “the digital fingerprints of China” but there remains the possibility that the attack was framed to look like it originated from China.

The incident recalls the hacking of the Democrat Party around the U.S. Presidential election in 2016. The attackers, who are widely suspected to be linked to the Russian government, accessed are to have accessed 19,252 emails and 8,034 attachments from DNC email accounts, John Podesta, who was the campaign chairman for Hillary Clinton.

Australia itself has a history of parliamentary hacks. The national government was attacked in 2015 by a “foreign government” (later named as China) that reportedly used computers at the Bureau of Meteorology as its entry point. The incident is said to have given China the records of 14 million federal employees.


Source: The Tech Crunch

Read More

Shodan Safari, where hackers heckle the worst devices put on the internet

Posted by on Jan 21, 2019 in Apps, controller, fiction, Hack, India, instagram, Italy, kodak, Privacy, safari, screenshot, search engine, Security, TC, texas, web interface | 0 comments

If you leave something on the internet long enough, someone will hack it.

The reality is that many device manufacturers make it far too easy by using default passwords that are widely documented, allowing anyone to log in as “admin” and snoop around. Often, there’s no password at all.

Enter “Shodan Safari,” a popular part-game, part-expression of catharsis, where hackers tweet and share their worst finds on Shodan, a search engine for exposed devices and databases popular with security researchers. Almost anything that connects to the internet gets scraped and tagged in Shodan’s vast search engine — including what the device does and internet ports are open, which helps Shodan understand what the device is. If a particular port is open, it could be a webcam. If certain header comes back, it’s backend might be viewable in the browser.

Think of Shodan Safari as internet dumpster diving.

From cameras to routers, hospital CT scanners to airport explosive detector units, you’d be amazed — and depressed — at what you can find exposed on the open internet.

Like a toilet, or prized pot plant, or — as we see below — someone’s actual goat.

The reality is that Shodan scares people — and it should. It’s a window into the world of absolute insecurity. It’s not just exposed devices but databases — storing anything from two-factor codes to your voter records, and where you’re going to the gym tonight. But devices take up the bulk of what’s out there. Exposed CCTV cameras, license plate readers, sex toys, and smart home appliances. If it’s out there and exposed, it’s probably on Shodan.

If there’s ever a lesson to device makers, not everything has to be connected to the internet.

Here’s some of the worst things we’ve found so far. (And here’s where to send your best finds.)

An office air conditioning controller. (Screenshot: Shodan)

 

A weather station monitor at an airport in Alabama. (Screenshot: Shodan)

 

A web-based financial system at a co-operative credit bank in India. (Screenshot: Shodan)

 

For some reason, a beef factory. (Screenshot: Shodan)

 

An electric music carillon near St. Louis. used for making church bell melodies. (Screenshot: Shodan)

 

A bio-gas production and refinery plant in Italy. (Screenshot: Shodan)

 

A bird. Just a bird. (Screenshot: Shodan via @Joshbal4)

 

A brewery in Los Angeles. (Screenshot: Shodan)

 

The back end of a cinema’s projector system. Many simply run Windows. (Screenshot: Shodan via @tacticalmaid)

 

The engine room of a Dutch fishing boat. (Screenshot: Shodan)

 

An explosive residue detector at Heathrow Airport’s Terminal 3. (Screenshot: TechCrunch)

 

A fish tank water control and temperature monitor. (Screenshot: Shodan)

 

A climate control system for a flower store in Colorado Springs. (Screenshot: Shodan)

 

The web interface for a Tesla PowerPack. (Screenshot: Shodan via @xd4rker)

 

An Instagram auto-follow bot.(Screenshot: Shodan)

 

A terminal used by a pharmacist. (Screenshot: Shodan)

 

A controller for video displays and speakers at a Phil’s BBQ restaurant in Texas. (Screenshot: Shodan)

 

A Kodak Lotem printing press. (Screenshot: Shodan)

 

Someone’s already hacked lawn sprinkler system. Yes, that’s Rick Astley. (Screenshot: Shodan)

 

A sulfur dioxide detector. (Screenshot: Shodan)

 

An internet-connected knee recovery machine. (Screenshot: Shodan)

 

Somehow, a really old version of Windows XP still in existence. (Screenshot: Shodan)

 

Someone’s workout machine. (Screenshot: Shodan)


Source: The Tech Crunch

Read More

Daily Crunch: Bing has a child porn problem

Posted by on Jan 11, 2019 in Apps, Artificial Intelligence, Asia, Cloud, Developer, Entertainment, Fundings & Exits, Government, Hack, Hardware, Robotics, Social, Startups, TC | 0 comments

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here:

1. Microsoft Bing not only shows child pornography, it suggests it

A TechCrunch-commissioned report has found damning evidence on Microsoft’s search engine. Our findings show a massive failure on Microsoft’s part to adequately police its Bing search engine and to prevent its suggested searches and images from assisting pedophiles.

