Russia Ramps Up Censorship Beef With Twitter Using Deep Packet Inspection Tech

from the not-helping dept

Over the last decade Russia has accelerated the government's quest to censor the internet. That was most conspicuous with the passage of a 2016 surveillance bill that not only mandated encryption backdoors, but effectively banned VPN providers from operating in the country unless they were willing to spy and censor at Putin's behest. Many VPN providers weren't keen on that, so they simply stopped doing business in the country.

More recently, Russia has been engaged in a bit of a hissy fit over Twitter's unwillingness to censor things the Russian government doesn't like. And while Twitter has been trying to filter more illegal behavior and pornography at the government's behest, the company hasn't been censoring broader content at the rate Putin and pals prefer. So as punishment, Russia has taken to throttling user access to Twitter to a rather 1997-esque 128 kbps, or about the speed of an old IDSN line. Granted the ham-fisted gamesmanship Russia has been engaged in has already resulted in some notable collateral damage:

New data suggests (you can find the technical specifics here) that Russia is engaging in the throttling via the use of "middleboxes" that Russian ISPs have installed as close to the customer as possible. Russian authorities then feed data on which domain should be throttled and punished to the devices, which utilize deep packet inspection to identify targeted traffic. Ars Technica notes that the deep packet inspection technology (which US ISPs also use, though most frequently for targeted advertising) opens the door to a much more sophisticated tracking and censoring regime less prone to collateral damage:

"The middleboxes inspect both requests sent by Russian end users as well as responses that Twitter returns. That means that the new technique may have capabilities not found in older Internet censorship regimens, such as filtering of connections using VPNs, Tor, and censorship-circumvention apps. Ars previously wrote about the servers here.

The middleboxes use deep packet inspection to extract information, including the SNI. Short for “server name identification,” the SNI is the domain name of the HTTPS website that is sent in plaintext during a normal Internet transaction. Russian censors use the plaintext for more granular blocking and throttling of websites. Blocking by IP address, by contrast, can have unintended consequences because it often blocks content the censor wants to keep in place.

New reports suggest there are around seven countermeasures Russian companies and citizens can use to thwart these efforts, including ECH, or Encrypted ClientHello, an update for the Transport Layer Security protocol that prevents domain blocking and throttling. That forces government censors to rely on the more collateral damage-prone IP-level blocklists, which (might) act as a deterrent for censorship obsessed governments that don't want a whole lot of attention focused on the fact they're massive cowards afraid of the free exchange of information that might challenge their hegemony.

Filed Under: censorship, deep packet inspection, russia, throttling
Companies: twitter

The Internet Has Enabled Independent Journalism To Flourish In Russia (For Now, At Least)

from the the-good-and-the-bad dept

Ben Smith has a fascinating piece in the New York Times about how independent investigative journalism is flourishing in Russia, despite an oppressive (and literally murderous) autocrat in power. There are a bunch of interesting points in the article about the various techniques they use -- some of which raise interesting ethical dilemmas -- but what caught my eye is just how vital it turns out the internet is to these organizations to be able to do what they do. Indeed, Smith points out that this is the flip side to the current moral panic in the US and elsewhere about "alternative media" and social media being the death of journalism:

There’s a tendency in parts of the American media right now to reflexively decry the rise of alternative voices and open platforms on social media, seeing them solely as vectors for misinformation or tools of Donald J. Trump. Russia is a potent reminder of the other side of that story, the power of these new platforms to challenge one of the world’s most corrupt governments....

The new Russian investigative media is also resolutely of the internet. And much of it began with Mr. Navalny, a lawyer and blogger who created a style of YouTube investigation that draws more from the lightweight, meme-y formats of that platform than from heavily produced documentaries or newsmagazine investigations.

The other interesting tidbit is that these independent investigative reporting outfits are not just figuring out how to break astounding stories, but also how to build up support and a business model -- again, using the internet.

