IT News

Several German newspapers were left unable to release printed versions of their papers after a ransomware attack affected their printing systems.

Speaking to BleepingComputer, Uwe Ralf Heer, editor-in-chief of Heilbronn Stimme, said the attack hit the entire Stimme Mediengruppe media group, which Heilbronn is a member. Other affected companies under the group are Echo, Pressedruck, and RegioMail.

Heer said a “well-known cybercriminal group” carried out the attack last Friday, October 14, leaving systems encrypted. Despite leaving ransom notes. the attackers are yet to make any specific ransom demands. 

Just four days after the attack, Heilbronn Stimme was able to begin delivering printed newspapers again. The newspaper had released Monday’s issue in e-paper form, temporarily lifting the paywall on its website.

Editors were told to work from home using their personal computers following the ransomware attack. New email addresses were also provided for them.

Slowly returning to normal

The media company’s IT team, who worked with external cybersecurity experts, jump-started production again on Monday evening. An official police investigation has begun. However, the media group has made clear it won’t be providing information regarding the status of the investigation and “possible letter of confession and ransom demands”.

“Thanks to a sophisticated data backup strategy, we were able to restore the production-critical systems with great effort and thanks to the great know-how of the IT team,” said Andreas Reischle, head of IT of Heilbronn Stimme.

Tobias Sobkowiak, Heilbronn Stimme’s head of press printing, is pleased papers are in production again. “We are glad that we were able to produce a newspaper again so quickly under these conditions. This was mainly possible due to the great teamwork in production and the good and long-term cooperation with our service providers. Hand in hand, we managed what didn’t seem possible at the end of last week,” he said.

Regio Mail, Echo, and others newspapers the media company distributes, such as Süddeutsche Zeitung and Stuttgarter Zeitung, also began printing and distribution.

Although full recovery from the attack will take some time, Cornelia Neuberger, head of the regional delivery service for the media group, was proud of what they’ve already achieved.

“The clerks in personnel dispatch at Stimme Logistik, the delivering freight forwarders, the employees in product distribution and the area managers on site are in constant communication. The current situation brings us even closer together. We would like to thank everyone involved for their active support,” she said.

If you’re looking to sell an item which you’ve advertised online, be on your guard. Even when everything looks to be working as it should, things can go wrong very quickly as one unfortunate IT graduate recently discovered. You would think that there’s no way the in-person sale of an expensive device, with money exchanging digitally on your own doorstep, could possibly go wrong. And yet…

Fake apps, real items

Chris Gray of Howdon possesses an IT degree, and considers himself to be tech-savvy. Sometimes having a preconceived idea of what a scam may look like can contribute to being caught off-guard by something completely out of left field. In this case, the scam involved the sale of an expensive mobile device which had been listed online.

The buyer appeared at Gray’s home and agreed to pay a bank transfer using a mobile app in front of Gray. Gray says the app appeared to display the agreed sum being sent to his bank account. When the money still hadn’t arrived after 20 minutes, Gray did a quick Google and, seeing it could “up to 2 hours” for the transaction to show up, sent the buyer on his way. The buyer left with the phone, and Gray was left with nothing. No money ever turned up in his bank account.

There was no reversing of the funds, no claim backs. So what happened?

Gray believes the scammer was using a fake mobile app designed to look like it was processing a bank transfer. No matter which details were punched in, it would have looked as though a transaction was taking place. In reality, it seems it was all just a very clever front to part someone from their mobile device. This tale ends with Gray being blocked on social media by the phone thief, their only other point of contact.

The continued problem of fake payment apps

This isn’t the first time this has happened, and law enforcement is definitely taking an interest in these fake app payment scams.

Just last month, West Yorkshire police warned about this exact type of fraud. Following a similar pattern to the above, targets are usually selling items on social media when the criminals make their move. From the release:

“When a meeting takes place to hand over the item being sold, the victim puts their bank details into a fake app on the criminal’s phone. It then produces a screen which makes it appear that the money has been successfully transferred.

But when the victim then checks their account, they find that the funds haven’t actually transferred. 

The criminal then pretends to call his bank saying that it takes up to two hours for the funds to show. But the money is never received by the victim.”

There’s that two hour window warning again! We don’t know if these dubious purchase attempts are from the same person, different groups of people, or if it’s some sort of group dedicated to going up and down the UK making bogus purchases. One thing is for certain, this makes the prospect of social media selling a bit riskier than it already is.

