Making The Switch To Encrypted Emails

This past February a US judge ordered Microsoft, an American based tech company, to honor the search warrants of American law enforcement agencies requiring the company to hand over any/all data, emails and the like which the company stores on servers located overseas. The ruling came in direct contradiction to a previous ruling from a Federal Appeals Court in August of 2016, which upheld a US Circuit court ruling from July 2016, prohibiting the US Government from seizing data stored on servers located outside of US borders.

The principle behind this case is very simple to understand, does the United States Government have the right to demand foreign businesses located outside of the United States hand over their records to the United States Government if that company happens to do business with a US citizen? In other words, are foreign nations forced to abide by US law and comply with all US based legal requests? Well, according to the most recent ruling, as of February 2017, at least as far as US courts are concerned, the answer is “yes.

What Other “Authority” Does The US Government Have?

Let’s use the world’s most popular email service provider as a quick example – Gmail. Quite literally, everything you do on your Gmail account is accessible by Google at any given moment in time. After-all, you are using their service. If the US Government ever wants to see your account or any of the information on it, then all they have to do is pull up the file of a generic document, insert your name on top of it, print it out and just like that they magically have a “subpoena” to obtain all of your information from Google.

Despite how simple of a process this is, it is all groundbreaking stuff too. Believe it or not, it was not until May 2016 that the US government even needed to get a warrant or legal document of any kind to search through all of your personal emails. Don’t believe me?

Read More – Email Privacy Act of 2016: https://www.congress.gov/bill/114th-congress/house-bill/699

For you international folk out there, the news isn’t much better. You see, the US Government has its own private court known as a FISC court which, historically speaking, blindly grants “99.96%” of all warrant request brought in front of it – but who’s counting, right?

With that out of the way, all of the information above only goes to show how easy it is for the US Governments to go about obtaining all your data “legally.” But as I think we are all aware by now, agencies like the NSA or CIA do not necessarily care about US law and have the very real authority to act outside of it – #PatriotAct. To be fair, this does not necessarily mean that someone working for the US Government is literally watching/reading every single email you write every minute of the day, but they theoretically could be if/whenever they wanted to.

To that very point, early in 2016 Google came out with a press release addressing how “state-sponsored hackers” had breached over 1 million Gmail accounts over the course of that year. This was also not an isolated incident and it’s not just Google which has been targeted by these types of breaches. Literally hundreds of millions of Yahoo and Hotmail accounts have also been exposed over the years.

Read More – 3 Billion Yahoo User Accounts Hacked, Including 500 Million Email Addresses: http://money.cnn.com/2017/10/03/technology/business/yahoo-breach-3-billion-accounts/index.html

So far I have only addressed how easy it is for the US Government and/or law enforcement agencies to access all of your personal accounts/information, this does not even account for all of the non-Government organizations or hackers out there or oppressive regimes located in countries all over the world. In fact, I am willing to bet that at least 95% of all hackers worldwide are non-Government affiliated. Moreover, Hillary Clinton, the DNC, CIA, John Brennan and John Podesta should all serve as evidence for just how easy it can be for hackers to compromise anyone’s email account if they really want to – even some of the most powerful people in society.

Quite frankly, there is a reason why politicians and members of the Armed Forces are told never to use their own personal or private email accounts, because none of these services are properly protected or encrypted! While members of the Government and Armed Forces use their own private versions of encrypted email services which are NOT open or available to the public sector, thankfully, there are a number of free and paid email encryption services out there open to the general public.

For Example:

Mailfence

Mailfence is a relatively new company globally, but one which I have already placed at the top of all encrypted email service providers. Mailfence operates their servers out of Belgium, a country internationally renown for having some of the strongest and most resolute privacy laws in the world. Unlike the United States, every surveillance request or request for information inside Belgium, including on Mailfence’s servers, must be legally brought in front of a Belgium judge and proven in court as legitimate. In this way Belgium protects user data and business confidentiality in a way that no other country in the world does.

Sign Up/Create an Account Here: https://mailfence.com

ProtonMail

This email service provider offers free end to end encryption and hosts its servers in Switzerland, outside of US jurisdiction – theoretically. When signing up, at no point in time are you asked for any personal information and you do not need to attach any other emails account or phone numbers in order to register. This service also utilizes 2-factor authentication to log in, preventing hacking attempts. ProtonMail has also partnered with humanitarian organizations around the world, such as Amnesty International, in order to help fight back against Government surveillance and cyber censorship in developing countries around the world.

On a lighter note, if you are a fan of the Television drama “Mr. Robot” this is Elliot’s email provider of choice on the show.

Sign Up/Create an Account Here: https://protonmail.com/

Tutanota

This is another free encrypted email service that has become quite popular in recent times. In fact, earlier in 2016 Tutanota officially surpassed 1 million accounts – becoming the world’s largest encrypted email service provider. In 2017, Tutanota then went on to surpass 2 million accounts, furthering the countries rock solid reputation as an industry leader.

What makes Tutanota unique is that the company makes their source code “open source,” meaning that security researches investigate for themselves the level of encryption they are receiving. For all you n00bs out there, making your source code public record and still not having it hacked proves just how good the code really is.

Sign Up/Create an Account Here: https://tutanota.com/

Tutorial: Learning How To Write & Remember Un-Hackable Passwords

Before we begin, why should learning how to write strong passwords be of much more importance to you? Believe it or not, it is a statistical fact that more people are hacked as a result of weak passwords than any other single factor. This is also why encryption – aka passwords – should be much more important to you. With that said, learning how to read, write and remember strong passwords is not nearly as hard or complicated as people might think, in fact it is rather easy once you understand the core concepts.

Lesson 1 – Password Length:

To unlock someone’s password, “law enforcement authorities” and/or “hackers” will either run something known as a “Brute Force Attack” or “Dictionary Attack” against it, in an attempt to break or de-crypt the numbers, letters and symbols contained within the password itself. One by one over time, these software programs will slowly decrypt the password, just like cracking the numbers to open a vault or safe.

Quite simply, the more complicated/randomized the sequence of numbers, letters and symbols in your password are, and the longer the password is, the longer it takes hackers to break. Moreover, each letter, number or symbol you add on to the end of your password literally makes it exponentially harder for even the most sophisticated programs to crack. For example, here are estimates from the FBI regarding how long it takes them to crack lengthier encrypted passwords.

  • seven-digit passcodes will take up to 9.2 days, and on average 4.6 days, to crack
  • eight-digit passcodes will take up to three months, and on average 46 days, to crack
  • nine-digit passcodes will take up to 2.5 years, and on average 1.2 years, to crack
  • 10-digit passcodes will take up to 25 years, and on average 12.6 years, to crack
  • 11-digit passcodes will take up to 253 years, and on average 127 years, to crack
  • 12-digit passcodes will take up to 2,536 years, and on average 1,268 years, to crack
  • 13-digit passcodes will take up to 25,367 years, and on average 12,683 years, to crack

Lesson 2: LEET or “1337” Language:

L33t Language is a way of replacing letters with numbers and symbols in everyday sentences and it is perhaps the most basic form of encoding used to encrypt messages. To understand how it works, here are some quick examples:

Normal Statement v 1337 Version:

BankruptMedi4 – 84nkru97M3di4
TheDailyProletariat – 7h3D@i1y9r0L37@Ri@7
Elitepassword – 31it3p4$$w0rd
Activism – 4ctivi$m
Encryption – 3ncry9ti0n
Brian Dunn – 8ri4nDunn

It doesn’t necessarily have to be that complicated and you don’t necessarily have to replace as many letters with numbers and symbols, those are just examples of how it works. You can run any attack your little heart desires at “84nkru97M3di4” or “7h3D@i1y9r0L37@Ri@7” all day long, go ahead – have fun. To make the password even stronger mix in capitalized and un-capitalized letters throughout.

I think I have explained the concept easily enough? To make an un-hackable password simply take a name, phrase, short sentence – et cetera – that is personable to you and convert it into l33t language, then use that as your new password. Not only will it be impossible to break, but it should be fairly easy for you to remember. And as always, use two-factor-authentication whenever possible.

Lesson 3: Two-Factor Authentication

I’ve always understood that 2-Factor Authentication (2FA) is a concept lost on most “normal people” in society right now, but a new statistic really puts it all into perspective. This would be the news that, according to Google’s own statistics, less than 10% of all Gmail or Google business owners currently have enabled 2-Factor Authentication for their online accounts. Considering that Google is estimated to host well over 2 billion accounts globally, this means that there are over 2 billion insecure accounts floating around the internet right now – and that’s just from Google alone!

This is not to mention the fact that there are literally billions of email addresses, along with their passwords, currently available on the Deep Web and DarkNet for search. For example, there are single websites around the internet that are currently selling the log in credentials of 1.4 billion people and if anyone of those people simply just enable 2-factor authentication for their accounts, all the information stored on those would become utterly useless.

Responding to the news last week Grzegorz Milka, a Google software engineer, said that the company’s latest statistics “demonstrates the lack of awareness of cyber threats and the way to mitigate them.” Adding that he believes more people don’t or haven’t “configured 2-Factor Authentication for their accounts” because “many users believe 2FA can make their experience worse,” or at least more of a hassle. To do everything they could to mitigate the problem from their end, Google also took the occasion/platform to release a 2-Factor Authentication tutorial of their own, imploring Google users to immediately begin securing their accounts in this way.

Google 2FA Tutorial: https://myaccount.google.com/signinoptions/two-step-verification/enroll-welcome

As for what 2-Factor Authentication is, does or means, it’s not nearly as complex or complicated as people think. In fact, it only adds about 10 seconds to the amount of time it already takes you to log into your accounts anyways. Essentially, as soon as you type in your password and press enter you will receive a text message on your phone, which will have a short code for you to type in. Without that secondary code no one is allowed to login, even you. That’s it – literally. That’s the amount of “hassle” it will take you to begin practicing strong cyber security in the future. Again, despite the simplicity of it all, less than ten percent of people in society have taken this step.

