All posts in “russia”

The leaked NSA report shows 2-factor authentication has a critical weakness: You

"Wait, all I did was enter all my personal info into a random site after clicking a sketchy link!"
“Wait, all I did was enter all my personal info into a random site after clicking a sketchy link!”

Image: jhorrocks/Getty Images

So you’ve created a strong password, kept an eye out for sketchy links, and enabled two-factor authentication — what could possibly go wrong?

Well, it turns out the answer is “you.” 

As the leaked NSA report on Russian efforts to hack the computers of U.S. election officials before the 2016 presidential election demonstrates, we are all often our own biggest security weakness. The document, published by The Intercept, shows that hackers found a way around the protections offered by two-factor authentication that is striking in its simplicity: They asked the targets for their verification codes. 

“If the victim had previously enabled two-factor authentication (2FA),” explains a slide detailing the Russian attack, “the actor-controlled website would further prompt the victim to provide their phone number and their legitimate Google verification code that was sent to their phone.”

To translate, after tricking victims into entering their email and password into a fake Google site, the hackers found that some victims had 2FA set up on their accounts. This meant that even with the password, hackers were unable to gain access to the Gmail accounts in question — that is, unless they could get the verification codes as well. 

So, again, they just straight up asked for them. 

A step-by-step approach.

A step-by-step approach.

Image: nsa/the intercept

“Once the victim supplied this information to the actor-controlled website, it would be relayed to a legitimate Google service, but only after [redacted] actors had successfully obtained the victim’s password (and if two-factor, phone number and Google verification code) associated with that specific email account.”

Basically, the hackers were able to bypass the email security measures by requesting that the victims give them the keys to the digital castle. 

Once access was gained to the accounts, which reportedly belonged to an electronic-voting vendor, the hackers would then email election officials from the hacked accounts and attempt to trick those same officials into opening script-laden Word docs that would compromise their computers. 

It’s an elaborate bit of spear phishing, and it reminds us that no matter what digital security practices we put in place, we can all still slip up. 

In the face of everyday online threats, the best defense (other than setting up 2FA — which you should definitely still do) might be the simplest: exercise caution with every email you receive, and be paranoid as hell

In the face of skilled Russian hackers? Well, that one’s trickier, but maybe start with not handing over your email password, phone number, and 2FA verification code. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f80276%2feff195aa 5680 49b1 a6cc 7fbd4dfa62f6

Someone’s already been arrested for allegedly leaking an NSA report to The Intercept

The story of a leaked NSA report detailing Russia’s alleged attempts to infiltrate US voting infrastructure ahead of the 2016 presidential election just took a sharply unexpected turn. 

Reality Leigh Winner, 25, has been arrested and is in custody, with officials saying they have identified her as the source of the documents leaked to The Intercept.

The Intercept broke the story of the National Security Agency report on June 5, noting that it “indicates that Russian hacking may have penetrated further into U.S. voting systems than was previously understood.” 

This was based on leaked documents provided to the site, which, allegedly before going public with the story, showed them to NSA officials to confirm their authenticity. 

This, reportedly, is where the publication known for its security-conscious reporters may have messed up. 

The government affidavit states that The Intercept showed them “folded and/or creased” documents, “suggesting they had been printed and hand-carried out of a secured space.” This clue was enough for officials to “determine who accessed the intelligence reporting since its publication, and, after seeing that “six individuals printed this reporting,” narrow the list of suspects down. 

Importantly, if we are to take the government at its word,  investigators could have conceivably identified the leaker regardless of the folded nature of the docs. That’s because the alleged source had “e-mail contact” with The Intercept—possibly from her work computer. She also, allegedly, printed the material out at work. 

Either way, the arrest is a blow for the national security-focused Intercept. The site takes pains to detail secure ways for sources to share info with it in a page titled “The Intercept Welcomes Whistleblowers.”

“So whether you are in government or the private sector, if you become aware of behavior that you believe is unethical, illegal, or damaging to the public interest, consider sharing your information securely with us,” the webpage explains. “We’ve taken steps to make sure that people can leak to us as safely as possible.”

Under the section “What not to do if you want to remain anonymous,” the top piece of advice is “Don’t contact us from work.”