How to avoid selling to a scammer

People will often sell items away from sites such as eBay for various reasons, but when doing so they’re at the mercy of people who may not have the best intentions. Here are some of the ways you can keep yourself safe from harm, courtesy of West Yorkshire Police:

• Accept that selling away from more traditional online marketplaces means you won’t have any backup protection in place as a buyer or a seller. No third party will come to your assistance if you’re making deals on Twitter.

• If you agree to make a payment transfer via a buyer’s “app”, feel free to ask them in advance of them coming to your home about the app’s name and other details. If it’s something you’re unfamiliar with, Google it. Check if you need an account on the supposed app to be able to receive money in the first place.

• Don’t feel pressured to accept a payment. Rush tactics are very common in scams, whether online or off. This scam grants the criminal a little more leeway under the guise of “payments taking up to 2 hours”.

• Contact your bank once a payment has supposedly been made prior to handing over any goods, and see if there is indeed a payment pending.

• Use an app of your choosing to receive money. It may not be prudent to have the supposed buyer make the call where this is concerned. If you’re using recognised payment services, you’ll likely have some measure of additional protection if things go wrong down the line.

• Don’t hand anything over until the money is in your bank account or payment app.

Stay safe out there!

Thermal imaging cameras detect heat energy, a helpful tool for engineers when hunting for thermal insulation gaps in buildings. But did you know that such devices can now aid in password theft?

Because these devices are sold a lot cheaper than they used to, pretty much anyone can get their hands on them. And anyone with a thermal imaging device could be a potential password thief.

Researchers from the University of Glasgow’s School of Computing Sciences have developed a system, ThermoSecure, in order to demonstrate how these thermal imaging cameras can be used for “thermal attacks.”

In their paper, ThermoSecure: Investigating the effectiveness of AI-driven thermal attacks on commonly used computer keyboards, Dr. Mohamed Khamis, who led the development of ThermoSecure, Dr. John Williamson, and Norah Alotaibi, the authoring team, said: “Thermal cameras, unlike regular cameras, can reveal information without requiring the attacker to interact with the targeted victim, be present during the authentication attempt, or plant any tool that can be linked to the attacker which could potentially exposing [sic] them. Such information includes heat residues left by the user during authentication, which can be retrieved using thermal cameras.”

“Having acquired a thermal image of a keyboard or touchscreen after authentication, the attacker can then analyze the heat map and exploit it to uncover the entire password or pattern.”

Bright areas in a thermal image are heat imprints, indicating these were recently touched. While these are enough for the AI to determine someone’s password, two factors affect its accuracy level: (1) the password length and (2) heat trace age, or the time after authentication.

ThermoSecure perfectly guessed all 6-character passwords in the test, and successfully revealed 12-character passwords with 82% accuracy and 16-character passwords with 67% accuracy. 

As for heat trace age, on average, ThermoSecure successfully revealed passwords with 86 percent, 76 percent, and 62 percent accuracy when the image was taken 20 seconds, 30 seconds, and 60 seconds after authentication, respectively. The longer the heat trace age, the less accurate the AI was in guessing passwords.

“It’s important that computer security research keeps pace with these developments to find new ways to mitigate risk, and we will continue to develop our technology to try to stay one step ahead of attackers,” said Dr. Khamis in an interview with ZDNet.

He also advised how you can protect yourself from thermal attacks: Use strong passwords and, if possible, use biometric verification for added protection.

“Users can help make their devices and keyboards more secure by adopting alternative authentication methods, like fingerprint or facial recognition, which mitigate many of the risks of thermal attack.”

The agriculture sector has been under fire from digital attacks for some time now. The primary problem so far has been ransomware, and law enforcement recently warned that malware authors may be gearing up to time their attacks in this sector for maximum damage. The FBI highlighted that attacks occurred throughout both 2021 and 2022, including outbreaks of ransomware at multi-state grain companies. Conti, Suncrypt, BlackByte, and more also put in appearances at several grain cooperatives.

And now another issue for the agricultute sector: Sophisticated scams involving fake tractors and sale portals have cost certain businesses $1.2 million in the space of a month. Worryingly, the Australian Competition and Consumer Commission claims this is an increase of 20% versus the same period of time a year earlier.

