BREAKING NEWS : Allen County board appoints new health commissioner Full Story

Spear phishing has become even more dangerous

The continued prosecution of "all the President's men" does little to stop the Russians from attempting to i...

Posted: Sep 2, 2018 12:59 PM
Updated: Sep 2, 2018 12:59 PM

The continued prosecution of "all the President's men" does little to stop the Russians from attempting to influence America's upcoming midterm elections. And reports from Missouri to California suggest they are already looking for our cyber weaknesses to exploit.

Chief among their tools: spear phishing, which are emails containing hyperlinks to fake websites. Russians used this method to hack into the Democratic National Committee (DNC) emails and set in motion their 2016 influence campaign.

Armed forces

Banking, finance and investments

Business, economy and trade

Consumer loans and credit

Continents and regions

Credit card crime

Credit cards

Crime, law enforcement and corrections

Criminal offenses

Digital crime

Digital security

Domain names

Eastern Europe

Europe

Fraud and financial crimes

Internet and WWW

Military

Personal finance

Russia

Social media

Technology

After two years of congressional hearings, indictments and investigations, spear phishing not only continues to be the most common attack used by hackers, but the Russians are still trying to use it against us.

That's because the method has become even more virulent, thanks to the availability of sophisticated malware, some stolen from intelligence agencies; troves of people's personal information from previous breaches; and ongoing developments in machine learning that can deep-dive into this data and craft highly effective attacks.

Just last week, Microsoft blocked six fake websites that were likely to be used by the same Russian intelligence unit responsible for the 2016 DNC hack to spear phish American targets.

But the internet is vast and there are many more fundamental weaknesses still available to exploit.

Take the URLs with which we identify websites. Thanks to Internationalized Domain Names (IDNs) that allow websites to be registered in languages other than English, many fake websites used for spear phishing are registered using homoglyphs — characters from languages that look like English language characters. For instance, a fake domain for Amazon.com could be registered by replacing the English "a" or "o" in the word "Amazon" with their Cyrillic equivalents.

Such URLs are difficult for people to discern visually, and even email-scanning programs trained to flag words like "password" which are common in phishing emails, like the one the Russians in 2016 used to hack into Clinton campaign chairman John Podesta's email, can be tricked. And while many browsers prevent URLs with homoglyphs from being displayed, some -- like Firefox -- still expect users to alter their browser settings for protection.

Making things worse is the proliferation of Certification Authorities (CA), the organizations issuing digital certificates that make the lock icon and HTTPS appear next to a website's name on browsers. While users are taught to trust these symbols, an estimated one in four phishing websites actually have HTTPS certificates. This is because some CA's have been hacked, meaning there are many rogue certificates out there, while some others have doled out free certificates to just about anyone. For instance, one CA last year issued certificates to 15,000 websites with names containing some combination of the word PayPal—nearly all for spear phishing.

Besides these, the problem of phony social media profiles, which the Russians used in 2016 for phishing, trolling and spreading fake news, remains intractable. Just last week, the Israel Defense Forces (IDF) reported a social media phishing campaign it attributed to Hamas, luring its troops to download malware using fake social media profiles on Facebook, Instagram and Whatsapp.

Also last week, Facebook, followed by Twitter, blocked profiles linked to Iranian and Russian operatives that were being used to spread misinformation.

These attacks, however, reveal a critical weakness of influence campaigns: by design, they utilize overlapping profiles in multiple platforms. The problem is that social media companies police their own networks, keeping information they discover about such activities in their own "walled gardens" instead of sharing it more widely.

A better strategy would be to host data on suspicious profiles and pages in a unified, open-source repository that accepts inputs from other media organizations, security organizations and even users who find things awry. Such an approach would help detect and track coordinated social media influence campaigns -- which would be of enormous value to law enforcement and even media organizations big and small, many of which get targeted using the same profiles.

A platform for this could be the Certificate Transparency framework, where digital certificates are openly logged and verified. It has already been adopted by many popular browsers and operating systems. For now, this framework only audits digital certificates, but, it could be expanded to encompass domain-name auditing and social media pages.

Finally, we must improve user education. Most users know little about homoglyphs and even less about how to change their browser settings to protect against them. Furthermore, many users, after being repeatedly trained to look for HTTPS icons on websites, have come to implicitly trust them.

Many even mistake such symbols to mean that a website is legitimate. Because even an encrypted site could be fraudulent, users have to be taught to be cautious and assess website factors ranging from the spelling used in the domain name, to the quality of information on the website, to its digital certificate and the CA who issued it.

