Slashdot Mirror
Gizmodo Went Phishing With the Trump Team -- Will They Catch a Charge? (arstechnica.com)
Earlier this month, technology publication Gizmodo published a report on how it "phished" members of the administration and campaign teams of President Donald Trump. The blog said it identified 15 prominent figures on Trump's team and sent e-mails to each posing as friends, family members, or associates containing a faked Google Docs link. But did the publication inadvertently break the law? ArsTechnica reports: "This was a test of how public officials in an administration whose president has been highly critical of the security failures of the DNC stand up to the sort of techniques that hackers use to penetrate networks," said John Cook, executive editor of Gizmodo's Special Projects Desk, in an e-mail conversation with Ars. Gizmodo targeted some marquee names connected to the Trump administration, including Newt Gingrich, Peter Thiel, (now-ex) FBI director James Comey, FCC chairman Ajit Pai, White House press secretary Sean Spicer, presidential advisor Sebastian Gorka, and the administration's chief policymakers for cybersecurity. The test didn't appear to prove much. Gingrich and Comey responded to the e-mail questioning its provenance. And while about half of the targeted officials may have clicked the link -- eight devices' IP addresses were recorded accessing the linked test page -- none entered their login credentials. The test could not determine whose devices clicked on the link. What the test did manage to do is raise the eyebrows of security experts and some legal experts. That's because despite their efforts to make it "reasonably" apparent that this was a test, Gizmodo's phishing campaign may have violated several laws, ignoring many of the restrictions usually placed on similar tests by penetration-testing and security firms. At a minimum, Gizmodo danced along the edges of the Computer Fraud and Abuse Act (CFAA).
So I'm guessing that Gizmodo is now Russian.
But yes, these guys went too far.
Yes, this was stupid!!! The "I did it to prove a point" defense is not what you want to lead with. I suspect that these "investigators" will have to deal with some real "secret service".
They say "Phished" because gizmodo actually failed to get anyone to fully go through the processes of authenticating the app. From TFA:
"Our testing setup—which included disclaimers for careful readers at each step—did not induce anyone to go all the way and try to hand over their credentials."
I hope the Secret Service finds some law with which to hang these fuckers.
How is this not different than putting a fake gun in your carry on to "test" security?
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
New Gawker Media, same as the old Gawker Media.
At a minimum, Gizmodo danced along the edges of the Computer Fraud and Abuse Act (CFAA).
They may have danced along the edges of the CFAA, but the NSA has repeatedly stabbed it until it stopped twitching and then danced gleefully on its decaying corpse. That seems to have been OK.
Let's go after the big offenders first.
But did the publication inadvertently break the law?
Maybe they didn't think the consequences through, but I find it hard to believe that nobody involved realized that this sort of thing is illegal.
How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
That's like saying, US Marine Corps killed more people than any murderer and so no murders should be prosecuted until US military is dismantled — and imprisoned.
In Soviet Washington the swamp drains you.
A story on how Gizmodo failed to phish the current administration with legally questionable methods == anti-Trump post???
If anything, this story highlighted the fact that nobody in the Trump administration fully fell for the phishing and that they really may have learned from the failures of the Clinton campaign debacle. Methinks the bias may be yours...
As opposed to the candidate whose official site allowed people to phish their friends?
http://cybertical.com/clinton-phishing.html
Actually, the record shows that Trump won and America has been starting to win for the first time in 8 years.
First they go after Hulk Hogan's genitals, now they're phishing Trump? Do they realize how stupid and illegal that is? The entire Gizmag/Gizmodo/Jezebel syndicate is a load of politically sponsored crap.
Laughing away the painful truth about your traitorous vatnik leader?
They didn't dance along the edge of legality. They danced over and never looked back. Legitimate pen test services are painfully aware of this and have the paperwork to prove it.
Ars should have enough sense to check things out for the sake of their own credibility. If Ars Technica bothered to ask anybody who's ever worked in the security industry they would have quickly learned the indemnification is taken very seriously.
http://www.isaca.org/chapters3...
https://pen-testing.sans.org/b...
Hell, even metasploit has been talked about this for years!
https://dev.metasploit.com/pip...