Mr. Badanin, who modeled Proekt on the American nonprofit news organization ProPublica, said he had begun to see another sign of intense interest: financial support from his audience. About a third of the budget that supports a staff of 12, he said, now comes from donations averaging $8, mirroring the global trend toward news organizations relying on their readers. In Russia, some of this is still nascent. For instance, a colleague in Russia, Anton Troianovski, tells me that there’s a cafe near the Kurskaya Metro station where you can add to your bill a donation to MediaZona, which was founded by two members of the protest group Pussy Riot to hold the Russian justice system to account. But the protests against Mr. Navalny’s imprisonment also seem to be driving support for independent media, a phenomenon that The Bell, another of the new independent websites, christened “the Navalny Effect.”

Of course, the article does end on something of a dark note -- with many of the journalists Smith spoke to saying they fully expect a Putin crackdown on their efforts before long. And, of course, that's nothing new in Putin's Russia. But, it's still fascinating, for at least this moment in time, to see these operations springing up, breaking very big stories, and actually being able to thrive thanks to the internet. Perhaps if news organizations elsewhere focused more on building a supportive audience instead of whining to the government about how evil Facebook and Google are, they'd find support as well.

Filed Under: free speech, independent journalism, internet, russia

Parler Attempting to Come Back Online, Still Insisting The Site's Motivation Is 'Privacy' Despite Leaking Details On All Its Users

from the about-that dept

Last week, I explained my thoughts on why the Parler takedown from AWS didn't bother me that much -- considering that there were many other cloud and webhosting solutions out there. Yet Parler has quickly discovered that many other providers aren't interested in hosting the company's cesspool of garbage content either. As I pointed out, at some point, some element of that has to be on Parler for attracting such an audience of garbage-spewers. Either way, we figured the site would eventually be back up, and now it appears that it's on its way. The site put up a holding page with a few "Parlezs" (their version of tweets) from its execs and lead cheerleaders.

The site appears to be using Epik for hosting and DDoSGuard for DDoS protection. Neither of these are that surprising. Epik has built up something of a specialty in hosting the garbage, hate-filled websites no one else wants to touch. It has hosted Gab, 8chan/8kun, and The Daily Stormer among others. DDoSGuard is a somewhat sketchy Russian company that provides services to an equally sketchy group of sites -- and some terrorist groups. Brian Krebs has recently discussed how DDoSGuard may create some significant liability issues:

A review of the several thousand websites hosted by DDoS-Guard is revelatory, as it includes a vast number of phishing sites and domains tied to cybercrime services or forums online.

Replying to requests for comment from a CBSNews reporter following up on my Oct. 2020 story, DDoS-Guard issued a statement saying, “We observe network neutrality and are convinced that any activity not prohibited by law in our country has the right to exist.”

But experts say DDoS-Guard’s business arrangement with a Denver-based publicly traded data center firm could create legal headaches for the latter thanks to the Russian company’s support of Hamas.

Ooof. There's a lot more in Krebs' writeup.

But what struck me as most ridiculous about Parler's holding page (beyond trying to hide behind MLK Jr.'s "Letter from a Birmingham Jail" as if Parler's raging nut job userbase is somehow oppressed) is that the company is still claiming that beyond being a place for (a misunderstood concept of) "free speech," that the impetus behind the site was about "protecting privacy."

That reads:

Now seems like the right time to remind you all — both lovers and haters — why we started this platform. We believe privacy is paramount and free speech essential, especially on social media. Our aim has always been to provide a nonpartisan public square where individuals can enjoy and exercise their rights to both.

We will resolve any challenge before us and plan to welcome all of you back soon. We will not let civil discourse perish!

The "privacy is paramount" line is one that Parler really only started spewing more recently. Rebekah Mercer used a similar line when she outed herself as a co-founder of the platform and it never made any sense at all. After all, Mercer was also behind Cambridge Analytica, a company involved in what is now considered one of the biggest privacy breaches in the history of social media. The whole "privacy" claim seemed like little more than a convenient talking point to pretend that their approach was somewhat different than Facebook's or Google's.

