Iran tried to hack hundreds of politicians, journalists email accounts last month, warns Microsoft The Iranian government has attempted to hack into hundreds of Office 365 email accounts belonging to politicians, government officials and journalists last month, Microsoft has warned. “We’ve recently seen significant cyber activity by a threat group we call Phosphorous, which we believe originates from Iran and is linked to …
I'm rather curious, how do you know his account was created today and that was his fourth comment?
I thought, as AC, such information wasn't publicly available, unless you're either an El Reg employee with access to such information, or part of the Iranian Government who has hacked The Register.
Perhaps, even, you are part of another nation who has hacked The Register to...<MESSAGE INTERCEPTED>
Pretty much everywhere is your neighbor in cyberspace. I find it hard to get worked up about email hacking. If you're doing stuff you shouldn't be doing using email, figure out how to use encryption for heavens sake.
But when some bunch of ninnies in Washington or Moscow or Peking or somewhere else aggravate Iran or Taiwan or North Korea or the Grand Duchy of Fenwick into actual cyberwar, the cyber warriors are not going to stop at turning all the digitally controlled traffic lights in North America permanently green. They are going to try to turn off your and my electricity and drive every vehicle that does over the air software updates into the nearest structure and shut down air traffic control with hundreds or thousands of planes left to figure out how to land safely with no coordination and do all manner of harm to all the poorly planned infrastructure unwisely hung off the internet.
I suppose that we really should be more concerned than we are.
"I find it hard to get worked up about email hacking."
Then maybe you should think a little more about what email hacking lets you do. First, it lets you target specific people and look at their communications, including those that might be private. We're talking private because they contain sensitive information, not necessarily because they reveal unethical activity. For journalists, that might be the identity of a source. For Iranians living outside Iran, it might be the name of someone inside Iran they care about. For politicians, whether they are likely to support laws the hackers don't like. For a candidate in a campaign, the strategy they're planning to use to challenge their opponent. There's a lot you can do with that kind of information.
But there's a lot more you can do with an email. You can impersonate that person quite easily. You could of course have spoofed their address without having to access their mailbox. But with that access, you don't have to do that; anyone who checks thoroughly will still think the message came from their mail system because it did. Having read the messages they send, you can better imitate their style, making your message more convincing. And you can intercept replies to your message, hide them from the actual user, and reply to them at your convenience.
Have you considered that the more strenuous attacks you mention probably have an email attack as one of their components? It is always possible that [insert group of evil people] have found a device on the internet that they can access and it lets them turn the power off. Given the security of these systems, it's likely there exist a few things of that nature. But you still have to find them, gain access without arousing suspicion, and understand how they work. Meanwhile, it might also be a little useful to gain access to the email of one of the engineers of the company and watch for technical documentation. Now you know how the system works. If you don't have access to the system yet, the credentials you just stole from the email probably help. And if the system either doesn't have an insecure thing online or you haven't found one, your access to the internal email gives you the option to get some malware in. Many targeted attacks begin in just this manner. Usually, it's by spear phishing for credentials or malware installation, but then it immediately turns to email compromise.
If you can't see that email attacks can be quite dangerous, you might need to think about it more.
"The company did not go into any detail over why it believes the Iranian government is behind the hacks beyond noting that those targeted included “prominent Iranians living outside Iran.” "
I would imagine other nations, and not just Iran, would also want to spy on prominent Iranians living abroad. Like seeing if they can be mined for useful information that could damage Iran, use them for propaganda, implicate them as spies operating on behalf of Iran, and so on.
It could even be someone else trying to make the attack appear to have come from Iran to remove suspicion from themselves. Or to stoke tensions between the US and Iran. There are a lot of entities that would benefit from continued tensions between the two nations.
Its equally possible that it really is Iran and they got caught trying to open the cookie jar, but it could also be another nation that doesn't want the US and Iran to be on good terms. For instance, Airbus stands to make billions of dollars selling aircraft to Iran, made easier by ensuring that Boeing is locked out of the sale. Saudi Arabia would stand to lose a lot of money if Iranian Oil were to flood the US market. Israel wouldn't mind if the US eliminated / destabilized Iran.
I'm saying that any of those are even realistic possibilities, but just that there are a lot of entities that would be motivated to carry out such an attack.
@Crazy Operations Guy
Clearly you haven't read the script on which nation is today's bad guy.
