Discover and read the best of Twitter Threads about #infosec

Most recents (23)

Meet Tim Graboski, aka whiterook6. He works for AggregateIQ as software developer. If that name sounds familiar, it’s because they helped #CambridgeAnalytica during the 2016 election. And apparently they’re still interested in our elections. #Midterms2018 #osint #infosec
We know that part of the seed data for the models used by CA came from Facebook surveys users filled in as part of an app. Well doesn’t this look familiar....this is a project called Campaign Pillar aka Check-In. “AIQ” is plainly visible. As are the targeted election questions.
Well this little gem comes to us courtesy of Tim’s GitHub repository, found here :… Currently available to the public (cloned in case it comes down).
Read 10 tweets
.@judicialnetwork is picking #SCOTUS for us, first #Gorsuch now #Kavanaugh. @ZeldaShagnasty shows here, the domain confirmkavanaugh(.)com was registered in 2/17. 3 similar sites (.net, .info and confirmkavanaughnow(.)com) in 7/18, all three on the same day. #osint #infosec
That date was 7/10/2018. Given that all domains were registered through GoDaddy’s anonymous registration service, WHOIS doesn’t tell us much. But the site is copywritten to @judicialnetwork, so we know they’re involved. Let’s take a look at the page source for the .com site:
Notice something? A template created for a Gorsuch themed site is being used for #Kavanaugh. Was there a confirmgorsuch(.)com too? Blank page currently, but sure enough one was setup 12/19/2016. And taken down 7/9/2018. Well, when did confirmkavanaugh(.)com go live?
Read 10 tweets
On July 22nd Wikileaks released 22000 DNC emails that had been previously hacked by Russian GRU agents. On Oct 7th Wikileaks dumped hacked John Podesta emails soon after the seemingly damaging Access Hollywood tape came out where Donald Trump talked about sexual misconduct @ollie
3million tweets from the Russian Internet Research Agency were recently archived & made available by the site @fivethirtyeight. We wanted to look at particular hashtags related to Green Party Candidate Jill Stein and #DemExit… @ollie #infosec #osint #opsec
In the second wk of July 2016 #DemExit became a social media campaign & political movement in response to Bernie Sanders formally endorsing rival Hillary Clinton 4 president. Bernie Sanders supporters in particular were encouraged to leave the Democratic Party in protest #infosec
Read 14 tweets
1/ I have been running startups and out of managing IT projects for about 5 years. Dove back in last week and it is like nothing has changed except the faces and place. Security architect is a different lens, but good IT hygeine is good security hygeine.
2/ This position would have been a big step up for me and might have been out of my depth the last time I was working on similar projects. Now, it's not quite a cake walk, but I feel confident in a way I never really have running startups.
3/ So much of security comes down to doing IT right. Having a sane inventory and reliable change management processes and documented procedures is honestly at least 50% of it. It's an easy but very expensive corner to cut.
Read 4 tweets
THREAD: by now, many of you have seen posts or articles re: @defcon’s @VotingVillageDC, and the ease with which machines and websites were attacked and exploited. And now, THIS is happening....#unhackthevote #infosec #ElectionSecurity
For YEARS, advocates of election integrity have been pointing out these issues. This isn’t new. After 2000, the Help America Vote Act was passed to modernize our elections, first proposed by Robert Ney (R-OH). Signed into law by George W. Bush. So much for this theory:
At the same time, Bush’s @TheJusticeDept began an investigation into alleged #VoterFraud. Guess what it turned up? No masses of non-citizens voting, nothing that could come close to altering an election.…
Read 15 tweets
According to some recent data by @conspirator0 who analyzed the Russian IRA Twitter data dump the conspiracy hashtags of #pizzagate, #pedogate, #qanon ect appear 2 have first been used by these accts in a measurable way in Nov 2016 & really ramping up in Nov 2017. #infosec #psyop
Looking at our current reverse engineered #Hamilton68 #Twitter accts which are described as Russian influencer accts here ( .. our domestic Hamilton68 subset pushing #qanon has diverged significantly from the top Alt-right activist accts pushing #walkaway
Here are our previous threads on the fake propaganda #walkaway campaign
and here . Its interesting that #walkaway seems 2b slowly dying in propaganda value to the Russian influencer #Hamilton68 accounts. #infosec #psyop
Read 6 tweets
In conjunction with @SlickRockWeb, now let’s take a look at #WalkAway from a different perspective. Who’s the man behind the curtain, and who’s backing him? His name is Brandon Straka, know here as @UsMinority. Let’s get to know him a bit. #infosec #osint #psyops
Before #WalkAway took off (with surprising rapidity), Straka was a performance artist and stylist in New York. His most recent work appears to have been this show, showing his evolution away from #TheResistance. Here’s a link to the GoFundMe…
His first announcement of the #WalkAway campaign was on May 26th. However, shortly after the dates of his show, on a Facebook post dated 10/27/17, we see the following exchange after a post about @TheEllenShow, which appears to be the first public use of the “walk away” idea.
Read 14 tweets
So for the first time in quite a while a newcomer hashtag had top spot on the #Hamilton68 Dashboard -- #walkaway. We remembered seeing this hashtag in the past few weeks but didnt really know what it was or follow up on it. #infosec #opsec
The background story on this hashtag #walkaway is a little strange & the number of bots, trolls, & fake testimonial promoting this hashtag is even stranger. Here's an example of a completely fake tweet highlighted by @daveweigel #opsec #infosec
We decided to look retrospectively at our own reverse engineered #Hamilton68 data. This is a wordcloud of 22893 tweets from our main Hamilton68 troll subset going from June 24th until now & #walkaway takes the #1 spot. #infosec #opsec
Read 31 tweets
#infosec moment:

1/ Met a gentleman this morning outside our agency building today. Enjoyed some small talk; turns out he just got picked up for a dream infosec job. His first actually. Had joined the USAF in aircraft maintenance, pushed himself to learn IT after hours.
2/ You could tell within the first 30 seconds how passionate he is about this field, and how his intelligence and drive would take him far. By 60 seconds, you could also see his self-doubt & tendencies towards Impostor Syndrome.
3/ Ended up spending nearly 30 minutes just mentoring. He had seen me around in cyber (new here myself), and heard my honestly undeserved nickname “MegaMind”. Turns out it wasn’t entirely a chance encounter.
Read 8 tweets
Obviously this immediately got added to my reading list #infosec #threatintel
Well, off to the races. I'm starting to read through The Perfect Weapon. I'll share my train of thought as it comes up. Sadly, because I'm doing it as an audiobook the snippets I want to quote may not be available online
Includes a reference to the Atlanta ransomware attack among state-linked attacks. I've never seen it framed as state-sponsored, but it provides a good case study for what such an attack on state or municipal governments might look like
Read 32 tweets
Read 25 tweets
Hope @DHSgov is on this attack on the US Energy sector. There needs to be waaaay more coverage into the impacts across all Utility Markets. cc: @JynErso_2017 @TrickFreee…
Chilling takeaway: Attack was reported to the public (4/5) only after ESG was back up and running. It started 3/30. Duke is on record because they ditched ESG. How many providers are still using ESG? How much of our personal data matching HOME addresses were compromised?
Beyond personal data there exists another threat: Disruption of services. Utility companies must communicate with each other in order for the market to function. Markets differ across the country, but in deregulated markets its amplified by a factor x100.
Read 14 tweets
#infosecstaples = Time for a new hashtag to help out our #infosec students. Asked some remedial questions that anyone going into a tech field should know and was surprised they hadn't been taught these things in school.
I know my own college degree didn't prepare me at all for the work that I would be doing after I graduated, but I thought maybe it had gotten a little bit better at this point. I guess not. They seem to be failing the participants still.
One of the main reasons @synackpse & I wrote the Defensive Security Handbook was to put staple information all down into one place as well as we could, but it doesn't even come close to covering everything someone may need to know, that's what universities should be trying to do.
Read 11 tweets
1/ The MSM Media, specifically @MSNBC, is lying to You about William Binney. He's not a 'Conspiracy Theorist.' He's an NSA WhistleBlower.… .@Thomas_Drake1 .@JesselynRadack .@theintercept
2/ Binney is simply pointing out that NONE of the 17 Intel Agencies have shown a SHRED of FORENSIC evidence it was the Russians that hacked the DNC or DNCCC - Here's .@theintercept report:
3/ Here's the July 24 2017 @Consortiumnews Report Challenging the 17 Agencies' Assessment… cc .@MalcolmNance
Read 23 tweets
Paradise Papers leak reveals secrets of world elite's hidden wealth… From Today's Looking Glass... @JulietteGarside
#ParadisePapers NYT: Leaked Files Show Where the Elite Hide Their Money #AltGovDaily #IndivisibleTimes #WHPDaily…
Read 21 tweets
ICYMI: Test Your #VPN's Anti #Phishing Protection .@planetscape .@ALT_uscis .@COPicard2017 .@IndivisibleNet #InfoSec
When #Ransomware 1st Appeared, .@FoolishIT Issued #CryptoPrevent - Is Free, Now Updated. Recommended!… #InfoSec
Read 13 tweets
Since ancient times, members of the #infosec tribe have adhered to a set of rigid Rules of Branded Vulnerabilities across the cybersphere.
These rules apply equally regardless of actual merit, impact, or practicality of the vulnerability in question. They are:
1) After a vulnerability is discovered and confirmed, the first cause of action is to register a domain name.
Read 18 tweets
1/ Reach Out to Congress. Tell Them What You Think.
➡️Members of Congress | InsideGov… #PuertoRico #Indivisible
2/ Reach Out to Congress. Tell Them What You Think.
➡️Contacting Congress - Instantly #PuertoRico #Indivisible
3/ Find Out Who Donates To Your Member of Congress. Who do they Represent?
➡️VoteSmart - Click "Funding" Folder
Read 15 tweets
Git Solves A Problem for a Free People. Cooperation w/o explicit Coordination .@ezraklein .@BrendanEich #AltGovDaily
I'll just leave this Momentous Thing here... #AltGovDaily #IndivisibleTimes #WHPDaily .@decaro_nick .@BruceFeinEsq
Read 6 tweets
@tttthreads unroll
Read 7 tweets
1/ If there's a 1% inequality problem in #cybersecurity it's not the ability to hire skilled employees…
2/ despite increasingly damaging #cyberattacks and billions invested into new technologies, most are only accessible to the 1% of companies.
3/ #infosec professionals are mission driven. Working on big, interesting problems in #cybersecurity is not exclusive to the G2000
Read 9 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!