Tag Archive for: Activists

Iran: State-Backed Hacking of Activists, Journalists, Politicians

/in


(Beirut) – Hackers backed by the Iranian government have targeted two Human Rights Watch staff members and at least 18 other high-profile activists, journalists, researchers, academics, diplomats, and politicians working on Middle East issues in an ongoing social engineering and credential phishing campaign, Human Rights Watch said today.

An investigation by Human Rights Watch attributed the phishing attack to an entity affiliated with the Iranian government known as APT42 and sometimes referred to as Charming Kitten. The technical analysis conducted jointly by Human Rights Watch and Amnesty International’s Security Lab identified 18 additional victims who have been targeted as part of the same campaign. The email and other sensitive data of at least three of them had been compromised: a correspondent for a major US newspaper, a women’s rights defender based in the Gulf region, and Nicholas Noe, an advocacy consultant for Refugees International based in Lebanon.

“Iran’s state-backed hackers are aggressively using sophisticated social engineering and credential harvesting tactics to access sensitive information and contacts held by Middle East-focused researchers and civil society groups,” said Abir Ghattas, information security director at Human Rights Watch. “This significantly increases the risks that journalists and human rights defenders face in Iran and elsewhere in the region.”

For the three people whose accounts were known to be compromised, the attackers gained access to their emails, cloud storage drives, calendars, and contacts and also performed a Google Takeout, using a service that exports data from the core and additional services of a Google account.

Various security companies have reported on phishing campaigns by APT42 targeting Middle East-focused researchers, civil society groups, and dissidents. Most of them identify APT42 based on targeting patterns and technical evidence. Organizations such as Google and the cybersecurity companies Recorded Future, Proofpoint, and Mandiant have linked APT 42 to Iranian authorities. Identifying and naming a threat actor helps researchers to identify, track, and link hostile cyber…

Source…

Police Linked to Hacking Campaign to Frame Indian Activists

/in


police forces around the world have increasingly used hacking tools to identify and track protesters, expose political dissidents’ secrets, and turn activists’ computers and phones into inescapable eavesdropping bugs. Now, new clues in a case in India connect law enforcement to a hacking campaign that used those tools to go an appalling step further: planting false incriminating files on targets’ computers that the same police then used as grounds to arrest and jail them. 

More than a year ago, forensic analysts revealed that unidentified hackers fabricated evidence on the computers of at least two activists arrested in Pune, India, in 2018, both of whom have languished in jail and, along with 13 others, face terrorism charges. Researchers at security firm SentinelOne and nonprofits Citizen Lab and Amnesty International have since linked that evidence fabrication to a broader hacking operation that targeted hundreds of individuals over nearly a decade, using phishing emails to infect targeted computers with spyware, as well as smartphone hacking tools sold by the Israeli hacking contractor NSO Group. But only now have SentinelOne’s researchers revealed ties between the hackers and a government entity: none other than the very same Indian police agency in the city of Pune that arrested multiple activists based on the fabricated evidence.

“There’s a provable connection between the individuals who arrested these folks and the individuals who planted the evidence,” says Juan Andres Guerrero-Saade, a security researcher at SentinelOne who, along with fellow researcher Tom Hegel, will present findings at the Black Hat security conference in August. “This is beyond ethically compromised. It is beyond callous. So we’re trying to put as much data forward as we can in the hopes of helping these victims.”

SentinelOne’s new findings that link the Pune City Police to the long-running hacking campaign, which the company has called Modified…

Source…

GOP lawmakers, activists go local with push for hand-counted ballots | 406 Politics

/in


HAMILTON — A self-described cyber security expert implicated in an alleged breach of a Colorado election system is touring Montana counties this week, the latest push by some Republican lawmakers to return the state to the days of hand-counting all its ballots.

The local drive is part of a national effort spawned by unfounded voter fraud theories, but experts warn that eliminating ballot-processing machines could return elections to the days of widespread disenfranchisement and fraud that prompted the switch to machine-counting more than a century ago.

Despite no documented instances of the machines being manipulated or hacked during any election, they’ve become top targets of right-wing activists who believe the 2020 election was stolen from former President Donald Trump. Lawmakers in at least six other states have introduced legislation to prohibit the use of machines during elections, and at least one such bill draft has been requested for Montana’s 2023 legislative session.

People are also reading…

Seated in a gray polo shirt and a white Maserati baseball cap, Mark Cook on Monday spent well over two hours telling the Ravalli County Commissioners that their election system is in jeopardy.

Cook said his expertise entails helping software companies uncover vulnerabilities in their systems. Following the contention over the results of the 2020 election, he said he began looking at the infrastructure of election systems across the country, and was “absolutely shocked” when he quickly discovered major security flaws.

“I started seeing the vendor was keeping this a secret, they wouldn’t release the source code they wouldn’t let anyone see this stuff,” Cook said, referring to the proprietary source code used by the companies that develop tabulators. “Then they were starting to prosecute people that were looking at it and investigating it. And I thought, oh my gosh, this is the biggest…

Source…

Amazon Cuts Off Services To Spyware Company Over Alleged Hacking, Surveilling Of Journalists And Activists

/in


Amazon Web Services (AWS) banned Israeli technology firm NSO Group from its services Monday following allegations the firm was involved in surveillance of activists and journalists.

The tech giant cut off NSO from its cloud infrastructure services after an investigation by Amnesty International and other media organizations revealed NSO’s spyware product Pegasus may have been installed on the mobile devices of several journalists and activists, VICE reported. A forensic analysis performed by Amnesty and reviewed by Citizen Lab found that AWS’ service CloudFront was used to deploy Pegasus spyware into mobile devices.

“When we learned of this activity, we acted quickly to shut down the relevant infrastructure and accounts,” an AWS spokesperson told the Daily Caller News Foundation in a statement.

The investigation alleged NSO’s spyware was deployed against journalists and activists by regimes often characterized as repressive, such as Hungary and Azerbaijan. Those targeted reportedly included women close to Jamal Khashoggi, a Saudi journalist murdered in October 2018, according to an Amnesty statement.

NSO denied the allegations in a statement to several media organizations, claiming it thoroughly reviews the human rights records of its clients, and telling The Washington Post it had already canceled contracts with two customers over human rights abuses.

CloudFront is a “content delivery network” that allows users to securely transfer data, in this case spyware, to other users, according to its website. The product “offers the most advanced security capabilities,” protecting shared content and offering high transfer speeds.

“The use of cloud services protects NSO Group from some Internet scanning techniques,” Amnesty said in the analysis.

VICE had previously reported on NSO using Amazon servers to deploy spyware in May 2020, when the firm allegedly impersonated a Facebook security team to upload its hacking software…

Source…