WATCH: Adele’s Amazing Anniversary Surprise

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f3353%2f50c23848 430c 4f3c 83be f449bced356a

Ukraine tweeting a ‘Simpsons’ GIF at Russia is peak 2017 politics

Ukraine vs Russia in today's Twitter feud.
Ukraine vs Russia in today’s Twitter feud.

Image: mashable composite: twitter/emojipedia

Twitter is obviously the place to be for anyone (or any nation) looking to pack a political punch in the 21st century.

So on Tuesday the official Twitter account for Ukraine decided that tweeting a Simpsons GIF at Russia’s Foreign Affairs account, itself pretty active on Twitter, would be the perfect way to properly usher the nations’ conflict into the digital age.

After Russian President Vladimir Putin met with President of France, Emmanuel Macron to deliver a joint press conference on Monday, much to the ire of Ukrainians, Putin said Anna Yaroslavna, queen consort of France from 1051 to 1060, was Russian.

Ukraine later @’ed Russia on Tuesday to set the record straight and give the country a little history refresher about Yaroslavna, who married France’s King Henry I but was in fact Kiev-born. 

Ukraine seemed more than a little peeved that Russia was co-opting history and misleading people into thinking Yaroslav was from Moscow, when in fact Moscow hadn’t even been established in 1051. Dmytro Shymkiv, deputy head of the Presidential Administration of Ukraine was so bothered by Putin’s comments about Yaroslavna that he further clarified her heritage on his Facebook account, explaining, “My dear French friends, Russian president Putin tried to mislead you today.”

Russia’s response? Well, Russia simply justified the twisting of facts by saying, “Hey, Ukraine, we have a shared history.” 

Despite the fact that Ukrainian parliament declared independence from the Soviet Union back in 1991, Russia “proudly” declared that it shares the same historical heritage as Ukraine and Belarus, and feels this history should “unite, not divide” them.

Ukraine clapped back at Russia’s bold attempt to sugarcoat the nations’ rocky history along with Putin’s present-day stretching of the truth by reminding Russia that the “shared history” wasn’t exactly “shared” by Ukraine’s choice.

With a touch of snark and a little help from The Simpsons, Ukraine used a memorable political moment in animated pop-culture to troll Russia for its selective memory regarding the long, tangled history between the two countries.

Can we just take a second to accurately appreciate that?

“You really don’t change, do you?” Ukraine asked, delivering an epic burn to Russia.

The GIF, from a 1998 episode of the show titled Simpson Tide, wasn’t Ukraine’s last. The debating and interpretation of centuries-old history and action continued, culminating in yet another GIF at the fingers of the person running the Ukraine Twitter account, this time of Benedict Cumberbatch from Sherlock.

To completely untangle the history of the Russia-Ukraine feud is, to put it lightly, incredibly complicated and the kind of subject that fills hundreds of very long books. 

A heightened tension between the two nations sparked after 2013 protests took place in Kiev, followed by dangerous attacks in 2014, and a series of trade disagreements and military intervention. From Kievan Rus to Catherine the Great to the Soviet Union to Russia’s 2014 annexation of Crimea, the two nations embarked on what is currently one of the deadliest crises in European history. 

So it makes total sense for this long-simmering feud to finally become a battle of memes on Twitter, right? 

Marvelous. Just marvelous.

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f1465%2fb53e0f00 0976 4f8e 85f5 76766dcbdabc

A Russian embassy is promoting a right-wing murder conspiracy

The Consular Section of the Russian Embassy in Central London.
The Consular Section of the Russian Embassy in Central London.

Image: WILL OLIVER/EPA/REX/Shutterstock

Russia’s embassy in the United Kingdom is boosting a right-wing conspiracy theory.

Perhaps we shouldn’t be so surprised. 

The social media staff at the embassy are well-known trolls, but this conspiracy theory has made it clear just how far the embassy will go.

Seth Rich, mentioned in the tweet above, was working for the Democratic National Committee in July when he was fatally shot while walking near his home in Washington, D.C. The reasons behind the murder are unknown, but Wikileaks founder Julian Assange implied that Rich was murdered for providing Wikileaks with leaked DNC emails.

