Ukrainian hackers claim to have discovered the identity of the Russian Air Force commander responsible for the Mariupol bombing and to have tricked his wife.
Source: Jutarnji list
Namely, the Ukrainian activist group Cyber Resistance and the volunteer organization Inform Napalm announced that the commander of the 980th aviation regiment, Serhiy Atroshchenko, ordered planes to drop two 500-kilogram bombs on the theater in Mariupol on March 16, 2022.
Hundreds of civilians were killed in the attack because the theater was being used as a shelter from air raids at the time, and on the outside of the courtyard was the inscription “CHILDREN”.
The hackers first found out Atroshchenko’s personal data, after which one of their activists contacted Atroshchenko’s wife, introducing herself as a soldier under his command, and asked her to organize a photo shoot of the wives and girlfriends of the regiment members in order to support the men on the battlefield.
The photo shoot was deliberately arranged on March 16, 2023, exactly one year after the bomb attack on the Mariupol theater. Atroshchenko’s wife, Lilia, provided the hackers with access to photos of 12 women posing in their husbands’ uniforms, as well as half-naked photos.
Furthermore, with the help of those photographs, that is, the wife of a soldier under the command of Atroshchenko, they came to the identity of several more Russian officers who are believed to be behind the attack.
The hackers said that Atroshchenko personally ordered warplanes to launch attacks on civilians, including the maternity hospital in Mariupol.
They also released his extensive personal information, including his private contacts, salary, lists of pilots under his command, assessments of front-line success, and details of missions provided to Ukrainian intelligence services for analysis.
Two days after the photos of his wife were received, Atroshchenko’s regiment was awarded medals signed by Vladimir Putin himself, for massive heroism, courage and strength in combat actions for the protection of the homeland.
Inform Napalm claims that the hackers passed the collected data to the International Criminal Court to contribute to the investigation of Russian war crimes in Ukraine.
The sharp rise in popularity of social media and other interactive platforms in the past decade is news to no one. From open forums to live podcasts to dynamic comment sections, digital tools help people connect at all times. The global pandemic is a good example of how digital media connected a world that was physically distanced.
But they are also a point of entry for bad actors. With so much private data willingly shared, the surface area vulnerable to attack increases. Cyberattacks perpetrated by hackers who use open sources to manipulate users into giving away security information increased by 270% in 2021.
In June 2020, Twitter accounts belonging to global personalities such as Bill Gates, Elon Musk, Joe Biden, and Warren Buffet posted a message promising to double the money of those who sent bitcoins to a certain wallet. That fraudulent tweet was the result of teenage hackers convincing employees to give them their credentials and resulted in the loss of hundreds of thousands of dollars. Could a more advanced monitoring process have helped security officials to flag this breach? That is a question many security professionals are still asking.
While the Twitter hack resulted in monetary loss, it is lucky it wasn’t the work of terrorists. Consequences can be more serious for those in the security, government, and law enforcement arenas, where threats can indicate global criminality. The temperature of online chatter can also clue us into the potential for consequences in the real world, as vitriol and rhetoric may spur individual actors to “do something.” Whether you are an enterprise, a high profile individual, or even a non-profit, the ability to detect actionable intelligence and receive immediate alerts is an essential component of any security plan.
What is Open-Source Intelligence Threat Monitoring?
Open-source intelligence, or OSINT, is the gathering of information from public, legal data sources. Open sources include social media, blogs, news, and the dark web. By monitoring these channels – which are already tracked and exploited by hackers and criminals – it is possible to prevent attacks and protect your organization. Among others, OSINT includes readily searchable public data, deep web content that may require a login but is part of the public domain, and metadata from posts.
Careful monitoring of this material can uncover workplace security threats (including insider threats), protect high-level executives and officials, and curb practices like phishing attacks – which extract sensitive information that is then leveraged to install malware or ransomware.
OSINT threat monitoring is especially important because it can provide security teams with very early risk indicators of possible attacks. If you can pick up on a fake link shared in a forum or a social media profile that appears to behave oddly, you might avoid a far worse outcome down the line.
