An apparent glitch is preventing a number of users from signing into their accounts
Multiple Individuals Charged for Twitter Hack
Three people were charged with last month’s Twitter hack, which generated over $100,000 in bitcoin by hijacking high-profile accounts. Of the 130 accounts used to spread the Bitcoin scam, major names included Elon Musk and Bill Gates, who have been portrayed in similar past scams. The FBI was apparently able to identify the perpetrators through a known hacking forum offering Twitter account hacking services for a fee.
Kentucky Unemployment Faces Second Breach in 2020
Kentucky’s unemployment system suffered its second data breach of the year last week. The breach came to light after a user reported being able to view another’s sensitive information while attempting to review their own. Officials are still uncertain how the breach occurred or the exact contents of the information available to the person who reported the incident.
Canon Suffers Ransomware Attack
Several services related to Canon, including its cloud storage systems, fell victim to a ransomware attack that knocked them offline for nearly a week. In addition to the offline systems, more than 10TB of customer data were allegedly stolen and a ransom note pertaining to the Maze Ransomware variant was identified. A large number of Canon’s website domains were also taken offline, with an internal server error being displayed to site visitors.
Havenly Interior Design Breach
A data trove containing roughly 1.4 million Havenly user accounts were posted for sale on a Dark Web marketplace last week. It included personally identifiable information of customers including names, physical addresses and emails. The company’s official statement stated no financial information was lost in the breach. While Havenly has recommended all customers update their login credentials, the breach occurred well over a month ago, enough time for affected customers to be subjected to identity theft or attacks aimed at compromising further accounts.
Massive VPN Server Password Leak
The credentials for over 900 enterprise-level VPN servers from Pulse Secure recently appeared on a hacker forum known to be frequented by ransomware groups. The plain-text information contains enough information to take full control of the servers that are currently running a firmware with known critical vulnerabilities identified within the past two months. The vulnerability that allowed this breach, CVE-2019-11510, was identified and a patch was released late last year. Many of the attack’s victims had neglected to implement the patch.
The upheaval of 2020 has forced us all to reimagine familiar pathways, and parents are no exception. Cautious about sending their kids back into the classroom, families across the country are banding together to form remote “learning pods.”
Learning pods are small groups of families with like-aged children that agree to educate their kids together. Parents also refer to learning pods as micro-schools, pandemic pods, and bubbles. According to parents, a pod environment will allow students to learn in a structured setting and safely connect with peers, which will also be a boost to their mental health following months of isolation.
According to media reports, each pod’s structure is different and designed to echo the unique distance learning challenges of each family. In some pods, parents will determine the curriculum. In others, a teacher or tutor will. As well, parents have set some pods up so they can take turns teaching and working. Some will have a cost attached to cover teacher fees and materials. Working parents are also creating “nanny share” pods for pre-school aged children.
Facebook is the place to connect for families seeking pod learning options. There are now dozens of private Facebook “pod” groups that enable parents to connect with one another and with teachers who have also opted out of returning to the classroom.
While parents may structure pods differently, each will need to adopt standard digital security practices to protect students and teachers who may share online resources. If pod learning is in your family’s future, here are a few safeguards to discuss before the pod-based school year begins.
Digital Safety & Learning Pods
Be on the lookout for malware. Malware attempts, since COVID, continue to rise. Pod learners may use email, web-based collaboration tools, and outside home networks more, which can expose them to malware risks. Advise kids never to click unsolicited links contained in emails, texts, direct messages, or pop-up screens. Even if they know the sender, coach them to scrutinize the email or text. To help protect your child’s devices against malware, phishing attacks, and other threats while pod learning, consider updating your security solutions across all devices.
Use strong passwords. Back-to-school is a great time to review what makes a strong password. Opt for two-factor authentication to add another layer of protection between you and a potential attacker.
Consider a VPN. Your home network may be safe, but you can’t assume other families follow the same protocols. Cover your bases with a VPN. A virtual private network (VPN) is a private network your child can log onto safely from any location.
Filter and track digital activity. One digital safeguard schools usually have that a home environment may not, are firewalls. Schools erect firewalls to keep kids from accessing social networks and gaming sites during school hours. For this reason, families opting for pod learning might consider parental controls. Parental controls allow families to filter or block web content, log daily web activity, set time limits, and track location.
Learning pods are still taking shape at the grassroots level, and there are still a lot of unknowns. Still, one thing is clear: Remote education options also carry an inherent responsibility to keep students safe and secure while learning online.