Such initiatives must be complemented with better, more uniform Internet browser design, so users do not have to tinker with settings to ensure against phishing.

Achieving all this requires leadership, but the White House, which ordinarily would be best positioned to address these issues, recently pushed out its cybersecurity czar and eliminated the role. And when, according to the Government Accountability Office, federal agencies have yet to address over a third of its 3,000 cybersecurity recommendations, the President instead talks about developing a Space Force.

Last we knew, the Martians hadn't landed, but the Russians sure are probing our computer systems.

Indiana Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 32437

Reported Deaths: 2030
CountyConfirmedDeaths
Marion9371546
Lake3347170
Cass15867
Allen135366
St. Joseph121834
Hendricks113567
Hamilton112391
Johnson1092104
Elkhart107028
Madison58259
Porter49521
Bartholomew48634
Clark47141
LaPorte41523
Tippecanoe3803
Howard37620
Jackson3681
Delaware35936
Hancock32327
Shelby32121
Floyd31539
Boone29335
Morgan27024
Vanderburgh2532
Montgomery23317
White2288
Decatur22431
Clinton2221
Grant19521
Noble19221
Harrison18821
Dubois1852
Henry1709
Greene16824
Warrick16528
Dearborn16421
Monroe16211
Vigo1507
Lawrence14623
Miami1391
Putnam1347
Jennings1284
Orange12422
Scott1183
Ripley1136
Franklin1068
Kosciusko971
Carroll932
Daviess8416
Marshall801
Steuben802
Wayne755
Newton7410
Wabash732
Fayette714
Jasper621
LaGrange622
Washington521
Fulton471
Jay460
Randolph453
Rush452
Jefferson421
Whitley412
Clay411
Pulaski400
Owen341
Sullivan331
DeKalb331
Brown331
Starke313
Perry260
Wells260
Huntington262
Knox250
Benton250
Tipton241
Crawford230
Blackford202
Switzerland190
Fountain182
Parke180
Spencer171
Posey160
Gibson142
Ohio130
Warren121
Adams121
Vermillion100
Martin90
Union80
Pike60
Unassigned0159

Ohio Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 33439

Reported Deaths: 2044
CountyConfirmedDeaths
Franklin5486243
Cuyahoga4137224
Marion262823
Hamilton2523131
Lucas2162233
Pickaway204635
Mahoning1367173
Summit1315160
Butler82626
Stark70091
Columbiana68250
Lorain65959
Montgomery61716
Trumbull54447
Belmont40312
Miami35130
Warren34419
Tuscarawas3264
Ashtabula31633
Portage31357
Medina31020
Delaware30213
Lake28712
Wood28045
Geauga26129
Wayne25650
Fairfield2484
Clark2316
Licking21811
Mercer2014
Allen20132
Clermont1975
Richland1893
Erie1635
Darke15619
Madison1447
Washington11819
Crawford1103
Morrow1041
Greene985
Ottawa9412
Putnam8714
Monroe7412
Sandusky7011
Hocking694
Ross672
Jefferson652
Auglaize643
Huron551
Williams521
Hancock481
Muskingum460
Union460
Clinton430
Hardin410
Shelby402
Wyandot372
Fayette370
Logan370
Fulton360
Coshocton340
Defiance332
Guernsey330
Preble311
Holmes291
Carroll293
Lawrence280
Champaign271
Brown251
Knox231
Highland191
Seneca192
Vinton191
Ashland190
Perry181
Athens181
Henry150
Scioto150
Paulding130
Jackson120
Harrison100
Adams81
Gallia71
Van Wert60
Pike60
Meigs60
Noble50
Morgan50
Unassigned00
Fort Wayne
Broken Clouds
77° wxIcon
Hi: 77° Lo: 62°
Feels Like: 79°
Angola
Overcast
73° wxIcon
Hi: 74° Lo: 61°
Feels Like: 73°
Huntington
Few Clouds
74° wxIcon
Hi: 77° Lo: 62°
Feels Like: 74°
Decatur
Clear
77° wxIcon
Hi: 76° Lo: 62°
Feels Like: 79°
Van Wert
Clear
77° wxIcon
Hi: 78° Lo: 62°
Feels Like: 79°
Scattered Showers & Storms Friday
WFFT Radar
WFFT Temperatures
WFFT National

Community Events