A senior official from former President Donald Trump's campaign claimed on Saturday that sensitive internal documents, including vetting reports for Trump’s vice presidential candidates, were stolen by “foreign sources hostile to the United States.” The campaign suggested that Iranian hackers were show more ...
responsible, though no evidence was provided to support the claim. According to POLITICO, an anonymous source has been sending leaked internal Trump campaign documents to the news outlet over the past several weeks. The source, using the alias “Robert” and an AOL email address, began sharing what appeared to be internal communications from a senior campaign official on July 22. In response to inquiries from POLITICO, a Trump campaign spokesperson confirmed the breach and suggested Iranian involvement. “These documents were unlawfully obtained by foreign entities hostile to the United States, aiming to disrupt the 2024 election and undermine our democratic process,” Trump campaign spokesperson Steven Cheung stated. The spokesperson referenced a recent Microsoft report that discussed foreign interference - particularly of Iran - in the U.S. elections. "The Iranians know that President Trump will stop their reign of terror just like he did in his first four years in the White House," Cheung said in a report by The Hill. Microsoft Report Highlights Iranian Cyber Efforts Microsoft’s report detailed that several Iranian state-sponsored groups have escalated their efforts to influence U.S. elections. One group, identified as Mint Sandstorm and linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), reportedly sent a spear-phishing email to a senior campaign official using a compromised account of a former senior adviser. This group, also known as Charming Kitten, attempted but failed to access the account of a “former presidential candidate” on June 13, just before the phishing attack. The incident occurred weeks after the same group successfully breached the account of a local official in a swing state, though that breach might have been part of a broader, unrelated operation. Microsoft warned that senior officials must adhere to cybersecurity best practices, even for legacy or archived systems, to prevent such incidents. Political and Media Implications of the Trump Campaign Leak POLITICO has not disclosed whether it will publish the leaked documents, which reportedly include a 271-page “research dossier” on GOP vice presidential nominee JD Vance and part of a research document on U.S. Sen. Marco Rubio (R-Fla.), who had been a leading contender for Trump’s VP pick. The leak raises concerns about the media’s role in election influence campaigns orchestrated by foreign adversaries. Trump previously called on Russia to find Hillary Clinton’s deleted emails during the 2016 election, leading to a series of events that culminated in a special counsel investigation into Russian election interference. The Biden-Harris administration condemns any foreign government or entity attempting to interfere with U.S. elections or erode trust in democratic institutions, a National Security Council spokesperson told CBS News on Saturday. The spokesperson deferred the matter to the Justice Department for further investigation. When POLITICO asked the anonymous source how the documents were obtained, “Robert” replied, “I suggest you don’t inquire about where I got them. Any answer to that question would compromise me and legally prevent you from publishing them.”
We're not in the business of giving advice to alleged cybercriminals, but maybe, just maybe, if you have no discernible income, you might want to resist the urge to pay $110,000 in cash for a Corvette. That’s just one of the alleged mistakes that led to the recent arrest of two men on claims that they operated show more ...
the WWH-Club cybercrime forum and stolen credit card marketplace. Russian national Pavel Kublitskii and Alexandr Khodyrev of Kazakhstan face charges that include conspiracy to commit offenses against the United States, trafficking in unauthorized access devices, and possession of multiple unauthorized access devices. Each charge carries a potential 10-year prison sentence. Apparently their lavish lifestyle – with no discernable income – caught the attention of the Internal Revenue Service. An affidavit from an FBI agent filed in the U.S. District Court for the Middle District of Florida on Aug. 6 is an interesting look both into how cybercrime forums operate and how easily suspects can trip themselves up. In this case, investigators found both a cash and a digital trail. Suspects Arrived in U.S. on Asylum Claim Kublitskii and Khodyrev arrived together in south Florida in December 2022, claiming asylum – more than two years after U.S. authorities had begun investigating WWH-Club. Upon arrival in Florida, Kublitskii opened an account at Bank of America with an opening deposit of $50,000 in cash, the affidavit states. “A review of bank records and social media posts revealed Kublitskii rented a luxury condominium in Sunny Isles Beach, Florida, and he spends his time visiting the beach and various tourist attractions such as Sea World in Orlando, Florida,” the FBI affidavit states. “Despite an apparent expensive lifestyle, there is no evidence Kublitskii is or has been employed. “Furthermore, subsequent to his arrival in Florida, there is also no evidence that Khodyrev is or has been employed,” the affidavit continues. “Yet, in or around March 2023, Khodyrev purchased a 2023 Corvette at a South Florida dealership with approximately $110,000 cash.” It’s not clear from available documents when or how investigators made all the connections they did; the affidavit does not include “all aspects of the investigation, but rather only information sufficient to establish such probable cause.” Still, beyond the claims of lavish spending, the defendants may have also linked online accounts too closely. Personal, Forum Gmail Accounts Linked After using a warrant to obtain a copy of the WWH server from DigitalOcean, FBI computer scientists reconstructed the forum and database. The investigators eventually obtained warrants for 95 email accounts linked to forum administrators, 70 from the database and then 25 additional ones later. They connected Bitpay payments and cookies to five email accounts, one of which was connected to a WWH admin account that also contained Kublitskii’s “personal photographs, travel and identification documents, and online purchases sent.” Those accounts also shared travel plans and photos from “a dolphin excursion in Punta Cana for Kublitskii and his family.” Despite the arrests, WWH-Club remains operational. Kublitskii and Khodyrev are, of course, innocent until proven guilty, and Court Watch reports that it’s not clear if Khodyrev has even been arrested. But in the meantime, the FBI affidavit makes for interesting reading.
