Category: Twitter

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several large Mastodon communities to temporarily halt new registrations. According to the hacker, their spam software has been in private use until the last few weeks, when it was released as open source code.

Renaud Chaput is a freelance programmer working on modernizing and scaling the Mastodon project infrastructure — including joinmastodon.org, mastodon.online, and mastodon.social. Chaput said that on May 4, 2023, someone unleashed a spam torrent targeting users on these Mastodon communities via “private mentions,” a kind of direct messaging on the platform.

The messages said recipients had earned an investment credit at a cryptocurrency trading platform called moonxtrade[.]com. Chaput said the spammers used more than 1,500 Internet addresses across 400 providers to register new accounts, which then followed popular accounts on Mastodon and sent private mentions to the followers of those accounts.

Since then, the same spammers have used this method to advertise more than 100 different crypto investment-themed domains. Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

“We suddenly went from like three registrations per minute to 900 a minute,” Chaput said. “There was nothing in the Mastodon software to detect that activity, and the protocol is not designed to handle this.”

One of the crypto investment scam messages promoted in the spam campaigns on Mastodon this month.

Seeking to gain a temporary handle on the spam wave, Chaput said he briefly disabled new account registrations on mastodon.social and mastondon.online. Shortly after that, those same servers came under a sustained distributed denial-of-service (DDoS) attack.

Chaput said whoever was behind the DDoS was definitely not using point-and-click DDoS tools, like a booter or stresser service.

“This was three hours non-stop, 200,000 to 400,000 requests per second,” Chaput said of the DDoS. “At first, they were targeting one path, and when we blocked that they started to randomize things. Over three hours the attack evolved several times.”

Chaput says the spam waves have died down since they retrofitted mastodon.social with a CAPTCHA, those squiggly letter and number combinations designed to stymie automated account creation tools. But he’s worried that other Mastodon instances may not be as well-staffed and might be easy prey for these spammers.

“We don’t know if this is the work of one person, or if this is [related to] software or services being sold to others,” Chaput told KrebsOnSecurity. “We’re really impressed by the scale of it — using hundreds of domains and thousands of Microsoft email addresses.”

Chaput said a review of their logs indicates many of the newly registered Mastodon spam accounts were registered using the same 0auth credentials, and that a domain common to those credentials was quot[.]pw.

A DIRECT QUOT

The domain quot[.]pw has been registered and abandoned by several parties since 2014, but the most recent registration data available through DomainTools.com shows it was registered in March 2020 to someone in Krasnodar, Russia with the email address edgard011012@gmail.com.

This email address is also connected to accounts on several Russian cybercrime forums, including “__edman__,” who had a history of selling “logs” — large amounts of data stolen from many bot-infected computers — as well as giving away access to hacked Internet of Things (IoT) devices.

In September 2018, a user by the name “ципа” (phonetically “Zipper” in Russian) registered on the Russian hacking forum Lolzteam using the edgard0111012@gmail.com address. In May 2020, Zipper told another Lolzteam member that quot[.]pw was their domain. That user advertised a service called “Quot Project” which said they could be hired to write programming scripts in Python and C++.

“I make Telegram bots and other rubbish cheaply,” reads one February 2020 sales thread from Zipper.

Quotpw/Ahick/Edgard/ципа advertising his coding services in this Google-translated forum posting.

Clicking the “open chat in Telegram” button on Zipper’s Lolzteam profile page launched a Telegram instant message chat window where the user Quotpw responded almost immediately. Asked if they were aware their domain was being used to manage a spam botnet that was pelting Mastodon instances with crypto scam spam, Quotpw confirmed the spam was powered by their software.

“It was made for a limited circle of people,” Quotpw said, noting that they recently released the bot software as open source on GitHub.

Quotpw went on to say the spam botnet was powered by well more than the hundreds of IP addresses tracked by Chaput, and that these systems were mostly residential proxies. A residential proxy generally refers to a computer or mobile device running some type of software that enables the system to be used as a pass-through for Internet traffic from others.

Very often, this proxy software is installed surreptitiously, such as through a “Free VPN” service or mobile app. Residential proxies also can refer to households protected by compromised home routers running factory-default credentials or outdated firmware.

Quotpw maintains they have earned more than $2,000 sending roughly 100,000 private mentions to users of different Mastodon communities over the past few weeks. Quotpw said their conversion rate for the same bot-powered direct message spam on Twitter is usually much higher and more profitable, although they conceded that recent adjustments to Twitter’s anti-bot CAPTCHA have put a crimp in their Twitter earnings.