But in the case of Parler, it's even more ridiculous. After all, this was a company that required users who wanted to get its version of "verified" to hand over their social security numbers. And, of course, before Parler shut down, a hacker was able to grab nearly the entire corpus of Parler posts, including pictures and videos that did not have location metadata stripped out. This allowed multiple reporters to find and highlight Parler users as they stormed the Capitol, exposing exactly who was raiding the Capitol and what evidence they revealed about their own activities. Indeed, it's becoming clear that law enforcement is using this data to go around arresting tons of people.

Doesn't seem that privacy protecting, after all, now does it?

Of course, much of this seems to be due to just plain old incompetence, rather than malice. Last week there was also a fascinating thread on Parler's clueless CTO, who didn't seem to understand some fairly basic things about running a large internet-scale service. That thread, by software engineer Sarah Mei is worth reading, if only to reach the conclusion, that Parler "might have done better with four ferrets in a trench coat."

So, yes, the site may be coming back, but to say that it takes privacy seriously, while asking for social security numbers, hosted on a dodgy host, with a DDoS provider best known for its Russian home-base and its willingness to provide services to terrorists and online criminals... I would suggest that anyone who thinks of Parler as supportive of privacy, do so at their own risk.

Filed Under: competition, ddos, free speech, hosting, privacy, russia
Companies: ddosguard, epik, parler

The SolarWinds Hack Is Just The Same Sort Of Espionage The US Government Engages In Every Day

from the ugly-and-inconvenient-truth dept

A historic hack of unprecedented scale has set off alarms in the US government -- itself a target of suspected Russian hackers who leveraged IT infrastructure company SolarWinds' massive customer base to compromise an unknown number of victims. Among those victims were several US government agencies, including the DHS's cybersecurity wing, which announced its own breach hours after issuing a dire warning to potentially affected government agencies.

Is it time to panic? No, says the lame duck president, who claims this is already "under control" -- something that very definitely isn't true. SolarWinds says it has 18,000 customers using the affected Orion software. And many of those customers (which include Fortune 500 companies and major telcos/service providers) have thousands of customers of their own -- all of which may be operating compromised systems. The DHS said the only way to ensure systems are clear of this threat was to airgap them and uninstall the infected software.

Others who have been briefed on the hack are far less cheery about its ongoing impact. Trump tweeted there was nothing to worry about. Republican allies seem more concerned than the man who won't have to worry about this for much longer.

Shortly after Mr. Trump’s tweet, Sen. Marco Rubio (R., Fla), acting chairman of the Senate Intelligence Committee, said it was “increasingly clear that Russian intelligence conducted the gravest cyber intrusion in our history.”

Mr. Rubio added on Twitter that efforts to determine the extent and damage of the hack were ongoing and that remediation would take significant time and resources. “Our response must be proportional but significant,” he said.

The 2050s will be like 1950s, apparently: with America in the midst of another Cold War.

But is it true this is the "gravest cyber intrusion in our history?" Or is it just the "gravest" intrusion that's targeted us? After all, the Russians don't have a monopoly on government-ordained hacking. Our intelligence and security agencies deploy their own persistent threats -- something we've done for years with minimal blowback. These calls for a cyber war by pundits and government officials aren't anything to be applauded. I don't think America really wants to get involved in another forever war -- one whose wins and losses can't be tallied with temporary "liberations" and body bag back orders.

Let's be cautious, says Jack Goldsmith. Better yet, let's be aware of the hypocrisy of the stance some government officials are demanding we take.

The lack of self-awareness in these and similar reactions to the Russia breach is astounding. The U.S. government has no principled basis to complain about the Russia hack, much less retaliate for it with military means, since the U.S. government hacks foreign government networks on a huge scale every day.

