Feds warn foreign disinformation will be spamming US voters well after the November election to sow discord and doubt
Also, Brazilian teen spots odd Instagram bug and nets $25K
In Brief Foreign-backed disinformation campaigns will spread fake news about the results of the upcoming US election in an effort to sow doubt and outrage among the American public.
This is according to an alert issued by the FBI and Department of Homeland Security this week. The two agencies believe that in the immediate aftermath of the presidential election on November 3, Americans will be bombarded with false stories about the vote tally, reports of voter fraud, and other issues that would stoke division as the country awaits official election results – a process that could take weeks.
Unlike the 2016 election, when most of the disinformation was sprayed out in the run-up to the vote, this cycle will aim to even make people question whether the results of the vote are valid, the alert states. People are urged to check their facts carefully with multiple trusted sources – top tier news organizations and outlets, primarily – and on official government websites.
"The increased use of mail-in ballots due to COVID-19 protocols could leave officials with incomplete results on election night," the agencies warned.
"Foreign actors and cybercriminals could exploit the time required to certify and announce elections’ results by disseminating disinformation that includes reports of voter suppression, cyberattacks targeting election infrastructure, voter or ballot fraud, and other problems intended to convince the public of the elections’ illegitimacy."
ATM skimming crew busted
The DOJ has indicted nine people it says operated a string of ATM skimmer operations netting more than $100,000 in theft.
The crew, it is said, placed "skimmer" devices over the card readers of ATMs and collected the card information of people who used the kiosks. They would then yank the skimmers and encode the data onto blank cards which they could use or sell to others.
This was done between March 2019 and June 2020 across a string of states in the southeastern US: Florida, Louisiana, Georgia, and Mississippi, as well as in New York state.
Each of the nine have now been indicted on one federal count of conspiracy to commit device fraud. Police have also reportedly arrested other suspected members of the gang.
You're never going to believe this, but Cisco has patched some bugs
The latest patch bundle from Switchzilla is a hefty one, containing a total of 42 CVE-listed vulnerabilities across various networking gear.
Fortunately, none of the fixes are for issues deemed to be critical problems, but 29 are considered high risk and should be patched as soon as possible.p>
These include a firewall denial of service bug, a code execution flaw, and an arbitrary file overwrite in IOS XE appliances, two denial of service bugs in Aironet Access Points, and denial of service in the Catalyst 9200 series switches.
Teen hacker bags $25K payout for Instagram bug find
A 14 year-old Brazilian developer has netted himself a nice payday from Facebook, thanks to a critical bug find in Instagram.
Andres Alonso says that he stumbled upon the cross-site scripting flaw by accident while he was working on his own mobile app.
While wading through some integration code with Instagram's AR filter creator, he figured out that someone could redirect the URL a filter links to without the user getting any notification. At the time, though, he couldn't quite get a proof-of-concept to work and show it was a complete XSS vulnerability.
Stil, Alonso reported the issue to Facebook, whose security team confirmed that it was indeed a bug that would allow for dangerous cross-site-scripting and decided to award the teen a tidy $25,000 bounty. Facebook's crew said the dodgy code could be used in an XSS attack against Instagram but reckoned it hadn't been used in the wild.
"I have to thank Facebook for making a little push in my report escalating to an XSS," he said.
It's 2020, and we're still trying Silk Road cases
It has been more than five years since Silk Road boss Ross Ulbricht was sent to prison for a double life sentence plus 40 years without the possibility of parole, and US authorities are still trying people tied to the notorious drugs market.
This time, it's programmer Michael Weigand, who pled guilty to lying to federal investigators about his role in the market.
Specifically, Weigand admitted that he was actually involved in helping suss out potential security holes in the site and that he worked with both Ulbricht and Silk Road advisor Roger Thomas Clark.
Additionally, Weigand admitted to flying to London to meet one of Clark's friends under the guise of starting a marijuana seed business, but instead going to Clark's London residence to destroy evidence.
"When Weigand was questioned by law enforcement in 2019, he falsely claimed not to have done anything at all for Silk Road," US Attorney Audrey Strauss. "For his various false statements, Weigand now faces potential prison time." ®