2-Factor Authentication should be available for nearly every App or account you own, and you can find/enable it by searching for it in your account(s) settings. As I also once explained in a different article on this subject earlier last year, even if someone already knows your password, “close to 100% of hackers will be prevented from successfully hacking into your social media accounts if you simply enable 2-Factor Authentication” for them – and I still believe this holds true today.

Interestingly/Coincidentally Enough?

As I was in the process of writing this article I got a text message informing me of new log in codes to verify, because someone had somehow managed to brute-force their way past my password – which no one has ever been able to do before. Put another way, my site was literally saved from being hacked/hijacked by malicious cyber actors, all because I once enabled 2-factor authentication on my account(s) months ago. To put the importance of 2-Factor Authentication into focus, I’ve invested thousands upon thousands of hours of my personal time into this website, and it took me less than one minute to turn on and verify 2-Factor Authentication for it – certainly worth the time/effort!

97% of American Failed This Basic Cyber Security Test, Myself Included

For the first time in my life, I am actually a part of the majority. What I’m referring to are results from a new cyber security test launched by Google developers designed to see how well Americans are able to pick up on subtle security warnings/threats online. While I didn’t necessarily take the test seriously at the time and rushed through them just to see how it was structured, I did fail it nonetheless – despite writing extensive tutorials on phishing attacks, email security and website security. Maybe that explains why Rogue Security Labs doesn’t have a single customer, but who whom knows – right?

Conduced throughout the course of March 2019 and consisting of over 2,000 American adults over the age of 16, Google discovered that….

– Despite 55% of Americans saying they would grade themselves as A level experience in cyber security, 97% got at least one question wrong on a basic, six-question security test
48% of Americans say they would like to build their own websites in the future
45% say their websites would be designed around business, while 43% say their websites would be for hobby
– Only 20% of Americans have actually built a website at one point or another in the past
64% of internet users never realized they could be re-directed to a false website without their knowledge/consent simply by clicking on a link
42% of internet users didn’t realize there is a security difference between websites with http and https
29% of internet users have no idea what the “s” in https stands for, nevermind look for it

See Full Results & Take The Test: https://safe.page/survey

Op-Ed: The Upcoming Trial of Julian Assange Is Much More Than A Court Case, It’s A Symbol of Our Time

I’m not exactly sure what it is I’m feeling today, but I fundamentally believe that humanity/society is on the verge of reaching a critical turning point in time/history – a time when we are all collectively going to have to decide if the internet is a tool for good or for bad? Perhaps it’s my past, perhaps it was the arrest of Julian Assange yesterday after 8 years of asylum, perhaps it was news that the President of Sudan resigned just weeks after the President of Algeria, perhaps its the result of all my coverage into “fake news” laws/regulations in countries such as France, China, Jordan, Iraq, Canada, Ethiopia and others, all while state run propagandists organizations like the Institute for State craft and Mossad receive millions/billions in taxpayer funding to do the same – or perhaps still maybe it’s a result of ACTA2 and Copyright reform protests around Europe.

I don’t know and I cant quite say for certain, but I can’t help but feel that humanity/society is on the cusp of something major right now – something revolutionary that will dictate all of our collective freedoms and futures. However, the questions I think we all need to ask ourselves is if we are on the right side of history? Are we all looking out for our own collective best interests/futures?

Anonymous African Operations:

3/07/2019 – Origin #OpAlgeria: https://roguemedia.co/2019/03/07/ahead-of-aprils-presidential-elections-international-hacktivists-launch-opalgeria-in-solidarity-with-the-people-of-algeria/
12/26/2018 – Origin #OpSudan: https://roguemedia.co/2018/12/26/government-of-sudan-shuts-down-national-internet-access-so-anonymous-shuts-down-the-government/

Institute for Statecraft Leaks:

All Coverage: https://roguemedia.co/?s=Institute+for+Statecraft&x=0&y=0
Round 7: https://roguemedia.co/2019/03/25/cyberguerrilla-releases-integrity-initiative-leaks-part-7-detailing-the-uks-use-of-international-espionage-unit-referred-to-as-the-expose-network/
Round 6: https://roguemedia.co/2019/02/09/anonymous-cyberguerrilla-releases-integrity-initiative-institute-for-statecraft-leaks-6/
Rounds 1 -5: https://roguemedia.co/2019/01/26/anonymous-cyberguerrilla-publish-integrity-initiative-leaks-part-5/

Censorship/Fake News Regulation 2019 & Beyond:

Ethiopia: https://roguemedia.co/2018/12/05/ethiopia-begins-drafting-new-hate-speech-laws-to-crack-down-on-fake-news-social-media/
Jordan: https://roguemedia.co/2018/11/07/jordan-weighs-implementation-of-new-cyber-crimes-laws/
Iraq: https://roguemedia.co/2019/03/02/iraqi-parliament-proposes-draconian-new-cybercrime-laws-designed-to-crackdown-on-political-religious-extremism-online/
Russia: https://roguemedia.co/2019/03/13/russian-parliament-moves-ahead-w-two-new-bills-designed-to-crack-down-on-fake-news-publications-civilian-dissidents/
Singapore: https://roguemedia.co/2019/04/04/joining-countries-from-around-the-world-singapore-officially-introduces-fake-news-bill-to-parliament/
Canada: https://roguemedia.co/2019/04/09/canadas-democratic-institutions-minister-proposes-new-laws-to-regulate-social-media-apps-prior-to-october-elections/

Unfortunately, I believe that whatever this answer is or may be ultimately boils down to politics and political opinion. It seems to have started with extremist liberals in 2015/2016, but has seemingly infected the entire world ever since. For as bizarre a phenomenon as it was, US liberals/globalists in support of Obama/Clinton in 2015 actually subscribed to the notion that everyone must feel, believe and think the same thing about everyone, everything and every issue – almost literally. The idea that anyone whom did not subscribe to their logic or ideologies should be banned, blacklisted, censored or ousted from society. In other words, “it takes a village” and in order for organized society to work there is no room for dissent, and we must all be working together, on the same page and headed in the same direction – right Hillary? In fact, this attempted homogenization of opinion/society is exactly what led to the rise of the alt-right and other conservative extremists over that same time period – one form of extremism resulting in another, symmetrically.

My Video – State of American Politics 2015/2016:

Believe it or not, I still see this same phenomenon today in the arrest of Julian Assange – only in a somewhat different context. I see it in the re-jailing of Chelsea Manning a week before that and the jailing of Reality Winner a few weeks before that. It’s in the in the Mueller investigations of 2017/2018 and the Comey investigations of 2015/2016 before that. What I’m talking about is the weaponizing of political opinion. The arrogant and self-centered notion that it’s not alright for anyone to disagree with your personal opinions, beliefs or political ideology, and that anyone bold enough to do so must be investigated and/or punished to the full extent of your capabilities/authority – at least if you are the one’s currently in charge/power, that is.

The way I look at it, all across the world, its almost as if society/humanity is waging a political War against itself. It’s not only here in the US, its in the Macron Yellow Vests protests in France, all the Brexit nonsense in the the UK, the Turkish elections of 2019 – so on and so forth. In our modern time politics hasn’t just become a matter of intellectual discussion/debate anymore, it has become a weapon of War to be wielded – both literally and figuratively, foreign and domestic.

But ask yourself, who is this War really empowering? Whom is this War really punishing?

Macron is a multimillionaire President – while thousands of citizens have been arrested, dozens blinded and dozens more losing limbs. Donald Trump is still a billionaire/President of the United States, Bill and Hillary Clinton are still worth hundreds of millions in their own right and only their cronies/minions have been arrested – all while US citizens fight, hate and protest one another in the streets because of their words/policies.

On top of this, the Main Stream Media has never been more influential or profitable than it is today, and in 2019 the MSM has only continued to use their platforms to perpetuate belligerence and political Wars throughout society. We see this every night on Fox News and CNN and this also includes includes the publishing/peddling of the PropOrNotList in 2016, the Google Blacklisting’s of 2017 and Facebook/Twitter purges of 2018 – crippling the platforms of hundreds of small time online news startups, limiting competition, spitting in the face of free speech and freedom of the press while increasing the traffic/profit margins of legacy news publishers.

In our modern hatred for our political rivals, when I look around society all I see is people cutting off their own noses to spite their faces – so to speak. In their own political hatreds, people appear blind to fact that we are all collectively shooting ourselves in the foot. Not only have hundreds of online news platforms been shut down and/or banned offline, including some of my own creations, but people are actually now celebrating the arrest of Julian Assange and others like him. This is also much more symbolic than people understand/realize.

Say what you want about the man or his journalism, the fact of the matter is that everything Julian Assange has ever published 100% cut and dry real, factual material/information. Honestly, can Fox News, CNN, The Washington Post or New York Times claim this? Of course not! For God’s sake, even the Washington Post has to retract the PropOrNotList of 2016, months after the damage from it had already been done. Meanwhile, Julian Assange has never released a single “opinion piece” with his leaks, has never taken a deliberate political stand either direction and not a single one of his leaked documents has ever proven to be fabricated. Whether you like him or not, all Julian Assange did was publish real news/evidence and show people the truth.  Yet, Assange is the man society is after? Why? And what is the point?

I’m not sure what I have to say to make society understand, but I can’t help but feel as though we are on the precipice of something large here. In our blind hatred for our political rivals and in our rabid desire to shut them up, we are destroying our own individual freedoms and liberties, whilst simultaneously censoring free speech and spitting in the face of independent journalism. Society has become so shortsighted, it’s almost as if people do not understand or realize that power is temporary or relative. Sure you can pass laws in the here and now to silence your rivals while you are still in power, but what happens 2, 5, 10 years from now when someone else is in power? Congratulations, in your blind hatred you’ve just now censored yourself as well.