Turning a cyber war into a shooting war isn't just an overreaction. It's illegal under international law. That doesn't mean nothing should be done about it. It just means the US government can't pretend it doesn't engage in the same activities some now want to go to war over. What's happened here might be unprecedented in scale, but it's the same thing every government with enough resources has done for years. It's not a war waiting to happen. It's business as usual.

Peacetime government-to-government espionage is as old as the international system and is today widely practiced, especially via electronic surveillance. It can cause enormous damage to national security, as the Russian hack surely does. But it does not violate international law or norms.

In recent years, the US government has deployed more offensive weapons in hopes of deterring cyber attacks. It really hasn't worked. Meeting escalation with more escalation is unlikely to change the standard operating procedures of espionage, especially since the US government hasn't rolled back its offensive efforts in the wake of massive breaches.

But there may be a way forward -- one almost impossible to achieve but promising enough it shouldn't be dismissed out of hand.

[The US government] has not seriously considered the traditional third option when defense and deterrence fail in the face of a foreign threat: mutual restraint, whereby the United States agrees to curb certain activities in foreign networks in exchange for forbearance by our adversaries in our networks. There are many serious hurdles to making such cooperation work, including precise agreement on each side’s restraint, and verification. But given our deep digital dependency and the persistent failure of defense and deterrence to protect our digital systems, cooperation is at least worth exploring.

There's no moral high ground to claim here. And refusing to consider bringing some of our cyber boys back home leaves us with nothing but continuous escalation. This hack is raising uncomfortable questions about our own practices. Let's see if anyone in the White House is willing to honestly confront the consequences of our own actions and find another route towards safety and national security.

Filed Under: cyber war, cybersecurity, dhs, hacks, hypocrisy, nsa, russia, surveillance, us
Companies: solarwinds

Secret Agents Implicated In The Poisoning Of Opposition Leader Alexey Navalny Identified Thanks To Russia's Black Market In Everybody's Personal Data

from the poor-data-protection-is-bad-for-Vlad dept

Back in August, the Russian opposition leader Alexei Navalny was poisoned on a flight to Moscow. Despite initial doubts -- and the usual denials by the Russian government that Vladimir Putin was involved -- everyone assumed it had been carried out by the country's FSB, successor to the KGB. Remarkable work by the open source intelligence site Bellingcat, which Techdirt first wrote about in 2014, has now established beyond reasonable doubt that FSB agents were involved:

A joint investigation between Bellingcat and The Insider, in cooperation with Der Spiegel and CNN, has discovered voluminous telecom and travel data that implicates Russia's Federal Security Service (FSB) in the poisoning of the prominent Russian opposition politician Alexey Navalny. Moreover, the August 2020 poisoning in the Siberian city of Tomsk appears to have happened after years of surveillance, which began in 2017 shortly after Navalny first announced his intention to run for president of Russia.

That's hardly a surprise. Perhaps more interesting for Techdirt readers is the story of how Bellingcat pieced together the evidence implicating Russian agents. The starting point was finding passengers who booked similar flights to those that Navalny took as he moved around Russia, usually earlier ones to ensure they arrived in time but without making their shadowing too obvious. Once Bellingcat had found some names that kept cropping up too often to be a coincidence, the researchers were able to draw on a unique feature of the Russian online world:

Due to porous data protection measures in Russia, it only takes some creative Googling (or Yandexing) and a few hundred euros worth of cryptocurrency to be fed through an automated payment platform, not much different than Amazon or Lexis Nexis, to acquire telephone records with geolocation data, passenger manifests, and residential data. For the records contained within multi-gigabyte database files that are not already floating around the internet via torrent networks, there is a thriving black market to buy and sell data. The humans who manually fetch this data are often low-level employees at banks, telephone companies, and police departments. Often, these data merchants providing data to resellers or direct to customers are caught and face criminal charges. For other batches of records, there are automated services either within websites or through bots on the Telegram messaging service that entirely circumvent the necessity of a human conduit to provide sensitive personal data.