From fake ad to fake tractor

As with so many internet scams, it begins with fake online adverts. These take the form of both fake websites and bogus ads placed on genuine advertising platforms. This Age article highlights some of the techniques used to reinforce the legitimacy of the ads, which includes:

• Mock sale contracts. Fake documentation and identification is often the stomping ground for 419 and social engineering scams, so it makes sense it would put in an appearance here.
• Listing ABNs on bogus websites. This is a way of making things look legitimate. An ABN entry is how you confirm a business is genuine, or at least exists. A valid record will display as active, next to the business name, type, and location. You can also click through and see additional data regarding trading names, active status, goods and services, and more. Scammers are likely including genuine business names in their ads without the actual owner knowing about it. This is going to cause reputational damage down the line.
• Free trials after deposits are made. Making an offer sound better than it really is works where most scams are concerned. As the article notes, excuses will be made as to why in-person inspections can’t be arranged and any upfront payment should be treated with suspicion.

Don’t trade in your cash for a non-existent model

While these attacks are being flagged in Australia, the reality is that this kind of thing can happen anywhere. If you’re involved in agriculture, here are some of the ways you can avoid this from happening to you:

• Inspect your purchase via video call or in person. If this isn’t possible, ask why.

• Don’t pay anything upfront, especially if the seller claims it’s being done through an “escrow” service of some kind. Most likely it’s just something being operated by the scammer. Worth noting that they’re typically asking for 10-20% deposits, which could be a lot of money considering tractors are involved.

• If the machinery you’re buying is below the market price in a way which makes you think it’s too good to be true, then it probably is.

• Check with businesses supposedly close to the seller’s location and see if any of them know about the individual or business wanting to sell you something.

• Counties often have a list or business register similar to Australia’s ABN. The UK has Companies House, where you can see businesses registered for tax purposes. There are several routes to go down if you’re in the US. None of this is a guarantee of legitimacy with regard to the entity you’re dealing with. It’s possible they may be misusing the name of a genuine business, so use publicly available information to contact that business directly and see if everything is on the level.

Stay safe out there!

Europol has disclosed an international operation in which 31 suspects were arrested, 22 locations were searched, and over one million Euros in criminal assets were seized. The organized criminal gang specialized in stealing French keyless cars.

Among the arrested were the software developers that created so-called automotive diagnostic solutions which allowed the criminals to replace the original software of the vehicles, allowing the doors to be opened and the ignition to be started without the actual key fob. Others include the software resellers and the actual car thieves who used the tool to steal vehicles.

The arrests were made by French, Latvian, and Spanish law enforcement agencies with the assistance of Europol. Europol said it’s supported the investigation since March 2022 by providing extensive analysis and the dissemination of intelligence packages to each of the affected countries.

Suspects

The fraudulent software duplicated the vehicles’ ignition keys in order to aid in the theft of the car. Marketed as an automotive diagnostic solution, the tool was able to replace the original software of the targeted vehicles without respecting the protocol and without the original key.

Details about the method the car thieves used are sparse (for understandable reasons), but what we could gather is that the developers ran a website—on a domain that has been seized—where they sold a package that included a tablet, connectors, and software. The software was constantly adapted and updated to counteract the measures implemented by companies to reinforce the security of their vehicles.

Stealing keyless cars

Europol said the gang focused on cars from two unnamed French car manufacturers, which probably means the developers found a vulnerability in the car’s firmware that allowed them to replace the original software.

Vulnerabilities in the keyless entry systems have been found in the firmware of other car manufactures. To thwart intercepting and replaying authentication codes, many modern cars rely on a rolling codes mechanism. This method was introduced to prevent replay attacks by providing a new code for each authentication of a remote keyless entry. But this method is not available for all brands and models, and some brands were found to be using predictable codes.

The Europol and Eurojust statements both say that the tools provided by the developers enabled criminals to replace the original software of the targeted vehicles. This indicates a very different methodology from intercepting and replaying authentication codes.

Mitigation

Now that law enforcement has found and disabled the source of the software it shouldn’t take too long to find out which method was used, and the car manufacturers should be able to make the necessary adjustments.

Updating your car’s firmware is usually not an easy job or one we recommend doing yourself. We would recommend checking with your local dealer whether one is available and needed. It usually requires a special device to be hooked up to a port hidden under your dashboard. Your dealer will have such a device and knows where to find the port.

Earlier this month, security researchers from Meta found 400 malicious Android and iOS apps designed to steal user Facebook login credentials.

Such mobile malware, which Malwarebytes detects typically as Android/Trojan.Spy.Facestealer, usually arrives as an app disguised as a useful or entertaining tool. But before the app can be fully used, it asks users to login to their accounts, at which point their usernames and passwords are sent to the fraudsters.

