Discover and read the best of Twitter Threads about #InfoSec
Most recents (23)
Meet Tim Graboski, aka whiterook6. He works for AggregateIQ as software developer. If that name sounds familiar, it’s because they helped #CambridgeAnalytica during the 2016 election. And apparently they’re still interested in our elections. #Midterms2018 #osint #infosec
We know that part of the seed data for the models used by CA came from Facebook surveys users filled in as part of an app. Well doesn’t this look familiar....this is a project called Campaign Pillar aka Check-In. “AIQ” is plainly visible. As are the targeted election questions. 
Well this little gem comes to us courtesy of Tim’s GitHub repository, found here : github.com/whiterook6/che… Currently available to the public (cloned in case it comes down).
.@judicialnetwork is picking #SCOTUS for us, first #Gorsuch now #Kavanaugh. @ZeldaShagnasty shows here, the domain confirmkavanaugh(.)com was registered in 2/17. 3 similar sites (.net, .info and confirmkavanaughnow(.)com) in 7/18, all three on the same day. #osint #infosec
That date was 7/10/2018. Given that all domains were registered through GoDaddy’s anonymous registration service, WHOIS doesn’t tell us much. But the site is copywritten to @judicialnetwork, so we know they’re involved. Let’s take a look at the page source for the .com site:
Notice something? A template created for a Gorsuch themed site is being used for #Kavanaugh. Was there a confirmgorsuch(.)com too? Blank page currently, but sure enough one was setup 12/19/2016. And taken down 7/9/2018. Well, when did confirmkavanaugh(.)com go live?
@WomanResistorNC @IndivisiblesNC @SuitUpILM @RepDavidRouzer @HouseGOP 1/ Reach Out to Congress - Tell Them What You Think.
➡️Members of Congress | InsideGov members-of-congress.insidegov.com/?utm_source=tw… #Resist #TheResistance #AltGov #Indivisible #SVRAV cc .@IndivisibleNet
➡️Members of Congress | InsideGov members-of-congress.insidegov.com/?utm_source=tw… #Resist #TheResistance #AltGov #Indivisible #SVRAV cc .@IndivisibleNet
@WomanResistorNC @IndivisiblesNC @SuitUpILM @RepDavidRouzer @HouseGOP @IndivisibleNet 2/ Reach Out to Congress - Tell Them What You Think.
➡️Contacting Congress - Instantly contactingcongress.org #Resist #TheResistance #AltGov #Indivisible #SVRAV #StopKavanaugh #MeToo cc .@IndivisibleNet
➡️Contacting Congress - Instantly contactingcongress.org #Resist #TheResistance #AltGov #Indivisible #SVRAV #StopKavanaugh #MeToo cc .@IndivisibleNet
@WomanResistorNC @IndivisiblesNC @SuitUpILM @RepDavidRouzer @HouseGOP @IndivisibleNet 3/ Find Out Who Donates To Your Member of Congress. Who do they Represent?
➡️VoteSmart -- Click "Funding" Folder votesmart.org #Resist #TheResistance #AltGov #Indivisible #SVRAV #StopKavanaugh #MeToo cc .@IndivisibleNet #AltGovDaily #IndivisibleTimes
➡️VoteSmart -- Click "Funding" Folder votesmart.org #Resist #TheResistance #AltGov #Indivisible #SVRAV #StopKavanaugh #MeToo cc .@IndivisibleNet #AltGovDaily #IndivisibleTimes
On July 22nd Wikileaks released 22000 DNC emails that had been previously hacked by Russian GRU agents. On Oct 7th Wikileaks dumped hacked John Podesta emails soon after the seemingly damaging Access Hollywood tape came out where Donald Trump talked about sexual misconduct @ollie
3million tweets from the Russian Internet Research Agency were recently archived & made available by the site @fivethirtyeight. We wanted to look at particular hashtags related to Green Party Candidate Jill Stein and #DemExit
fivethirtyeight.com/features/why-w… @ollie #infosec #osint #opsec
fivethirtyeight.com/features/why-w… @ollie #infosec #osint #opsec
1/ I have been running startups and out of managing IT projects for about 5 years. Dove back in last week and it is like nothing has changed except the faces and place. Security architect is a different lens, but good IT hygeine is good security hygeine.