The process of using these leaked resources to establish the other agents involved in the surveillance and poisoning of Navalny, and their real identities, since they naturally used false names when booking planes and cars, is discussed in fascinating detail on the Bellingcat site. But the larger point here is that strong privacy protections are good not just for citizens, but for governments too. As the Bellingcat researchers put it:

While there are obvious and terrifying privacy implications from this data market, it is clear how this environment of petty corruption and loose government enforcement can be turned against Russia's security service officers.

As well as providing Navalny with confirmation that the Russian government at the highest levels was probably behind his near-fatal poisoning, this latest Bellingcat analysis also achieves something else that is hugely important. It has given privacy advocates a really powerful argument for why governments -- even the most retrogressive and oppressive -- should be passing laws to protect the personal data of every citizen effectively. Because if they don't, clever people like Bellingcat will be able to draw on the black market resources that inevitably spring up, to reveal lots of things those in power really don't want exposed.

Follow me @glynmoody on Twitter, Diaspora, or Mastodon.

Filed Under: alexey navalny, black market, identification, poison, russia

DHS Cyber Warriors Issue Warning About Massive Hacking Campaign, Disclose They've Been Hacked A Day Later

from the holy-shit-this-is-bad dept

Welp. Everything is compromised. Again.

Reuters was the first to report suspected Russian hackers had gained access to hundreds of SolarWinds customers, including US government agencies.

Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury and Commerce departments, according to people familiar with the matter, adding they feared the hacks uncovered so far may be the tip of the iceberg.

[...]

The cyber spies are believed to have gotten in by surreptitiously tampering with updates released by IT company SolarWinds, which serves government customers across the executive branch, the military, and the intelligence services, according to two people familiar with the matter. The trick - often referred to as a “supply chain attack” - works by hiding malicious code in the body of legitimate software updates provided to targets by third parties.

A full report by FireEye (which was also a victim of this hacking) details the process used to gain illicit access, which involved leveraging bogus signed components crafted by the hackers and distributed by an unaware SolarWinds. The widespread hacking campaign may have begun as early as March of this year. That it was only discovered now means the fallout from this will continue for months to come.

Here's how the backdoor works, according to FireEye:

SolarWinds.Orion.Core.BusinessLayer.dll is a SolarWinds digitally-signed component of the Orion software framework that contains a backdoor that communicates via HTTP to third party servers. We are tracking the trojanized version of this SolarWinds Orion plug-in as SUNBURST.

After an initial dormant period of up to two weeks, it retrieves and executes commands, called “Jobs”, that include the ability to transfer files, execute files, profile the system, reboot the machine, and disable system services. The malware masquerades its network traffic as the Orion Improvement Program (OIP) protocol and stores reconnaissance results within legitimate plugin configuration files allowing it to blend in with legitimate SolarWinds activity. The backdoor uses multiple obfuscated blocklists to identify forensic and anti-virus tools running as processes, services, and drivers.

SolarWinds boasts over 300,000 customers, including 425 Fortune 500 companies, all ten of the top ten telcos, the Pentagon, State Department, NSA, DOJ, and the White House. Its long list of customers (which now returns a 404 error) all but ensures every passing hour will add another victim to the list.

According to SolarWinds' post-attack-discovery SEC filing, it believes only a small percentage of its customers are affected. But even a fraction of its users is still a gobsmacking number of potential victims.

On December 13, 2020, SolarWinds delivered a communication to approximately 33,000 Orion product customers that were active maintenance customers during and after the Relevant Period. SolarWinds currently believes the actual number of customers that may have had an installation of the Orion products that contained this vulnerability to be fewer than 18,000.

The attack is serious and widespread enough that the DHS's cybersecurity arm has issued a warning -- one that says the only proven way to mitigate damage at this point is to disconnect affected hardware from the internet and pull the plug on Orion software. The CISA (Cybersecurity and Infrastructure Security Agency) Emergency Directive says this is a persistent threat -- one not easily patched away.

