All posts in “Election 2016”

The leaked NSA report shows 2-factor authentication has a critical weakness: You

"Wait, all I did was enter all my personal info into a random site after clicking a sketchy link!"
“Wait, all I did was enter all my personal info into a random site after clicking a sketchy link!”

Image: jhorrocks/Getty Images

So you’ve created a strong password, kept an eye out for sketchy links, and enabled two-factor authentication — what could possibly go wrong?

Well, it turns out the answer is “you.” 

As the leaked NSA report on Russian efforts to hack the computers of U.S. election officials before the 2016 presidential election demonstrates, we are all often our own biggest security weakness. The document, published by The Intercept, shows that hackers found a way around the protections offered by two-factor authentication that is striking in its simplicity: They asked the targets for their verification codes. 

“If the victim had previously enabled two-factor authentication (2FA),” explains a slide detailing the Russian attack, “the actor-controlled website would further prompt the victim to provide their phone number and their legitimate Google verification code that was sent to their phone.”

To translate, after tricking victims into entering their email and password into a fake Google site, the hackers found that some victims had 2FA set up on their accounts. This meant that even with the password, hackers were unable to gain access to the Gmail accounts in question — that is, unless they could get the verification codes as well. 

So, again, they just straight up asked for them. 

A step-by-step approach.

A step-by-step approach.

Image: nsa/the intercept

“Once the victim supplied this information to the actor-controlled website, it would be relayed to a legitimate Google service, but only after [redacted] actors had successfully obtained the victim’s password (and if two-factor, phone number and Google verification code) associated with that specific email account.”

Basically, the hackers were able to bypass the email security measures by requesting that the victims give them the keys to the digital castle. 

Once access was gained to the accounts, which reportedly belonged to an electronic-voting vendor, the hackers would then email election officials from the hacked accounts and attempt to trick those same officials into opening script-laden Word docs that would compromise their computers. 

It’s an elaborate bit of spear phishing, and it reminds us that no matter what digital security practices we put in place, we can all still slip up. 

In the face of everyday online threats, the best defense (other than setting up 2FA — which you should definitely still do) might be the simplest: exercise caution with every email you receive, and be paranoid as hell

In the face of skilled Russian hackers? Well, that one’s trickier, but maybe start with not handing over your email password, phone number, and 2FA verification code. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f80276%2feff195aa 5680 49b1 a6cc 7fbd4dfa62f6

Someone’s already been arrested for allegedly leaking an NSA report to The Intercept

The story of a leaked NSA report detailing Russia’s alleged attempts to infiltrate US voting infrastructure ahead of the 2016 presidential election just took a sharply unexpected turn. 

Reality Leigh Winner, 25, has been arrested and is in custody, with officials saying they have identified her as the source of the documents leaked to The Intercept.

The Intercept broke the story of the National Security Agency report on June 5, noting that it “indicates that Russian hacking may have penetrated further into U.S. voting systems than was previously understood.” 

This was based on leaked documents provided to the site, which, allegedly before going public with the story, showed them to NSA officials to confirm their authenticity. 

This, reportedly, is where the publication known for its security-conscious reporters may have messed up. 

The government affidavit states that The Intercept showed them “folded and/or creased” documents, “suggesting they had been printed and hand-carried out of a secured space.” This clue was enough for officials to “determine who accessed the intelligence reporting since its publication, and, after seeing that “six individuals printed this reporting,” narrow the list of suspects down. 

Importantly, if we are to take the government at its word,  investigators could have conceivably identified the leaker regardless of the folded nature of the docs. That’s because the alleged source had “e-mail contact” with The Intercept—possibly from her work computer. She also, allegedly, printed the material out at work. 

Either way, the arrest is a blow for the national security-focused Intercept. The site takes pains to detail secure ways for sources to share info with it in a page titled “The Intercept Welcomes Whistleblowers.”

“So whether you are in government or the private sector, if you become aware of behavior that you believe is unethical, illegal, or damaging to the public interest, consider sharing your information securely with us,” the webpage explains. “We’ve taken steps to make sure that people can leak to us as safely as possible.”

Under the section “What not to do if you want to remain anonymous,” the top piece of advice is “Don’t contact us from work.”