2/ This position would have been a big step up for me and might have been out of my depth the last time I was working on similar projects. Now, it's not quite a cake walk, but I feel confident in a way I never really have running startups.
3/ So much of security comes down to doing IT right. Having a sane inventory and reliable change management processes and documented procedures is honestly at least 50% of it. It's an easy but very expensive corner to cut.
THREAD: by now, many of you have seen posts or articles re: @defcon’s @VotingVillageDC, and the ease with which machines and websites were attacked and exploited. And now, THIS is happening....#unhackthevote #infosec #ElectionSecurity
For YEARS, advocates of election integrity have been pointing out these issues. This isn’t new. After 2000, the Help America Vote Act was passed to modernize our elections, first proposed by Robert Ney (R-OH). Signed into law by George W. Bush. So much for this theory:
At the same time, Bush’s @TheJusticeDept began an investigation into alleged #VoterFraud. Guess what it turned up? No masses of non-citizens voting, nothing that could come close to altering an election. nytimes.com/2007/04/12/was…
According to some recent data by @conspirator0 who analyzed the Russian IRA Twitter data dump the conspiracy hashtags of #pizzagate, #pedogate, #qanon ect appear 2 have first been used by these accts in a measurable way in Nov 2016 & really ramping up in Nov 2017. #infosec #psyop
Looking at our current reverse engineered #Hamilton68 #Twitter accts which are described as Russian influencer accts here (dashboard.securingdemocracy.org) .. our domestic Hamilton68 subset pushing #qanon has diverged significantly from the top Alt-right activist accts pushing #walkaway
Here are our previous threads on the fake propaganda #walkaway campaign
and here . Its interesting that #walkaway seems 2b slowly dying in propaganda value to the Russian influencer #Hamilton68 accounts. #infosec #psyop
and here . Its interesting that #walkaway seems 2b slowly dying in propaganda value to the Russian influencer #Hamilton68 accounts. #infosec #psyop
In conjunction with @SlickRockWeb, now let’s take a look at #WalkAway from a different perspective. Who’s the man behind the curtain, and who’s backing him? His name is Brandon Straka, know here as @UsMinority. Let’s get to know him a bit. #infosec #osint #psyops
Before #WalkAway took off (with surprising rapidity), Straka was a performance artist and stylist in New York. His most recent work appears to have been this show, showing his evolution away from #TheResistance. Here’s a link to the GoFundMe gofundme.com/resist-a-rock-…
His first announcement of the #WalkAway campaign was on May 26th. However, shortly after the dates of his show, on a Facebook post dated 10/27/17, we see the following exchange after a post about @TheEllenShow, which appears to be the first public use of the “walk away” idea.
So for the first time in quite a while a newcomer hashtag had top spot on the #Hamilton68 Dashboard -- #walkaway. We remembered seeing this hashtag in the past few weeks but didnt really know what it was or follow up on it. #infosec #opsec dashboard.securingdemocracy.org
The background story on this hashtag #walkaway is a little strange & the number of bots, trolls, & fake testimonial promoting this hashtag is even stranger. Here's an example of a completely fake tweet highlighted by @daveweigel #opsec #infosec
We decided to look retrospectively at our own reverse engineered #Hamilton68 data. This is a wordcloud of 22893 tweets from our main Hamilton68 troll subset going from June 24th until now & #walkaway takes the #1 spot. #infosec #opsec
#infosec moment:
1/ Met a gentleman this morning outside our agency building today. Enjoyed some small talk; turns out he just got picked up for a dream infosec job. His first actually. Had joined the USAF in aircraft maintenance, pushed himself to learn IT after hours.
1/ Met a gentleman this morning outside our agency building today. Enjoyed some small talk; turns out he just got picked up for a dream infosec job. His first actually. Had joined the USAF in aircraft maintenance, pushed himself to learn IT after hours.
2/ You could tell within the first 30 seconds how passionate he is about this field, and how his intelligence and drive would take him far. By 60 seconds, you could also see his self-doubt & tendencies towards Impostor Syndrome.