The post How to Keep Remote Learning Pod Students Safe Online appeared first on McAfee Blogs.
The attackers exploited the human factor to gain access to Twitter’s internal systems and the accounts of some of the world’s most prominent figures
The post Twitter breach: Staff tricked by ‘phone spear phishing’ appeared first on WeLiveSecurity
You log in to your favorite social media site and notice a string of posts or messages definitely not posted by you. Or, you get a message that your account password has been changed, without your knowledge. It hits you that your account may have been hacked. What do you do?
This is a timely question considering that social media breaches have been on the rise. A recent survey revealed that 22% of internet users said that their online accounts have been hacked at least once, while 14% reported they were hacked more than once.
So, how should you respond if you find yourself in a social media predicament such as this? Your first move—and a crucial one—is to change your password right away and notify your connections that your account may have been compromised. This way, your friends know not to click on any suspicious posts or messages that appear to be coming from you because they might contain malware or phishing attempts. But that’s not all. There may be other hidden threats to having your social media account hacked.
The risks associated with a hacker poking around your social media have a lot to do with how much personal information you share. Does your account include personal information that could be used to steal your identity, or guess your security questions on other accounts?
These could include your date of birth, address, hometown, or names of family members and pets. Just remember, even if you keep your profile locked down with strong privacy settings, once the hacker logs in as you, everything you have posted is up for grabs.
You should also consider whether the password for the compromised account is being used on any of your other accounts, because if so, you should change those as well. A clever hacker could easily try your email address and known password on a variety of sites to see if they can log in as you, including on banking sites.
Next, you have to address the fact that your account could have been used to spread scams or malware. Hackers often infect accounts so they can profit off clicks using adware, or steal even more valuable information from you and your contacts.
You may have already seen the scam for “discount – sunglasses” that plagued Facebook a couple of years ago, and recently took over Instagram. This piece of malware posts phony ads to the infected user’s account, and then tags their friends in the post. Because the posts appear in a trusted friend’s feed, users are often tricked into clicking on it, which in turn compromises their own account.
So, in addition to warning your contacts not to click on suspicious messages that may have been sent using your account, you should flag the messages as scams to the social media site, and delete them from your profile page.
Finally, you’ll want to check to see if there are any new apps or games installed to your account that you didn’t download. If so, delete them since they may be another attempt to compromise your account.
Now that you know what do to after a social media account is hacked, here’s how to prevent it from happening in the first place.
How to Keep Your Social Accounts Secure
- Don’t click on suspicious messages or links, even if they appear to be posted by someone you know.
- Flag any scam posts or messages you encounter on social media to the respective platform, so they can help stop the threat from spreading.
- Use unique, complex passwords for all your accounts. Use a password generator to help you create strong passwords and a password manager can help store them.
- If the site offers multi-factor authentication, use it, and choose the highest privacy setting available.
- Avoid posting any identity information or personal details that might allow a hacker to guess your security questions.
- Don’t log in to your social accounts while using public Wi-Fi, since these networks are often unsecured and your information could be stolen.
- Always use comprehensive security software that can keep you protected from the latest threats.
- Keep up-to-date on the latest scams and malware threats.
The post What to Do When Your Social Media Account Gets Hacked appeared first on McAfee Blogs.
It started with one weird tweet. Then another. Quickly, some of the most prominent accounts on Twitter were all sending out the same message;
I am giving back to the community.
All Bitcoin sent to the address below will be sent back double! If you send $1,000, I will send back $2,000. Only doing this for 30 minutes.
[- BITCOIN WALLET ADDRESS -]
Are Apple, Elon Musk, Barrack Obama, Uber, Joe Biden, and a host of others participating in a very transparent bitcoin scheme?
No. Of course, not. The question was whether or not individual accounts were compromised or if something deeper was going on.
User Account Protection
These high profile accounts are prime targets for cybercriminals. They have a broad reach, and even a brief compromise of one of these accounts would significantly increase a hacker’s reputation in the underground.
That is why these accounts leverage the protections made available by Twitter in order to keep their accounts safe.
While it’s believed that one or two of these accounts failed to take these measures, it’s highly unlikely that dozens and dozens of them did. So what happened?
As with any public attack, the Twitter-verse (ironically) was abuzz with speculation. That speculation ramped up when Twitter took the reasonable step of preventing any verified account from tweeting for about three hours.
This step helped prevent any additional scam tweets from being published and further raised the profile of this attack.
While some might shy away from raising the profile of an attack, this was a reasonable trade-off to prevent further damage to affected accounts and to help prevent the attack from taking more ground.