CISA has determined that this exploitation of SolarWinds products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action. This determination is based on:

• Current exploitation of affected products and their widespread use to monitor traffic on major federal network systems;

• High potential for a compromise of agency information systems;

• Grave impact of a successful compromise.

CISA understands that the vendor is working to provide updated software patches. However, agencies must wait until CISA provides further guidance before using any forthcoming patches to reinstall the SolarWinds Orion software in their enterprise.

The directive goes on to mandate reporting on infected systems and for affected agencies to assume the system remains compromised until CISA gives the all-clear. Unfortunately, this grave warning comes from an agency that is also compromised. CISA issued the directive on December 13. Here's what was reported in the early hours of December 14:

US officials suspect that Russian-linked hackers were behind the recent data breach of multiple federal agencies, including the Departments of Homeland Security, Agriculture and Commerce, but are continuing to investigate the incident, multiple sources told CNN Monday.

CNN learned Monday that DHS' cyber arm, which is tasked with helping safeguard the nation from attacks by malicious foreign actors, is among at least three US government agencies compromised in the hack.

In addition to CISA, government officials also suspect breaches at the US Postal Service and the Department of Agriculture. And the Defense Department is in the process of assessing its own exposure, if any. If any of its components have been breached, it has yet to be publicly reported.

The Russian government is denying involvement, but the evidence seems to point to "Cozy Bear," the offensive hacking wing of Russia's intelligence services. Unfortunately, SolarWinds' dominance in the network management field made it that much easier for the attack to scale. And with CISA compromised, the government's attempts to mitigate damage will be slowed as its own cybersecurity wing attempts to rid itself of a persistent threat.

Filed Under: cisa, commerce department, hacking, russia, treasury, vulnerability
Companies: fireeye, solarwinds

FLVTO.biz Petitions SCOTUS To Hear Jurisdiction Argument In Stream-Ripping Lawsuit

from the we-are-not-the-world dept

While the music industry's war on stream-ripping sites -- sites that have perfectly legitimate and legal uses -- continues, it's true that this is a war in which one side has almost universally surrendered. Facing legal opposition with well-funded industry groups, most stream-ripping sites simply close up shop when staring down litigation. But Russia-based FLVTO.biz has been an exception. We first wrote about the site's decision to defend itself back in early 2019. At that point, the owner of the site, Tofig Kurbanov, had successfully argued in a Florida court that the United States legal system had no jurisdiction over his site, given that it operates in Russia and makes no effort to entice American patronage.

It was a sensible ruling. After all, why should anyone want websites in one nation to be subject to the laws of every other nation's laws just because the internet is designed to be international? And, yet, the RIAA labels appealed the ruling and got it reversed. The case was sent back to the lower courts where it was supposed to once again proceed, except that Kurbanov's team has asked the Supreme Court to consider its jurisdiction arguments once more.

Those plans were then confirmed last month back at the Virginia court where the lawsuit began, which is considering the case anew following the Fourth Circuit ruling. Kurbanov’s lawyers have asked the district court to pause the ongoing proceedings there pending their application to the Supreme Court.

That application was submitted earlier this week. It argues that the top court should consider the case, because some Supreme Court style consideration is required on the issue of whether or not “the ‘due process clause’ of the United States Constitution is violated when a foreign citizen is subjected to personal jurisdiction based entirely on: (1) his operation of a website that is popular both within the United States and worldwide, but which is not specifically aimed at the United States; and (2) minor internet-based and internet-initiated transactions entered into by the foreign citizen entirely from outside the United States”.

This is indeed just the sort of important due process argument in the age of the internet that a sober SCOTUS should be weighing in on. And, while we could get lost in the legality of it all, common sense really should rule the day here. Does American law have jurisdiction over foreign entities not making any real effort to do commerce on American soil or does it not? And, if so, what precedent does that set for every other nation out there in terms of how American-based businesses conduct business over the internet?