“My partners (I’m programmer) lost time and money while ArkoseLabs (funcaptcha) introduced new precautions on Twitter,” Quotpw wrote in a Telegram reply. “On Twitter, more spam and crypto scam.”

Asked whether they felt at all conflicted about spamming people with invitations to cryptocurrency scams, Quotpw said in their hometown “they pay more for such work than in ‘white’ jobs” — referring to legitimate programming jobs that don’t involve malware, botnets, spams and scams.

“Consider salaries in Russia,” Quotpw said. “Any spam is made for profit and brings illegal money to spammers.”

THE VIENNA CONNECTION

Shortly after edgard011012@gmail.com registered quot[.]pw, the WHOIS registration records for the domain were changed again, to msr-sergey2015@yandex.ru, and to a phone number in Austria: +43.6607003748.

Constella Intelligence, a company that tracks breached data, finds that the address msr-sergey2015@yandex.ru has been associated with accounts at the mobile app site aptoide.com (user: CoolappsforAndroid) and vimeworld.ru that were created from different Internet addresses in Vienna, Austria.

A search in Skype on that Austrian phone number shows it belongs to a Sergey Proshutinskiy who lists his location as Vienna, Austria. The very first result that comes up when one searches that unusual name in Google is a LinkedIn profile for a Sergey Proshutinskiy from Vienna, Austria.

Proshutinskiy’s LinkedIn profile says he is a Class of 2024 student at TGM, which is a Christian mission school in Austria. His resume also says he is a data science intern at Mondi Group, an Austrian manufacturer of sustainable packaging and paper.

Mr. Proshutinskiy did not respond to requests for comment.

Quotpw denied being Sergey, and said Sergey was a friend who registered the domain as a birthday present and favor last year.

“Initially, I bought it for 300 rubles,” Quotpw explained. “The extension cost 1300 rubles (expensive). I waited until it expired and forgot to buy it. After that, a friend (Sergey) bought [the] domain and transferred access rights to me.”

“He’s not even an information security specialist,” Quotpw said of Sergey. “My friends do not belong to this field. None of my friends are engaged in scams or other black [hat] activities.”

It may seem unlikely that someone would go to all this trouble to spam Mastodon users over several weeks using an impressive number of resources — all for just $2,000 in profit. But it is likely that whoever is actually running the various crypto scam platforms advertised by Quotpw’s spam messages pays handsomely for any investments generated by their spam.

According to the FBI, financial losses from cryptocurrency investment scams dwarfed losses for all other types of cybercrime in 2022, rising from $907 million in 2021 to $2.57 billion last year.

IBM has made a smart move to address the issue of cloud data protection by acquiring Polar Security, a company specializing in automated data protection. The tech giant has officially announced that this new acquisition will assist companies in tackling problems related to shadow data and software-as-a-service application data.

With the increasing adoption of cloud technology by companies, organizations are struggling to manage the influx of information from cloud apps. IBM’s recent acquisition has strengthened its AI and Hybrid Cloud capabilities, allowing for tracking and management of sensitive data across multiple cloud environments.

Moving on to the second news story that is currently trending on Google, Twitter’s Chief Elon Musk has acquired Laskie, an IT staff recruitment company, in a combination of equity and cash. Laskie specializes in connecting tech talent with prospective employers.

Recently, Musk appointed a new CEO named Linda Yaccarino, also known as ‘The Velvet Hammer,’ with the aim of improving the company’s reputation among advertisers. Musk envisions transforming Twitter into an all-inclusive app, where users can shop, transact, and engage in various activities.

To achieve this goal, Laskie has been brought in to recruit new talent, specifically targeting the field of financial services, and helping the social media giant establish a strong presence across all business sectors.

Consequently, starting from the second week of May this year, the recruitment platform has ceased operations and is no longer available for business. All employees have been notified to transition to new payrolls and will be joining the employee database of the networking giant by July this year.

The post Technology based acquisition news trending on Google appeared first on Cybersecurity Insiders.

Twitter shares explicit photos without users' permission, one US company can look forward to a $1.4 billion payout seven years after an infamous cyberattack, and how might hackers target Eurovision? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by cybersecurity reporter John Leyden. Plus don't miss our featured interview with Outpost24's John Stock.

A few years back, many people started creating fake twitter profiles to propagate fake news and to indulge in an other kind of online crimes. Later Twitter, that is now owned by Elon Musk, took stringent steps to curb the rise of fake profiles by issuing a “Verified Blue Tick” mark to all those profiles that were being created by a company, individual, group or a country.

In March this year, the Tesla Chief made it official that all the blue tick owners need to pay a premium to say to the world that they are still holding an authentic account. It started to charge $7 to those who were logging in via a web browser and $11 to those logging from their mobile phone app via iOS or Android app.

From April 20th, 2023 all those who haven’t paid a fee started loosing their Blue Tick from their twitter profiles. This only suggests that their profiles will from now on not display a tiny tick mark beside their profile.

So, is this blue tick vanish a security concern?

Well, if a blue tick is assigned to a profile, it authenticates that the username and image displayed on the profile are true and verified by the social media company. And if it doesn’t have the blue tick verified badge, there is a high possibility that the profile might be fake.

Do you need to pay the premium for the Blue Tick mark displayed?

Well, for normal postings and those who already have followers, there is no need to pay, as everyone who is following you knows who you are what you are up to. But for the new ones who want to break the internet with viral tweets, having a blue tick mark on their profile makes sense as it brings in a bouquet of benefits, apart from just offering an authenticity to the profile.

What about the fake profiles creation?

Precisely speaking, it is not that easy to create a profile these days, as the company has programmed a few of its servers to catch their fake ones and weed them out of the platform within a few hours of the profile creation. For those created by humans, it can still entertain them for a while. But those being created through virtual machines will land up in the trash bin within a time frame of 9-12 hours from creation. As the content monitoring servers of the company always filter profiles that have single email ids, fake email ids and contact numbers, along with images that do not reciprocate.

The post Is Twitter Blue Tick removal a data security concern appeared first on Cybersecurity Insiders.

For the past few months, Elon Musk, the current owner of Twitter, has urged AI-based firms to pause their R&D developments unless the White House figures out a way to take complete control over AI. However, in contradiction to what is being said and preached, Twitter, which occupies the second rung place in the list of the world’s most popular social media platforms, is reportedly working on a secret generative AI project that can be in line with the Microsoft-owned and OpenAI project ChatGPT.

According to a source, work on the sizable language model began in November 2022, and the richest man has poached two senior AI researchers from DeepMind to take the lead on the project for quick developments.

It must be noted over here that Mr. Musk was one of the active directors in OpenAI until 2018, and it was after his exit that he started trumpeting negativity about the existence and developments in AI technology.

Commenting on the same, after receiving backlash from his tweet followers, Musk claimed that OpenAI was created as an open-source platform to cater to the needs of all online users and be treated as an alternative to Google. However, things started to change when Microsoft took complete control over the adaptive technology and is intending to maximize profits for its investment within no time.

It is unclear whether the developments in generative language are being done with or without the consent of the Tesla Chief. However, trade analysts state that the microblogging website operates with a zeal to make profits, and since generative AI is currently trending as earning pots, investing or working in developing such machine learning models makes complete sense.

NOTE: In March 2023, Elon Musk signed an open letter along with 1000 other technologists and researchers to suspend the creation of AI products for six months or until the risks are resolved. The statement was later passed on to the FTC through the Musk-funded Future of Life Institute by the end of last month. As per a report published in The Independent, the electric car manufacturing company chief has purchased 10,000 graphic card units to be used in the development.

The post Twitter works on secret AI project in contradiction to sayings of owner Elon Musk appeared first on Cybersecurity Insiders.

Twitter issued a public statement stating that parts of its source code were leaked on GitHub and that its officials were trying their best to file a DMCA to take down the leaked content from the web and identify the user who submitted the content to the web-based software development platform. The leaked information includes proprietary source code of the social media platform’s internal tools, and the staff are busy tracing out the culprit.

According to a tweet posted by a GitHub enthusiast, the code had been existing on the web platform for the past three months and has now been taken down. The user who hosted the content, named “FreeSpeechEnthusiast,” allegedly engaged in these tactics out of vengeance against Elon Musk for various reasons.

Coincidentally, the source code leak of Twitter took place at the time when Tesla chief Musk announced that all the best-performing staff would be receiving company shares worth $20 billion in the coming months, making them a part of the company’s holdings from then on.

In general, businesses protect their source codes through various means, as it happens to be their lifeblood to stay ahead of competitors. So, an internal threat is expected to be involved in the leak of Twitter’s source code on GitHub, and a detailed investigation is underway to nab the culprit.

Legally, Twitter also filed a case against the tech platform in a court in California, prompting the GitHub to reveal the user’s name, contact number, address, email, social media profile, and IP address of the culprit.

 

The post Source Code of Twitter leaked on GitHub appeared first on Cybersecurity Insiders.