Skip to main content

Bellingcat journalists targeted by failed phishing attempt

Investigative news site Bellingcat has confirmed several of its staff were targeted by an attempted phishing attack on their Protonmail accounts, which the journalists and the email provider say failed.

“Yet again, Bellingcat finds itself targeted by cyber attacks, almost certainly linked to our work on Russia,” wrote Eliot Higgins, founder of the investigative news site in a tweet. “I guess one way to measure our impact is how frequently agents of the Russian Federation try to attack it, be it their hackers, trolls, or media.”

News emerged that a small number of Protonmail email accounts were targeted during the week — several of which belonged to Bellingcat’s researchers who work on projects relating to activities by the Russian government. A phishing email purportedly from Protonmail itself asked users to change their email account passwords or generate new encryption keys on a similarly named domain set up by the attackers. Records show the fake site was registered anonymously, according to an analysis by security researchers.

In a statement, Protonmail said the phishing attacks “did not succeed” and denied that its systems or user accounts had been hacked or compromised.

“The most practical way to obtain email data from a ProtonMail user’s inbox is by compromising the user, as opposed to trying to compromise the service itself,” said Protonmail’s chief executive Andy Yen. “For this reason, the attackers opted for a phishing campaign that targeted the journalists directly.”

Yen said the attackers tried to exploited an unpatched flaw in third-party software used by Protonmail, which has yet to be fixed or disclosed by the software maker.

“This vulnerability, however, is not widely known and indicates a higher level of sophistication on the part of the attackers,” said Yen.

It’s not known conclusively who was behind the attack. However, both Bellingcat and Protonmail said they believe certain tactics and indicators of the attack — and the fact that the targets were Bellingcat’s researchers working on the ongoing investigation into the downing of flight MH17 by Russian forces and the release of nerve agent in the U.K. — may point to hackers associated with the Russian government.

Higgins said in a tweet that this week’s attempted attack likely targeted a number of people “in the tens” unlike earlier attacks attributed to the Russian government-backed hacker group, known as APT 28 or Fancy Bear.

Bellingcat in the past year has gained critical acclaim for its investigations into the Russian government, uncovering the names of the alleged Russian operatives behind the suspected missile attack that blew up Malaysian airliner MH17 in 2014. The research team also discovered the names of the Russian operatives who were since accused of poisoning former Russian intelligence agent Sergei Skripal and his daughter Yulia in a nerve agent attack in Salisbury, U.K. in 2018.

The researchers use open-source intelligence and information gathering where police, law enforcement and intelligence agencies often fail.

It’s not the first time that hackers have targeted Bellingcat. Its researchers were targeted several times in 2016 and 2017 following the breach on the Democratic National Committee which saw thousands of internal emails stolen and published online.

A phone call to the Russian consulate in New York requesting comment was not returned.



from TechCrunch https://ift.tt/32UylpZ

Comments

Popular posts from this blog

Bill Gates steps down from Microsoft’s board to focus on philanthropy

In an announcement on Friday, Microsoft revealed that company co-founder Bill Gates has decided to step down from his role on its Board of Directors in order to focus on his philanthropic efforts at the Bill & Melinda Gates Foundation. This is Gate’s biggest change to his role at Microsoft since stepping down as company chairman in February 2014. According … Continue reading from SlashGear https://ift.tt/2We90Gu

World Economic Forum launches Global AI Council to address governance gaps

The World Economic Forum is creating a series of councils that create policy recommendations for use of things like AI, blockchain, and precision medicine. Read More from VentureBeat http://bit.ly/2EKBjD4

A Mini USB Keyboard That Isn’t A Keyboard

A useful add-on for any computer is a plug-in macro keyboard, a little peripheral that adds those extra useful buttons to automate tasks. [ Sayantan Pal] has made one, a handy board with nine programmable keys and a USB connector, but the surprise is that at its heart lies only the ubiquitous ATmega328 that you might find in an Arduino Uno. This isn’t a USB HID keyboard, instead it uses a USB-to-serial chip and appears to the host computer as a serial device. The keys themselves are simple momentary action switches, perhaps a deluxe version could use key switches from the likes of Cherry or similar. The clever part of this build comes on the host computer, which runs some Python code using the PyAutoGui library. This allows control of the keyboard and mouse, and provides an “in” for the script to link serial and input devices. Full configurability is assured through the Python code, and while that might preclude a non-technical user from gaining its full benefit it’s fair to say that ...