[ad_1]
WASHINGTON: Government analysts and private sector investigators were quick to blame Iranian hackers with a wave of thousands of threatening emails targeting American voters due to errors made in a video attached to some of the messages, according to four people. familiar with the matter.
Those flaws provided a unique opportunity for the US government to identify and publicly announce the blame for a malicious cyber operation within days, something that typically requires months of technical analysis and back-up intelligence.
“Either they made a silly mistake or they wanted to get caught,” said a senior US government official, who asked not to be named. “We are not concerned that this activity is some kind of false flag because of other supporting evidence. This was Iran.”
Attribution to Iranian hackers does not necessarily mean that a group is working at the behest of the government there. Iranian officials denied the US accusations.
“These accusations are just another scenario to undermine voters’ confidence in the security of the US elections and they are absurd,” said Alireza Miryousefi, spokesperson for Iran’s mission to the United Nations in New York.
On Wednesday (October 21), US Director of National Intelligence John Ratcliffe said that Russia and Iran have tried to interfere in the campaign for the November 3 elections. US intelligence agencies are still analyzing exactly who in Iran commanded the operation and their intent, three of the sources said.
Within hours of the video circulating this week, which allegedly came from an American far-right group known as The Proud Boys, intelligence officials and major email platform providers such as Google and Alphabet Inc’s Microsoft began. to closely analyze the computer code that appeared. in the hackers video.
While the emails, which required voters to change their partisan affiliation to the Republican Party and vote for President Donald Trump or “we will chase you,” appeared to come from an official-looking Proud Boys email address, the address was not authentic, security analysts said. The Proud Boys denied being behind the messages.
It has not been previously reported how security analysts used the intelligence from the video to attribute the email scheme.
A Microsoft spokesperson declined to comment on the company’s collaboration with law enforcement. A statement from Google late Wednesday said the activity was “linked to Iran.” A Google spokesman said Thursday that the company was in contact with the FBI.
Attempts to blur
Despite attempts to blur aspects of the video to hide his identity, the hackers were unable to hide all the incriminating information, the sources said.
The video showed the hackers’ computer screen as they typed commands and pretended to hack into a voter registration system. The researchers noted snippets of telltale computer code, including file paths, file names, and an internet protocol (IP) address.
Security analysts found that the IP address, hosted through an online service called Worldstream, dates back to previous Iranian hacking activity, the sources said.
The analysts then collated those clues left in the video with data from other intelligence streams, including communications interceptions, the government official said.
“This public disclosure of the government’s attribution to Iran has been done at breakneck speed, compared to the usual process that takes months and often years,” said Dmitri Alperovitch, co-founder and former chief technology officer of the cybersecurity company CrowdStrike.
Two cybersecurity experts, who spoke on condition of anonymity because they were not authorized to speak to the press, independently said that they had seen Iranian hackers use the infrastructure of the Netherlands-based Worldstream to launch cyber attacks in recent months. .
Worldstream’s chief legal operations officer, Wouter van Zwieten, said in a statement that the account associated with the intellectual property in question was suspended after contacted by Reuters and the Dutch National Cyber Security Center was investigating the matter.
“They have just informed us that the particular IP address is now officially registered by them and is ready to be investigated under Dutch law,” van Zwieten said. The National Cyber Security Center confirmed that Worldstream had contacted and logged the case, but declined to comment further.
Van Zwieten said that the server used by the hackers was only put into service on October 6 and had not received any complaints so far. The company said it did not have access to the content on its servers.
In addition to sending thousands of emails to voters in states like Florida, the hackers also attempted to share links to the video through fake accounts on Facebook and Twitter.
Social media analytics firm Graphika said two Twitter accounts began posting links to the video on Tuesday night and attempted to get the attention of some media and political organizations.
One account described itself as “Trump’s Soldier” and shared a link to the video with the comment “Looks like the voting system was hacked.”
A Twitter spokeswoman said: “We moved quickly to proactively and permanently suspend a small number of accounts and limit the sharing of specific media for this coordinated campaign.”
Facebook said: “We disrupted an attempt by a single fake account to generate information related to what appears to be an influencer operation primarily focused on spreading false claims via email.”