I just don’t understand why people in society have become so arrogant, wreckless and belligerent with their own political ideologies, and I don’t know what to say to make them understand how dangerous we have all become to one another and our collective futures as a result. The more I learn/consume, the more f*cked of a place the world feels or seems to be – if not in reality, then certainly in mentality. I don’t know what to do to educate society, I do not know what to say to make more people care or understand, and I certainly don’t know how to combat ignorance, racism, sexism and political extremism on all levels. The worst part is I don’t think people would even care enough to listen or learn even if I did. All I know is that much sooner than latter, before it’s too late, before we lose our rights to do so, society is going to have to make some serious decisions – decisions which threaten to hand over all of our freedoms and rights to Government regulation and large multinational conglomerates if we are not more careful.

Understanding The Weaponization of Modern Cyberspace & The ‘Secret World’ of International Corporate Espionage

This is a concept which needs some explaining, because no one has really ever taken the time to break it down – at least from what I have seen. What you need to understand is that we live in a unique time in world history, and we are all headed towards an equally unique and uncertain future.

What I mean to say is that the 21st century is an exceptionally prosperous time in human history, there is no mass global Wars, there’s no great plague, the majority of us all have running water, plumbing, electricity, refrigeration and the like, we have bikes, cars, automobiles and planes and the entire world can theoretically be accessible/connectable with the click of a button. Not only is the modern 21st century perhaps the single easiest and most peaceful time in human history, but the human race is now also interconnected in ways that prior generations could have never imagined possible.

With that established however, not all is right as rain. For example, over the course of the last several years the United States, Germany, NATO and the like have all gone on to officially declare “cyber space” and “the internet” as the 5th domain/relm of Warfare – joining more traditions domains of Warfare such land, sea, air and space.

Learn More – NATO’s Recognition of Cyberspace As New Domain of Warfare: https://apps.dtic.mil/dtic/tr/fulltext/u2/1029776.pdf

However, as humanity continues to grapple with its understanding and regulation of our new technologies, we are only just now beginning to see/realize the weaponizing of the internet, internet conglomerates and their infrastructure – and this phenomenon is slowly beginning to rear its ugly head across nearly every other aspect of society these days. For example, consider the following evidence.

Google & The Department of Defense

I start off with Google for a number of reasons, chief among them is the fact that they are the single largest and highest grossing firm on the net. As Google is an American business, what you should know is that the company has a number of active contracts with the United States Government – particularly the United States military industrial complex. If you would like an example, look no further than “Project Maven,” a joint military operation currently underway with the help of Google researchers, developers, staff and Artificial Intelligence algorithms – some of which have recently made international headlines.

It should therefore go without saying, but you can not have a contract with the United States military without your full loyalties belonging to them. For this very reason, this also means that enemies of the US Government, or any other international Government agency for that matter, cannot rely on or trust Google to ensure their full security, privacy or look out for their best interests – especially in regards to contentious geo-political issues/events. In other words, as an American-based business and active military contractor, Google is loyal to the US military and for better or worse, has become a de facto branch of/for it – even if no one actually admits this out loud.

Consequentially enough, this is also why Google has always been restricted by “The Great Firewall of China,” and has recently faced banishment from Russia entirely as recently as just a few weeks ago.

Microsoft, Encryption Back-doors & Government Espionage

Similar to Google, Microsoft is yet another American based business with deep running ties to the United States military industrial complex. For example, every computer owned by the US Army and US Cyber Command is now literally mandated to run exclusively on Microsoft Windows 10 software and Operating Systems.

https://twitter.com/MSinDOD/status/770962514406313986

Now, I want you to notice the dates of those two Tweets above – August 29th and 31st, 2016. I bring this up because just a few weeks prior to this, on August 10th 2016, the Kremlin came out with a press release announcing how it was their immediate intention to begin switching all government/military computing systems off Microsoft and on onto domestically produced software – directly because of Microsoft‘s deep running ties with the US Government and US military.

It wasn’t until just a few months after this, in November 2016, that the Kremlin literally called switching over all their software away from Microsofta matter of national security.” Going on to explain how the Kremlin now believes that “software developed by American companies, such as Microsoft, could hide back-doors and bugs that could help other nations spy on their plans.” Also going as far as to say “not replacing foreign IT would be equivalent to dismissing the army.

Read More – Russia’s Plan To Abandon Microsoft & Foreign Software 9/17/2016: https://news.softpedia.com/news/president-elect-donald-trump-can-t-stop-russia-s-war-against-american-software-510294.shtml

If you think this conundrum is unique to Russia, you are mistaken. Believe it or not, Microsoft has similarly been banned from all Government systems in China dating back to 2013. This is when the country first interrogated then political asylum seeker/NSA contractor Edward Snowden, whom revealed that the United States has been secretly using Microsoft to conduct espionage on the Chinese Government and its companies for decades. Not only this, but Microsoft‘s own search engine, Bing, was also banned in China as recently as January 2019 – for essentially all the same reasons.

ZTE & Corporate Espionage

Consequentially enough, this sets me up perfectly for my next bit – America’s banning of the Chinese-based telecommunications conglomerate known as Zhongxing Telecommunication Equipment – otherwise simply referred to as ZTE. Truth be told, I first learned of this news after attempting to go into an AT&T in store in downtown New York City for repairs on my phone, only to find out that AT&T refused to fix my screen because it was a ZTE product – based out of China. They informed me that it was no longer their policy to service and/or fix any Chinese based phone, and advised me to purchase a new American phone – to which I declined, and not respectfully.

Regardless, similar in many ways to to the complaints international Government agencies have been levying against American tech giants for years now, the US has now started levying against other international tech giants/conglomerates. It is just a shame that this information is generally not available or public knowledge to the average American hopelessly wandering around our society.

Kaspersky & US Election Hacking

Along the same lines, throughout the course of 2017, the US Department of Homeland Security (DHS) made it a top priority to ban Kaspersky Lab anti-virus and other software from all Government systems around the United States. This is because, upon investigation, the US Federal Bureau of Investigation had come to believe that US government employees and personnel were originally compromised via the Kaspersky Lab products they had installed on their devices, which granted the Russian based software conglomerate root access over all their systems. Put more directly, the US Government had come to believe that Kaspersky Lab roots were the whole reason that Russia was able to hack the 2016 Presidential election and US Government employees so easily in the months just before it – especially considering Russian laws requires Russian companies to make all of their data freely accessible to the Kremlin. These laws are also why Kasperky later moved all of their severs out of Russia and into Switzerland by 2018, even though the public damage to the company had already been done.

However, it must also be stated while there was never any cut and dry evidence released indicating that this was indeed the case, at least publicly, and there are still technically court cases ongoing surrounding these allegations, the US Governments ban of Kaspersky has been implemented nonetheless. As a result, Kaspersky has also faced similar bans throughout Europe.

I also don’t know what it says about me, but I just bought a new computer two weeks ago and the first thing I did was install Kaspersky Lab software on it. I also own a ZTE phone 😉.

Facebook & Psychological Warfare

The last two sections of this article are almost exclusive to Rogue Media Labs, at least I have not seen anyone else reporting on these issues outside of Russia. The first is the fact that Facebook has quite literally become a military weapon – and no, I am not talking about Russia’s use of fake news, fake advertisements or propaganda either. While yes, those were huge problems in their own right throughout 2015/2016, new developments as of 2018/2019 are far more troubling and grotesque. More specifically, I am talking about the US Governments use of Facebook as a means of waging so-called “Psychological Warfare” against our adversaries.

Learn More – Russia Bans Military Personnel from Using Social Media To Counter-Act US Sponsored Psych-Ops: https://roguemedia.co/2018/11/09/russia-bans-active-duty-military-personnel-from-sharing-on-social-media/

You may recall a 2017 statement by James Mattis in which he personally stated how, as a result of complacency and improper funding of the US Department of Defense (DoD) under the previous administration, the United States has now fallen behind the rest of the world in several realms of Warfare – such as cyberspace, ultimately allowing the US elections to be hacked in the first place. Regardless, in an effort to ‘catch back up with the rest of the world,’ not only has Trump begun heavily investing back in the US military industrial complex, but we as a nation have also begun experimenting with new, unconventional forms of Warfare. For the purposes of this particular article I would like to talk specifically about Psychological Warfare and our use of Psych-Ops, as well as how these operations can be and are already actively being carried out online – in some instances, exclusively through Facebook.

Read More – US Military Field Manual on Unconventional Warfare: https://roguemedia.co/wp-content/uploads/2019/03/US_Army_Field_Manual_Unconventional_Warfare_2008.pdf

If you were previously unaware, in November of 2018 the Kremlin signed a new piece of legislation into law officially banning all active duty military personnel from owning social media accounts or sharing across social platforms. This is because, at the time, according to the Kremlin itself, social platforms such as Facebook had begun being used to collect “analysis of the activities of the Russian military.” Explaining how “The data shared by the servicemen online is used to apply psychological and information pressure on Russia and its military as well as forming biased opinions on state policies of Russian authorities in society.” Not only this, but the US Government had also taken it a step further by using platforms like Facebook to wage psychological Warfare against Russian soldiers serving abroad in locations such as Syria and Africa.

For example, given that Facebook hosts its servers inside the United States, the US Government has started hijacking their platform in order to pretend to be friends or family members of Russian troops serving abroad. Not only does the US Government do this to organize psychological profiles on individual members of Russia’s military, but in some instances they also use Facebook accounts to cause Russian troops “distress” back home – by faking/fabricating conflicts, arguments or unfortunate circumstances with friends and family back in Russia.This was done to make Russian troops feel as though aspects of their lives were completely falling apart outside of their control back home, thus taking away pride/focus from their military efforts as they served abroad. It may have taken a few months to figure out, but the Kremlin did eventually catch on.

Despite however low down and “dirty” of a trick that is, this remains our current reality – at least under our new Commander In Chief Donald Trump as we continue to exploit American businesses internationally.

Twitter & Spying

I am proud to say that this last bit is exclusive to Rogue Media Labs, because it features research I have personally pieced together over recent months. They say that some of the worlds greatest discoveries were made by accident, and this last bit of news is no different.