2. Unity pulls nuclear option on cloud gaming startup Improbable, terminating game engine license

Unity, the widely popular gaming engine, has pulled the rug out from underneath U.K.-based cloud gaming startup Improbable and revoked its license — effectively shutting them out from a top customer source. The conflict arose after Unity claimed Improbable broke the company’s Terms of Service and distributed Unity software on the cloud.

3. Improbable and Epic Games establish $25M fund to help devs move to ‘more open engines’ after Unity debacle

Just when you thought things were going south for Improbable the company inked a late-night deal with Unity competitor Epic Games to establish a fund geared toward open gaming engines. This begs the question of how Unity and Improbable’s relationship managed to sour so quickly after this public debacle.

4. The next phase of WeChat 

WeChat boasts more than 1 billion daily active users, but user growth is starting to hit a plateau. That’s been expected for some time, but it is forcing the Chinese juggernaut to build new features to generate more time spent on the app to maintain growth.

5. Bungie takes back its Destiny and departs from Activision 

The creator behind games like Halo and Destiny is splitting from its publisher Activision to go its own way. This is good news for gamers, as Bungie will no longer be under the strict deadlines of a big gaming studio that plagued the launch of Destiny and its sequel.

6. Another server security lapse at NASA exposed staff and project data

The leaking server was — ironically — a bug-reporting server, running the popular Jira bug triaging and tracking software. In NASA’s case, the software wasn’t properly configured, allowing anyone to access the server without a password.

7. Is Samsung getting serious about robotics? 

This week Samsung made a surprise announcement during its CES press conference and unveiled three new consumer and retail robots and a wearable exoskeleton. It was a pretty massive reveal, but the company’s look-but-don’t-touch approach raised far more questions than it answered.


Source: The Tech Crunch

Read More

Hackers hijack thousands of Chromecasts to warn of latest security bug

Posted by on Jan 2, 2019 in Amazon, chromecast, computing, echo, Gadgets, Google, Hack, Hardware, ipad, media streamer, Security, smart devices, smart home devices, spokesperson, Technology, wi-fi | 0 comments

Hackers have hijacked thousands of exposed Chromecast streaming devices to warn users of the latest security flaw to affect the device. But other security researchers say that the bug — if left unfixed — could be used for more disruptive attacks.

The culprits, known as Hacker Giraffe and J3ws3r, have become the latest person to figure out how to trick Google’s media streamer into playing any YouTube video they want — including videos that are custom-made. This time around, the hackers hijacked forced the affected Chromecasts to display a pop-up notice that’s viewable on the connected TV, warning the user that their misconfigured router is exposing their Chromecast and smart TV to hackers like themselves.

Not one to waste an opportunity, the hackers also asks that you subscribe to PewDiePie, an awful internet person with a popular YouTube following. (He’s the same hacker who tricked thousands of exposed printers into printing support for PewDiePie.)

The bug, dubbed CastHack, exploits a weakness in both Chromecast and the router it connects to. Some home routers have enabled Universal Plug and Play (UPnP), a networking standard that can be exploited in many ways. UPnP forwards ports from the internal network to the internet, making Chromecasts and other devices viewable and accessible from anywhere on the internet.

As the two say, disabling UPnP should fix the problem.

“We have received reports from users who have had an unauthorized video played on their TVs via a Chromecast device,” a Google spokesperson told TechCrunch. “This is not an issue with Chromecast specifically, but is rather the result of router settings that make smart devices, including Chromecast, publicly reachable,” the spokesperson said.

That’s true on one hand, but it doesn’t address the underlying issue — that the Chromecast can be tricked into allowing an unauthenticated attacker the ability to hijack a media stream and display whatever they want.

