Article from March 2018
If you have been following this site and the private one previously you will remember the talks and posts about how easy it is to hack voting machines and also the corrilation to voter databases that where out there on the darkweb. Many folks that where “supposed” analysts claimed I didn’t know what I was talking about and that I was pushing my polticial views. I wanted to come back to these comments and review a recent insight that was released from the guardian about Trumps and Russia’s view on the last elections and what was really going on in regards to the troll factory in St. Petersburg.
Its not about Normal Russians!
To start this off I don’t hate Russia! When I talk about the Russians I am talking about that Gov. contingency that is behind all the things that are happening that are at the very least amoral and questionable in regards to acceptable behavior and civilised at that. I have also been to Russia many times and actually loved my trips to Moscow, St.Petersburg and other places so its cheap and easy to mansplain my posts as a hater of a nation (which is so far away from the truth because I love the Russian people who work really hard, are religious and great friends with a interesting sense of humor that only a Russian can have). Putin is a leader that is trying to stay in power (I can understand and respect that) who uses any means possible to push his agenda and create FUD-like situations (what I don’t appreciate or like…). These activies are more elaborate that people think. Lets focus on data science and api’s for a second here.
TheGuardian and CambrigeAnalytica
The Guardian News released information today that a company called Cambridge Analytica was working with investors for the Trump campaign in 2016 and that they slurped data from more than 50 million people on facebook.
More on the company Cambridge is here:https://cambridgeanalytica.org/
Interestingly when you look more into what Cambridge Analytica had for customers you will see not only the Trump campaign but also Ted Cruz and more intresingly the Leave.EU (Brexit) campaign folks. As a person who has tracked threat actors I can say that what they did was at least morally questionable and downright illegal (data privacy, gdpr, disinformation, propaganda) in that they targeted Facebook users data and used that data with other data points to identify people that they could influence for a specific outcome. The next piece of this puzzle is my take so lets think back to 2015 and 2016, we remember that lots of voter registration data was “dumped” on the darkent by “a group” originally and then spread like wildfire amongst other underground groups. This had at least three different purposes:
- To hide the orginal actors in a barage of attacks from skiddies and hobby hackers.
- To use that data in corrliation with the slurped data from facebook to corrdinate attacks on people that either where not for thier candidate or to get more people to vote for thier candidate. I think thats downright illegal and sounds more like something a security agency would do rather that a commerical company let alone Facebook being willing to “give” the data of “at least” 50 million users.
- Once you corrilate that data with other social media outlets you can create mutiple accounts, target attacks and create socialbot influence campaigns with a solution that usually is used to track terrorists. (This is scarey stuff people!) Remember whereas a security agency is monitored, a commercial company is not. So who knows where they are getting paid from and by whom? Yep you guessed it a nation-state based threat actor!
The interesting thing here is that people are only now waking up to Cambridge Analytica when it was already known to be a psyops shop focused on data back in 2013 and this is not the first time The Guardian wrote about them. You can see that piece here:https://www.theguardian.com/technology/2017/may/07/the-great-british-brexit-robbery-hijacked-democracy
Some interesting things to note are the owners Peter Thiel (founder of paypal and also major investor in Facebook who let Cambridge Analytica “take unauthorized data, whatever you want to call it) data from over 50 million facebook users without thier permission. It makes me think if this was his plan as a big investor to tell Facebook to turn around but then I was not there and this is just a guess. Who knows how the data leak really happened and who has it now?
Another Owner is Robert Mercer (Owner of Cambridge Analytica) and also like Thiel a Trump supporter (again I wonder if this played a role in the data slurping). What is also frightening is that Cambridge had customers like GCHQ and NSA and some people discussed tactics that remind me of standard psyops campaigns by nation-states during other elections in smaller countries, who knows what they learned from those customers and were able to sell to customers say from Russia or China? Talk about an internal data leak in the NSA, but what makes people so sure they didn’t do other things with that knowledge? We don’t know and who knows if we ever will because these companies are suing anyone who attempts to find out even though they broke the law! It IS illegal to steal data from people without their permission its also against GDPR and general Data Privacy and its actually sabotage-like behavior from an enemy!
Add the fact that Steve Bannon was also part of Cambridge Analytica (as a Vice President no less) how can we not see these things, people and company connected to Trumps success and targeted propaganda used by “data analytics” as I said before we have seen this happen with all types of new technology being used for good as well as bad purposes. Steve Bannon was invovled with Cambridge when they worked with the LEave.EU group so he would have seen first hand what you can do with the tools that Cambride Analytica developed with illegally obtained data. This is one of the reasons he was so sure he could “create” another Trump in the next election. This would lead me to believe that he has the data too or has access to someone who has it which means there is alot of data going around in amoral people’s hands as we speak. Forget about a hacker, think about targeted murder, intimidation and blackmail.