The first bit of information I would like to share is something I have already shared a few months ago, which is the fact that Twitter is absolutely using their service to spy on its users. Not only can this be evidenced by the fact that every deleted Tweet attached to an owners account is secretly sent directly to Twitters internal servers, but also by the fact that I have personally caught the service recording one of my private messages with a famous hacker known as Nama Tikure. As previously reported, as I was physically typing it out on screen, a custom key logger built by yours truly accidentally caught Twitter bots clicking on my URL address literally 19 times in a 17 second time period. For some perspective on this, I never even pressed ‘enter’ onto the chat. Meaning that all of these clicks were recorded on my end, with all 19 IP Address ranges listed assigned exclusively to Twitter bots. In other words, I accidentally caught Twitter red hand trying to secretly record and log every last aspect of my private messages – and I am certain this isn’t or wasn’t an isolated incident.

Learn More- Twitter Caught Clandestinely Intercepting The Messages of Its Users: https://roguemedia.co/2019/01/15/twitter-bots-caught-clandestinely-logging-the-private-messages-of-their-users/

The second bit of research is something I accidentally discovered last night, completely unrelated to this article and also 100% accidentally. I could describe it in more detail, but this article is already long enough. So ironically, I instead direct you to the following Tweet…..

Wrapping Things Up

I’m almost embarrassed to admit it, but the whole reason I got riled up enough to write this article was the fact that, upon buying my computer, I was immediately offered 25 GB of free storage from DropBox. Sounds like an amazing deal – right? Who wouldn’t want to jump all over that – right? How generous and caring of a company Dropbox must be! Right?

Well, I’m sorry to 💩 on your parade, so to speak, but that just isn’t exactly the reality of the situation at hand here. I know it’s getting a bit redundant at this point, but the fact of the matter is that Dropbox is a subsidiary – an American subsidiary. Moreover, as the US Governments Supreme Court case with Microsoft proves, as an American company, the US Government has the right to any/all data owned by that company if the Government truly wants it.

See where I am going here? The reason why Dropbox is offering 25 GB of free space to anyone who wants it is so that ignorant sheeple, I mean citizens, will upload all of their data to it – so that the US Government can own all that data themselves. The worst part is the fact that Dropbox is subsidized to mislead you to do exactly this, which is also why they can afford to offer up some much free storage space to so many people for free. I know, yay Capitalism – right? 😏.

Egyptian Government Implicated In Massive Phishing Campaign Targeting Journalists, Political Activists & NGO’s Alike

(AI) – A new Amnesty International investigation has found a wave of digital attacks that likely originated from government-backed bodies starting from early January 2019 and involving multiple attempts to gain access to the email accounts of several prominent Egyptian human rights defenders, media and civil society organizations’ staff. The attacks appear to be part of a wider strategy, occurring amid an unprecedented crackdown on the same groups in what have turned Egypt into an “open-air” prison for critics. Because of the identities of the targets we have identified, the timing of these attacks, their apparent coordination and the notifications of state-sponsored attacks sent from Google, we conclude that these attacks were most likely carried out by, or on behalf of, the Egyptian authorities.

In recent years, the Egyptian authorities have been harassing civil society and undermining freedom of association and expression through an ongoing criminal investigation into NGOs and a repressive NGO law. The authorities have been investigating dozens of human rights defenders and NGO staff for “receiving foreign funding” Many of them could face prison if convicted. The investigative judges have also ordered a travel ban against at least 31 NGO staff, and asset freezes of 10 individuals and seven organizations. Meanwhile, the authorities have also closed El Nadeem Center for Rehabilitation of Victims of Violence and continue to detain human rights defenders Ezzat Ghoniemand Hisham Gaafar, directors of the Egyptian Coordination for Rights and Freedoms and Mada for media studies, respectively.

The list of individuals and organizations targeted in this campaign of phishing attacks has significant overlaps with those targeted in an older phishing attack wave, known as Nile Phish, disclosed in 2017 by the Citizen Lab and the Egyptian Initiative for Personal Rights (EIPR).

Translated English Version: https://citizenlab.ca/2017/02/nilephish-report/

Full Nile Phish Report: 

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/03/nilephish.pdf”]

Amnesty International is deeply concerned that these phishing attacks represent yet another attempt by the authorities to stifle Egyptian civil society and calls on the Egyptian authorities to end these attacks on human rights defenders, and the crackdown on civil society, including by dropping the foreign funding case and repealing the NGO law.

A new year and a new wave of attacks

Since January 2019 several human rights defenders and civil society organizations from Egypt started forwarding dozens of suspicious emails to Amnesty International. Through the course of our investigation we discovered that these emails were attempts to access the email accounts of their targets through a particularly insidious form of phishing known as “OAuth Phishing” (which we explain in detail below). We estimate the total number of targeted individuals to be in the order of several hundreds.

These coincided with a number of important events that took place in the country. In the run-up to the eighth anniversary of Egypt’s 25 January uprising, which ended with the removal of former president Hosni Mubarak, after 30 years in power, we recorded 11 phishing attacks against NGOs and media collectives. We saw another burst of attacks during French President Emmanuel Macron’s visit to Cairo to meet with President Abdel Fatah al-Sisi on 28 and 29 January. The attacks peaked on 29 January, the day that President Macron met with human rights defenders from four prominent Egyptian NGOs. Later, in the first week of February, several media organizations were targeted as part of this campaign of digital attacks; they were reporting on the process of amending the Egyptian Constitution that the parliament had just officially started.

The attacks all bear the same hallmarks and appear to be part of a coordinated campaign to spy on, harass and intimidate their targets. While definitive attribution is difficult, the selective targeting of human rights defenders from Egypt, particularly in concomitant with specific political events, suggests this current wave of digital attacks is politically, rather than financially, motivated.

Additionally, we learned that multiple targets of this campaign received an official warning from Google alerting that “government-backed attackers are trying to steal your password.

No photo description available.

Google warning to one of the targets – 19 January 2019

These elements reinforce the suspicion that a state-sponsored group might be behind this campaign, further contributing to the chilling effect on Egyptian civil society and silencing those who voice criticism of the government.

What an OAuth phishing attack looks like: Step by step

Traditional phishing attacks attempt to deceive the targets into providing their passwords by creating a fake clone of, for example, Google’s or Facebook’s login page. If the target is successfully lured into entering their password, the attacker then “steals” their credentials and can reuse these to access their email account. Typically, this kind of phishing attack can be prevented through the use of two-step verification procedures such as those provided by most mainstream platforms these days, or by authenticator apps, or even better, security keys.

However, in this phishing campaign we have documented in Egypt, the attackers instead leverage a simple but less known technique generally called “OAuth Phishing.” Rather than cloning a legitimate login prompt that aims to trick targets into entering their password on a dubious-looking site, OAuth Phishing abuses a legitimate feature of many online service providers, including Google, that allows third-party applications to gain direct access to an account. For example, a legitimate external calendar application might request access to a user’s email account in order to automatically identify and add upcoming events or flight reservations.

With OAuth Phishing, attackers craft malicious third-party applications that are disguised not to raise suspicion with the victims. (More information on this functionality is available on Google Support in English or Arabic). Here we provide a step by step look at the ways in which these attacks work, and we follow on below with some concrete ways that people can better protect themselves from these kinds of attacks.

Step 1

We identified a few variants of the phishing emails received by the human rights defenders who shared these with Amnesty International. In the most common case pictured below, the email imitates a security warning from Google and solicits the target to apply a “Secure Email” security update to their Google account.

Screen Shot Example of Phishing Email Used In Attack:

No photo description available.

Step 2

Clicking the “Update my security now” button directs to a page that initiates the OAuth authorization process of the malicious third-party application named by the attackers as “Secure Mail.

Step 3

At this point the target is requested to log into Google or choose an existing logged in account.

Screenshot of Google’s login prompt requesting authorization to the malicious app:

No photo description available.

Step 4

Now the target is asked to explicitly authorize the malicious “Secure Email” third-party application to be granted access to their email account. While this authorization prompt does contain a warning from Google, it may be overlooked as the user has been directed from what appeared to be a legitimate email from Google.

Screenshot of confirmation to authorize the malicious app on victim’s account:

No photo description available.

Step 5

Once the “Allow” button is clicked, the malicious “Secure Email” application is granted access to the target’s email account. The attackers are immediately able to read the email’s content, and the victims are directed to the real Google account settings page, which further reduces any suspicion on the part of the target that they have been victim of a fraudulent attack.

In addition to Google, we observed that the same attackers make use of similar tactics against Yahoo, Outlook and Hotmail users.

Defending Against OAuth Phishing

OAuth Phishing can be tricky to identify. Often, security education for individuals at risk does not include mentions of this particular technique. People are usually trained to respond to phishing by looking for suspicious domains in the browser’s address bar and by enabling two-factor verification. While those are very useful and important safety practices to adopt, they would not help with OAuth Phishing because victims are in fact authenticating directly through the legitimate site.

If you are an activist, human rights defender, journalist, or anyone else concerned about being targeted by these kinds of attacks, it is important to be alert whenever you are requested to authorize a third-party application on your accounts.

Occasionally it is a good exercise to review your account’s security settings and check for authorized external applications. In the case of this campaign, the malicious Secure Email application will appear authorized as pictured below.

No photo description available.

Screenshot of the malicious third-party applications used by the attackers as it appears in the Google account settings page

You might also want to consider revoking access to any other authorized application that you do not recognize or that you might have stopped using.

Google also offers an Advanced Protection Program that in addition to enforcing the authentication with a security key, disables third-party applications on your account. Beware that enabling this configuration introduces some limitations, so make sure it fits your particular requirements before enrolling.

Here you can find instructions on how to check for authorized third-party applications on your Yahoo account instead.

Get in touch

If you received any suspicious email like those we described in this report, or other forms of suspected targeted attack, you can contact us at share@amnesty.tech.

Appendix

Indicators of Compromise and attacks Infrastructure available here.

Following are screenshots of other phishing emails used in this same campaign:

No photo description available.

No photo description available.

No photo description available.


