With the U.S. presidential election just one week away, the situation is becoming increasingly intense.

The heightened activity extends beyond political speeches—authorities report that malicious actors are actively attempting to interfere with the election process, and a specific instance of this interference, along with a swift attribution of responsibility, was revealed last week.

On Wednesday evening, Director of National Intelligence John Ratcliffe identified Iran as being responsible for an email campaign intended to frighten voters in Florida into supporting President Trump under threat of consequences. Ratcliffe, who declined to address questions from the press and has faced criticism for potentially injecting political bias into his role, stated that Iran utilized publicly accessible voter registration information to dispatch emails appearing to originate from the far-right organization the Proud Boys. Security researchers at Google also connected the campaign to Iran, though Iranian officials have refuted any involvement. Approximately 2,500 emails were successfully delivered, while the remaining attempts were flagged as spam.

While the announcement lacked extensive specifics, cybersecurity professionals such as John Hultquist, who leads intelligence analysis at Mandiant (a FireEye company), indicated that the incident “is demonstrably intended to erode trust in the voting process,” mirroring similar efforts by Russia during the 2016 election.

THE BIG PICTURE

Investigation reveals Twitter hack originated from a fraudulent VPN site

A recent inquiry by New York’s Department of Financial Affairs determined that those responsible for the security breach at Twitter utilized a deceptive VPN webpage to obtain an employee’s login information—including their two-factor authentication code. Following this access, the perpetrators compromised user accounts through an internal “admin tool” and subsequently disseminated a cryptocurrency fraud scheme.

According to a report released last week, the attackers contacted multiple Twitter personnel and successfully deceived one employee into submitting their username and password on a website mimicking the company’s VPN portal, a common access point for remote employees during the pandemic.

The report details that “while the employee inputted their credentials on the fraudulent website, the hackers simultaneously entered the same information on the legitimate Twitter website. This simulated login triggered a [two-factor authentication] prompt, which some employees then fulfilled.” Having gained network access via the employee’s VPN credentials, the hackers then focused on identifying methods to access the company’s internal systems.

Twitter announced in September that it would be providing its employees with hardware security keys, a measure intended to significantly reduce the likelihood of successful future phishing attempts.

DMCA takedown attempt against YouTube download tool proves counterproductive

The RIAA, representing the recording industry, submitted a takedown request targeting YouTube-DL, a widely used open-source application for downloading videos from YouTube and similar platforms. The RIAA asserted that the tool facilitated the circumvention of copyright safeguards. However, as Devin Coldewey explains, the RIAA’s legal standing is questionable.

A key factor in this situation is the open-source nature of the code, which permits anyone to utilize, copy, and “fork” it—essentially creating a modified version for improvement. Consequently, completely removing it from circulation is extremely difficult. The RIAA experienced this firsthand. The takedown notice attracted considerable attention, leading to a surge in efforts to fork the project and rapidly distribute the code across GitHub. One individual even leveraged a GitHub bug, which the platform reportedly refused to address, to attach the YouTube-DL code to GitHub’s repository of takedown notifications.

“You two are well matched,” commented Lance Vick, a security engineer and proponent of open-source software.

MOVERS AND SHAKERS

The past week featured in-depth looks at two prominent figures in the cybersecurity world.

Wired recently highlighted Maddie Stone, a highly regarded security researcher with Google’s Project Zero team, known for identifying and neutralizing some of the most critical security flaws. Stone, age 29, works as a reverse engineer, dedicating her efforts to discovering weaknesses within the Android operating system. Her work is crucial in safeguarding approximately three billion users from threats like botnets and malicious software. Beyond her technical contributions, she has actively challenged conventional perceptions of hackers, fostering a more inclusive environment within the cybersecurity profession, open to individuals of all genders and origins.

In a separate profile with The New Yorker, Moxie Marlinspike, the creator of the Signal encrypted messaging application, discussed his vision for a more secure and private internet experience. The article provides insight into Marlinspike’s efforts to establish privacy and security as standard features online, while also respecting his desire to maintain discretion regarding his personal life and the development of Signal – a widely used encryption app. Notably, Signal has been utilized by the Trump administration despite simultaneous efforts to weaken encryption technologies.

$ECURITY $TARTUPS

Grayshift, a company specializing in iPhone forensics and utilized by U.S. government agencies and law enforcement to access data on encrypted devices, has secured $47 million in funding, according to Forbes. This funding round was spearheaded by PeakEquity Partners, with the company reporting a doubling of both revenue and its customer base over the past year.

In related news, Cyberpion completed an $8.25 million seed funding round, with Team8, an Israeli venture capital firm, and Hyperwise Ventures taking the lead. Established in 2017, Cyberpion focuses on mitigating security risks originating from external vendors and third-party connections.

Additionally, the managed security company Arctic Wolf has finalized a substantial $200 million investment, elevating the company’s valuation to over $1 billion and achieving “unicorn” status. The company previously obtained $60 million in funding in March. Arctic Wolf functions as a provider of outsourced IT and security services, leveraging its proprietary cloud-based technology.

Confidential information can be sent via Signal and WhatsApp to +1 646-755-8849.