“Whistle-blowers go to significant efforts to get us material and often very significant risks,” Assange said in an August interview. “There’s a 27-year-old who works for the DNC, who was shot in the back, murdered, just two weeks ago, for unknown reasons as he was walking down the street in Washington.”

DNC emails leaked to and published by Wikileaks were a constant drag on the campaign of Democratic presidential candidate Hillary Clinton — pictured in the background of the embassy’s tweet — during the 2016 presidential election. However, U.S. officials have pointed an unequivocal finger at Russian government-backed hackers as the ones who stole the information. 

The conspiracy theory around Rich’s death had been thought of as just that for months. But earlier this week, a personal investigator hired by Rich’s family to investigate his death said that there was “tangible evidence” Rich had contacted Wikileaks before he was killed. The investigator has since contradicted that statement, and Rich’s family now wishes they hadn’t hired him. 

But the investigator’s statements gave right-wing media — including /r/The-Donald, Breitbart, and Sean Hannity — enough fuel to relaunch the conspiracy in 2017.

That conspiracy has now made it to the Russian government, yet another way the Kremlin has weaseled its way into daily American discourse.

Https%3a%2f%2fassets jpcust.jwpsrv.com%2fthumbs%2frdnasjwl 320

Trump is going on a tweet-bender the likes of which we haven’t seen in…OK at least days

President Angry On Twitter
President Angry On Twitter

Image: Drew Angerer/Getty Images

The Leader Of The Free World unleashed a tweetstorm on Friday, mainly focused on the FBI investigation into the Trump campaign’s potential ties with the Russian government, with some hallmark media bashing thrown in. 

In half-dozen tweets, Trump repeated his previous attacks on Democrats and the media, suggested he would halt press briefings, and threatened former FBI Director James Comey, whom Trump fired Tuesday evening. That’s a lot to pack into roughly 840 characters or less.

Alright, let’s break this tweet storm down.

The early-morning tirade began with two favorite topics — why Democrats lost the election and how the media is lying:

These seem like generic expressions of Trump anger, which we’ve come to expect from a presidential tweetstorm (we can’t believe we just used that phrase either). After all, both during the campaign and throughout his presidency, Donald Trump has questioned Democratic campaign strategies and has called the media fake news. But this time, while tweeting about those two topics, Trump touches on the investigation of the Trump campaign’s potential ties to the Kremlin.

Why Trump fired Comey

Now things start to get really interesting:

This addresses the inconsistencies with the official explanation the White House put out to justify firing the FBI director. 

The Trump administration originally said the president decided to fire Comey because of the way the FBI director had handled an investigation into the use of a private email server by Trump’s presidential campaign rival, Hillary Clinton. This rationale was largely greeted with skepticism, if not outright disbelief.

Instead, many outlets speculated that the firing was a response to the intensifying FBI-led investigation into Trump-Kremlin ties. But the White House kept pushing the original line, until Trump contradicted it during an interview with NBC. 

“And in fact when I decided to just do it, I said to myself, I said, ‘you know, this Russia thing with Trump and Russia is a made-up story, it’s an excuse by the Democrats for having lost an election that they should have won,'” Trump told NBC’s Lester Holt on Thursday.

Which brings us to…

New and improved threats to the media

The White House has threatened daily press briefings before, but perhaps Donald Trump’s threats to cancel are more serious? New York Times reporter Maggie Haberman, who frequently covers Trump, thinks so.

And some folks are already suggesting alternatives to White House press briefings …

Onto the Comey threats

In addition to the subject matter, this tweet is additionally shocking because the tone sounds like some kind of all-grown-up schoolyard threat. And, given what Comey may know about the investigation into Trump-Kremlin ties, some are speculating that the threat could be a crime.

It all comes back to Russia

And, finally, the last (for now) in a Russia-investigation-related Twitter spree:

Clapper is the former director of national intelligence who, yes, says he has seen no evidence of collusion between Trump/Trump associates and the Kremlin. Clapper, though, doesn’t know what the FBI investigation may or may not have uncovered. Which is why the investigation is continuing.

Don’t ever let anyone tell you the president isn’t productive in the morning.

Http%3a%2f%2fcontent.jwplatform.com%2fthumbs%2ftrxefb7n