Shall legal pornography websites in America be subject to the more prudish laws of other nations? Should news organizations in America face litigation from countries with far fewer press and free speech protections? Hell, should American entities legitimately selling RIAA label music themselves face threats from countries with obscenity laws and the like?

Evan Fray-Witzer said: “If you operate a website that is popular, then you’re subject to jurisdiction anywhere – and everywhere – that people access the website. And that’s not a precedent that anyone should want to stand, because if Kurbanov can be dragged into court here from Russia, then any US citizen who creates a popular website can expect to be dragged into court anywhere in the world”.

The lawyer also told Torrentfreak that the major labels should support his client’s bid to get the Supreme Court to provide clarity on this issue.

“If the record companies are so certain that the Fourth Circuit got this question right, then they should be anxious for the Supreme Court to take up the case”, he added. “We invite them to join our petition and ask the Supreme Court to weigh in on these crucial jurisdictional questions. But I’m not holding my breath that they’ll do so”.

It can be hard for the labels to see past the ends of their own noses, but they should realize that they could truly be biting themselves in their own asses if SCOTUS refuses to hear this case and this precedent gets set. The internet is international, but American laws are not.

Filed Under: copyright, jurisdiction, russia, streaming, supreme court, us
Companies: flvto, flvto.biz

Fake 'Russian Hack' Of Public Michigan Voter Rolls Gets Absurdly Overhyped On The Interwebs

from the good-old-fashioned-freak-out dept

On Tuesday morning a story began making the rounds indicating that Russian hackers had somehow managed to hack into Michigan's election systems, gaining access to a treasure trove of voter data. Russian newspaper Kommersant was quick to proclaim that nearly every voter in Michigan -- and a number of voters in additional states -- had had their personal information compromised. The report was quickly parroted by other outlets including the Riga-based online newspaper Meduza, which insisted that the breach was simply massive:

"Russian hackers have leaked the personal data of nearly every voter in Michigan (7.6 million of the state’s 7.8 million voters), as well as the information of another million voters in Arkansas, Connecticut, North Carolina, and Florida, according to the newspaper Kommersant. The data recently appeared on a Darknet forum, posted by a user nicknamed “Gorka9.” The information was current as of March 2020 and a source at the security firm “InfoWatch” confirmed to Kommersant that the data is authentic.

For each American voter targeted in the leak, the following information is now available: full name, date of birth, sex, date of registration, home address, zip code, email address, voter ID number, and polling station number."

The reports also insisted that hackers were then exploiting the U.S. Rewards for Justice Program to get paid for bringing the hack to the attention of the U.S. government. From there, the story quickly ballooned across Twitter, thanks in part to journalists:

The problem? This data was already either widely available, or available via a basic Freedom of Information Act (FOIA) request. Much like the recent hysteria over TikTok (in which many people act as if banning the app prohibits China from accessing U.S. user data that's available pretty much everywhere thanks to our crap privacy and security standards), people that actually study or report on infosec for a living were then forced to try and do damage control by adding useful context. That context being that the ease in which anybody could obtain this data means it doesn't actually hold much value:

The disconnect between those that cover infosec for a living, and those who engage in security or privacy tourism on Twitter was a bit jarring:

The one truly interesting bit, that the U.S. tip line was being exploited to pay hackers for directing them to publicly accessible data, is far more interesting and will require additional reporting. Meanwhile, the Michigan Department of State was forced to issue a statement noting it was never hacked, and urging internet users to exercise a little better judgement in terms of what they choose to hyperventilate over:

All told, just another day on the internet. Granted, our non-transparent and dodgy election security systems in many states still pose a genuine threat to U.S. security. A threat that's not being fully addressed due to the fact we seem to have idiotically made basic election security a partisan issue. But freaking out over inflated claims of hacks that never happened sure as hell isn't helping to fix that problem.

Filed Under: fact checking, hacks, journalism, michigan, russia, voter rolls