This report was originally published by Amnesty International on March 5th 2019. It was republished, with permission, under a Creative Commons BY-NC-ND 4.0 International License, in accordance with the Terms & Conditions of Amnesty International | Formatting Edits and PDF added and embedded by Rogue Media Labs

Moscow Introduces New Legislation Designed To Create A “Sovereign Internet” Inside Russian Borders

(HRW) – An acquaintance living in the United States asked me if it was true that Russia is about to “cut off its Internet” from the rest of the world. He sounded panicked – his family still lives in Russia. He was concerned about recent reports that giants like Google are yielding to Russia’s war on online speech and are cooperating with the government.

While the reality is not quite as dramatic, his reaction is understandable. The government effectively controls most of traditional media in Russia and has been taking steps to bring the internet under greater state control, while prosecuting social media users and adopting highly regressive legislation on data storage localization, encryption, and cybersecurity. Last week, parliament held its first hearing on a draft law on internet “sovereignty,” which aims to protect Russia from foreign cyberattacks and respond to the US cybersecurity strategy.

Learn More – Russia Proposing To Create Its Own Backup To The Worldwide Web: https://roguemedia.co/2018/12/16/russia-aims-to-create-backup-to-the-world-wide-web-create-its-own-national-internet-infrastructure/

The draft, if adopted, would enable Russian internet to operate independently from the global internet in the event of an emergency or foreign threat. It would require all online services operating in Russia to install equipment to monitor web traffic and block banned content under direct oversight of Russia’s watchdog media and communications agency. This proposal naturally raises censorship and surveillance concerns, although the draft is so vague that even its authors were unable to explain how it would work in practice. The second hearing is next month.

View/Track Bill Here: http://sozd.duma.gov.ru/bill/608767-7

https://twitter.com/SophianaRus/status/1096167121422290944

Recent reports of Google’s cooperation with Russian authorities are also a cause of concern. According to Google’s transparency report, the number of Russian government requests to remove content spiked to 182,462 in the first half of 2018 ( from 2,566 over the same period in 2016). Google complied with 79% of all requests to remove content, in whole or in part, during this period. It remains unclear how Google will respond as authorities expand enforcement of Russian laws that jeopardize internet users’ safety and freedom of speech, especially if Google risks being blocked in Russia.

Read More – Roskomnadzor Fines Google, Company Faces Potential Banishment from Russia: https://roguemedia.co/?s=google+russia&x=0&y=0

There are precedents for this: in 2016, authorities blocked LinkedIn for noncompliance with the data storage law, and in 2018, they ordered Telegram blocked for its refusal to hand over encryption keys. Russia’s regressive internet laws have mostly been rushed, clumsy and chaotic, but that doesn’t reduce their threat to freedom of speech and information. Authorities do sometimes rigorously implement them – and penalize those who refuse to obey.

Full Copy of Draft Law:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/02/138234916-1.pdf” title=”-138234916 (1)”]


This article was originally published by Human Rights Watch on February 18th 2019. It was republished, with permission, using a Creative Commons BY-NC-ND 3.0 US License, in accordance with the Terms & Conditions of Human Rights Watch | Formatting edits, Tweets, PDF Files added/embedded by Rogue Media Labs

150 KB of Data, Accounts of 5,748 GMAIL Clients Hacked & Leaked Online

Browsing through some of the postings around the web this evening I managed to stumble across a unique leak of data, apparently effecting thousand of clients belonging Google’s GMail. Posted by an unknown hacker the evening of Febraury 6th 2019, in a file consisting of 150 KB of data, the leak features the email address and password of approximately 5,748 GMail users. It remains unknown how the hacker got the data, as well as what, if anything, they were using the data for. The leaker even failed to disclose their identity online and no one has claimed credit for the breach. Still though, the incident was interesting and unique enough for me to want to document briefly here today.

Full Raw Leak: https://pastebin.com/raw/AnuXXb7t

Researcher Uses Google Search Strings To Uncover 1,000’s of Active Government Issued ID’s, Passports & More

An online cyber security researcher going by the name of Fabio Castro in Brasil has just disclosed a serious vulnerability attached to the Google search engine. In research revealed via his Twitter page earlier today, January 10th 2019, Mr. Castro has revealed that if you enter a certain string of the right characters and symbols onto a Google search, you are essentially able to nab different portions, sections, folders, files or databases perhaps you otherwise shouldn’t.

As a proof of concept (PoC), Mr. Castro entered the following string onto Google this morning “intitle.”index of / “passport” and managed to stumble across countless international photo Id’s, Passports, Drivers Licenses and the like through Google images. While the exact number exposed is impossible to quantify, we could be talking about thousands upon thousands of active Government issued ID’s compromised by this glitch/vulnerability all across the world. For example, Mr. Castro has already admitted to maliciously downloading documents for himself – primarily targeting Brasilian drivers licenses.

After thinking for a while about how this sort of thing could have happened and after analyzing the URL structure tied to the photo’s leaked onto Googles servers, it is my professional opinion that this is a glitch resulting from Google web bots and crawlers. For example, nearly every Government or corporate website in the world is attached to Google‘s search engine on one level or another, meaning that the site has been indexed to be crawled by Google‘s various artificial intelligence web bots – seemingly at random.

Now, unless you are a security 🤓 like me, or don’t have insanely strict firewall rules, you might not realize how much Google actually attempts to “learn” about any/every website located on the ClearNet. For example, every once and a while Rogue Security Labs manages to catch Google‘s web bots attempting to crawl/index things they should have no business learning – such as my site’s json files. Tying things together, especially given the developments of today, I am also willing to bet that none of this is an isolated process, and Google‘s bots have either been intentionally configured to or accidentally reconfigured to crawl various file systems across the web – there’s no telling which really, only Google developers know that answer.

For Example:

No photo description available.

No photo description available.

No photo description available.

If you do not block these bots or employ strict enough rules on your firewall, then Google will do anything and everything it can to index everything on it – seemingly with no abandon whatsoever. After thinking about it for long enough and after piecing some more information together in my head, unfortunately, this appears to be a variation of the same exact bug/vulnerability leading to the death of 30 Clandestine CIA agents in Iran last November.

For those of you whom do not remember, as was first reported by Yahoo News on November 2nd 2018, Iranian agents managed to enter different search strings together on Google‘s search engine, leading hackers directly to site pages attached to the back-end of “secret” websites used by various CIA agents/operatives to coordinate, communicate and exchange messages with one another. For example, a later report revealed that a search comprising of the words “CIA secret website login” really did lead hackers to web pages of undercover operatives – web pages that hackers were then able to Brute-Force and/or hack. Later reports revealed that undercover agents in China were also able to compromise undercover operatives by similar hacks/vulnerabilities throughout the course of 2009 – 2013, leading to the deaths of dozens more.

Honestly, there really is no easy fix to this problem. If you are one of the websites effected, considering that Google has already indexed the web pages and files in question, Google would have to audit its own systems and servers to remove them manually. If you are a website owner looking to build your site in the future, then either hire Rogue Security Labs to manage your website security or learn how to build and employ stricter firewall rules yourself. The only way to prevent Google from indexing your site is by blocking different web bots/crawlers from doing so. It is such an advanced problem that is so easily exploited – that’s the real problem here.

On a side note, considering that I was one point a Clandestine agent in waiting and literally wrote the book how to keep an Anonymous identity online, I am quite frankly dumbfounded that agents actually employed by the CIA were dumb enough to coordinate with each other and Government offices on the ClearNet, nevermind on an unsecure website located on the ClearNet to boot- that’s just a literal face palm to me. But then again, I’m the one the CIA choose not to hire – so I guess that’s their problem. Well done America.

Warriors Crew Hacked & Defaced 7 Websites Belonging To The Governments of Peru & Brasil This Weekend

This weekend the Brasilian based hacking group known as “Warriors Crew” announced a hack of 7 Governmental website across Peru and Brasil, managing to deface each and every single one of them. While the hacks were originally carried out throughout the course of December 29th and 30th 2018, at the time of this article in the evening hours of December 31st every single one of the websites has yet to be restored and still remain in their defaced condition – perhaps indicating that hackers were able to change the sites login credentials to lock out its administrators.

Not only were the sites defaced, but hackers also managed to edit the sites SEO meta description to read “We come to fight for our people! The corruption of rulers almost always begins with the corruption of their principles. Corruption is not a Brazilian invention, but impunity is a thing of our own.” If you search for any one of the websites below on Google for example, that is the description you will read about each agency/city – lulz. Among the websites targeted include iNET Peru, an IT infrastructure service integrator operating on behalf of the Peruvian Government, the municipal websites of Nova Olinda and White Rock, Brasil, along with their chambers of commerce, as well as the City Halls of Ibiara and Obidos, Brasil.

Press Release: https://ghostbin.com/paste/cg8qb

Websites Targeted/Defaced:

Alvo 1: http://www.oosaludaltomayo.gob.pe/Warriors.html
Alvo 2: http://pedrabranca.pb.gov.br/
Alvo 3: http://novaolinda.pb.gov.br/
Alvo 4: http://camaranovaolinda.pb.gov.br/
Alvo 5: http://camaraibiara.pb.gov.br/
Alvo 6: http://camarapedrabranca.pb.gov.br/
Alvo 7: http://www.obidos.pa.gov.br/?page=prefeitura/vice_prefeito

Example:

No automatic alt text available.

No automatic alt text available.

Amnesty Investigation – State Sponsored Hackers Launching Massive Hacking Operations Across Middle East & North Africa

(AI)

Summary

  • We have identified several campaigns of credentials phishing, likely operated by the same attackers, targeting hundreds of individuals spread across the Middle East and North Africa.
  • In one campaign, the attackers were particularly going after accounts on popular self-described “secure email” services, such as Tutanota and ProtonMail.
  • In another campaign, the attackers have been targeting hundreds of Google and Yahoo accounts, successfully bypassing common forms of two-factor authentication.

Introduction

From the arsenal of tools and tactics used for targeted surveillance, phishing remains one of the most common and insidious form of attack affecting civil society around the world. More and more Human Rights Defenders (HRDs) have become aware of these threats. Many have taken steps to increase their resilience to such tactics. These often include using more secure, privacy-respecting email providers, or enabling two-factor authentication on their online accounts.

However, attackers too learn and adapt in how they target HRDs. This report documents two phishing campaigns that Amnesty International believes are being carried out by the same attacker (or attackers) likely originating from amongst the Gulf countries. These broad campaigns have targeted hundreds, if not a thousand, HRDs, journalists, political actors and others in many countries throughout the Middle East and North Africa region.

What makes these campaigns especially troubling is the lengths to which they go to subvert the digital security strategies of their targets. The first campaign, for example, utilizes especially well-crafted fake websites meant to imitate well-known “secure email” providers. Even more worryingly, the second demonstrates how attackers can easily defeat some forms of two-factor authentication to steal credentials, and obtain and maintain access to victims’ accounts. As a matter of fact, Amnesty Tech’s continuous monitoring and investigations into campaigns of targeted surveillance against HRDs suggest that many attacker groups are developing this capability.

Taken together, these campaigns are a reminder that phishing is a pressing threat and that more awareness and clarity over appropriate countermeasures needs to be available to human rights defenders.

Phishing Sites Imitating “Secure Email” Providers

Amnesty International has identified several well-crafted phishing sites for the popular email services Tutanota and ProtonMail. The providers are marketed as “secure email” solutions and have consequently gained some traction among activists.

These sites contain several elements that make them especially difficult for targets to identify as fakes. For instance, the attackers managed to obtain the domain tutanota.org and used it to almost completely replicate the original website for the Tutanota service, which is actually located at tutanota.com.

No automatic alt text available.

Many users rightfully expect that online services control the primary .com.org and .net domain variants of their brand. If an attacker manages to acquire one of these variants they have a rare opportunity to make the fake website appear significantly more realistic. These fake sites also use transport encryption (represented by the https:// prefix, as opposed to the classic, unencrypted, http://). This enables the well-recognized padlock on the left side of the browser’s address bar, which users have over the years been often taught to look for when attempting to discern between legitimate and malicious sites. These elements, together with an almost indistinguishable clone of the original website, made this a very credible phishing site that would be difficult to identify even for the more tech-savvy targets.

If a victim were tricked into performing a login to this phishing site, their credentials would be stored and a valid login procedure would be then initiated with the original Tutanota site, giving the target no indication that anything suspicious had occurred.

No automatic alt text available.

Because of how remarkably deceptive this phishing site was, we contacted Tutanota’s staff, informed them about the ongoing phishing attack, and they quickly proceeded to request the shutdown of the malicious infrastructure.

These same attackers were also operating a ProtonMail phishing website (another popular email service marketed as secure) located at protonemail.ch, where the additional letter “e” is all that distinguishes this well-built replica from the original valid website protonmail.ch.

No automatic alt text available.

No automatic alt text available.

Widespread Phishing of Google and Yahoo Users

Throughout 2017 and 2018, human rights defenders and journalists from the Middle East and North Africa region have been sharing with us suspicious emails they have been receiving. Investigating these emails, we identified a large and long-running campaign of targeted phishing attacks that has targeted hundreds, and likely over one thousand people overall. Most of the targets seemingly originating from the United Arab Emirates, Yemen, Egypt and Palestine.

It is worth noting that we found this campaign to be directly connected to some attacks included in section 2.4.2 of a technical report by UC Berkeley researcher Bill Marczak, in which he suggests various overlaps with other campaigns of targeted surveillance specifically targeting dissidents in the UAE.

Our investigation leads us to additionally conclude that this campaign likely originates with the same attacker – or attackers – who cloned the Tutanota and ProtonMail sites in the previous section. As in the previous campaign, this targeted phishing campaign employs very well-designed clones of the commercial sites it impersonates: Google and Yahoo. Unlike that campaign, however, this targeted phishing campaign is also designed to defeat the most common forms of two-factor authentication that targets might use to secure their accounts.

Lastly, we have identified and are currently investigating a series of malware attacks that appear to be tied to these phishing campaigns. This will be the subject of a forthcoming report.

Fake Security Alerts Work

In other campaigns, for example in our Operation Kingphish report, we have seen attackers create well developed online personas in order to gain the trust of their targets, and later use more crafty phishing emails that appeared to be invites to edit documents on Google Drive or participating in Google Hangout calls.

In this case, we have observed less sophisticated social engineering tricks. Most often this attacker made use of the common “security alert” scheme, which involves falsely alarming the targets with some fake notification of a potential account compromise. This approach exploits their fear and instills a sense of urgency in order to solicit a login with the pretense of immediately needing to change their password in order to secure their account. With HRDs having to be constantly on the alert for their personal and digital security, this social engineering scheme can be remarkably convincing.

The following is one example of a phishing email sent by this attacker.

No automatic alt text available.

No automatic alt text available.

Clicking on the links and buttons contained in these malicious emails would take the victim to a well-crafted and convincing Google phishing website. These attackers often and regularly create new sites and rotate their infrastructure in order to avoid detection and reduce the damage of unexpected shutdowns by domain registrars and hosting providers. You can find at the bottom of this report a list of all the malicious domains we have identified.

Image may contain: text

No automatic alt text available.

How Does the Phishing Attack Work?

In order to verify the functioning of the phishing pages we identified, we decided to create a disposable Google account. We selected one of the phishing emails that was shared with us, which pretended to be a security alert from Google, falsely alerting the victim of suspicious login activity, and soliciting them to change the password to their account.

The first step was to visit the phishing page.

No automatic alt text available.

When we logged into the phishing page, we were redirected to another page where we were alerted that we had been sent a 2-Step Verification code (another term for two-factor authentication) via SMS to the phone number we used to register the account, consisting of six digits.

No automatic alt text available.

Sure enough, our configured phone number did receive an SMS message containing a valid Googleverification code. After we entered our credentials and the 2-Step Verification code into the phishing page, we were then presented with a form asking us to reset the password for our account.

No automatic alt text available.

To most users a prompt from Google to change passwords would seem a legitimate reason to be contacted by the company, which in fact it is.

After checking the security events on our disposable Google account, we noticed that a password change was in fact issued by Windows computer operated by the attackers, seemingly connecting from an IP address that Google geolocates within the USA.

No automatic alt text available.

(The IP address used by the attackers to automatically authenticate and modify our Google account, 196.19.3.66, is actually an unauthenticated Squid HTTP proxy. The attackers can use open proxies to obscure the location of their phishing server.)

The purpose of taking this additional step is most likely just to fulfill the promise of the social engineering bait and therefore to not raise any suspicion on the part of the victim.

After following this one last step, we were then redirected to an actual Google page. In a completely automated fashion, the attackers managed to use our password to login into our account, obtain from us the two-factor authentication code sent to our phone, and eventually prompt us to change the password to our account. The phishing attack is now successfully completed.

Similarly, we created a new Yahoo account and configured two-factor authentication using the available phone verification as visible in the account settings:

No automatic alt text available.

Image may contain: text

No automatic alt text available.

Challenges in Securing Online Accounts

Finding a secure way to authenticate users is a very difficult technical issue, although some progress has been made over the years that has raised the bar of difficulty for attackers attempting to compromise accounts at scale.

Two-factor authentication has become a de-facto standard that is almost always recommended as a required step for securing online accounts. With two-factor authentication procedures enabled, users are required to provide a secondary form of verification that normally comes in the form of a numerical token that is either sent via SMS or through a dedicated app to be installed on their phone. These tokens are short-lived, and normally expire after 30 seconds. In other cases, like that of Yahoo, the user is required instead to manually allow an ongoing authentication attempt by tapping a button on their phone.

Why is this useful? Requiring a secondary form of authentication prevents some scenarios in which an attacker might have obtained access to your credentials. While this can most commonly happen with some unsophisticated phishing attempts, it is also a useful mitigation to password reuse. You should definitely configure your online accounts to use different passwords (and ideally use a password manager), but in the case you reuse – accidentally or otherwise – a password which was stolen (for example through the numerous data breaches occurring all the time) having two-factor authentication enabled will most likely mitigate against casual attackers trying to reuse the same password on as many other online accounts as possible.

Generally, there are three forms of two-factor authentication that online services provide:

  • Software token: this is the most common form, and consists in asking the user to enter in the login form a token (usually composed of six digits, sometimes it includes letters) that is sent to them either via SMS or through a dedicated app the user configured at the time of registration.
  • Software push notification: the user receives a notification on the phone through an app that was installed at the time of registration. This app alerts the user that a login attempt is being made and the user can approve it or block it.
  • Hardware security keys: this is a more recent form of two-factor authentication that requires the user to physically insert a special USB key into the computer in order to log into the given website.

While two-factor push notifications often provide some additional information that might be useful to raise your suspicion (for example, the country of origin of the client attempting to authenticate being different from yours), most software-based methods fall short when the attacker is sophisticated enough to employ some level of automation.

As we saw with the campaigns described in this report, if a victim is tricked into providing the username and password to their account, nothing will stop the attacker from asking to provide the 6-digits two-factor token, eventually the phone number to be verified, as well as any other required information. With sufficient instrumentation and automation, the attackers can make use of the valid two-factor authentication tokens and session before they expire, successfully log in and access all the emails and contacts of the victim. In other words, when it comes to targeted phishing software-based two-factor authentication, without appropriate mitigation, could be a speed bump at best.

Don’t be mistaken, two-factor authentication is important and you should make sure you enable it everywhere you can. However, without a proper understanding of how real attackers work around these countermeasures, it is possible that people are misled into believing that, once it is enabled, they are safe to log into just about anything and feel protected. Individuals at risk, human rights defenders above all, are very often targets of phishing attacks and it is important that they are equipped with the right knowledge to make sure they aren’t improperly lowering their level of caution online.

While it is possible that in the future capable attackers could develop ways around that too, at the moment the safest two-factor authentication option available is the use of security keys.

This technology is supported for example by Google’s Advanced Protection program, by Facebook and as of recently by Twitter as well. This process might appear painful at first, but it significantly raises the difficulty for any attacker to be successful, and it isn’t quite as burdensome as one might think. Normally, you will be required to use a security key only when you are authenticating for the first time from a new device.

