[ad_1]
A study by the Polish organization Fundacja Reporterów, to which Siena also contributed, shows that a group of programmers known as Ghostwriters and acting in the interests of the Kremlin may be behind the attacks.
“Thousands of accounts have already been hijacked. This is a bombing,” said a source from a Polish journalist in the secret services.
Fake news campaigns through hacked accounts are repeated in Poland every few weeks, but receive little attention. Polish politicians do not pose a threat, although in a short time the accounts of the speaker of the neighboring country’s parliament, members of the government and parliamentarians, including members of the intelligence committee, have been hacked.
Bait online
It usually starts with phishing. Generally speaking, perpetrators create social media posts or use other electronic services (such as emails) to contain links that are used to extract data from victims. In other words, looking for a login email. email or social media data.
In the event of a successful attack, the hackers gain access to the victim’s email inbox – letters, contacts, and everything else. If the e. Email is linked to social media accounts or the same password is used in different places – phishing opens the door everywhere, even on information stored on the victim’s phone. The intercepted Facebook and Twitter accounts are later used to spread liars.
The shocking posts by politicians on social media that have nothing to do with reality are just the tip of the iceberg. Phishinogo attacks can use fake websites, supposedly run by state institutions, correspondence from other hijacked accounts, and more.
According to Fundacja Reporterów, these attacks have already caused great damage in Poland. “The operation, which seeks to achieve a ‘commitment’ against parliamentarians, journalists and analysts, has been underway for several months. Phishing attacks attack email. email addresses are not random. Among the targets are the relatives of politicians, “said the source in the secret services.
Radioactive lie
“Lithuanian special services accuse Poland of training extremists”. “Sexual harassment in the Ministry of National Defense. The scandal reached President Duda, the head of Lithuanian diplomacy and the US generals. “” The National Atomic Energy Agency announces danger! Radiation threat in Poland “.
These are just some of the liars spread by unknown attackers in Poland in recent months via hijacked websites or social media accounts.
One of the most recent attacks occurred on March 17. As announced by the portal niebezpiecznik.pl, a fake website simulating the website of the State Atomic Energy Safety Inspectorate (VATESI) was used for this purpose. For this, the domain vatesl.lt was redeemed, differing only in one letter from the actual inspection page.
An alleged radiation incident in Lithuania was reported via vatesl.lt. Similar information was soon disseminated on actual pages of Polish services, including the official website of the Polish Ministry of Health.
Journalist Marek Budzisz’s hijacked Twitter account, as well as the accounts of a couple of Polish politicians, were soon used to spread the word about the liars.
Polish security and fact-finding portals soon realized what had happened. It is likely that not only the pages of neighboring institutions in the country have been hacked, but also the information systems of the company that provides hosting and page maintenance services. It was also noted that nuclear melagon spread during negotiations between Poland and France on the construction of a nuclear power plant.
According to the domain registration, access to the domain vatesl.lt is currently restricted, the status of the domain is “quarantine”, and this has nothing to do with the COVID-19 pandemic. Domain acquired on March 17th. in the morning, the same day the liars spread about the alleged radiation incident in Lithuania.
Who owns the domain, no information is provided. All that is known is that it is a natural person.
You can analyze the entire course of this information attack in the following infographic:
He painted G. Landsbergis in a sex scandal
Another attack on Lithuanian-Polish relations took place on February 25. An attempt was made to create an imaginary sex scandal by hacking into the website of the President of the Polish Parliament and the portal tysol.pl.
The first step in this plan was probably the hacking of a soldier serving in NATO forces on social media accounts. Then, using her private photos, an ad was created on a sex services site with the following content: “My talent has already touched many hearts, it will be remembered for a long time by many world leaders, VIPs and generals.” Among the photos is a moment from a military mission in Kuwait, where a photo was taken with Polish President Andzrey Duda.
The photo of this ad was made public through a hacked Twitter account of the Polish politician, Deputy Minister of Science Włodzimierz Bernacki, and another account of a politician, just a fake one.
Soon, similar content appeared on the website of the President of the Polish Parliament, with a false message that allegedly started an “investigation into the prostitution ring”. Soon after, a hacked Polish scandal spread an alleged sex scandal, claiming that elite prostitutes working in the Polish military also served the current Lithuanian Foreign Minister Gabrielis Landsbergis.
An attempt was also made to spread this mixture in Lithuania. The Ministry of Foreign Affairs and other services responded quickly to the attack and neutralized it.
The drawing reminds of a known group
Analyzing these and other recent attacks, the ghost of Ghostwriters is recognizable.
FireEye, one of the strongest US companies specializing in cybercrime detection, identified the group and its practices in a report published last year.
“The operations (ongoing since 2017) primarily target the Lithuanian, Latvian and Polish public, with anti-NATO narratives, often via website vulnerabilities or fake emails to spread fake content, including fake military correspondence,” wrote FireEye.
Many of the attacks analyzed by FireEye coincided with those examined in this story. The attacks used hackers to spread websites that were targeting not only relations between Lithuania and Poland or NATO, but also events in Belarus.
For example, a lie was spread, as if the foreign ministers of Lithuania and Poland had agreed behind closed doors to initiate the introduction of international peacekeepers in Belarus. Among the methods used was a fake email, allegedly from the Lithuanian Foreign Ministry, sent to the US publication The New Yorker, confirming that such a conversation between the ministers had taken place.
Both past and current attacks have many common denominators. Hacking specialized media channels, the pages of the institutions and the creation of fake websites based on the pages of the institutions. A new element is the use of hijacked accounts on social networks. This tool greatly increases the likelihood of successfully spreading fake news.
Not the first
Giedrius Sakalauskas, director of the Res Publica Civil Resistance Center, who is well aware of these attacks, said the attacks are becoming increasingly well thought out and an ever-expanding arsenal of measures is being used.
“It just came to our knowledge then. (…) Lithuanian-Polish relations are one of the main targets, – said G. Sakalauskas. – It intensifies and becomes more and more technologically sophisticated. It becomes a complex attack, not only in a page hijacking. It will be linked to the dissemination of information through other sources. “
When asked if he could see a trace of Ghostwriter in the attacks, the interviewee said that he could not point a finger at a specific group. However, he added that there is no question who is in favor of the perpetrators of these attacks.
“They cover themselves intelligently, and it is very difficult to name or blame something openly. But we have a very clear idea where it comes from, ”said G. Sakalauskas.
According to him, the most important thing is that the Lithuanian and Polish services react in time and manage to neutralize the attacks before they cause serious damage.
Ministry: the damage was “very limited”
We contacted the Lithuanian Ministry of Foreign Affairs and the Cyber Security Center. Both authorities said they had no information to confirm that the Ghostwriters were behind the attacks.
The Foreign Ministry sees a clear direction in the attacks. “The objectives of these attacks were detrimental to the Lithuanian-Polish relations, the friendly relations between the two nations and the strategic interests of Lithuania and Poland (military presence of allies in the region, interest in seeing a stable, peaceful and democratic Belarus in The neighborhood) Thanks to the quick reaction and cooperation with Polish colleagues, the damage from these attacks was very limited, ”the Foreign Ministry states in a written comment.
According to the ministry, the attacks were aimed not only at damaging interstate relations, but also at testing how to respond to such attacks by looking for vulnerabilities.
“Although these attacks do not cause serious damage at present, they should be taken very seriously, as all similar attacks (information, cyber, hybrid) are aimed at damaging Lithuania’s national and international interests,” notes the Ministry of Relations. Exteriors.
This is an abridged version of an international journalistic study. Read the full study by Anna Gielewska and Konrad Szczygieł here.
[ad_2]