The only people fooled by Gizmodo's phishing logic were the editors who signed off on this to begin with. Next time ask a pro before you publish, it will help you avoid looking the fool.
Trolls like you are so obvious you do not deserve to be heard out.
Trolls are quickly modded down, so most people will only see the troll's post because YOU RESPONDED TO IT.
Do not feed the trolls. If you do, you are part of the problem.
Makes it sound "inconclusive"--that's not a great way of putting it. The test was a success from the perspective of the administration and a failure on the part of Gizmodo. Gizmodo surely wanted to prove that Trump's administration is as inept as the DNC, and it's clear that nobody fell for it.
I don't really care that Gizmodo did the test, though it seems like they were pretty dumb to go for it without checking on the legality first, but they should be punished in the court of public opinion for failing at a blatantly partisan attack.
As a DoD white hat involved, they don't know how fucked they are about to be.
Police can do a whole lot - maybe too much- and they have constitutional limitations. The press on the other hand should have almost no limits.
How is lying and posing as somebody else online different than them doing that in real life? They are not using credentials to sneak into systems then it becomes questionable... the free press has more right to hack in to expose truth than the government itself does! This is like a reporter posing as somebody else just to get some information to expose something-- to make a point. Not to dump private information on the internet.... but I could make some good arguments on why reporters should be free to do that too.
Like the police state defenders say, "why worry if you have nothing to hide?
Sure... call them names... pretend you are smarter than your opponents...
Strong argument.
5 out of 6 people enjoy Russian Roulette & 6 out of 7 Dwarfs are not Happy
i never thought id say this brian, but you smoke entirely too much reefer
have you seen my sig? there are many others like it but none that are the same
I'm deplorable and proud of it.
Healthcare reform was a bust, at best it won't pass at worst it will remove a ton of coverage. Tax reform is a bust, Trumps cabinet is falling apart most of them are facing felony charges, immigration reform is officially blocked by courts and can't be brought up by this administration.... wheres the winning?
What's mildly surprising is that after everyone knew the DNC was hacked and that it was by way of phishing still a lot of these key players still clicked on the links. Some of the potential targets have not only partisan information but probably have access to national security information. If they don't then by compromising them, it would be possible to further spread malware to those who do.
Gizmodo may have run afoul of a law designed to prevent thieves from knowing just how vulnerable some targets actually are. But it's also true that along with thieves learning the general public should learn to be more wary of clicking on links.
Correction: "...as white males supported Trump"
Educated white female votes: 62% Trump - 34% Clinton
ref: https://qz.com/833003/election-2016-all-women-voted-overwhelmingly-for-clinton-except-the-white-ones/
This. Fighting for the people means you are in the right, by definition.
Winning. LOL. A true believer.
Officer, I'm just testing this bank for robbery preparedness. The gun is fake.
Do not feed the trolls. If you do, you are part of the problem.
Ooloorie is himself a troll, thus you shouldn't respond to him, because he is part of the problem, which makes you part of the problem by responding to him.
I, by responding to you, am, however, not by your logic, feeding the troll, however.
I would vote for Trump for no other reason then to piss you off. I imagine a lot of people voted for Trump based on his most vocal enemies. There is a whole lot of people that can stomach Trump more than the preening mass of morons protesting out in the Berklystan region in California. Then there were the people who recognized it didn't matter who won the Presidency because they belong to a group that are not represented in any local, state, or federal level. This group is comprised of white, heterosexual, single, non-religious, educated, employed, and childless people who make just enough money to be disqualified for any lower income tax breaks and fall short of making enough money to take advantage of the tax breaks available to the rich. And if the folks in this group say anything they get branded as homophobes, racists, rednecks, uneducated, with misogynistic tendencies. The only thing this group ever sees is their taxes being raised to be spent on programs that do not have anything to do with helping them. This is the group that put Trump over the top in the electoral college voting. And to add insult to injury no one has even come close to acknowledging the impact this group had on the election outcome.
I have mod points, but can't find the "Irony" tag...