That said, security keys have downsides as well. Firstly, they are still at a very early stage of adoption: only few services support them and most email clients (such as Thunderbird) are still in the process of developing an integration. Secondly, you can of course lose your security key and be locked out of your accounts. However, you could just in the same way lose the phone you use for other forms of two-factor authentication, and in both cases, you should carefully configure an option for recovery (through printed codes or a secondary key) as instructed by the particular service.

As with every technology, it is important individuals at risk are conscious of the opportunities as well as the shortcomings some of these security procedures offer, and determine (perhaps with the assistance of an expert) which configuration is best suited for their respective requirements and levels of risk.

How the Bypass for Two-Factor Authentication Works

The servers hosting the Google and Yahoo phishing sites also mistakenly exposed a number of publicly listed directories that allowed us to discover some details on the attacker’s plan. One folder located at /setup/ contained a database SQL schema likely used by the attackers to store the credentials obtained through the phishing frontend:

No automatic alt text available.

A folder located at /bin/ contained an installation of Selenium with Chrome Driver, which is a set of tools commonly used for the automation of testing of web applications. Selenium allows to script the configuration and launch of a browser (in this case Google Chrome) and make it automatically visit any website and perform certain activity (such as clicking on a button) in the page.

While the original purpose was to simplify the process of quality assurance for web developers, it also lends itself perfectly to the purpose of automating login attempts into legitimate websites and streamlining phishing attacks. Particularly, this allows attackers to easily defeat software-based two-factor authentication.

No automatic alt text available.

Yet another folder called /profiles/ instead contained hundreds of folders generated by each spawned instance of Google Chrome, automated through Selenium as explained.

No automatic alt text available.

Because all the profile folders generated by the spawned Google Chrome instances operated by the attackers are exposed to the public, we can actually get a glimpse at how the accounts are compromised by inspecting the History database that is normally used by the browser to store the browsing history.

No automatic alt text available.

Through the many Chrome folders we could access, we identified two clear patterns of compromise.

The first pattern of compromise, and most commonly found across the data we have obtained, is exemplified by the following chronological list of URLs visited by the Chrome browser instrumented by the attackers:

  1. https://mail.yahoo.com/
  2. https://guce.yahoo.com/consent?brandType=nonEu&gcrumb=[REDACTED]&done=https%3A%2F%2Fmail.yahoo.com%2F
  3. https://login.yahoo.com/?done=https%3A%2F%2Fmail.yahoo.com%2F
  4. https://login.yahoo.com/account/challenge/push?done=https%3A%2F%2Fmail.yahoo.com%2F&authMechanism=primary&display=login&yid=[REDACTED]&sessionIndex=QQ–&acrumb=[REDACTED]
  5. https://login.yahoo.com/account/challenge/phone-obfuscation?done=https%3A%2F%2Fmail.yahoo.com%2F&authMechanism=primary&display=login&yid=[REDACTED]&acrumb=[REDACTED]&sessionIndex=QQ–&eid=3640
  6. https://login.yahoo.com/account/challenge/phone-verify?done=https%3A%2F%2Fmail.yahoo.com%2F&authMechanism=primary&display=login&yid=[REDACTED]&acrumb=[REDACTED]&sessionIndex=QQ–
  7. https://login.yahoo.com/account/challenge/pre-change-password?done=https%3A%2F%2Fguce.yahoo.com%2Fconsent%3Fgcrumb%3D[REDACTED]%26trapType%3Dlogin%26done%3Dhttps%253A%252F%252Fmail.yahoo.com%252F%26intl%3D%26lang%3D&authMechanism=prima$
  8. https://login.yahoo.com/account/security/app-passwords/list
  9. https://login.yahoo.com/?done=https%3A%2F%2Flogin.yahoo.com%2Faccount%2Fsecurity%2Fapp-passwords%2Flist%3F.scrumb%3D0
  10. https://login.yahoo.com/account/security/app-passwords/list?.scrumb=[REDACTED]
  11. https://login.yahoo.com/account/security/app-passwords/add?scrumb=[REDACTED]

As we can see, the attackers are automatically visiting the legitimate Yahoo login page, entering the credentials, and then following all of the required steps for eventual two-factor authentication that might have been configured by the victim. Once the full authentication process is completed, the attackers proceed to create what is commonly known as an “App Password”, which is a separate password that some services, including Yahoo, offer in order to allow third-party apps that don’t support two-factor verification to access the user’s account (for example, if the user wants to use Outlook to access the email). Because of this, App Passwords are perfect for an attacker to maintain persistent access to the victim’s account, as they will not be further required to perform any additional two-factor authentication when accessing it.

In the second pattern of compromise we identified, the attackers again seem to automate the process of authenticating into the victim’s account, but they appear to additionally attempt to perform an “account migration” in order to fundamentally clone the emails and the contacts list of from the victim’s account to a separate account under the attacker’s control:

  1. https://mail.yahoo.com/
  2. https://guce.yahoo.com/consent?brandType=nonEu&gcrumb=[REDACTED]&done=https%3A%2F%2Fmail.yahoo.com%2F
  3. https://login.yahoo.com/?done=https%3A%2F%2Fmail.yahoo.com%2F
  4. https://login.yahoo.com/account/challenge/password?done=https%3A%2F%2Fmail.yahoo.com%2F&authMechanism=primary&display=narrow&yid=[REDACTED]&sessionIndex=QQ–&acrumb=[REDACTED]
  5. https://login.yahoo.com/account/challenge/phone-obfuscation?done=https%3A%2F%2Fmail.yahoo.com%2F&authMechanism=primary&display=narrow&yid=[REDACTED]&acrumb=[REDACTED]&sessionIndex=QQ–&eid=3650
  6. https://login.yahoo.com/account/challenge/phone-verify?done=https%3A%2F%2Fmail.yahoo.com%2F&authMechanism=primary&display=narrow&yid=[REDACTED]&acrumb=[REDACTED]&sessionIndex=QQ–
  7. https://login.yahoo.com/account/yak-opt-in/upsell?done=https%3A%2F%2Fguce.yahoo.com%2Fconsent%3Fgcrumb%3D[REDACTED]%26trapType%3Dlogin%26done%3Dhttps%253A%252F%252Fmail.yahoo.com%252F%26intl%3D%26lang%3D&authMechanism=primary&display=n$
  8. https://guce.yahoo.com/consent?brandType=nonEu&gcrumb=[REDACTED]&done=https%3A%2F%2Fmail.yahoo.com%2F
  9. https://mail.yahoo.com/m/
  10. https://mg.mail.yahoo.com/neo/m/launch?
  11. https://mg.mail.yahoo.com/m/
  12. https://mg.mail.yahoo.com/m/folders/1
  13. http://www.gmail.com/
  14. https://www.gmail.com/
  15. https://www.google.com/gmail/
  16. https://mail.google.com/mail/
  17. https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1#
  18. https://mail.google.com/intl/en/mail/help/about.html#
  19. https://www.google.com/intl/en/mail/help/about.html#
  20. https://www.google.com/gmail/about/#
  21. https://accounts.google.com/AccountChooser?service=mail&continue=https://mail.google.com/mail/
  22. https://accounts.google.com/ServiceLogin?continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&service=mail&sacu=1&rip=1
  23. https://accounts.google.com/signin/v2/identifier?continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&service=mail&sacu=1&rip=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin
  24. https://accounts.google.com/signin/v2/sl/pwd?continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&service=mail&sacu=1&rip=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&cid=1&navigationDirection=forward
  25. https://accounts.google.com/CheckCookie?hl=en&checkedDomains=youtube&checkConnection=youtube%3A375%3A1&pstMsg=1&chtml=LoginDoneHtml&service=mail&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&gidl=[REDACTED]
  26. https://mail.google.com/accounts/SetOSID?authuser=0&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fauth%3D[REDACTED]
  27. https://mail.google.com/mail/?auth=[REDACTED].
  28. https://mail.google.com/mail/u/0/
  29. https://mail.google.com/mail/u/0/#inbox
  30. https://mail.google.com/mail/u/0/#settings/general
  31. https://mail.google.com/mail/u/0/#settings/accounts
  32. https://mail.google.com/mail/u/0/?ui=2&ik=[REDACTED]&jsver=OeNArYUPo4g.en.&view=mip&fs=1&tf=1&ver=OeNArYUPo4g.en.&am=[REDACTED]
  33. https://api.shuttlecloud.com/gmailv2/authenticate/oauth/[REDACTED]%40yahoo.com?ik=[REDACTED]&email=[REDACTED]@yahoo.com&user=0&scopes=contactsmigration,emailmigration
  34. https://api.login.yahoo.com/oauth2/request_auth?client_id=[REDACTED]&redirect_uri=https%3A//api.shuttlecloud.com/gmailv2/authenticate/oauth/c$
  35. https://api.login.yahoo.com/oauth2/authorize
  36. https://api.shuttlecloud.com/gmailv2/authenticate/oauth/callback?email=[REDACTED]&code=[REDACTED]
  37. https://mail.google.com/mail/u/0/?token_id=[REDACTED]&ik=[REDACTED]&ui=2&email=[REDACTED]%40yahoo.com&view=mas

In this rather longer chronology of URLs visited by the Chrome browser instrumented by the attackers we can see that they designed the system to attempt a login into Yahoo with the stolen credentials and request the completion of a two-factor verification process, as requested by the service. Once the authentication is completed, the phishing backend will automatically connect the compromised Yahoo account to a legitimate account migration service called ShuttleCloud, which allows the attackers to automatically and immediately generate a full clone of the victim’s Yahooaccount under a separate Gmail account under their control.

After such malicious account migration happened, the attackers would then be able to comfortably search and read through all the emails stolen from the victims leveraging the full-fledged functionality offered by Gmail.