Hacker Giraffe sent this YouTube video to thousands of exposed Chromecast devices, warning that their streams could be easily hijacked. (Screenshot: TechCrunch)

Bishop Fox, a security consultancy firm, first found a hijack bug in 2014, not long after the Chromecast debuted. The researchers found that they could conduct a “deauth” attack that disconnects the Chromecast from the Wi-Fi network it was connected to, causing it to revert back to its out-of-the-box state, waiting for a device to tell it where to connect and what to stream. That’s when it can be hijacked and forced to stream whatever the hijacker wants. All of this can be done in an instant — as they did — with a touch of a button on a custom-built handheld remote.

Two years later, U.K. cybersecurity firm Pen Test Partners discovered that the Chromecast was still vulnerable to “deauth” attacks, making it easy to play content on a neighbor’s Chromecasts in just a few minutes.

Ken Munro, who founded Pen Test Partners, says there’s “no surprise that somebody else stumbled on to it,” given both Bishop Fix found it in 2014 and his company tested it in 2016.

“In fairness, we never thought that the service would be exposed on the public internet, so that is a very valid finding of his, full credit to him for that,” Munro told TechCrunch. (Google said in a follow-up email that it’s working to fix the deauth bug.)

He said the way the attack is conducted is different, but the method of exploitation is the same. CastHack can be exploited over the internet, while Bishop Fox and his “deauth” attacks can be carried out within range of the Wi-Fi network — yet, both attacks let the hacker control what’s displayed on the TV from the Chromecast, he said.

Munro said Google should have fixed its bug in 2014 when it first had the chance.

“Allowing control over a local network without authentication is a really silly idea on [Google’s] part,” he said. “Because users do silly things, like expose their TVs on the internet, and hackers find bugs in services that can be exploited.”

But Munro said that these kinds of attacks — although obnoxious and intrusive on the face of it — could be exploited to have far more malicious consequences.

In a blog post Wednesday, Munro said it was easy to exploit other smart home devices — like an Amazon Echo — by hijacking a Chromecast and forcing it to play commands that are loud enough to be picked up by its microphone. That’s happened before, when smart assistants get confused when they overhear words on the television or radio, and suddenly and without warning purchase items from Amazon. (You can and should turn on a PIN for ordering through Amazon.)

To name a few, Munro said it’s possible to force a Chromecast into loading a YouTube video created by an attacker to trick an Echo to: “Alexa, order an iPad,” or, “Alexa, turn off the house alarm,” or, “Alexa, set an alarm every day at 3am.”

Amazon Echos and other smart devices are widely considered to be secure, even if they’re prone to overhearing things they shouldn’t. Often, the weakest link are humans. Second to that, it’s the other devices around smart home assistants that pose the biggest risk, said Munro in his blog post. That was demonstrated recently when Canadian security researcher Render Man showed how using a sound transducer against a window can trick a nearby Amazon Echo into unlocking a network-connected smart lock on the front door of a house.

“Google needs to properly fix the Chromecast deauth bug that allows casting of YouTube traffic,” said Munro.

Updated at 9pm ET: with a new, clearer headline to better reflect the flaws over the years, and added additional comment from Google.


Source: The Tech Crunch

Read More

3D-printed heads let hackers – and cops – unlock your phone

Posted by on Dec 16, 2018 in 3d printing, biometrics, Face ID, facial recognition, facial recognition software, Hack, Identification, iOS, iPhone, learning, Mobile, model, Prevention, Privacy, Security, surveillance | 0 comments

There’s a lot you can make with a 3D printer: from prosthetics, corneas, and firearms — even an Olympic-standard luge.

You can even 3D print a life-size replica of a human head — and not just for Hollywood. Forbes reporter Thomas Brewster commissioned a 3D printed model of his own head to test the face unlocking systems on a range of phones — four Android models and an iPhone X.

Bad news if you’re an Android user: only the iPhone X defended against the attack.

Gone, it seems, are the days of the trusty passcode, which many still find cumbersome, fiddly, and inconvenient — especially when you unlock your phone dozens of times a day. Phone makers are taking to the more convenient unlock methods. Even if Google’s latest Pixel 3 shunned facial recognition, many Android models — including popular Samsung devices — are relying more on your facial biometrics. In its latest models, Apple effectively killed its fingerprint-reading Touch ID in favor of its newer Face ID.

But that poses a problem for your data if a mere 3D-printed model can trick your phone into giving up your secrets. That makes life much easier for hackers, who have no rulebook to go from. But what about the police or the feds, who do?