Russian Ties and Trumps Data Slurp of Facebook
In the recent article of The Guardian which you can view here: https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election
We see that someone had access for research and an app who may have had ties to Russia ( in that grants for “research where being paid to the researcher” wether this means they aslo worked for the Russian Governement is at the very least probable but as of yet unproven. The Researcher’s name is Aleksandr Kogan who started a company called: Global Science Research (GSR). Originally the data access was for a project with Cambridge University but Kogan is reported to have gotten grants from a Russian Unviersity. The data slurping happened when users who gave authroization and thier data via a platform also had thier friends and connections data slurped as well which is illegal.
Some of the questions that are open are the connection to Russia via the “researcher” that knew what data he was slurping from a letitimate study for uses that where not legitimate and also illegal. Finding the connection to the Russian University is important but what happened with that data is anyone’s guess. They may have the data of millions of users and I believe they do as I have been hearing of a massive data breach from facebook for some time and see various snippets of data from facebook profiles time and time again on some hacker forums. Until now I however didn’t have the last piece of the puzzle, now its starting to come into focus. If you add the data from facebook to the voter registratio data and profile data you can use that with ID data to build a voter database and influence database that can easily be used to hack an election. The even scarier thing is that this was only a POC and will continue. Since the data is now out there, our lives on social media are now at risk and our physical lives are absolutley at risk. Now transpose this data with what happened recently in the UK with the Russian Spy being poisned, does it make things clearer as to how someone can track you? I think it does, we are seeing Social Media become one of the biggest threats to our health as the stolen data is used for mercenaries and hate groups that can use your social media profile to bate you, falsify your profile by hacking it and planting incriminating data, there are so many use cases I can think of and if I can think of them, you can be that smarter people have already started to develope the attack tools for those use-cases.
What was the real damage
Although the original post from The Guardian (thanks folks!) stated that the extent of data exfiltration was “only” 50 million, we beliveve this breach applies to ALL FACEBOOK USERS via multi-layered attack and approach law enforcement agents need to use in real cases that protect us has been put into a real risk. Why? Well in a court of law all the data you collect from an illegal search is not permissible in a court of law because the data collection as illegal. This means that EVERY CASE that Cambridge Analytica helped to solve on Facebook can be thrown out of court and at the very least legally questioned this would and can result in a global recalling of any and all cases that where compiled using this company’s technology and threatens every client that spent money on that solution!
In addition we see another textbook example of power manipulation and misuse by an unregulated company that is ingaged in espionage although it has no legal charter or more importantly no legal oversight from national courts as to how it collects data. You can include all social media now too as a means of widespread espionage. The fact that all facebook users had thier data and private lives stolen shows just some of the real risks invovled in having “online” lives and trusting that the social media platform protects you against theft and misuse and abuse of information.
Lastly it makes my job to legally use OSINT as a protection mechanism much harder which decreses overall securtiy and increses suspecion of social media as threat actors on thier own. We now have a few cases of how these platforms are being used to collect data illegally of targets and have destroyed lives, resulted in more companies and individuals being attacked and breached and potentially is how the recent assasination through posioning in the UK can absolutlely have happened.
Using CyberNSight as a means for protection
You can use our platform to protect yourself against these types of new generation (AI/ Data Analytics) types of attacks. If you are interested in learning how then lets have a honest talk about OSINT and how we can train you to be prepared for at least some of these attack use-cases now.
Some of the attack use-cases invovled in this attack and breach are:
- Social Media OSINT Search
- Social Media OSINT Family Search
- Social Media Fake News and Message Targeting
- Social Media Criminal Information Planting (makeing you look like a criminal in anything from Child Porn to any other illicet or illegal activties through stolen credentials from data slurping
- Social Media Blackmail / Oppression / Target Threatening
- Social Media assisted assasination
- Social Media Company, Third party and Customer theft and espionage or infiltration
- Cross Social Media infection, infiltration and data extraction
- Policy Manipulation, Campaign Manipulation, Profile Assasination
- Targeted Phishing Campaign / Site Attacks and Breaches
So through this seemingly unlreated breach the impact is huge and a very high and real risk. This is exactly the type of thing that CyberNSight was built to help detect and stop and exactly the reason why all the other technology out there does NOT work against these types of attacks (even AI).
Our assessment indicates that the actual extent of the data breach that was known by Facebook was for ALL FACEBOOK USERS not 50 million. In addition there are mutiple attack use-cases that stem from this data breach and sustained espionage campaign that results in data cross polination and spread via dumped data from the original researcher and threat actors including Cambridge Analytica which is listed as a Nation-State like threat actor in our database.
Your 1D10T
Copyright, all rights reserved on this post and the entire website, trainings and products Hakdefnet GmbH and M.A.G. 2018