WATCH: Adele’s Amazing Anniversary Surprise

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f3353%2f50c23848 430c 4f3c 83be f449bced356a

New leaked NSA hacking report is ‘House of Cards’ IRL

Russian hacking in the U.S. election isn't just a TV plot point.
Russian hacking in the U.S. election isn’t just a TV plot point.

Image: ambar del moral/mashable

New top secret National Security Agency (NSA) documents reportedly surfaced Monday, and they brought with them the alarming suggestion that Russian military intelligence officials attempted to hack into the U.S. voting system ahead of the November election.

The report, which was dated May 5 and obtained by The Intercept, details how hackers from the GRU, or the Russian General Staff Main Intelligence Directorate, attacked an elections software and hardware company just before the November election.

It’s terrifying stuff—and it sounds just like a plot point from the political drama House of Cards.

Russian president Vladimir Putin denied Russian involvement in the election last week, conceding only that hackers with “patriotic leanings” could possibly have decided to act on their own. The report begs to differ. It clearly states that a Russian military intelligence agency was involved.

The documents detail an attack on an elections-related software company in April 2016. Then with data from that, the hackers apparently created a “spear-phishing campaign” targeting local U.S. government organizations. In those phishing emails there was a Microsoft Word document sent out with malicious code. Finally in October 2016, the hackers sent out an email offering “election-related products and services.”

While the document is telling, it’s worth noting that it’s not definitive and comes from a single analysis — and doesn’t show any raw intelligence.

If this sounds familiar, you’re not alone. The news reads like a House of Cards storyline come to life, especially the most recent season. Without giving away too many spoilers, Season 5 features an intelligence officer hacking into the NSA to create a fake terror alert, thus closing down some polling places. While the operative in the show is from the U.S., he runs to Russia for protection there.

Twitter users were quick to point out the comparison too.

In a further twist in the tale, Reports surfaced Monday that the FBI has arrested a woman it suspects leaked the document to The Intercept.

Early reports suggested that it was a tiny detail—the creases in the printed copies of the documents—that led investigators to discover the source of the leak. They cross-referenced agency staff who had printed the documents with those who had emailed The Intercept and that led them to 25-year-old Reality Winner. Winner was a contractor at the NSA in Georgia, the Daily Beast reports.

Critics have complained for a while that real politics is overshadowing the plots of House of Cards, and with this latest development the gap between Netflix fantasy and reality just got even smaller.

WATCH: How to draw a millennial Pikachu

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f183%2f5ff86a90 635a 4100 bf9e ac2d18422245

Army of Russian trolls reportedly targeted swing states with anti-Clinton fake news

Fake news isn't just for Info Wars.
Fake news isn’t just for Info Wars.

Image: Shutterstock / rzoze19

If it seems like your family members living in key swing states were more swept up in anti-Hillary Clinton fake news than others during the 2016 election, Russian trolls may have been involved.

According to two members of the Senate Intelligence committee, Sen. Mark Warner (D-VA) and committee chairman Richard Burr (R-NC), hundreds of Russian trolls were paid in 2016 to generate fake news stories about Clinton and target them at voters in key states in an effort to swing the election for Trump.

“There were upwards of a thousand paid internet trolls working out of a facility in Russia, in effect taking over a series of computers which are then called a botnet, that can then generate news down to specific areas,” Warner said.

While he indicated investigators were still trying to figure out exactly what places the trolls were targeting, Warner mentioned they were exploring possible targeting of three states that helped swing the election for Donald Trump: Michigan, Pennsylvania, and Wisconsin. 

Those three states were later the subject of a failed recount attempt by Green Party candidate Jill Stein.

And, the senators warned, the Russians aren’t done. Burr said that it looks like the Russians are being much more overt than they were in 2016 in their attempts to affect the outcome of key elections in Germany and France.

“We feel part of our responsibility,” Burr said, “is to educate the rest of the world.”

Not surprisingly, Germany has signed on for a new Facebook effort to tag fake news on the social media site, a feature that’s recently rolled out in the U.S. after the platform faced heavy criticism for the proliferation of fake news throughout the election. 

WATCH: In stunning exchange, Trump refuses to answer question from CNN reporter