Signal is asking its users to set up Signal proxy servers to help people access the encrypted messaging application in countries where the government has blocked the platform for reasons ranging from promoting "terrorist and extremist" sentiment to fomenting "civil war." Reports that the encrypted show more ...
messaging app was being blocked in Russia and Venezuela first emerged when internet traffic monitoring platform Netblocks confirmed a drop in reachability of its users, thus marking the latest moves by both governments to suppress dissent. Signal's Blocking in Venezuela In Venezuela, the blockage followed a disputed presidential election last month that sparked protests and arrests. President Nicolas Maduro, who the U.S. and others say rigged the vote, ordered regulator Conatel to also block Twitter, now known as X, claiming that it promotes civil war. NetBlocks reported that Signal became inaccessible on multiple internet providers in the country, confirming user reports of disruption. [caption id="attachment_86244" align="aligncenter" width="400"] Source: NetBlocks on X[/caption] Russia's Roskomnadzor Follows Suit Russia's communications regulator, Roskomnadzor, also accused Signal of violating Russian law and restricted the app's backends on most internet providers Friday. A statement from Roskomnadzor’s press service read: “Access to the messenger Signal is restricted due to violation of the requirements of Russian legislation, the fulfillment of which is necessary to prevent the use of messenger for terrorist and extremist purposes.” New Signal accounts cannot be registered in Russia without a VPN, according to Reuters. Russia has been tightening its grip on internet control in recent times. Even tech giants like Apple have not been able to resist it. The Cupertino-based giant recently removed several Virtual Private Network (VPN) applications from its App Store in response to a request by Roskomnadzor. The deleted VPN apps - belonging to ProtonVPN, Red Shield VPN, NordVPN, and Le VPN - were popular tools used by Russians to bypass government-imposed internet censorship. Red Shield VPN and Le VPN confirmed the removals, sharing messages from Apple stating the apps were deleted per “demand from Roskomnadzor” for containing “content considered illegal in Russia.” VPNs create encrypted tunnels for internet traffic, allowing users to access blocked websites and applications anonymously by masking their location. Blocking Linked to Kyiv's Kursk Offensive? Experts including independent geopolitical analyst Viktor Kovalenko, who focuses on Ukraine and Russia, called the Signal app block an attempt to stop Russians from sharing videos, photos and news about the invasion of the Kursk region by Ukrainian forces and to stop possible coordination of subsequent anti-Kremlin actions. Mariëlle Wijermars, assistant professor in internet governance at Maastricht University, who specializes in Russian politics and internet censorship, seconded Kovalenko's assumption tying the blockage to the attack in Kursk. The Russian defense ministry said on Friday it was “continuing to repel” Ukraine’s military, which reports suggest is operating more than six miles inside Russia - the deepest advance by Kyiv since Moscow launched its full-scale invasion of Ukraine in February 2022. Ukraine did not confirm these reports, but President Volodymyr Zelensky said this week that Moscow must "feel" the consequences of its actions. Signal Responds with Signal Proxy Censorship Circumvention Feature As voices of concerned users started flooding various social media platforms, Signal acknowledged the censorship of its messaging platform. "Several countries have recently blocked Signal, leaving their residents without a trusted and safe place to communicate," Signal President Meredith Whittaker said. But her team already had a plan B in place. "If you can, please set up a Signal proxy server to help people access Signal in places where their government has blocked us," Whittaker asked Signal app users in other countries. "To help in this situation, Signal provides a built-in censorship circumvention feature and also includes support for a simple TLS proxy that can bypass these blocks in many circumstances and let people communicate privately," she added. Signal's built-in censorship circumvention can be accessed through Settings > Privacy > Advanced > Censorship circumvention. Available on both Android and iOS, Signal's TLS proxy helps bypass network blocks and securely route traffic. Anyone can set up a proxy server using just four steps: To run a Signal TLS proxy, users need a host that has ports 80 and 443 available and a domain name that points to that host. Install Docker by following the instructions at https://docs.docker.com/engine/install/ Clone this repository ./init-certificate.sh docker compose up --detach Voila! Your proxy is running. You can share this with the URL https://signal.tube/#<your_host_name> and users from blocked regions can connect by simply tapping the provided URL. Once your Signal proxy is running, use the hashtag #SignalProxy on social media to help others find it, Whittaker suggested. But publicly sharing the exact proxy link can attract unwanted attention from censors. Instead, announce your proxy's existence and offer to share connection details privately via direct message (DM) or a non-public channel, she suggested. Example: "Running a #SignalProxy to help bypass censorship. Reply here or DM for connection details." Automatic and Manual Configuration Signal apps are registered to handle links from the "signal.tube" domain, enabling automatic proxy configuration upon tapping a link from any app. But users can also configure proxy information manually within the app: Android: Settings > Data and storage > Proxy > Use proxy iOS: Settings > Privacy > Advanced > Proxy > Use Proxy Technical Details of Signal Proxy Unlike standard HTTP proxies, connections to Signal's TLS Proxy resemble regular encrypted web traffic. No "CONNECT" method is used, hiding proxy usage from censors. Valid TLS certificates for every proxy server make traffic fingerprinting difficult. The entire system aims for maximum invisibility from censors. Data Flow Signal client establishes a standard TLS connection with the proxy. The proxy forwards all received bytes to the actual Signal service. Non-Signal traffic gets blocked. The Signal client negotiates a standard TLS connection with Signal endpoints through the tunnel. Security The proxy operator remains blind to content due to the existing end-to-end encryption and additional traffic opacity within the tunnel.
Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that masquerades as a library from the Solana blockchain platform but is actually designed to steal victims' secrets. "The legitimate Solana Python API project is known as 'solana-py' on show more ...
GitHub, but simply 'solana' on the Python software registry, PyPI," Sonatype researcher Ax Sharma
