Tuesday, August 20, 2024

EXCLUSIVE
Pro-Palestine group takes credit for hacking Donald Trump-Elon Musk interview on X as 2024 gears up to be the most hackable election ever

By Matthew Phelan Senior Science Reporter For Dailymail.Com
14 August 2024

Pro-Palestinian hackers, working anonymously under the name RipperSec, claimed credit for a cyber-attack on Elon Musk's live interview with Donald Trump this week.

And a major cybersecurity firm said the hack included a 'highly targeted operation, specifically aimed at Donald Trump's personal Twitter [X] account' alongside its assault on the pair's livestream, sowing chaos for their X 'Spaces' interview Monday.

Though one London-based expert told DailyMail.com he would take the firm's claims 'with a pinch of salt for now' — the murky nature of these technical difficulties during the interview has raised the specter of US election's increasing digital vulnerability.
The video player is currently playing an ad.

Since June, for example, the FBI has pursued a quiet investigation into alleged Iranian hacking of both Republican and Democratic presidential campaigns. 


One of China 's largest cybersecurity firms has confirmed tech mogul Elon Musk's claim that hackers struck his livestream interview with presidential hopeful Donald Trump (left)

Compounding concerns over those attacks, 20 cybersecurity experts delivered a stern warning to Congress this March calling for a phase-out of voting machines that they said are 'not reliable against the danger of hacking or mis-programming.'

Critics had initially dismissed Musk's cyberattack claim as face-saving bluster from a man some see as an increasingly erratic and heedlessly opinionated billionaire.

'There appears to be a massive DDoS attack on X,' Musk posted to his social site, once known as Twitter, as his Trump stream crashed. 'Working on shutting it down.'

As one computer science professor at the University of California, Riverside, Emiliano De Cristofaro, told Newsweek: 'There is no evidence of any malicious activity happening but more importantly no other functionality was affected.'

De Cristofaro said that he doubted a Distributed Denial of Service (DDOS) attack — in which a coordinated influx of traffic overwhelms a site's servers — caused the crash.


The firm, QAX XLab, identified a 'highly targeted operation, specifically aimed at Donald Trump's personal Twitter [X] account' and more, amid the chaotic 'Spaces' interview Monday. Above, 20 military attachés from the MidEast and Africa visit QAX to talk network security

'It is much more likely that the platform just couldn't handle a sudden big spike in the number of users trying to stream,' the computer scientist opined.

Others questioned the motives of the Palestinian rights 'hacktivists' that took credit for the attack, claiming their boasts were a gambit to boost their activist message.

'Rippersec is a pro-Palestine hacktivist group who conducts DDoS attacks motivated by geopolitical events,' digital security writer CyberKnow posted to X.

'The group like many hacktivist groups also thrives off attention,' the writer warned, 'making it easy for them to claim this to improve credibility and reputation.'

But researchers with XLab, the cybersecurity research and threat analysis wing of China's cybersecurity firm QAX, believed they had unearthed real evidence to the contrary — laying out their case for a confirmed DDoS attack in a post Wednesday.

QAX XLab said: 'We identified four Mirai botnet C2s (command and controllers) involved in the attack. Additionally, other attack groups also participated using methods like HTTP proxy attacks.' Above, Donald Trump sits for his Monday X Spaces interview


Above, a copy of the 'exact attack payloads' used in Monday's 'highly destructive attacks [...] specifically aimed at Donald Trump's personal Twitter account,' according to China's XLab

'We identified four Mirai botnet C2s (command and controllers) involved in the attack. Additionally, other attack groups also participated using methods like HTTP proxy attacks,' the firm's researchers reported in a blog post.

'Mirai' is a form of malicious code that turns internet-connected devices running a Linux operating system into remote-controlled 'zombies' for a 'botnet' army.



'The attack lasted from 8:37am to 9:28am Beijing time [8:37–9:28pm Eastern],' XLab noted, 'which closely matches the delay durations in the start time of the interview.' Above, the logo for Chinese cybersecurity firm QAX - whose XLab studied the hack

In an 'HTTP proxy attack,' hackers intercept and modify web traffic between sites, servers and computers — whether to steal private data or alter the content for a variety of mischief.

'The attack lasted from 8:37am to 9:28am Beijing time [8:37–9:28pm Eastern],' XLab noted, 'which closely matches the delay durations in the start time of the interview.'

'Our analysis indicates that the attack did occur,' their report summed it up.

As proof of their analysis, the firm posted screen captures of a social media channel 'UglyBotnet' in which one anonymous user appeared to take credit for the attack.