Indicators

tutanota[.]org

protonemail[.]ch

accounts-mysecure[.]com

accounts-mysecures[.]com

accounts-secuirty[.]com

accounts-securtiy[.]com

accounts-servicse[.]com

accounts-settings[.]com

account-facebook[.]com

account-mysecure[.]com

account-privacy[.]com

account-privcay[.]com

account-servics[.]com

account-servicse[.]com

alert-newmail02[.]pro

applications-secure[.]com

applications-security[.]com

application-secure[.]com

authorize-myaccount[.]com

blu142-live[.]com

blu160-live[.]com

blu162-live[.]com

blu165-live[.]com

blu167-live[.]com

blu175-live[.]com

blu176-live[.]com

blu178-live[.]com

blu179-live[.]com

blu187-live[.]com

browsering-check[.]com

browsering-checked[.]com

browsers-checked[.]com

browsers-secure[.]com

browsers-secures[.]com

browser-checked[.]com

browser-secures[.]com

bul174-live[.]com

checking-browser[.]com

check-activities[.]com

check-browser[.]com

check-browsering[.]com

check-browsers[.]com

connected-myaccount[.]com

connect-myaccount[.]com

data-center17[.]website

documents-view[.]com

documents-viewer[.]com

document-viewer[.]com

go2myprofile[.]info

go2profiles[.]info

googledriveservice[.]com

gotolinks[.]top

goto-newmail01[.]pro

idmsa-login[.]com

inbox01-email[.]pro

inbox01-gomail[.]com

inbox01-mails[.]icu

inbox01-mails[.]pro

inbox02-accounts[.]pro

inbox02-mails[.]icu

inbox02-mails[.]pro

inbox03-accounts[.]pro

inbox03-mails[.]icu

inbox03-mails[.]pro

inbox04-accounts[.]pro

inbox04-mails[.]icu

inbox04-mails[.]pro

inbox05-accounts[.]pro

inbox05-mails[.]icu

inbox05-mails[.]pro

inbox06-accounts[.]pro

inbox06-mails[.]pro

inbox07-accounts[.]pro

inbox101-account[.]com

inbox101-accounts[.]com

inbox101-accounts[.]info

inbox101-accounts[.]pro

inbox101-live[.]com

inbox102-account[.]com

inbox102-live[.]com

inbox102-mail[.]pro

inbox103-account[.]com

Inbox103-mail[.]pro

inbox104-accounts[.]pro

inbox105-accounts[.]pro

inbox106-accounts[.]pro

Inbox107-accounts[.]pro

inbox108-accounts[.]pro

inbox109-accounts[.]pro

inbox169-live[.]com

inbox171-live[.]com

inbox171-live[.]pro

inbox172-live[.]com

inbox173-live[.]com

inbox174-live[.]com

inbox-live[.]com

inbox-mail01[.]pro

inbox-mail02[.]pro

inbox-myaccount[.]com

mail01-inbox[.]pro

mail02-inbox[.]com

mail02-inbox[.]pro

mail03-inbox[.]com

mail03-inbox[.]pro

mail04-inbox[.]com

mail04-inbox[.]pro

mail05-inbox[.]pro

mail06-inbox[.]pro

mail07-inbox[.]pro

mail08-inbox[.]pro

mail09-inbox[.]pro

mail10-inbox[.]pro

mail12-inbox[.]pro

mail13-inbox[.]pro

mail14-inbox[.]pro

mail15-inbox[.]pro

mail16-inbox[.]pro

mail17-inbox[.]pro

mail18-inbox[.]pro

mail19-inbox[.]pro

mail20-inbox[.]pro

mail21-inbox[.]pro

mail101-inbox[.]com

mail101-inbox[.]pro

mail103-inbox[.]com

mail103-inbox[.]pro

mail104-inbox[.]com

mail104-inbox[.]pro

mail105-inbox[.]com

mail105-inbox[.]pro

mail106-inbox[.]pro

mail107-inbox[.]pro

mail108-inbox[.]pro

mail109-inbox[.]pro

mail110-inbox[.]pro

mail201-inbox[.]pro

mail-inbox[.]pro

mailings-noreply[.]pro

myaccountes-setting[.]com

myaccountes-settings[.]com

myaccountsetup[.]live

myaccounts-login[.]com

myaccounts-profile[.]com

myaccounts-secuirty[.]com

myaccounts-secures[.]com

myaccounts-settings[.]com

myaccounts-settinq[.]com

myaccounts-settinqes[.]com

myaccounts-transfer[.]com

myaccount-inbox[.]pro

myaccount-logins[.]com

myaccount-redirects[.]com

myaccount-setting[.]com

myaccount-settinges[.]com

myaccount-settings[.]ml

myaccount-setup[.]com

myaccount-setup1[.]com

myaccount-setups[.]com

myaccount-transfer[.]com

myaccount[.]verification-approve[.]com

myaccount[.]verification-approves[.]com

myaccuont-settings[.]com

mysecures-accounts[.]com

mysecure-account[.]com

mysecure-accounts[.]com

newinbox-accounts[.]pro

newinbox01-accounts[.]pro

newinbox01-mails[.]pro

newinbox02-accounts[.]pro

newinbox03-accounts[.]pro

newinbox05-accounts[.]pro

newinbox06-accounts[.]pro

newinbox07-accounts[.]pro

newinbox08-accounts[.]pro

newinbox-account[.]info

newinbox-accounts[.]pro

noreply[.]ac

noreply-accounts[.]site

noreply-mailer[.]pro

noreply-mailers[.]com

noreply-mailers[.]pro

noreply-myaccount[.]com

privacy-myaccount[.]com

privcay-setting[.]com

profile-settings[.]com

recovery-settings[.]info

redirections-login[.]com

redirections-login[.]info

redirection-login[.]com

redirection-logins[.]com

redirects-myaccount[.]com

royalk-uae[.]com

securesmails-alerts[.]pro

secures-applications[.]com

secures-browser[.]com

secures-inbox[.]com

secures-inbox[.]info

secures-settinqes[.]com

secures-transfer[.]com

secures-transfers[.]com

secure-browsre[.]com

secure-settinqes[.]com

security-settinges[.]com

securtiy-settings[.]com

services-securtiy[.]com

settings-secuity[.]com

setting-privcay[.]com

settinqs-myaccount[.]com

settinq-myaccounts[.]com

thx-me[.]website

transfer-click[.]com

transfer-clicks[.]com

truecaller[.]services

urllink[.]xyz

verifications-approve[.]com

verification-approve[.]com

verification-approves[.]com

xn--mxamya0a[.]ccn

yahoo[.]llc


This article was originally published by Amnesty International on December 18th 2018. It was republished, with permission, under a Creative Commons BY-NC-ND 4.0 International License, in accordance with the Terms & Conditions of Amnesty International | Formatting Edits and Tweets added/embedded by Rogue Media Labs

Google Fined by Russian Telecom Authorities, Faces Potential Banishment from Country

I am not quite sure why this news isn’t making headlines here in the United States, but for the first time in history on December 12th 2018, Google was fined 500,000 rubles ($7,500 US) by the Russia’s telecom watchdog Roskomnadzor – with threats of even larger fines and even banishment from the country within the future. The fines were levied against Google for the companies refusal to comply with Russian law, requiring the tech giant to host servers inside the country whilst also complying with national blacklisting rules/protocols. These laws have been active since October 2018.

With that said however, Russian authorities still believe that not enough is being done to remedy the situation. Given that Google made $110 billion dollars in profit over the course of 2018 alone, Vadim Subbotin, deputy head of Roskomnadzor, said that this weeks fine was essentially a “mockery” of Russian law – putting pressure on Russian lawmakers to heavily increase these sorts of fines in the future. “If fines won’t have any effect on the behavior of the foreign company, there’s a possibility that the legislation will be changed, which will allow the blocking of Google in Russia” Subbotin said. Adding that “blocking will become the toughest possible measure, but would be justified considering the content of the banned websites that Google allows its users to browse freely. We’re talking about child pornography, suicides, drugs, gambling, alcohol sales. We’re talking about extremism and terrorism,” he explained.

At the present moment in time there are over 120,000 websites banned in Russia, including links to VPN service providers, cyber security companies, certain international news platforms and countless human rights organizations – among many others. New laws enacted by Russia’s legislature in October 2018 prohibit tech companies, such as Google, from linking to these banned website or allowing them to show in their search returns. This is also why Russia now requires all tech companies and data service providers operating in the country to host at least one data server locally in the country, as well as route their service/traffic through Government controlled databases implementing/controlling the National blacklist.

However, despite multiple meetings between representatives and Russian authorities over the last several weeks and months, Google refuses to filter their content to tailor specifically to Russian audiences and has yet to pay the fine. This is particularly interesting to note considering that Google has willingly done this exact sort of thing for other countries, such as China – a key Russian ally. In fact, just this week, a day before they were fined in Russia on December 11th 2018, Googles CEO Sundar Pichai was forced to appear in front of US Congress where he was heavily criticized for complying with National blacklist rules/laws inside China, deliberately blocking search results in order to comply with China’s “Great Firewall.” It remains uncertain why Google is willing to comply with laws in one country, but not the other.

Full Testimony of Sundar Pichai In Front of US Congress: https://judiciary.house.gov/wp-content/uploads/2018/11/Pichai-Testimony.pdf

Similarly, Facebook is also facing fines from Russian lawmakers in the future, with Roskomnadzor threatening to ban the service from the country altogether if the company doesn’t begin complying with Russian data hosting laws. Earlier this year, in November 2018, the Kremlin also made it illegal for active duty military personnel to own or operate Facebook accounts as it has since been discovered that the US military is currently using the service to wage “Psychological Warfare” against foreign troops serving abroad – faking or spoofing messages from loved ones back home to cause distress, despair or panic for Russian troops.

Interestingly enough, this is also something I have personally experienced after applying for political asylum in the Bahamas, with US authorities pretending to operate accounts belonging to people close to me from Colombia.

Lastly, as I was in the process of writing this article, news has just broke that Google‘s Iphone is now also facing a potential ban inside China after Chinese courts found the tech giant guilty of two Qualcomm software patent violations in the development of its product. This is particularly concerning for the company given that it is estimated Google sold over 50 million Iphones in China over the course of the last year alone.