Stolen credentials can be used to compromise Facebook accounts. From there, the criminals can harvest more data about the original account owner, message friends or family members and scam them, or use these accounts to promote the FaceStealer app (among other things).

Meta listed a short description of FaceStealer apps listed on both the Google Play Store and the Apple App Store:

• Photo editors, including those that claim to allow you to “turn yourself into a cartoon”
• VPNs claiming to boost browsing speed or grant access to blocked content or websites
• Phone utilities such as flashlight apps that claim to brighten your phone’s flashlight
• Mobile games falsely promising high-quality 3D graphics
• Health and lifestyle apps such as horoscopes and fitness trackers
• Business and ad management apps claiming to provide hidden or unauthorized features not found in official apps by tech platforms.

If the apps appear to have positive reviews, that’s because the developers are thought to be creating five-star reviews to bury the negative ones. This is a known social engineering tactic to entice users further to try an app.

FaceStealer has been around for a while. The apps disappear after making headlines, and then FaceStealer pops up again as a different app. And while some apps are reported or actively detected, many evade detection and end up on legitimate app stores.

“The industry, in general, has not been great at detecting these, and everyone is playing catch-up,” said Nathan Collier, Malwarebytes Senior Malware Intelligence Analyst for Android.

Meta said it is alerting Facebook users who may have inadvertently “self-compromised” themselves by using their Facebook credentials to use the malicious apps.

If you think you’ve entereed your Facebook credentials into a dodgy app, change your password immediately. Don’t reuse passwords you use on other accounts, and make sure you enable two-factor authentication (2FA) on your Facebook account. You can also let Facebook alert you of attempted log-ins to your account.

Finally, report all suspicious apps using Meta’s Data Abuse Bounty program.

Unfortunately, scams are a fact of life online. The virtual ties that bind us are international now: Our public telephone numbers, social media accounts, email addresses, messaging apps, dating profiles, and even our physical mailboxes, can all be reached by any criminal and con artist from anywhere in the world.

And test us they do, with everything from the preposterous offers of “Nigerian princes” to the slow boiling intimacy of long-term, long-distance romances.

There is a lot of good advice around (and plenty of it on this website) to help you understand which scams are popular right, how they work, and how to spot them.

Though undoubtedly useful, the advice is often specific to a single campaign or type of scam: Watch out for fake DHL emails; Beware of SMS messages from the Royal Mail; Don’t open invoices from unknown senders; Check the spelling and links in emails; Reverse image search too-good-to-be-true dating profile pics, and so on.

Being specific, the advice is narrow. SMS scams are not the same as email scams, and neither has much in common with a romance scam. There is a lot to remember.

So today I’m going to offer you something different. I want to give you the most general advice I can—a template that can be applied to almost any scam, over any media, on any time scale, whether it’s a new scam or something tried and tested.

It doesn’t make the other advice redundant, it’s just another way to look at things.

The advice comes from perhaps the most famous conman in the world, Frank Abagnale, whose alleged exploits were made famous by Leonardo DeCaprio in the movie “Catch me if you can”. Abagnale’s account of his own backstory is either true, partially true, or a total fabrication, depending on who you ask. What isn’t in doubt is that he knows a thing or two about lying to get what he wants.

In 2019 he gave an interview to CNBC in which he gives perhaps the best generalised advice about scams I’ve ever heard, and which I will repeat here.

In every scam no matter how sophisticated or how amateur, there are two red flags.

These are Abagnale’s red flags:

An urgent need for money

The end goal of all scams is to enrich the scammer. And that often involves a direct transfer of money, whether it’s entering credit card details into a fake website or wiring tens of thousands of dollars to a stranded lover.

The demand for money is almost always urgent. Scammers know that their requests don’t stack up, so they want you to rush, and they don’t want you to involve other people.

In a romance scam where the criminal hopes to make the victim fall in love with them, the scammer may take their time to begin. However, when the demand for money comes, it is likely to be urgent.

On a recent Lock and Code podcast, Cindy Liebes, Chief Cybersecurity Evangelist for the Cybercrime Support Network, spelled out just how patient these scammers can be:

“It can take months, it can take years, but invariably they will seek to get money.”

In other situations, such as business email compromise (BEC) scams, the urgency is immediate.

In a BEC scam an attacker spoofs the email account of a senior employee, such as a CEO, and tries to get a more junior employee to send them some of the company’s money.

Requests often come with a deadline and a demand for secrecy. The “CEO” concocts a story with one or more emails, messages or phone calls about needing help with an urgent, confidential deal. The scammer wants to isolate the employee from the company’s checks and balances, and their own common sense.

