Spear phishing has become even more dangerous

The continued prosecution of "all the President's men" does little to stop the Russians from attempting to i...

Posted: Sep 2, 2018 12:59 PM
Updated: Sep 2, 2018 12:59 PM

The continued prosecution of "all the President's men" does little to stop the Russians from attempting to influence America's upcoming midterm elections. And reports from Missouri to California suggest they are already looking for our cyber weaknesses to exploit.

Chief among their tools: spear phishing, which are emails containing hyperlinks to fake websites. Russians used this method to hack into the Democratic National Committee (DNC) emails and set in motion their 2016 influence campaign.

Armed forces

Banking, finance and investments

Business, economy and trade

Consumer loans and credit

Continents and regions

Credit card crime

Credit cards

Crime, law enforcement and corrections

Criminal offenses

Digital crime

Digital security

Domain names

Eastern Europe

Europe

Fraud and financial crimes

Internet and WWW

Military

Personal finance

Russia

Social media

Technology

After two years of congressional hearings, indictments and investigations, spear phishing not only continues to be the most common attack used by hackers, but the Russians are still trying to use it against us.

That's because the method has become even more virulent, thanks to the availability of sophisticated malware, some stolen from intelligence agencies; troves of people's personal information from previous breaches; and ongoing developments in machine learning that can deep-dive into this data and craft highly effective attacks.

Just last week, Microsoft blocked six fake websites that were likely to be used by the same Russian intelligence unit responsible for the 2016 DNC hack to spear phish American targets.

But the internet is vast and there are many more fundamental weaknesses still available to exploit.

Take the URLs with which we identify websites. Thanks to Internationalized Domain Names (IDNs) that allow websites to be registered in languages other than English, many fake websites used for spear phishing are registered using homoglyphs — characters from languages that look like English language characters. For instance, a fake domain for Amazon.com could be registered by replacing the English "a" or "o" in the word "Amazon" with their Cyrillic equivalents.

Such URLs are difficult for people to discern visually, and even email-scanning programs trained to flag words like "password" which are common in phishing emails, like the one the Russians in 2016 used to hack into Clinton campaign chairman John Podesta's email, can be tricked. And while many browsers prevent URLs with homoglyphs from being displayed, some -- like Firefox -- still expect users to alter their browser settings for protection.

Making things worse is the proliferation of Certification Authorities (CA), the organizations issuing digital certificates that make the lock icon and HTTPS appear next to a website's name on browsers. While users are taught to trust these symbols, an estimated one in four phishing websites actually have HTTPS certificates. This is because some CA's have been hacked, meaning there are many rogue certificates out there, while some others have doled out free certificates to just about anyone. For instance, one CA last year issued certificates to 15,000 websites with names containing some combination of the word PayPal—nearly all for spear phishing.

Besides these, the problem of phony social media profiles, which the Russians used in 2016 for phishing, trolling and spreading fake news, remains intractable. Just last week, the Israel Defense Forces (IDF) reported a social media phishing campaign it attributed to Hamas, luring its troops to download malware using fake social media profiles on Facebook, Instagram and Whatsapp.

Also last week, Facebook, followed by Twitter, blocked profiles linked to Iranian and Russian operatives that were being used to spread misinformation.

These attacks, however, reveal a critical weakness of influence campaigns: by design, they utilize overlapping profiles in multiple platforms. The problem is that social media companies police their own networks, keeping information they discover about such activities in their own "walled gardens" instead of sharing it more widely.

A better strategy would be to host data on suspicious profiles and pages in a unified, open-source repository that accepts inputs from other media organizations, security organizations and even users who find things awry. Such an approach would help detect and track coordinated social media influence campaigns -- which would be of enormous value to law enforcement and even media organizations big and small, many of which get targeted using the same profiles.

A platform for this could be the Certificate Transparency framework, where digital certificates are openly logged and verified. It has already been adopted by many popular browsers and operating systems. For now, this framework only audits digital certificates, but, it could be expanded to encompass domain-name auditing and social media pages.

Finally, we must improve user education. Most users know little about homoglyphs and even less about how to change their browser settings to protect against them. Furthermore, many users, after being repeatedly trained to look for HTTPS icons on websites, have come to implicitly trust them.

Many even mistake such symbols to mean that a website is legitimate. Because even an encrypted site could be fraudulent, users have to be taught to be cautious and assess website factors ranging from the spelling used in the domain name, to the quality of information on the website, to its digital certificate and the CA who issued it.