This move also provided a hint as to what was going on. If individual accounts were being attacked, it’s unlikely that this type of movement would’ve done much to prevent the attacker from gaining access. However, if the attacker was accessing a backend system, this mitigation would be effective.
Had Twitter itself been hacked?
When imagining attack scenarios, a direct breach of the main service is a scenario that is often examined in-depth, which is also why it is one of the most planned for scenarios.
Twitter — like any company — has challenges with its systems, but they center primarily around content moderation…their backend security is top-notch.
An example of this an incident in 2018. Twitter engineers made a mistake that meant anyone’s password could have been exposed in their internal logs. Just in case, Twitter urged everyone to reset their password.
While possible, it’s unlikely that Twitter’s backend systems were directly breached. There is a much simpler potential explanation: insider access.
Quickly after the attack, some in the security community noticed a screenshot of an internal support tool from Twitter surfacing in underground discussion forums. This rare inside view showed what appeared to be what a Twitter support team member would see.
This type of access is dangerous. Very dangerous.
Joseph Cox’s article detailing the hack has a key quote,
“We used a rep that literally done all the work for us.”
What remains unclear is whether this is a case of social engineering (tricking a privileged insider into taking action) or a malicious insider (someone internally motivated to attack the system).
The difference is important for other defenders out there.
The investigation is ongoing, and Twitter continues to provide updates via @TwitterSupport;
Our investigation is still ongoing but here’s what we know so far:
— Twitter Support (@TwitterSupport) July 16, 2020
— Donie O'Sullivan (@donie) July 16, 2020
If this attack was conducted through social engineering, the security team at Twitter would need to implement additional processes and controls to ensure that it doesn’t happen again.
Such a situation is what your team also needs to look at. While password resets, account closures, data transfers, and other critical processes are at particular risk of social engineering, financial transactions are atop the cybercriminal’s target list.
Adding additional side-channel confirmations, additional steps for verifications, firm and clear approvals and other process steps can help organizations mitigate these types of social engineering attacks.
If the attack turns out to be from a malicious insider. Defenders need to take a different approach.
Malicious insiders are both a security problem and human resource one.
From the security perspective, two key principles help mitigate the potential of these attacks;
Making sure that individuals only have the technical access needed to complete their assigned tasks, and only that access is key to limiting this potential attack. Combined with the smart separation of duties (one person to request a change, another to approval it), this significantly reduces the possibility of these attacks causing harm.
The other—and not often spoken of—side of these attacks is the reason behind the malicious intent. Some people are just malicious, and when presented with an opportunity, they will take it.
Other times, it’s an employee that feels neglected, passed over, or is disgruntled in some other way. A strong internal community, regular communication, and a strong HR program can help address these issues before they escalate to the point where aiding a cybercriminal becomes an enticing choice.
Underlying this whole situation is a more challenging issue; the level of access that support has to any given system.
It’s easy to think of a Twitter account as “yours.” It’s not. It’s part of a system run by a company that needs to monitor the health of the system, respond to support issues, and aid law enforcement when legally required.
All of these requirements necessitate a level of access that most don’t think about.
How often are you sharing sensitive information via direct message? Those messages are most likely accessible by support.
What’s to prevent them from accessing any given account or message at any time? We don’t know.
Hopefully, Twitter—and others—have clear guardrails (technical and policy-based) in place to prevent abuse of support access, and they regularly audit them.
It’s a hard balance to strike. User trust is at stake but also the viability of running a service.
Clear, transparent policies and controls are the keys to success here.
Abuse can be internal or external. Support teams typically have privileged access but are also among the lowest paid in the organization. Support—outside of the SRE community—is usually seen as entry-level.
These teams have highly sensitive access, and when things go south, can do a lot of harm. Again, the principles of least privilege, separation of duties, and a strong set of policies can help.
In the coming days, more details of the attack will surface. In the meantime, the community is still struggling to reconcile the level of access gained and how it was used.
Getting access to some of the world’s most prominent accounts and then conducting a bitcoin scam? Based on the bitcoin transactions, it appears the cybercriminals made off with a little over USD 100,000. Not insignificant, but surely there were other opportunities?
Occam’s razor can help here again. Bitcoin scams and coin miners are the most direct method fo cybercriminals to capitalized on their efforts. Given the high profile nature of the attack, the time before the discovery was always going to be sure. This may have been the “safest” bet for the criminal(s) to profit from this hack.