The primary challenge is sifting through the firehose of data that springs forth once you start looking. The higher the profile of the asset, the greater amount of chatter to parse through.
Using Threat Intelligence to Prevent Attacks
Monitoring a large volume of data is only the first step. Companies must then be able to quickly flag potential danger, analyze it, and neutralize threats. This is often accomplished using specially designed platforms deploying a blend of Artificial Intelligence, Machine Learning and Big Data Analytics. For example, Interfor utilizes proprietary databases with keyword-tracking features as a critical step in social media monitoring.
These AI-powered tools allow for the critical monitoring of deep web sources like chan sites and message boards that searches on traditional sites like Facebook would overlook. Open-source monitoring can also pick up potential legal threats such as lawsuits and investigations by regulators, as well as human resources threats such as protests or disgruntled employees.
But despite the technological firepower you might bring to bear, human analysis remains a key component in plugging gaps in the digital mesh and for making sense of it all. Security experts compare open-source data with closed data sources, such as internal telemetry, data gathered from the dark web, and other external sources for a more comprehensive picture. User behavior analytics are the key to learning about the context of a potential attack.
Hackers and Security Experts: A Two-Way Street
With open-source data, it is important to remember that the tools and analytics available to security teams are also available to bad actors. For example, a cybercriminal may conduct a file search for specific documents. While the search itself may be benign, they can use tools to scan for any security gaps in the code. Once they find weak spots, they can exploit them for a malware attack or to steal the identity of an employee. A well-crafted OSINT plan will quickly survey all activity comprehensively so there will be no opportunity for hackers to wreak havoc. To be successful at threat monitoring, one must think like the enemy.
Interfor’s Approach to OSINT
Interfor uses a cross-functional approach of analytic monitoring and proprietary open-source monitoring tools, including social-media monitoring and global security alert platforms. With access to more than 2000 databases globally, multiple high-powered AI platforms, geo-fencing tools, and (perhaps most importantly) a team of human analysts to make sense of it all, Interfor establishes a comprehensive security umbrella to serve as a sentinel for its clients. The security team continuously monitors the digital perimeter and proactively seeks to plug any gaps it might have, so coverage is always available.
It is a comprehensive approach, powered by experience and expertise, that is the key to a successful proactive security plan.
Don’t be left with the shape of an “L” on your forehead: If you see a celebrity selling, oh say, 10 MacBooks for around $600 each on Twitter, we can guarantee that the celeb’s account has been hacked…even if the account belongs to the internet’s favorite 90s band: Smash Mouth.
Over the past few months, a hacker or group of hackers have been stealing influential high-profile accounts. Mashable first exclusively reported on the hacks last week.
Basically, once the hacker accesses an account, they begin sharing a scam offering brand new MacBooks for well-below retail value. Mashable heard from those who fell for the scam, taken in by seeing the offer from a user they’ve long followed and trusted, without knowing that the account had been hacked. The victim then sends the money via a peer-to-peer payment service like Zelle, Cashapp, or Apple Pay, which does not provide buyer protection or refunds.
Hey now, you’re an all-star
On the day our report was published, the hacker reached out to the author of the piece through a Twitter account they had just hacked(Opens in a new tab) hours prior.
“ur 2 step dosent matter 😂,” they said in a follow up, referring to two-factor authentication, a security step that makes it harder for unauthorized access into accounts. Twitter, under the leadership of Elon Musk, turned off two-factor authentication via text message that same day for Twitter users unless they paid to subscribe to Twitter Blue.
Shortly after those messages, the Smash Mouth Twitter account deleted the MacBook scam tweets and published a new post saying that the band once again had access to the account.
Mashable reached out to Xepoleas, who explained that this is the second time the Smash Mouth account was hacked. And, it may very well be by the same hacker too. Back in late October of last year, verified Twitter users reported(Opens in a new tab) receiving DMs from the Smash Mouth account asking them to go to a Twitter page to verify their Twitter account or they’d lose their checkmark. The page, of course, was a fake phishing page set up to steal their information. The DM from October looks exactly the same as the DM we previously reported on that’s being used by the hackers stealing accounts today. The only difference is that the hackers have moved on to a new website URL.