It’s no secret that biometrics — your fingerprints and your face — aren’t protected under the Fifth Amendment. That means police can’t compel you to give up your passcode, but they can forcibly depress your fingerprint to unlock your phone, or hold it to your face while you’re looking at it. And the police know it — it happens more often than you might realize.

But there’s also little in the way of stopping police from 3D printing or replicating a set of biometrics to break into a phone.

“Legally, it’s no different from using fingerprints to unlock a device,” said Orin Kerr, professor at USC Gould School of Law, in an email. “The government needs to get the biometric unlocking information somehow,” by either the finger pattern shape or the head shape, he said.

Although a warrant “wouldn’t necessarily be a requirement” to get the biometric data, one would be needed to use the data to unlock a device, he said.

Jake Laperruque, senior counsel at the Project On Government Oversight, said it was doable but isn’t the most practical or cost-effective way for cops to get access to phone data.

“A situation where you couldn’t get the actual person but could use a 3D print model may exist,” he said. “I think the big threat is that a system where anyone — cops or criminals — can get into your phone by holding your face up to it is a system with serious security limits.”

The FBI alone has thousands of devices in its custody — even after admitting the number of encrypted devices is far lower than first reported. With the ubiquitous nature of surveillance, now even more powerful with high-resolution cameras and facial recognition software, it’s easier than ever for police to obtain our biometric data as we go about our everyday lives.

Those cheering on the “death of the password” might want to think again. They’re still the only thing that’s keeping your data safe from the law.


Source: The Tech Crunch

Read More

Hackers breach Healthcare.gov system, taking files on 75,000 people

Posted by on Oct 20, 2018 in Hack, Health, healthcare.gov, Medicare, president, Security | 0 comments

A government system used by insurance agents and brokers to help customers sign up for healthcare plans was breached, allowing hackers to siphon off sensitive and personal data on 75,000 people.

The Centers for Medicare and Medicaid Services confirmed the breach in a late Friday announcement, but revealed few details about the contents of the files stolen.

The hacked system was connected to the Healthcare.gov website, the front-facing portal for anyone signing up for an insurance plan under former President Obama’s healthcare law, the Affordable Care Act. Hackers targeted the behind-the-scenes system that insurance agents used to help customers directly enroll in new plans, and not the consumer Healthcare.gov site itself. 

In order to sign up for healthcare plans, customers have to give over a ton of personal data — including names, addresses, and their social security number. CMS didn’t say exactly what kind of data was included in the stolen files, nor did it say how the breach happened.

Spokesperson Jonathan Monroe didn’t respond to a request for comment.

CMS said that the Healthcare.gov website was unaffected. Open enrollment in new healthcare plans — set for November 1 — will be unaffected, the statement said. Officials are “working to identify the individuals potentially impacted as quickly as possible so that we can notify them and provide resources such as credit protection.”


Source: The Tech Crunch

Read More

Hackers failed to hack into DNC voter database, says security firm

Posted by on Aug 22, 2018 in 2018 midterm elections, Democratic National Comittee, election security, Hack, Security, TC | 0 comments

The Democratic National Committee has prevented an attempt to hack into its database of tens of millions of voters.

CNN and the Associated Press reported on Wednesday, citing an unnamed party official, that the political organization was warned Tuesday of the attempt.

DNC officials reportedly contacted the FBI. When contacted, a spokesperson for the FBI declined to comment.

Lookout, a security firm, told TechCrunch that its staff detected a phishing page hosted on DigitalOcean, a cloud computing and hosting giant, which replicated a login page for NGP VAN, a technology provider for Democratic campaigns.

In the case of phishing attacks, hackers attempt to obtain the username and password for sensitive internal systems by tricking staff into entering their credentials on spoofed sites. Hackers can then reuse those credentials to log in themselves.

Jeremy Richards, principal engineer at the security firm, notified DigitalOcean of the phishing site, which was taken offline. Mike Murray, vice president of security intelligence, informed the DNC.

It’s not immediately known who was behind the attempted hack.

Bob Lord, DNC’s security chief, briefed Democratic officials on the incident in Chicago on Wednesday. Lord did not immediately respond to a request for comment.

It’s not uncommon for political parties to store vast amounts of information on voters. Political parties and national committees often use the data to target voters with political messaging.

In recent years, several voter databases have leaked or were exposed on unprotected servers for anyone to find.

Earlier this week, Microsoft said it thwarted an attempt by a Russian-backed advanced persistent threat group known as Fancy Bear (or APT28) to steal data from political organizations.


Source: The Tech Crunch

Read More