Microsoft Says Hackers Have Been Targeting Think Tanks Ahead of European Elections

Microsoft announced it is increasing its cybersecurity for think tanks in the U.S. and abroad, ahead of the European Parliament elections.

The company said that it has detected attacks against employees of the German Council on Foreign Relations, The Aspen Institutes in Europe, and The German Marshall Fund through its Threat Intelligence Center and Digital Crimes Unit.

“We believe the work of organizations like The German Marshall Fund and its Alliance for Securing Democracy are an essential part of efforts to secure democracies against those who seek to undermine it,” Microsoft Customer Security & Trust Vice President Tom Burt said in a blog post. “Many organizations essential to democracy do not have the resources or expertise to defend themselves against cyberattacks.”

The cyber attack targeted more than 100 accounts across Europe between September and December 2018. Microsoft said its ongoing investigation leads it to believe that Strontium, a Russian-linked hacker group, carried out the attack.

As a response to the hacks, Microsoft is expanding its cybersecurity service AccountGuard, which is part of its Defending Democracy Program, to 12 more European countries. France, Germany, Sweden, Denmark, Netherlands, Finland, Estonia, Latvia, Lithuania, Portugal, Slovakia, and Spain will now have access to Microsoft AccountGuard.

Tech companies across industries are preparing for more election interference efforts as poll dates near. Earlier this month, YouTube announced that it would no longer suggest conspiracy theory videos in an effort to curb the spread of misinformation.

Microsoft said tech companies “have a responsibility to help” to protect governments against cyber attacks and election interference. As more companies work to combat this worldwide issue, companies like Facebook are trying to clean up messes caused in previous elections.


Happy Valentine’s Day! If You’re on This Dating App Your Information Was Probably Stolen

Good afternoon and happy Valentine’s Day! If you’re looking to hop on dating apps to find the love of your life today, you should probably chill for a bit.

This morning, Coffee Meets Bagel–a popular dating app–announced a data breach to its users via email. It’s not clear how many accounts were impacted and the company says hackers only gained information from users who were on the app before May 2018. 

Only users’ names and emails were compromised. Financial information or passwords weren’t hacked since the company doesn’t store those details on its users.

In an awkwardly timed announcement, the company didn’t go into extreme detail about the particulars of the breach, but it did lay out a plan to protect its users’ information moving forward and said it will seek the efforts of “forensic security experts” to take a look at the nuts and bolts of the company’s infrastructure. It’s also monitoring for more suspicious activity on the platform.

Irony and jokes aside, the Coffee Meets Bagel situation is a part of an even bigger data breach where details of over 600 million accounts are now up for sale on the dark web for Bitcoin. Other platforms including HauteLook, Dubsmash, MyFitnessPal, and more were involved as well. 

This isn’t the first time we’ve heard of a dating app not protecting its users’ information. This week, TechCrunch’s Zack Whittaker reported that several users of OKCupid had their accounts breached. Hackers gained access to passwords and even changed email addresses on file. Whittaker also added that dating sites don’t even offer two-factor authentication…yikes.

Finding love is already a consistent, agonizing battle. Now users have to worry about their information being stolen while looking for companionship. 


Report: Hijacked Dormant Twitter Accounts Are Spreading Islamic State Propaganda

Hackers have hijacked dormant Twitter accounts in an attempt to spread Islamic State propaganda, according to reporting from TechCrunch. 

The hijacks took place ranging from the last few days to the last few months. Hackers were able to get into the accounts using a decade-old flaw in Twitter’s system that did not previously require email or phone number verifications.

In November, Twitter removed 9 million bot and spam accounts to prevent those types of accounts from automatically making news ones.

“We made progress preventing spammy or suspicious new account creation by requiring new accounts to confirm either an email address or phone number when they sign up to Twitter, and we improved the detection and removal of previously banned accounts who attempt to evade suspension by creating new accounts,” Twitter said in a quarterly filing after removing the accounts.

The latest string of hijackers were able to take over by finding older dormant accounts using expired email addresses. Hackers created identical email addresses, which were usually the same as the Twitter account name, to take control of accounts. The hackers would then begin tweeting and retweeting propaganda in Arabic.

“Reusing email addresses in this manner is not a new issue for Twitter or other online services,” a Twitter spokesperson told TechCrunch. “For our part, our teams are aware and are working to identify solutions that can help keep Twitter accounts safe and secure.”

Twitter has officially begun removing some of the hijacked accounts.


Howard University Awarded With $1M Grant For Cybersecurity Research

Photo: Howard University

Howard University’s College of Engineering and Architecture is the recipient of a $1 million grant from The National Science Foundation’s HBCU Research Infrastructure for Science and Engineering (HBCU-RISE) that will fund a cyber security research project.

“Security Engineering for Resilient Mobile Cyber-Physical Systems” will innovate the cybersecurity field with tasks such as developing reproducible mobile cyber-physical system units, designing and evaluating a federated framework for incident detection and response systems and designing, evaluating and validating the proposed framework, according to the NSF’s official Award Abstract.

Howard University’s College of Engineering, Architecture and Computer Sciences Associate Dean Moses Garuba and Associate Professor Danda B. Rawat are the principal investigators of the project.

In a press release by Howard University, Dean Achille Messac, Ph.D., College of Engineering and Architecture said, “I am delighted to see our faculty vigorously transform our college while engaging our students in conquering the daunting technological challenges of our time. Dr. Rawat and Dr. Garuba are exemplary change agents in our college, and I am proud of them.”