Xepoleas explained that he fell for the hack the first time and clicked on the link himself. However, he is unsure how the hackers got access to the account again this year.
When Smash Mouth was hacked the first time, it was just days before Elon Musk officially acquired Twitter so there were delays in getting the account back. It took over a month for someone at Twitter to help out.
And unfortunately for Smash Mouth, the Twitter employee who helped them last time was fired by Musk in the most recent round of Twitter layoffs last month.
“All we know is since Elon took over we’ve been hacked twice and have lost over 40k followers,” Xepoleas told me.
As of publishing time, the Smash Mouth account was still hacked.
You might as well be walking on the sun
Since Mashable’s first report, we have heard from numerous people sharing their stories about other hacked accounts. And, multiple accounts have been hacked just this past week, since we’ve reached out to Twitter to inform them of the issue. Many of these accounts are still hacked, active, and scamming users.
Comedian Bobby Lee’s Twitter account, @BobbyLeeLive, was also hacked back during that month and first(Opens in a new tab) tweeted the “10 MacBooks” scheme on Nov. 15 of last year. In fact, it appears his account is still hacked over 4 months later.
Last year, a number of his fans immediately noticed the hack and screenshotted tweets of the account offering “10 MacBooks” for sale for $600.
“Hello twitter family !” reads the November tweet. “I have 10 MacBooks that I will personally sign myself , that you can purchase for $600 and free Shipping ! First come first serve basis , and all proceeds will be going to charity ! MY DMS ARE OPENED IF INTERESTED.”
A screenshot of the “10 MacBooks” scam being tweeted from Bobby Lee’s account in November 2022. Credit: Mashable Screenshot
If that message looks familiar, that’s because it’s the same exact tweet that was posted on hacked accounts belonging to Duck Dynasty‘s Jase Robertson, The American Prospect‘s David Dayen, and Winnie Wong of Bernie Sanders’ 2020 presidential campaign, per Mashable’s last report on the issue. It appears the same tweet gets posted on all of these hacked accounts.
Most of the scam tweets on Bobby Lee’s account are no longer visible on the platform. It’s unclear if the scammer removed the missing tweets or if the tweets were auto-removed due to mass user reporting of the specific tweets. It does not look like Twitter specifically intervened, however, as a scam tweet from February still appears on the account.
Raffi told Mashable that he received a DM from Asami Terajima, a journalist with Kyiv Independent. However, Terajima’s account was hacked. And, oddly enough, the scammer targeting Raffi had changed Terajima’s profile name to look like the account belonging to Justin Sun, a controversial cryptocurrency founder who was charged(Opens in a new tab) with fraud by the SEC just days later.
The DM sent from Terajima’s hacked account to Raffi included the same DM message linking to a phishing page made up to look like an official Twitter site. The URL used this time was “security-twitter.com,” the same domain we reported on last time that was being sent from Winnie Wong’s hacked account.
A screenshot of the phishing page used by the scammers to steal accounts. Credit: Mashable Screenshot
Kyiv Independent senior editor Oleksiy Sorokin confirmed that they were able to regain access to Terajima’s account.
“Also, @elonmusk and @TwitterSupport thanks for removing the basic safety features,” he tweeted. “Great job.”
While Raffi was able to avoid getting hacked, others haven’t been so lucky.
On Thursday night actress Rachel Zegler’s Twitter account began posting the “10 MacBooks” scam tweets. This time, the hackers deployed a new measure to hide their scam. They first made Zegler’s account private, so only her current followers could see her tweets. This would make it more difficult for outside parties, like reporters who might be familiar with the scam, to track her hacked account and warn her fans.
As of Friday, the Shazam! actress’ account was unlocked. A tweet from the account claimed(Opens in a new tab) that Zegler had regained control, but it’s worth noting that that Smash Mouth’s account once falsely claimed that its rightful owners had regained access.
In addition to Zegler, a string of well-known drag queens, such as Gottmik from RuPaul’s Drag Race were also hacked and tweeting out the “10 MacBooks” scam this week as well.