'Just crashed twitter round 2,' that user, whose handle was iholdLTC, claimed.

Cybersecurity expert and director of the UK firm NetBlocks Alp Toker, however, was skeptical of QAX XLab's interpretation of these findings.

As he told DailyMail.com via email: 'The HTTP attack described in that report wouldn't likely have been able to bring down the X Spaces streaming feature as it appears to target a different part of the platform's infrastructure.'


As proof of their analysis, QAX XLab posted screencaptures of a social media channel 'UglyBotnet' in which one anonymous user appeared to take credit for the attack (above)

Critics had initially dismissed Musk's cyberattack claims as face-saving bluster from a man some see as an increasingly erratic and heedlessly opinionated billionaire. Above, Elon Musk sitting in a chair on Monday in a room with a small dog and an American flag

Toker also expressed doubt that the outage could have been caused by the type of DDoS attack specified by the XLab report: a 'UDP attack' in which hackers crowd out legitimate site users with their own User Datagram Protocol (UDP) packets.

'Note that X was able to restore the stream by limiting the number of concurrent listeners,' Toker pointed out, 'a measure that wouldn't have halted the impact of a UDP packet flood or inundation attack [like a DDoS] targeting HTTPS ports.'

Two anonymous current staffers at X appeared to corroborate this assessment, with one telling The Verge that they were '99 percent' sure Musk lied about the hack.

But Toker caveated his take by noting it was 'a very quick preliminary analysis' and he 'can't validate the claims either way' with any high degree of certitude.

China's QAX XLab team, however, reported that they were certain that these attacks were 'obviously well prepared and highly targeted,' in another post.

And at least one nation, Iran, is being actively investigated by the FBI for attempting to hack both major US political parties' presidential campaigns this cycle, according to the Washington Post.


Above, Donald Trump sits for his X (formerly Twitter) Spaces chat with Musk on Monday

While Iran has denied interfering in US elections, the Post reports that hackers sponsored by Iran had targeted advisers to the Democratic campaigns of President Joe Biden and Vice President Kamala Harris, as well as Trump associate Roger Stone.

Trump's campaign went public over the weekend accusing Iran of hacking one of its websites, noting that the FBI was investigating the breach.



'We were just informed by Microsoft Corporation that one of our many websites was hacked by the Iranian Government - Never a nice thing to do!' Trump wrote on his Truth Social platform on Saturday.

Grant Smith, an attorney for Stone, said his client 'was contacted by Microsoft and the FBI regarding this matter and continues to cooperate with these organizations.'

Earlier this election cycle, over 20 election cybersecurity experts took their own concerns to Capitol Hill, signing a joint warning on the need to replace key voting machines with harder-to-hack 'optical scanning' voting machines.

The machines would replace so-called 'ballot-marking devices,' where voters punch in their choices on a computer screen or via buttons — which, unlike paper ballots, increase the chances that their votes could be manipulated by a cunning software substitution.

'Most Pennsylvania counties use hand-marked paper ballots, counted by machine and recountable by hand. That's the state-of-the-art most reliable method,' Princeton cybersecurity expert Professor Andrew Appel told Congress in his March testimony.

'But 14 counties are using touchscreen ballot-marking devices for all in-person voters,' the Princeton professor continued, 'and that is a disaster waiting to happen.'

Unlike Professor Appel, NetBlocks Toker was more optimistic about the security of America's voting machine infrastructure.

Above, Princeton cybersecurity expert Professor Andrew Appel during a March 2024 hearing, where he warned Congress about touchscreen ballot-marking devices in use in Pennsylvania

'The US has robust protections for elections, including a paper trail for votes and competent cybersecurity agencies,' Toker told DailyMail.com, 'which makes hacking the actual election results difficult.'

But he struck a different tone on the issue of online disinformation campaigns and the proven threat of malicious hacks targeting candidates.

'The human element in the run-up to the election is a different matter and remains the weakest link,' the NetBlocks director said, 'with [political] campaigns at risk from social engineering attacks, damaging leaks and potential insider threats.'

'The general public is also an easy target for misinformation campaigns by foreign state actors,' according to Toker, 'or even non-state actors with a vested interest.'

One vulnerability that Toker stressed might make these issues worse, is America's 'growing political polarization' which has transformed these risks into a game of partisan gamesmanship.

'Cyber risks may be downplayed or overlooked by partisans,' he cautioned, 'where they're perceived only to target the "other side."'

No comments: