Report: Hackers use simple trick to target U.S. presidential campaign and government officials
Hacking email accounts doesn't have to be a sophisticated affair.
We are reminded once again of this fact thanks to a report released Friday by the Microsoft Threat Intelligence Center detailing how a group of hackers targeted the email accounts of journalists, government officials, and the campaign of a U.S. presidential candidate. And here's the thing, the bad actors didn't use some fancy 1337computer skills, but rather employed the oldest trick in the book: the password reset.
According to Microsoft, over a 30-day period in August and September of this year, hackers likely affiliated with the Iranian government went after 241 email accounts and successfully compromised four. The MTIC dubbed the group Phosphorous, and explained how the team operated.
"Phosphorous used information gathered from researching their targets or other means to game password reset or account recovery features and attempt to take over some targeted accounts," reads the blog post. "For example, they would seek access to a secondary email account linked to a user’s Microsoft account, then attempt to gain access to a user’s Microsoft account through verification sent to the secondary account."
Importantly, MTIC writes that the four compromised accounts were not tied to the U.S. presidential campaign. But, still, this isn't good.
Password-reset features come in many forms, from questions about where you went to high school or your mother's maiden name to sending a link or code to a secondary email address or phone number. The former opens victims up to attack by anyone who knows how Google works, while the latter makes your primary email only as secure as your linked secondary email or cell phone.
A prominent abuse of this feature came in 2008, when a 20-year-old college student accessed Sarah Palin's Yahoo email account. He used information like Palin's ZIP code and birthday to reset her account password and gain access to the email account.
"While the attacks we’re disclosing today were not technically sophisticated," explain MTIC, "they attempted to use a significant amount of personal information both to identify the accounts belonging to their intended targets and in a few cases to attempt attacks."
SEE ALSO:How to find stalkerware on your smartphoneThis warning from Microsoft should serve as a reminder to everyone online that a password alone isn't enough to protect your email — especially if someone is motivated to hack the account. Instead, use multi-factor authentication and for the love of god create a unique password.
Oh, and consider ditching those password-reset questions altogether.
-
We Cannot Live Without Cryptography!经开区市场监管分局全覆盖设立学校食品安全投诉举报信箱Student using iOS 15's Live Text to steal class notes gets an A+ at life建基地 强管理“冷竹子”带来大效益North Korea says it conducted important test to develop multiple warhead missileApple introduces subscription offer codes for appsNew Hampshire Legislature overrides governor's veto, abolishes death penalty.“执行大会战”专项行动期间 我市法院执行到位金额1.76亿元中山古镇:到苏炳添家乡看“村BA”,来一场说走就走的美食之旅Zoom adds two
- ·PCB official under probe for conflict of interest
- ·Video shows a white campground manager pulling a gun on a picnicking black couple.
- ·How to use a VPN to watch Netflix
- ·US expert says N. Korea might ignore Trump if he returns to White House
- ·[Graphic News] Average book price nears 20,000 won
- ·Zoom adds two
- ·建基地 强管理“冷竹子”带来大效益
- ·China to stop importing North Korean natural resources, seafood
- ·21 Caves That Offer Otherworldly Experiences
- ·N. Korea poses 'real' threats to US and allies: Gen. Milley
- ·高明:“三新”技术助力春耕稳步开展
- ·NK missile tests aimed at defeating US missile defense: CRS report
- ·13 Unbelievable Underwater Wonders in Florida
- ·N. Korean defects to S. Korea by sea
- ·Rep. Kweon Seong
- ·We need to talk about Jason Sudeikis' Twitter likes
- ·18 Places for Epic Outdoor Adventure Across Colorado
- ·No details confirmed for Yoon
- ·13家巨头成本谁最低?
- ·US expert says N. Korea might ignore Trump if he returns to White House
- ·[Herald Review] Tori Kelly thrills fans, hints her love for Korean artists
- ·Chinese envoy says S. Korea, China can overcome differences over THAAD
- ·Pochettino on brink of PSG departure: reports
- ·New Hampshire Legislature overrides governor's veto, abolishes death penalty.
- ·I went to an offline dating event for singles. Here's how it went.
- ·No Mercy: SEC charges rapper T.I. over cryptocurrency scam
- ·Cheap heat
- ·Complete, verifiable denuclearization of N. Korea difficult but must achieve goal: Goldberg
- ·Trump warns of 'fire and fury'; N. Korea threatens to strike Guam
- ·绿茶搜索大涨300%,凤凰单丛受追捧!淘宝发布2024春茶消费趋势
- ·Top 10 Tech Pranks
- ·用好村集体经济收益与村干部奖励待遇挂钩机制
- ·Putin informed on tourist exchanges with North Korea, visit preparations underway: Kremlin
- ·Pakistan complete clean sweep against Windies
- ·Why Kamala Harris triggers Donald Trump so intensely.
- ·零花钱“年代秀”秀出收入增长荷包变鼓