Of course, hacks and phishing scams are not new and they are not unique to any social media website. However, of the hacked users we spoke to, all pointed out that the lack of a significant response from Twitter itself in the aftermath of Elon Musk’s takeover is not something that they experienced on the platform before.
With Twitter’s plan to remove the verification badge from all influential and high-profile users who don’t pay, it seems the opportunities for scammers looking to impersonate celebrities is only going to multiply.
Mashable reached out to Twitter for comment. The company’s press email auto-responded with a poop emoji.
Twitter’s Head of Trust and Safety, Ella Irwin, did publicly respond on Twitter on March 18 to a user inquiring about Mashable’s first report on the issue.
“I don’t know what DMs were received but we will investigate Matt’s account compromise report and any others we are notified about,” Irwin tweeted(Opens in a new tab). “I would not automatically assume Matt’s account compromise is directly related to any others.”
CompTIA Security+ (SY0-601) Complete Video Course is an engaging self-paced video training solution that provides learners with more than 23 hours of personal training from security expert Sari Greene. Through the use of topic-focused instructional videos, you will gain an in-depth understanding of each objective in the CompTIA Security+ (SY0-601) exam, as well as a deeper understanding of security foundations and principles to ensure exam success.
CompTIA Security+ (SY0-601) Complete Video Course contains more than 23 hours of training with content divided into 5 modules with 35 content-targeted lessons. This title covers every objective in the newly updated CompTIA Security+ SY0-601 exam and includes screencast teaching, deep dives on security theory and everyday practices, question reviews, and live demos/labs showing how to complete tasks in real time. Most lessons end with a “Security in Action” segment, which takes the security knowledge you’ve learned to the next level.
The video lessons in this course review each exam objective, so you can use it as a complete study tool for taking the CompTIA Security+ exam.
A practice exam that runs in the Pearson test prep software
Major sections are as follows:
Threats, Attacks and Vulnerabilities
Architecture and Design
Operations and Incident Response
Governance, Risk & Compliance
About the Instructor
Sari is the author of Security Program and Policies: Principles and Practices and is currently being used in undergraduate and graduate programs nationwide. She is also the author and presenter of the best-selling Security + SY0-501 Complete Video Course as well as the CISSP Complete Video Course and the CISA Complete Video Course. Sari has published numerous articles related to cybersecurity; has been quoted in the New York Times, Wall Street Journal, CNN, and CNBC; speaks regularly at cybersecurity, legal, financial, and healthcare conferences around the country; and is a frequent guest lecturer.
Sari holds multiple industry accreditations including CISSP-ISSMP, CRISC, CISM, CISA, MCSE, Sec+, and NSA/IAM. She is a strong proponent of certification and continuing education. Sari is committed to training the next generation of cybersecurity practitioners who are dedicated to protecting their company, their community, and their country.
Confidently understand every objective on the CompTIASecurity+ exam—this course covers every objective and topic in depth.
Prepare for exam success—Sari shares her best practices forstudying for and taking the Security+ exam.
Enhance your real-world cybersecurity skills and knowledge
Who Should Take This Course
Anyone preparing for the CompTIA Security+ examination. Secondaryaudiences: IT professionals
Anyone interested in learning security fundamentals
Day-to-day information technology or cybersecurity experience.
Note: CompTIA recommends but does not require at least twoyears of experience in IT administration with a focus on security prior totaking the certification exam.
Module 1, “Threats, Attacks, and Vulnerabilities,” corresponds to the firstCompTIA domain. 24% of the exam questions will relate to this domain, and eachlesson within Module 1 aligns with the eight exam objectives. Module 1 willcover social engineering principles, tactics, techniques, attack vectors,malware families and attributes, password attacks, physical attacks,adversarial artificial intelligence, and identifying indicators of compromise(IOC). The lessons will then move into application weaknesses, validationissues, injection, XSS and forgery attacks, and explore various system attacks.Next up, it will take a look at digitalinfrastructure attacks, wireless attacks, and malicious code or script executionincluding using PowerShell, Python. and Bash. The lessons also discussadversaries including means and motivation, threat modeling, and how to useOSINT—open source intelligence. The later lessons in this module cover some ofthe most common and dangerous operational vulnerabilities, risks associatedwith third-parties, threat hunting, vulnerability identification, andautomation tools including SIEM and SOAR. Lastly, the module discusses the importance of penetrationtesting, pen testing options, and how pen testing really works.