In the end, it’s a lesson for users of social networks and other services; even if you take all of the reasonable security precautions, you are relying on the service itself to help protect you. That might not always hold true.
It’s a harsh reminder that the very tooling you put in place to run your service may be its biggest risk for service providers and defenders…a risk that’s often overlooked and underestimated.
In the end, Marques Brownlee sums it up succinctly;
Don't send Bitcoin to strangers.
— Marques Brownlee (@MKBHD) July 15, 2020
What do you think of this entire episode? Let’s talk about it—un-ironically—on Twitter, where I’m @marknca.
The post Twitter Hacked in Bitcoin Scam appeared first on .
Tech titans and prominent politicians among victims of a sprawling hack that Twitter says leveraged its internal tools
The post High‑profile Twitter accounts hacked to promote Bitcoin scam appeared first on WeLiveSecurity
One of the many things we’ve learned during this season of being homebound is that video chats with friends can save the day. One of the newest channels for video chatting is Messenger Rooms. While the new Facebook feature isn’t groundbreaking in terms of how it works, it’s the ability to pull together a big group of friends spontaneously that may make this a popular digital hangout for kids.
Messenger Rooms functions similarly to the popular video conferencing app Zoom. The exception: There’s no need for users (or guests) to download a new app, create an account, or send out pre-planned meeting invites.
Messenger Rooms is simple. One person sets up a Messenger Room, that Room is assigned a URL, the organizer sends his or her friends that link, and those friends can instantly click it and be in the room. With so many families still opting to avoid large gatherings, Rooms may be the next best way to socialize in the most organic, pre-pandemic way.
The app makes it easy to watch movies together since one user screen can be pinned to the top of the chat for shared viewing. Kids can also have game nights, birthday parties, organize workout and study groups, or have a “squad hangout” as the Room title options call out (see graphic, below).
A few specific features may make Messenger Rooms appealing to kids. First, it’s easy to drop friends a link and be together almost instantly in a private room. Messenger Rooms is free, doesn’t have time limits, and up to 50 friends can get together in one room — from anywhere in the world. Kids joining a Room from their mobile app can apply quirky filters to their backgrounds or faces, which brings in the creativity element they get from Instagram Stories and Snapchat.
Privacy. So far, privacy seems to be the biggest concern being raised and here’s why. Messenger Rooms, like Facebook, collects metadata from users — including guests without Facebook accounts. Metadata may include the people you talk with, at what times, and how often, all of which can be shared with a third party. Also, Messenger Rooms, while it does not record calls (like Zoom), lacks end-to-end encryption, which makes the channel vulnerable to hackers and compromises private conversations.
Troublemakers. Live chat rooms are not password-protected, so if a Room organizer decides to make a Room public or fails to lock a room they intended to be private, anyone can pop in and do anything. Much like the Zoom bombers emerging, anyone could crash a meeting with racial rants or graphic content. A link to a room can also be shared with others by anyone who has the link.
Cyberbullying. As with any app, conflicts can arise as can cyberbullying or harassment.
If you notice your kids using Messenger Rooms, you may consider having a few conversations that highlight the risks.
- Privacy settings. If you organize a Room, lock it to keep unwanted people from crashing your meet up.
- Nothing is private. Messenger Rooms isn’t encrypted, so it’s not the place to have private conversations or share sensitive content. Note: The internet in any form isn’t the place to share any personal content. Anything exchanged online — even a “private” text between two people — is vulnerable to hackers, device theft, or the possibility of a relationship falling out.
- Nothing is free. Remind your children that services online are free for a reason. There is always an exchange: Free use for data. Be aware that profile information and bits of a conversation could be mined and used by a third party. To understand better how data is collected, Facebook’s help center or data policy.
- Lock your room. Unless your child adjusts his or her preferences, it will be open to anyone that person is friends with on Facebook who will see the public Room at the top of their newsfeed. That means lovable Uncle Pete may mistakenly stumble into your daughter’s “squad” rant unless the Room is locked.
- Report and block. If an unwanted person disrupts a Room kids can block the user and report it to Facebook.
- Age-appropriate options. For kids under 13 (Facebook age requirement), there’s Messenger Kids, a Facebook feature that allows younger kids to video call with friends in a parentally-supervised room. It’s a great tool for teaching kids safe, online practices before they use the real thing.
To stay ahead of the digital hangouts available to kids, visit McAfee Consumer Family Safety blogs each week. You may also consider monitoring your child’s devices with parental controls designed to filter content, monitor screen time, and track new apps.