Such initiatives must be complemented with better, more uniform Internet browser design, so users do not have to tinker with settings to ensure against phishing.

Achieving all this requires leadership, but the White House, which ordinarily would be best positioned to address these issues, recently pushed out its cybersecurity czar and eliminated the role. And when, according to the Government Accountability Office, federal agencies have yet to address over a third of its 3,000 cybersecurity recommendations, the President instead talks about developing a Space Force.

Last we knew, the Martians hadn't landed, but the Russians sure are probing our computer systems.

Indiana Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 76522

Reported Deaths: 3086
CountyConfirmedDeaths
Marion16194731
Lake7742281
Elkhart495586
Allen4040163
St. Joseph361083
Hamilton2887104
Vanderburgh205313
Hendricks1943108
Cass18069
Johnson1794119
Porter136239
Clark130750
Tippecanoe124511
Madison103066
LaPorte93530
Howard92065
Kosciusko87212
Floyd82249
Bartholomew82147
Marshall79423
Monroe76732
Delaware76052
Vigo71411
Dubois71312
Boone69746
Noble69029
Hancock68839
Jackson5975
Warrick58830
Shelby56828
LaGrange56610
Grant53130
Dearborn51628
Morgan48934
Clinton4504
Henry41820
Wayne38810
White37711
Montgomery36021
Lawrence35727
Harrison35224
Decatur34232
Putnam3218
Daviess27920
Miami2772
Scott27310
Jasper2572
Greene25434
Franklin24715
DeKalb2384
Gibson2334
Jennings22812
Steuben2153
Ripley2138
Carroll2003
Fayette1957
Perry18713
Posey1800
Starke1807
Orange17824
Wells1782
Fulton1732
Wabash1715
Jefferson1662
Knox1640
Whitley1566
Tipton14912
Washington1441
Sullivan1411
Spencer1393
Clay1315
Huntington1273
Randolph1274
Newton12110
Adams1172
Owen1051
Jay920
Rush894
Pulaski821
Fountain762
Brown752
Blackford662
Ohio656
Benton640
Pike620
Vermillion590
Parke551
Switzerland530
Martin500
Crawford450
Union410
Warren241
Unassigned0208

Ohio Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 104248

Reported Deaths: 3734
CountyConfirmedDeaths
Franklin18965531
Cuyahoga13869512
Hamilton9844259
Lucas5512326
Montgomery448998
Summit3667224
Butler303364
Marion294245
Mahoning2623256
Pickaway240042
Stark1904142
Warren185039
Lorain183177
Columbiana168360
Trumbull1563110
Fairfield143232
Delaware136519
Licking134551
Clark121315
Lake114642
Wood109058
Clermont96211
Medina95936
Miami86839
Tuscarawas79714
Allen79446
Portage77664
Greene73012
Mercer64113
Belmont62726
Richland61912
Erie61028
Ashtabula57746
Geauga56144
Wayne55459
Ross5094
Madison50310
Darke41429
Huron4115
Ottawa40426
Sandusky39917
Hancock3973
Athens3612
Holmes3316
Lawrence3180
Auglaize2756
Union2731
Scioto2591
Muskingum2481
Jefferson2403
Seneca2344
Shelby2154
Knox2147
Preble2122
Putnam21217
Washington21122
Coshocton1967
Champaign1882
Morrow1792
Crawford1775
Hardin17512
Clinton1716
Highland1692
Logan1672
Ashland1553
Fulton1551
Defiance1544
Wyandot1519
Brown1502
Perry1483
Williams1373
Fayette1240
Henry1222
Hocking1229
Guernsey1197
Carroll1135
Monroe9418
Pike800
Jackson770
Gallia741
Van Wert732
Paulding700
Adams642
Meigs580
Vinton322
Morgan300
Harrison261
Noble170
Unassigned00
Fort Wayne
Clear
72° wxIcon
Hi: 86° Lo: 63°
Feels Like: 72°
Angola
Clear
72° wxIcon
Hi: 85° Lo: 63°
Feels Like: 72°
Huntington
Broken Clouds
72° wxIcon
Hi: 84° Lo: 62°
Feels Like: 72°
Decatur
Clear
72° wxIcon
Hi: 85° Lo: 62°
Feels Like: 72°
Van Wert
Clear
72° wxIcon
Hi: 85° Lo: 62°
Feels Like: 72°
Mostly Sunny Thursday
WFFT Radar
WFFT Temperatures
WFFT National

Community Events