3/ Ended up spending nearly 30 minutes just mentoring. He had seen me around in cyber (new here myself), and heard my honestly undeserved nickname “MegaMind”. Turns out it wasn’t entirely a chance encounter.
Well, off to the races. I'm starting to read through The Perfect Weapon. I'll share my train of thought as it comes up. Sadly, because I'm doing it as an audiobook the snippets I want to quote may not be available online
Includes a reference to the Atlanta ransomware attack among state-linked attacks. I've never seen it framed as state-sponsored, but it provides a good case study for what such an attack on state or municipal governments might look like
@msharmas @HIMSSIndia @supten @bipin4uk @55bio @ManishreeBhatt1 @krayker @rmnth @drvikram @kousikraj @PhilipsBlore @drruchibhatt @JyotiSahai @oommen_john @DrUjjwalRao @rbatra868 @edrneelesh @milindantani @iArnabPaul @mTatva @ashwinnaik @DrJagdishChatur @pankajguptadr @sbbhattacharyya Stay tuned to the #HIMSSIndia Blog Carnival with insights shared by the experts during the @HIMSSIndia Conference and Exhibition 2018
1: Conference Information and links- blog.hcitexpert.com/2018/04/himss-…
2: How to bridge Healthcare's Digital Divide @Ishaq_Quadri blog.hcitexpert.com/2018/04/how-to…
1: Conference Information and links- blog.hcitexpert.com/2018/04/himss-…
2: How to bridge Healthcare's Digital Divide @Ishaq_Quadri blog.hcitexpert.com/2018/04/how-to…
@msharmas @HIMSSIndia @supten @bipin4uk @55bio @ManishreeBhatt1 @krayker @rmnth @drvikram @kousikraj @PhilipsBlore @drruchibhatt @JyotiSahai @oommen_john @DrUjjwalRao @rbatra868 @edrneelesh @milindantani @iArnabPaul @mTatva @ashwinnaik @DrJagdishChatur @pankajguptadr @sbbhattacharyya @Ishaq_Quadri 3. #HIMSS18: Where the brightest minds in healthcare meet !! by @tejasvdeshmukh
blog.hcitexpert.com/2018/04/himss2…
#HIMSSIndia #HITsmIND
blog.hcitexpert.com/2018/04/himss2…
#HIMSSIndia #HITsmIND
@msharmas @HIMSSIndia @supten @bipin4uk @55bio @ManishreeBhatt1 @krayker @rmnth @drvikram @kousikraj @PhilipsBlore @drruchibhatt @JyotiSahai @oommen_john @DrUjjwalRao @rbatra868 @edrneelesh @milindantani @iArnabPaul @mTatva @ashwinnaik @DrJagdishChatur @pankajguptadr @sbbhattacharyya @Ishaq_Quadri @tejasvdeshmukh 4. Vision 2025: What Health Care Could Look Like a Decade from Now by Dr. Vicky Parikh, @ParikhVicky blog.hcitexpert.com/2018/04/vision…
#HIMSSIndia #HITsmIND
#HIMSSIndia #HITsmIND
Hope @DHSgov is on this attack on the US Energy sector. There needs to be waaaay more coverage into the impacts across all Utility Markets. cc: @JynErso_2017 @TrickFreee theedgemarkets.com/article/cybera…
Chilling takeaway: Attack was reported to the public (4/5) only after ESG was back up and running. It started 3/30. Duke is on record because they ditched ESG. How many providers are still using ESG? How much of our personal data matching HOME addresses were compromised?
Beyond personal data there exists another threat: Disruption of services. Utility companies must communicate with each other in order for the market to function. Markets differ across the country, but in deregulated markets its amplified by a factor x100.
#infosecstaples = Time for a new hashtag to help out our #infosec students. Asked some remedial questions that anyone going into a tech field should know and was surprised they hadn't been taught these things in school.
I know my own college degree didn't prepare me at all for the work that I would be doing after I graduated, but I thought maybe it had gotten a little bit better at this point. I guess not. They seem to be failing the participants still.
One of the main reasons @synackpse & I wrote the Defensive Security Handbook was to put staple information all down into one place as well as we could, but it doesn't even come close to covering everything someone may need to know, that's what universities should be trying to do.