The post Messenger Rooms: New Video Chat Option is Fun But Has Risks appeared first on McAfee Blogs.
June is Internet Safety Month. And, with kids spending more time online, stepping up the public conversation about digital risks couldn’t come at a better time.
The past few months have created what some experts call the perfect storm for online predators. Schools are closed, kids are on devices more, and social distancing is creating new levels of isolation and boredom.
Guards are down, and predators know it. In fact, according to The National Center for Missing & Exploited Children (NCMEC), reports to their CyberTipline spiked 106% during the first months of the pandemic. A recent CNN story, claims the dark web has seen a similar increase in activity within predator communities that has spilled over to the mainstream web since the pandemic began.
While specific data doesn’t exist (yet) to connect increased complaints directly to the ongoing health crisis, NCMEC, the FBI, and UNICEF continue to issue strong warnings to parents to step up digital safety as predators step up their efforts to connect with kids online.
What You Should Know
Predators reach out to minors through social networks, gaming platforms, or apps. They often pose as a peer, use fake photos, and create fake profiles to lure minors to chat. Predators build trust with children through devious tactics such as grooming, mirroring, and fishing, which you can read more about in our post specific to predator behavior.
Predators have been known to (although not exclusively) target socially awkward or shy kids and convince them to keep the online relationship secret. The predator may ask for a risqué or explicit photo that they may later use to bully or manipulate the child or share within predator circles on the dark web. If the child refuses to send more photos when asked, a predator may threaten to share photos they already have with the child’s family and friends. Often the predator may ask the child to meet in person. These relationships can be brief or go on. Regardless of duration, each encounter can have a harmful psychological impact on a child. Of course, the worst-case predator situations can result in trafficking or death.
What You Can Do
No parent wants to think about their child in this chilling situation. However, a quick Google search regarding actual predator cases may likely inspire you to adopt targeted safety practices. Here are some focused things you can do to minimize your child’s exposure to predators.
- Have frequent and honest conversations with your child about the specific ways predators may try to befriend them online.
- Be a safe haven. Discuss with your kids why it’s important for them to tell you right away if they feel uncomfortable with a conversation or if they are asked to engage in any inappropriate activity online.
- Review your child’s online profiles often. This includes the content they post, who they follow, and the “friends” who comment or message them.
- Inventory social networks and apps to ensure privacy settings are set to the most restrictive levels possible.
- Discuss the consequences of sharing inappropriate photos with anyone online.
- Check-in with your child frequently throughout the day. If you work at home and get easily engrossed with work, consider setting a timer to remind you to monitor your child’s digital activity.
- Ask simple, critical questions: What apps do your use? What are you watching? Who are you talking to?
- Teach kids how to safely search the web using tools such as McAfee Web Advisor. Consider parental controls designed to block risky sites, filter inappropriate content, and help parents set screen limits. And, don’t be shy about physically checking your child home screen or PC several times a week.
- Create screen limits and a phone curfew to prevent late-night online conversations.
- Be aware of your isolating more or insisting on more privacy to talk with friends.
- If your child is attending class online, don’t assume they are safe. Monitor their web surfing activity through browser history and monitoring. Connect with teachers to inquire about safety protocols.
- Seek out help and report it if your child encounters a threatening situation online. You can also contact your local FBI field office.
There’s no way to avoid online risk 100%. Darker elements will always infiltrate the endless opportunity and good stuff the internet offers. As parents, rather than live in fear, we can be proactive. We can understand the risks, take action to minimize them, and make every effort to equip our kids to deal with any threats they encounter online.
The post Reports of Online Predators on the Rise. How to Keep Your Kids Safe. appeared first on McAfee Blogs.
In this season of social distancing, teens need their friends more than ever. Daily digital connection — through texting, video chat, social networks, and gaming — is critical to keeping friend groups strong. But could increased time online these days lead to an increase in cyberbullying?
While there isn’t data to answer that question definitively, it wouldn’t be surprising for parents to notice some signs of conflict surface as the months continue to creep by. And, with re-open dates for schools in limbo, it’s more important than ever to keep the family safety conversation humming.
For clarity: Allowing more screen time doesn’t mean more cyberbullying or conflict is certain to occur. However, experience has taught us that more screen time does increase the potential for digital conflict.
Social and Emotional Fallout
This unprecedented health event hasn’t been easy on anyone, but kids especially are likely to be holding onto some big emotions about it. A recent Common Sense Media study confirms that social media has been key to helping kids get through this crisis, but one in four kids surveyed feels “more lonely than usual.”
The school year with its milestones — proms, graduations, dates, parties — ended abruptly. It’s logical to assume these losses have sparked feelings of sadness, anger, frustration, and anxiety. And because online is where most kids connect with peers, these emotions can easily play out there in the form of aggressive behavior, conflict, or persistent drama.
So how do you know if your child is being cyberbullied or dealing with conflict online? It isn’t always easy simply because so many kids won’t admit to being bullied. Often they believe telling an adult will make the harassment worse. They may feel ashamed or embarrassed about a regretful situation or the fact that they’re being targeted in the first place. For that reason, one of the best ways to help your child is to be aware of the time they spend online, the people they connect with, and how those digital circles impact their wellbeing.
What to Look For
The many forms of cyberbullying continue to evolve alongside the digital culture. Here are just a few ways kids bully one another.
- Saying hurtful or intimidating things to someone on social media, a text, or email.
- Making negative comments about a person’s sexuality, race, religion, handicaps, or physical features.
- Camouflaging hurtful or threatening comments with words like “jk” (just joking).
- Asking online friends to vote for or against another person, with Instagram polls or captions such as “Is this person hot or not?” or “Would you go out with this person?”
- Posting or sharing with others the private photos, memes, emails, texts, or secrets without the permission of another person.
- Intentionally posting unflattering or embarrassing photos of another person.
- Spreading rumors or false information about another person online.
- Making any threat to another person no matter how harmless you think it may be.
Signs of Cyberbullying
If your child is getting bullied online, there are some potential signs.
- Anxious or upset after reading a text, frequently gets sick or nauseous, declines invitations from friends, or bows out of fun family outings.
- Trouble sleeping or being withdrawn or moody.
- Being protective of his or her phone, deleting or deactivating social networks
- Sudden loss of a steady friend group or sudden complaining about once-loved friends.
- Loss of interest in favorite sports or hobbies or a decline in grades.
- References to suicide, loneliness, and hopelessness (when severe bullying is taking place).
Know Where They Go
Another way to understand your child’s emotional connection to his or her digital communities is to learn about their favorite platforms and monitor them. Pay specific attention to the tone of his or her social threads. And, if you see concerning comments or posts, ask your child how you can help. If your child is using risky apps such as WhatsApp or Kik, that allows people to use the app anonymously, discuss your concerns with your child. Some social networks are more conducive to cyberbullying than others.
Monitor Gaming Communities
Gaming time can skyrocket during the summer, and when games get competitive, cyberbullying can happen. Spend time with your child while he or she is gaming. Listen to the tone of the conversations and be aware of your child’s demeanor. For your child’s physical and emotional health, make every effort to set gaming limits as summer approaches.
Parenting Moves to Avoid
Bullying experts will tell you that what you don’t do if your child is getting bullied is often as important as what you do. Here’s some insight:
1) Never advise a child to ignore the bullying. 2) Never blame a child for being bullied even if he or she did something to aggravate the bullying. No one deserves to be bullied. 3) As angry as you feel that someone is bullying your child, do not encourage your child to fight back physically. 4) Don’t overreact; escalate accordingly. If you can identify the bully, consider talking with the child’s parents. 5) Don’t lead the charge. Give your child veto power over your involvement. If they say they don’t want you to get involved (unless you suspect physical danger or suicide), respect that. 6) If the bullying continues to escalate, report it, seek help from school counselors or the police if necessary. 7) Even if you are fearful, don’t take your child’s digital devices away. He or she didn’t do anything wrong.
A number of organizations are leading the charge against cyberbullying and have fantastic resources for families. Here are just a few: Cyberbullying Research Center, StopBullying.gov, StompOutBullying.org, KindCampaign.com, ItGetsBetter.org, National Bullying Prevention Center. If you’d like your organization added to this list, please leave a comment.
We hope you and your family are staying healthy these days and finding some time to talk about online safety. If you need a refresher, read Part I and Part II of our Online Safety Basics series. And, if you’re looking for a fun school lesson for the day, you can always quiz your kids on any of McAfee’s Family Safety content!
The post Is Your Child Being Cyberbullied? What Parents Need to Know appeared first on McAfee Blogs.
In May 2019, FireEye Threat Intelligence published a blog post exposing a network of English-language social media accounts that engaged in inauthentic behavior and misrepresentation that we assessed with low confidence was organized in support of Iranian political interests. Personas in that network impersonated candidates for U.S. House of Representatives seats in 2018 and leveraged fabricated journalist personas to solicit various individuals, including real journalists and politicians, for interviews intended to bolster desired political narratives. Since the release of that blog post, we have continued to track activity that we believe to be part of that broader operation, reporting our findings to our intelligence customers using the moniker “Distinguished Impersonator.”