Underpinning it all is Abagnale’s first red flag: An urgent need for money.

Sometimes victims aren’t told to act urgently, they just want to. A few months ago we covered an Instagram scam in which victims thought they’d stumbled upon a website where they could see naked pictures of an attractive friend.

The urgency here came from the viewer’s desire to act on a sexual impulse, and is reinforced by language like “LIMITED SLOTS ONLY, DON’T MISS OUT” and “What are you waiting for?”

The small print even explained the scam in plain terms—victims were being signed up for a premium rate subscription service—but the scammers were betting that victims would be in too much of a hurry to read it.

Asking for personal information

Abagnale’s second red flag is being asked for personal information. Personal information helps the scammer pretend to be you.

Sometimes it’s as simple as stealing your username and password with a fake website, so they can log in as you on the real website.

But it can also be very subtle. In his book The Art of Deception, infamous social engineer Kevin Mitnick describes how he would sometimes make several phone calls to build up the information he needed for a scam.

Each call would capture small details that improved his credibility for the next one. For example, one of Mitnick’s most famous crimes is stealing the source code for a popular Motorola phone in the early 1990s, an attack he described to Vice in 2019.

The attack began with a call to the main Motorola reception, which sent him back-and-forth on several more calls in which he learned the phone number of the VP of Motorola mobility, and that the company had a research centre in Arlington Heights.

This information allowed him to call the VP and credibly introduce himself as “Rick, over in Arlington Heights”, which was enough to convince them to give him the name and phone number of the phone’s project manager.

Mitnick then called the project manager and learned from her voicemail that she was on holiday, and who to contact while she was away. He called the project manager’s stand-in and convinced her that the project manager had not fulfilled a promise to send him the source code before she left on holiday.

Most of the conversations did not ask for enough sensitive information to alert the people he was talking to, but every one of them contained a request for something personal or privileged. Of course, when he finally asked for the source code, he was making a request for hugely privileged information, but he was able to create a plausible enough persona to pull it off.

In fact, the last victim was so convinced of “Rick”’s authenticity that she persuaded a security manager to hand over a username and password for the company’s proxy server, on his behalf.

Thankfully, most of us aren’t faced with a hacker as skilled as Mitnick, and few of us would be able to stop him if we were. Most cons are simpler, more direct versions of the same basic idea.

And that brings me to my final point.

Many scammers are professional criminals and scams are common because they work. It makes sense to prepare yourself as thoroughly as you can to spot them, but we all fall short sometimes. There is no shame in falling for a scam, and it isn’t your fault if you do.

Last week on Malwarebytes Labs:

• Teen talk: What it’s like to grow up online, and the role of parents: Lock and Code S03E21
• White House unveils Blueprint for an AI Bill of Rights
• Credential stuffers take aim at Final Fantasy XIV players
• Meta accuses apps of stealing WhatsApp accounts
• Smart lights vulnerable to “blink and you’ll miss it” attack
• Court rules webcam monitoring of remote employee was an invasion of privacy
• Security awareness campaign highlights things your bank will never say
• An 18 year scam odyssey of stranded astronauts
• Top 5 ransomware detection techniques: Pros and cons of each
• Update now! October patch Tuesday fixes actively used zero-day…but not the one you expected
• UK government sounds alarm on tax scams
• Android and Chrome start showing passwords the door
• Chinese APT’s favorite vulnerabilities revealed
• Only half of teens agree they “feel supported online” by parents
• Android and iOS leak some data outside VPNs
• FBI, CISA warn of disinformation ahead of midterms
• Introducing Malwarebytes Managed Detection and Response (MDR)

Stay safe!

Virtual Private Networks (VPNs) on Android and iOS are in the news. It’s been discovered that in certain circumstances, some of your traffic is leaked so it ends up outside of the safety cordon created by the VPN.

Mullvad, the discoverers of this Android “feature” say that it has the potential to cause someone to be de-anonymised (but only in rare cases as it requires a fair amount of skill on behalf of the snooper). At least one Google engineer claims that this isn’t a major concern, is intended functionality, and will continue as is for the time being.

MUL22-03

The Android discovery, currently named MUL22-03, is not the VPN’s fault. The transmission of data outside of the VPN is something which happens quite deliberately, to all brands of VPN, and not as the result of some sort of terrible hack or exploit. Although the full audit report has not yet been released, the information available so far may be worrying for some. According to the report, Android sends “connectivity checks” (traffic that determines if a connection has been made successfully) outside of whichever VPN tunnel you happen to have in place.