Although with the US shortly starting a trade war with Europe, we may be tomorrow's bogie man. Now who could possibly benefit from that...?
Maybe WW3 has already started.
"Clearly you haven't read the script on which nation is today's bad guy."
I haven't, but then who has the time? It seems like every day the US has a new enemy, or new former-enemy-but-now-an-ally. Like apparently Saudi Arabia is now the US's ally even though they were threatening to go to war because they were "Funding terrorism".
At this point, might as well consider every nation an enemy to the US, even the US itself.
Correct.
It's called perpetual war.
Also known as US foreign policy.
"Clearly you haven't read the script on which nation is today's bad guy."
You could pick up any script from the last thirty years and Iran would still be a baddie. The US government has had a hate-on for them since their friendly Shah was deposed.
Of course there were many other deeply disturbing public comments that didn't harm him, either. There's clearly a lot of cognitive dissonance going on amongst Republicans.
I disagree with a lot of Trump's policies (particularly foreign policies), but much more so his ham-fisted approach (c.f. Iran's nuclear program) and general incompetence (c.f. burning allied intelligence service assets (the Israelis', no less!) to the Russians). Even when impeachment fails in the Senate, the foregoing criticisms will stand.
Sad!
When Washington is attempting to deceive and wreak harm abroad, I much prefer its executives to be ham-fisted.
Before Trump, they usually worked by devious methods and the vast majority of Western citizens were completely oblivious to the terrible harm they did.
Agreed to some extent; at least the incompetent ones get caught out. But the resulting distraction, embarrassment and partisan sh*t-fight is also damaging to the trust of citizens and allies alike. And much diplomatic harm can be done by the executive cronies without congressional oversight via mere public statements particularly when they're inconsistent, hypocritical or patently false.
"Bad at being bad.."
I used to work in a department where we subscribed to the theory of "Inverse Incompetency".
Where a person incorrectly arrives as some belief/concept, set out to achieve a result but executes the plan so poorly that some opposite and totally correct result is achieved.
Usually referenced when explaining how upper management survived some adventure.
But.... even applied to me on occasion.
'...hostile nations are investing significant energy and resources into disrupting American elections by stealing and weaponizing private information.'
FTFY
It's not just nation states stealing the private information and it's not just politically active people being targeted. Why were 'we' so complacent as to allow such insecure services to become so critical to our political, business and private lives?
It's not just nation states stealing the private information and it's not just politically active people being targeted. Why were 'we' so complacent as to allow such insecure services to become so critical to our political, business and private lives?
Or, why have we allowed security services to become so critical to our political lives? Apparently the whistleblower who started the impeachment process was a registered Democrat. Who may or may not have helped Adam Schiff create his 'parody' account of Trump's phone call with the Ukrainian president. But he's just chair of the House Intelligence Committee, so making stuff up goes with the territory. Or, as the BBC puts it..
https://www.bbc.co.uk/news/world-us-canada-49942394
"We deeply regret that President Trump has put us - and the nation - in this position, but his actions have left us with no choice but to issue this subpoena," the Democrats wrote in a letter to the White House.
Or the Democrats might deeply regret the position the Bidens put them in by creating real or apparent conflicts of interest around Ukraine. I'm not sure if the Dems have decided to do a Bernie on Biden and decided to cripple his chances of winning in preference for another Democrat runner, but it's an odd situation. It also demonstrates how polarised politics has become, ie the way parts of the media insist that allegations around the Bidens are just conspiracy theories rather than something that should be investigated properly.
It's not jus slinging mud if it's factually correct.
Is Trump corrupt and dodgy as hell? Yes. And he could be impeached over dozens of conflicts of interest that shows he's corrupt.
Yet in this case it actually looks like Trump did try to 'clean the swamp' (of course for his own benefit).
His followers will grab on to that and he will hammer Biden to the wall, since even if his son who started his job with Burisma was nkt corruption, it has the smell of corruption, because Biden was VP and the US was helping Poroshenko get into power.
If your coke snorting son with no previous experience in the energy market gets a 50k/m job in the country where you just helped overthrow the previous government, that smells of corruption.
If the Dems try to nail Trump down on just this issue, they'll get their ass handed back to them. It's almost as if they want this to fail, since they could have tacked on so much more to show that Trump is an idiot.