The contents of this message have been doubly encrypted by ROT13
faggot
this++
Why doesn't he just set up his own independent email server that's totally against departmental rules and traffic classified information through it? Then the media would excuse anything he ever did and the FBI would leave him alone completely!
In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
Just because the email was opened, doesn't mean it was done intentionally by an actual human being.
It can be difficult to distinguish between a human being opening an email and a malware scanning engine opening a email. Modern systems will actually follow links and run executables in sandboxes before releasing the actual email to the end user. What looks like someone opening the email, usually a callback via a pixel image or js include, doesn't involve a human actually opening the email. In fact, just using a preview pane can make it seem like the email has been opened.
Sorry to be a kill joy, but this phishing test proved absolutely nothing.
Average Intelligence is a Scary Thing
Winning what exactly? Ironically the biggest losers are the uneducated bunch who supported him most. As if he gives a shit about some rednecks who blame immigrants for their own inability to adapt to new economic circumstances. He also couldn't care less the working class and is not only failing to dry the swamp but is also pouring his own scum into it. The only people who win are him and his cronys.
You mean the inner-city blacks who voted Democrat strongly enough to Hillary! the popular vote win, who are stuck in a cycle of poverty because the Democrat-run schools they go to in the Democrat-run cities they live in are utter failures?
That uneducated bunch who blindly supports Democrats?
Oh phayes, in what manner have you established a causality that the indignation of the right-wing over being identified for the vicious, capering, buttstains that they are?
Really, your phony vacillating over the temerity of anybody who cares impugn the character of the right-wing is about as convincing an act as Trump's furious clamor over whatever subject is irking his thin skin today.
In the end, they're going to do what they want to do, and if you think that some simpering protests over the caustic language is useful, why do none of you prevaricating nozzle hoppers ever speak out over the copious amounts on intemperance on the right?
Your silence on that puts your own credibility to question.
I'm trying to figure out exactly when the left became such hyperventilating drama queens. Anyone?
Soviet hackers in exile.
How is this not different than putting a fake gun in your carry on to "test" security?
Yep. Guns and phishing are exactly the same.
Gizmag is a respectable tech blog, it wasn't owned by Gawker.
This is what happens when you let your SJW predilections override and interfere with doing journalism. The frothing desire to embarrass members of Trump's administration completely bypassed the normal "is this a good idea?" discussion that should have stopped this ill-conceived venture before it ever started. But it's also totally unsurprising. Gizmodo's not-very-slow descent into left-wing rant rag began a while back. It's clear they have no interest in attempting even the pretense of objectivity anymore. They should just name themselves "Salon" or "HuffPo" so those who like that kind of stuff instead of tech news can feel right at home.
In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
How is this not different than putting a fake gun in your carry on to "test" security?
Gizmodo actually got caught?
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
... the answer is "no"
davecb@spamcop.net
Like the post subject says, they should rename themselves from Gizmodo to "iModo". They just pump every apple product possible and then engage in "pranks" like this one. A whole bunch of adolescent jokers over there, giggling as they concoct their next hairbrained scheme.
Sounds like most of the people I know that voted for Trump.
ðYðY
MAGA!!!
Trump has been fucking awesome!
http://image.dude-suit.net/alb...
removing political correctness 1 day at a time
Not just a great Metallica tune, but explains a bunch of what's been going on in the US.
The Progressive/Leftists have been working long and hard at the change, but they played their hand too early and now it's pretty easy to see whats been happening.
Progressives from the 1800s-1940s or so were also known as communists. The term progressive went into hiding for decades, but relatively recently resurfaces. While the term still lacks the negative connotation it had earlier, it is once again becoming a bad word. Same type of person, same ideology, same ideas of a grand Utopia as long as they can rule the world, but more history to argue against them as well.
Hell, in California communists are now welcome.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
As someone who matched every criteria you listed, yet voted against Trump, I say you might want to stop smoking crack. Some of the people in that category understand that Trump is poison and his sort of cure will be worse than any disease you seem to think he prescriptive for.
lol.. when you get your "information" from the Occupy Democrats facebook page..