Module 2, “Architecture and Design,” corresponds to the second CompTIA domain, which makes up 21% of the exam questions. Within this module, configuration management, data protection concepts, deception and disruption techniques, and tactics are covered. It then examines the security and performance features of virtualization, cloud deployment, and cloud service models. Secure staging workflow, secure coding techniques, and the role of automation with a focus on identify management, authentication factors, attributes and methods, as well as a deep dive into biometrics. The lesson then discusses resiliency, non-persistence, redundancy, and backup and recovery techniques including RAID and replication. Next up is defining what embedded and IoT systems are, look at why and when they are embedded they are vulnerable to attack, and discuss best practices for securing embedded and IoT systems. The module then focuses attention on building and facility design considerations and controls, environmental issues such as air flow, heat, humidity, electrostatic discharge, date emanation, fire, and power as well as secure data destruction. The next lesson begins with a primer, and then surveys cryptographic and related use cases and techniques including steganography, symmetric encryption, asymmetric encryption, hashing, digital signatures, and emerging cryptography.
Module 3, “Implementation,” corresponds to 25% of the exam questions and covers a lot. The module starts by looking at the practical application and use cases of secure communications and network protocols including SSl/TLS, SSH, DNSSEC, SNMPv3, and secure email protocols. Then, it surveys trusted computing-base components and endpoint security solutions, as well as meeting security objectives by implementing zone, segmentation, and isolation options and network appliances including jump servers, proxy servers, IDS/IPS, NACS, firewalls and VPNS. The lesson ends with a look at the TCP/IP model. The module continues with a dive into wireless design and configuration options with an emphasis on planning a secure wireless network, as well as looking at mobile device connection methods, mobile device deployment options, Mobile device management solutions (commonly known as MDM), and mobile device concerns including attack vectors. Next up is revisiting the cloud environment—this time from an infrastructure perspective. The module looks at design options; use of virtual private clouds and critically cloud security controls; explores the entire user identity and access management lifecycle; and dives into the configuration elements of network and web services including LDAP, Kerberos, TACACS+, RADIUS, CHAP, PAP, SAML, OpenID Connect, OAuth 2.0, and Shibboleth as well as access control and authorization models. Lastly, the module focuses on creating and managing digital certificates as well as cryptovariable (key) management and best practices.
Module 4, “Operations and Incident Response,” covers about 16% of the exam and starts by surveying network reconnaissance and discovery approaches; tools and techniques including scanning, packet capture, and netflows; and introduces Linux operating system commands security practitioners should be familiar with. Then, the importance of incident response preparedness is discussed, as well as defining the elements of an incident response plan, identifying the phases of incident response, reviewing the process, and studying attack frameworks. Next, the module revisits a number of data sources including scans, logs, and metadata from an investigative perspective. The final lessons of this module discuss a variety of manual and automated mitigation, containment and eradication techniques and controls, and then tackles forensic fundamentals including evidence collection, data acquisition and breach disclosure, and notification requirements.
Module 5, “Governance, Risk and Compliance,” covers about 14% of the exam. The module starts by taking a close look at control management, control classifications, and control objectives, which taken together comprise an defense-in-depth environment. It then dives into cybersecurity and privacy related regulations and obligations and how to build a compliance information security program incorporating frameworks, benchmarks, and audit standards. The module then examines the role of policies and supporting governance documents, identify key personnel and operational policies and practices, as well as third-party and supply chain risk management. Next, the module identifies fundamental risk management and assessment concepts, teaches how to conduct a quantitative risk assessment and walks through the fundamental concepts of business continuity, including facilitating a business impact assessment. Lastly, it focuses on data classification, privacy requirements and obligations, roles and responsibilities, privacy enhancing technologies, and the relationship between cybersecurity and privacy.
About Pearson Video Training
Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Sams, and Que. Topics include IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more.