I don't know of anyone who has any objection to the Bidens being investigated. Investigate away. And by all means let the FBI co-operate with its sibling agencies in other countries to get information from them if it needs to.
But that's not the same as the president of the USA phoning a foreign leader and letting it be known that he wants a particular result to an investigation, as "a favor". It's not in the same ballpark. It's not even the same sport.
Can you see the difference?
Though I think doing this Biden investigation is for the sole benefit of idiot Trump.
and letting it be known that he wants a particular result to an investigation
This is not correct, it's nowhere in the memorandum that was disclosed. You're regurgitating corporate media talkimg points, which will actually help Trump, since he can actually point to this being factually incorrect.
If you want to get rid of Trump stay with the facts, there are already enough factually provable other things to impeach the guy.
Look, withholding much needed and earlier promised support in order to get a certain result from an investigation (don't be a fool -a certain result is what's requested) is simple extortion. Extorting a foreign government, or in any other way getting help from a foreign government, to help destroying a national competing politician is illegal. End of.
All the other whataboutery you can think of is irrelevant. (The whistleblower was a Democrat.. Duhh..)
Look, I know that Trump has the effect of activating people's amygdala, but stop for a moment and think about:
1) The odds of him being impeached just over this ambiguous phone call are slim to non-existent. If it does fail, it will embolden his followers to no end, it even may wind up getting him a second term in office.
2) Real visible corruption, such as SA princes spending huge amounts at Trump resorts just prior to Trump approving a $10B arms deal seems like a conflict of interest. Along with the pussy grabbing statements, that would make a much better chance for impeachement.
3) What happens if this, against all odds, does work and Trump is impeached. Instead of Trump, you'll get a president who really believes the planet is 6000 years old and that the second coming of Jesus is nigh. Do you really want someone like that with his finger on the nuclear button?
I don't know about you, but after 3 years of enduring Trump, what's one more year to kick him out through the ballot box?
"Apparently the whistleblower who started the impeachment process was a registered Democrat. Who may or may not have helped Adam Schiff create his 'parody' account of Trump's phone call with the Ukrainian president. "
You really must get off Fox.. It makes you dumber by the minute.
'“We’ve recently seen significant cyber activity by a threat group we call Phosphorous, which we believe originates from Iran and is linked to the Iranian government,” Microsoft’s vice president of customer security and trust Tom Burt said in a blog post on Friday'.
The significant words are "we believe".
As usual, no reasons or evidence whatever are adduced for the belief Microsoft is happy to announce.
Just like MH17, the Skripals, Gaddafi's Viagra, Saddam's WMD, Assad's sarin, Russiagate... and on and on and on. Incidentally, the misspelling "phosphorous" is typically American. Foreigners often speak and write English more correctly.
Technically, of course, Microsoft is not a part of the US government. It seems, however, that it now acts as if it were - like virtually all the mainstream media, Hollywood, and most of corporate America.
One pragmatic definition of fascism is a system where the state and the corporations work closely together to further their joint ends.
"Incidentally, the misspelling "phosphorous" is typically American."
Gee... An American company creates a code name to denote a threat and uses an idiomatic spelling (intentionally or un-) for it and you apparently think that there's some sort of a sinister conspiracy about it. As far as we know, it's not the threat group calling itself that, which MIGHT indicate something.
As Walter Kotschnig said in a 1940 speech at Mount Holyoke College, it's important to keep an open mind, “but not so open that your brains fall out.”
This post has been deleted by its author
Phosphorus is the 15th Element, but Phosphorous is also a perfectly good word, and in many instances refers to the Element, say, in the manner of Phosphorus. Neither word is wrong. Now, phos off.
This advisory brought to you in seconds by any search engine.
To be fair, it's just an implementation of TOTP (so you can use any TOTP app such as Google Authenticator, you don't have to use the Microsoft one. It still means the seed values are known by Microsoft so it's probably not perfect for tinfoil hat types, but it's certainly better than SMS based authentication which is trivial for a major player to compromise.
It would be good to read some comments concerning technical details of this article or MS info or Iran's hacking in general. However, ALL went to whistle rather than moving -political speculations without any real ground. Iran will not help in political games to President Tramp and neither Democrats. Both are enemies to Iran. So, hacking was not about US politics, President Tramp and stupid attempts to hurt the President basically on nothing. So, the article speculation is pure BS and the most of comments as well. The real purpose was either money or information. The same as China, N. Korea and others alike.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