1/ The MSM Media, specifically @MSNBC, is lying to You about William Binney. He's not a 'Conspiracy Theorist.' He's an NSA WhistleBlower. startpage.com/do/search?q=tr… .@Thomas_Drake1 .@JesselynRadack .@theintercept
2/ Binney is simply pointing out that NONE of the 17 Intel Agencies have shown a SHRED of FORENSIC evidence it was the Russians that hacked the DNC or DNCCC - Here's .@theintercept report: interc.pt/2iCBzZ0
3/ Here's the July 24 2017 @Consortiumnews Report Challenging the 17 Agencies' Assessment consortiumnews.com/2017/07/24/int… cc .@MalcolmNance
Paradise Papers leak reveals secrets of world elite's hidden wealth theguardian.com/news/2017/nov/… From Today's Looking Glass... @JulietteGarside
#ParadisePapers NYT: Leaked Files Show Where the Elite Hide Their Money #AltGovDaily #IndivisibleTimes #WHPDaily nytimes.com/2017/11/05/wor…
BBC: #ParadisePapers : Tax haven secrets of ultra-rich exposed bbc.co.uk/news/uk-418769… #AltGovDaily #IndivisibleTimes #WHPDaily
ICYMI: Test Your #VPN's Anti #Phishing Protection .@planetscape .@ALT_uscis .@COPicard2017 .@IndivisibleNet #InfoSec
When #Ransomware 1st Appeared, .@FoolishIT Issued #CryptoPrevent - Is Free, Now Updated. Recommended! foolishit.com/cryptoprevent-… #InfoSec
Activate the #Ransomware Protection Built Into #Windows10FallCreatorsUpdate - Ta! theregister.co.uk/2017/10/23/fyi… #AltGovDaily #InfoSec #WHPDaily
Speaking of which: #Equifax #EquifaxDataBreach #MustSee cc .@mikko .@matthew_d_green .@schneierblog .@th3j35t3r #WTF
3/ "You Make Money off This ScrewUp": - @SenWarren To #Equifax CEO #MalFeasance #NonFeasance #FiduciaryBreach
4/ .@SenFranken Attempts to Pry Some Answers from #Equifax CEO #AltGovDaily #IndivisibleTimes #WHPDaily
Since ancient times, members of the #infosec tribe have adhered to a set of rigid Rules of Branded Vulnerabilities across the cybersphere.
These rules apply equally regardless of actual merit, impact, or practicality of the vulnerability in question. They are:
1) After a vulnerability is discovered and confirmed, the first cause of action is to register a domain name.
1/ Reach Out to Congress. Tell Them What You Think.
➡️Members of Congress | InsideGov members-of-congress.insidegov.com/?utm_source=tw… #PuertoRico #Indivisible
➡️Members of Congress | InsideGov members-of-congress.insidegov.com/?utm_source=tw… #PuertoRico #Indivisible
2/ Reach Out to Congress. Tell Them What You Think.
➡️Contacting Congress - Instantly contactingcongress.org #PuertoRico #Indivisible
➡️Contacting Congress - Instantly contactingcongress.org #PuertoRico #Indivisible
3/ Find Out Who Donates To Your Member of Congress. Who do they Represent?
➡️VoteSmart - Click "Funding" Folder votesmart.org
➡️VoteSmart - Click "Funding" Folder votesmart.org
Git Solves A Problem for a Free People. Cooperation w/o explicit Coordination .@ezraklein .@BrendanEich #AltGovDaily
I'll just leave this Momentous Thing here... #AltGovDaily #IndivisibleTimes #WHPDaily .@decaro_nick .@BruceFeinEsq
Virus Keeps Hitting US Predator and Reaper #Drones arstechnica.com/?post_type=pos… #AltGovDaily #IndivisibleTimes #WHPDaily #APT #InfoSec @mikko
@tttthreads unroll
1/ If there's a 1% inequality problem in #cybersecurity it's not the ability to hire skilled employees
forbes.com/sites/groupthi…
forbes.com/sites/groupthi…
2/ despite increasingly damaging #cyberattacks and billions invested into new technologies, most are only accessible to the 1% of companies.
3/ #infosec professionals are mission driven. Working on big, interesting problems in #cybersecurity is not exclusive to the G2000