Today, Facebook took action against a set of eleven accounts on the Facebook and Instagram platforms that they shared with us and, upon our independent review, we assessed were related to the broader Distinguished Impersonator activity set we’ve been tracking. We separately identified a larger set of just under 40 related accounts active on Twitter against which Twitter has also taken recent enforcement action. In this blog post, we provide insights into the recent activity and behavior of some of the personas in the Distinguished Impersonator network, in order to exemplify the tactics information operations actors are employing in their attempts to surreptitiously amplify narratives and shape political attitudes.
Personas in the Distinguished Impersonator network have continued to engage in activity similar to that we previously reported on publicly in May 2019, including social media messaging directed at politicians and media outlets; soliciting prominent individuals including academics, journalists, and activists for “media” interviews; and posting what appear to be videoclips of interviews of unknown provenance conducted with such individuals to social media. The network has also leveraged authentic media content to promote desired political narratives, including the dissemination of news articles and videoclips from Western mainstream media outlets that happen to align with Iranian interests, and has amplified the commentary of real individuals on social media.
Outside of impersonating prominent individuals such as journalists, other personas in the network have primarily posed as U.S. liberals, amplifying authentic content from other social media users broadly in line with that proclaimed political leaning, as well as material more directly in line with Iranian political interests, such as videoclips of a friendly meeting between U.S. President Trump and Crown Prince of Saudi Arabia Mohammad Bin Salman accompanied by pro-U.S. Democrat commentary, videoclips of U.S. Democratic presidential candidates discussing Saudi Arabia's role in the conflict in Yemen, and other anti-Saudi, anti-Israeli, and anti-Trump messaging. Some of this messaging has been directed at the social media accounts of U.S. politicians and media outlets (Figure 1).
Figure 1: Twitter accounts in the Distinguished Impersonator network posting anti-Israeli, anti-Saudi, and anti-Trump content
We observed direct overlap between six of the personas operating on Facebook platforms and those operating on Twitter. In one example of such overlap, the “Ryan Jensen” persona posted to both Twitter and Instagram a videoclip showing antiwar protests in the U.S. following the killing of Qasem Soleimani, commander of the Islamic Revolutionary Guards Corps’ Quds Force (IRGC-QF) by a U.S. airstrike in Baghdad in January 2020 (Figure 2). Notably, though the strike motivated some limited activity by personas in the network, the Distinguished Impersonator operation has been active since long before that incident.
Figure 2: Posts by the “Ryan Jensen” persona on Twitter and Instagram disseminating a videoclip of antiwar protests in the U.S. following the killing of Qasem Soleimani
Accounts Engaged in Concerted Replies to Influential Individuals on Twitter, Posed as Journalists and Solicited Prominent Individuals for “Media” Interviews
Personas on Twitter that we assess to be a part of the Distinguished Impersonator operation engaged in concerted replies to tweets by influential individuals and organizations, including members of the U.S. Congress and other prominent political figures, journalists, and media outlets. The personas responded to tweets with specific narratives aligned with Iranian interests, often using identical hashtags. The personas sometimes also responded with content unrelated to the tweet they were replying to, again with messaging aligned with Iranian interests. For example, a tweet regarding a NASA mission received replies from personas in the network pertaining to Iran’s seizure of a British oil tanker in July 2019. Other topics the personas addressed included U.S.-imposed sanctions on Iran and U.S. President Trump’s impeachment (Figure 3). While it is possible that the personas may have conducted such activity in the hope of eliciting responses from the specific individuals and organizations they were replying to, the multiple instances of personas responding to seemingly random tweets with unrelated political content could also indicate an intent to reach the broader Twitter audiences following those prominent accounts.
Figure 3: Twitter accounts addressing U.S.-imposed sanctions on Iran (left) and the Trump impeachment (right)
Instagram accounts that we assess to be part of the Distinguished Impersonator operation subsequently highlighted this Twitter activity by posting screen recordings of an unknown individual(s) scrolling through the responses by the personas and authentic Twitter users to prominent figures’ tweets. The Instagram account @ryanjensen7722, for example, posted a video scrolling through replies to a tweet by U.S. Senator Cory Gardner commenting on “censorship and oppression.” The video included a reply posted by @EmilyAn1996, a Twitter account we have assessed to be part of the operation, discussing potential evidence surrounding President Trump’s impeachment trial.