Perhaps confusingly, this also occurs whether or not you have “Block connections without VPN” or even “Always on VPN” switched on, which is (supposed) to do what you’d expect given the name. It’s quite reasonable to assume a setting which says one thing will not in fact do the opposite of that thing, so what is going on here?

The leakage arises as a result of certain special edge case scenarios, in which case Android will override the various “Do not do this without a VPN” settings. This would happen, for example, with something like a captive portal. A captive portal is something you typically access when joining a network—something like a hotspot sign-in page stored on a gateway.

Why? Because VPNs run on top of whatever Internet-connected network you are on, so you have to join a network before you can establish your VPN connection. Anything that happens before you establish your VPN connection can’t be protected by it.

As per Bleeping Computer, this leakage can include DNS lookups, HTTPs traffic, IP addresses and (perhaps) NTP traffic (Network Time Protocol, a protocol for synchronising net-connected clocks).

Mullvad VPN first reported this a documentation issue, and then asked for a way to “…disable connectivity checks while ‘Block connections without VPN’ (from now on lockdown) is enabled for a VPN app.”

Google’s response, via its issue tracker was “We do not think such an option would be understandable by most users, so we don’t think there is a strong case for offering this.”

According to Google, disabling connectivity checks is a non-starter for four reasons: VPNs might actually be relying on them; “split channel” traffic that doesn’t ever use the VPN might be relying on them; it isn’t just connectivity checks that bypass the VPN anyway; and the data revealed by the connectivity checks is available elsewhere.

The rest is a back and forth debate on the pros and cons of this stance, which is still ongoing. At this point, Google is not budging.

iOS has entered the chat

It seems this isn’t something only confined to Android. There are similar things happening on iOS 16, with multiple Apple services claimed to be leaking outside of the VPN tunnel including maps, health, and wallet.

We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests. #Apple services that escape the VPN connection include Health, Maps, Wallet.
We used @ProtonVPN and #Wireshark. Details in the video:#CyberSecurity #Privacy pic.twitter.com/ReUmfa67ln

— Mysk ???? (@mysk_co) October 12, 2022

According to Mysk, the traffic being sent to Apple isn’t insecure, it’s just going against what users expect.

All of the traffic that appeared in the video is either encrypted or double encrypted. The issue here is about wrong assumptions. The user assumes that when the VPN is on, ALL traffic is tunneled through the VPN. But iOS doesn’t tunnel everything. Android doesn’t either.

They suggest that one way forward to stop this from happening would be to treat VPN apps as browsers and “require a special approval and entitlement from Apple”.

There probably won’t be much movement on this issue until the release of the full report on MUL22-03, but for now the opinion from those involved in testing seems to be that the risk is small.

In less than four weeks, the balance of power in the US House of Representatives and Senate will be up for grabs, along with a host of gubernatorial seats, and positions at the state and municipal levels.

With everyone preparing to cast their ballots, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have reminded people about the potential threat of disinformation.

Foreign actors may intensify efforts to influence outcomes of the 2022 midterm elections by circulating or amplifying reports of real or alleged malicious cyber activity on election infrastructure

It warns that forein actors may “create and knowingly disseminate false claims and narratives regarding voter suppression, voter or ballot fraud, and other false information intended to undermine confidence in the election processes and influence public opinion of the elections’ legitimacy.”

It’s not news that countries outside the US have engaged in disinformation operations before. And though we may immediately think of Russia, Iran, and China, it’s worth keeping the other 70-odd countries that are into disinformation campaigns in mind too.

Nation-backed threat actors use several methods to amplify fake narratives and false claims, incite anger, and mobilize angry voters. They use public online spaces, such as social media networks, they also use email, text messages, online journals and forums, spoof websites, and fake personas.

The agencies also warn that threat actors may claim they have successfully hacked or leaked election-related data, to sow distrust in the US system and undermine voter confidence. They also affirm that while threat actors might be making hay in the discourse that precedes elections, the actual election process have not been compromised.

No information suggesting any cyber activity against US election infrastructure has impacted the accuracy of voter registration information, prevented a registered voter from casting a ballot, or compromised the integrity of any ballots cast.

Americans are urged to examine both the information they receive, and its sources, with a critical eye, and to seek out reliable and verified news to share, react to, and discuss with others.

Potential election crimes, such as intentional disinformation about the manner, time, or
place of voting, should be reported to your local FBI Field Office, they say.