Figure 4: Screenshot of video posted by @ryanjensen7722 on Instagram scrolling through Twitter replies to a tweet by U.S. Senator Cory Gardner
We also observed at least two personas posing as journalists working at legitimate U.S. media outlets openly solicit prominent individuals via Twitter, including Western academics, activists, journalists, and political advisors, for interviews (Figure 5). These individuals included academic figures from organizations such as the Washington Institute for Near East Policy and the Foreign Policy Research Institute, as well as well-known U.S. conservatives opposed to U.S. President Trump and a British MP. The personas solicited the individuals’ opinions regarding topics relevant to Iran’s political interests, such as Trump’s 2020 presidential campaign, the Trump administration’s relationship with Saudi Arabia, Trump’s “deal of the century,” referring to a peace proposal regarding the Israeli-Palestinian conflict authored by the Trump administration, and a tweet by President Trump regarding former UK Prime Minister Theresa May.
Figure 5: The “James Walker” persona openly soliciting interviews from academics and journalists on Twitter
Twitter Personas Posted Opinion Polls To Solicit Views on Topics Relevant to Iranian Political Interests
Some of the personas on Twitter also posted opinion polls to solicit other users’ views on political topics, possibly for the purpose of helping to build a larger follower base through engagement. One account, @CavenessJim, posed the question: “Do you believe in Trump’s foreign policies especially what he wants to do for Israel which is called ‘the deal of the century’?” (The poll provided two options: “Yes, I do.” and “No, he cares about himself.” Of the 2,241 votes received, 99% of participants voted for the latter option, though we note that we have no visibility into the authenticity of those “voters”.) Another account, @AshleyJones524, responded to a tweet by U.S. Senator Lindsey Graham by posting a poll asking if the senator was “Trump’s lapdog,” tagging seven prominent U.S. politicians and one comedian in the post; all 24 respondents to the poll voted in the affirmative. As with the Instagram accounts’ showcasing of replies to the tweets of prominent individuals, Instagram accounts in the network also highlighted polls posted by the personas on Twitter (Figure 6).
Figure 6: Twitter account @CavenessJim posts Twitter poll (left); Instagram account @ryanjensen7722 posts video highlighting @CavenessJim's Twitter poll (right)
Videoclips of Interviews with U.S., U.K., and Israeli Individuals Posted on Iran-Based Media Outlet Tehran Times
Similar to the personas we reported on in May 2019, some of the more recently active personas posted videoclips on Facebook, Instagram, and Twitter of interviews with U.S., UK, and Israeli individuals including professors, politicians, and activists expressing views on topics aligned with Iranian political interests (Figure 7). We have thus far been unable to determine the provenance of these interviews, and note that, unlike some of the previous cases we reported on in 2019, the personas in this more recent iteration of activity did not themselves proclaim to have conducted the interviews they promoted on social media. The videoclips highlighted the interviewees’ views on issues such as U.S. foreign policy in the Middle East and U.S. relations with its political allies. Notably, we observed that at least some of the videoclips that were posted by the personas to social media have also appeared on the website of the Iranian English-language media outlet Tehran Times, both prior to and following the personas' social media posts. In other instances, Tehran Times published videoclips that appeared to be different segments of the same interviews that were posted by Distinguished Impersonator personas. Tehran Times is owned by the Islamic Propagation Organization, an entity that falls under the supervision of the Iranian Supreme Leader Ali Khamenei.
Figure 7: Facebook and Instagram accounts in the network posting videoclips of interviews with an activist and a professor
The activity we’ve detailed here does not, in our assessment, constitute a new activity set, but rather a continuation of an ongoing operation we believe is being conducted in support of Iranian political interests that we’ve been tracking since last year. It illustrates that the actors behind this operation continue to explore elaborate methods for leveraging the authentic political commentary of real individuals to furtively promote Iranian political interests online. The continued impersonation of journalists and the amplification of politically-themed interviews of prominent individuals also provide additional examples of what we have long referred to internally as the “media-IO nexus”, whereby actors engaging in online information operations actively leverage the credibility of the legitimate media environment to mask their activities, whether that be through the use of inauthentic news sites masquerading as legitimate media entities, deceiving legitimate media entities in order to promote desired political narratives, defacing media outlets’ websites to disseminate disinformation, spoofing legitimate media websites, or, as in this case, attempting to solicit commentary likely perceived as expedient to the actors’ political goals by adopting fake media personas.