It looks like the laws used to prosecute phishing at the federal level are:
18 U.S.C. 1029 (access device fraud)
18 U.S.C. 1028 (fraud in connection with identification documents and authentication features)
18 U.S.C. 1028A (aggravated identity theft)
18 U.S.C. 1343 (wire fraud)
18 U.S.C. 1030(a)(4) (accessing a computer to defraud and obtain something of value)
18 U.S.C. 1001 (making false statements in any matter within the jurisdiction of the government)
There are a number of state laws that handle it, too.
Not a wise move on their part.
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
Sounds pretty advertent to me.
All the angry hacks at Gawker ended up being distributed around and ended up at other blogs like Io9 and Gizmodo.
They're not journalists. Get over it. It's a blog and they live by the sensational click-bait headlines
Problem with your argument is that my sister/niece won't have an abortion.
Wanna try again?
I am all for politically incorrectness honestly could gaf .... but at least sound intelligent and don't speak in hyperbole while you do it.
It's more like busting into a bank with fake guns and demanding money as a "simulated" bank robbery.
You need someone to point out how a fake phishing test is different from a fake gun?
The inane responses to this, and the downmodding of MY comment, only serve to show how far Slashdot has fallen.
If you can not comment without resorting to stupid analogies you better shut the fuck up.
I have had it with these motherfucking house/car/gun/whateverBS analogies in US (influenced) forums.
He did win. Once you clear the tears from your eyes and finish lapping up all the salt you created perhaps you'll see it too. Democrats have proven themselves to be subhuman shitstains this last few years. We're here now because of you self-entitled whining millennial cunts. So suck it up buttercup. Many of us are tired of your bullshit.
Trump can only do so because he won the election. I voted Clinton (warts and all) but like many I liked neither candidate. Trump was elected because the high percentage of voters last year who liked neither candidate voted in their majority for Trump. They did so in part because enough people were tired enough of being put down by supercilious snots like the one I replied to that it got them over their distaste for trump.
Your partisan hate backfired and will continue to help trump oh but it's never you the problem, it's always them.
Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
So you want to override her personal choice?!? Roe/Wade is about allowing women to choose for themselves, not forcing either choice upon them!
Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
Man, you fucking liberal morons just take the cake. Let's stop slobbering Obama's knob, now that he's not in office and do our best to disrupt the new President's job as much as possible. What's so pathetic about this is that you think this is acceptable behaviour because Trump is Republican. Yet you retards screamed to high heaven over Podesta getting his dumb ass phished and swore the documents were fakes. You know the #FakeNews bullshit?
Here's question, would you uneducated liberal maggots be doing this had HIllary won? Or would you be fellating her like you did Obama?
Seriously, STOP THE FUCKING PARTISANSHIP, GROW THE FUCK UP, or EAT A FUCKING BULLET if you can't manage to be a bloody adult. Whoever gave you your degrees should revoke them immediately for being such pathetic children all because your candidate lost an election. I bet 90% live with your parents, can't find real jobs with that Liberal arts degree, and have Mum do your laundry and pick up after you.
And you wonder why America is fucked? It's because you weren't swallowed.
Cretins.
Pax Vobiscum
Yeah, you're right. A fake gun is a lump of metal and mostly harmless.
A phishing attempt is an explicit attempt to access secure credentials and could potentially have succeeded.
Cynically I have to ask whether Gizmodo would have used the credentials had they succeeded, and so whether this was even a fake attack at all.
It's much more akin to telling security that you were testing them with the very real and fully loaded gun that they found.
Do you believe the second amendment should permit private individuals to possess nuclear weapons? Assuming you do not, then you implicitly agree that the discussion should be about what types of arms are permissible under what circumstances.
1. Even the worst Trump team member is marter than some of the best Hillary team members (Podesta fell for this very ploy)
2. "Journalists" who hate Trump are perfectly willing to engage in criminal acts - because the ends apparently justify the means.
3. The left is still in melt-down mode, unable to face the real world and still fighting last year's campaign.
Oh, and apparently, since this sort of phishing means all Democrats will demand that the perps are "Russian Hackers" ... Gismodo is apparently a Putin organization. No proof is needed, not really any solid evidence beyond unproven claims that [a] there was a server in Russia involved (as though there are no ISPs in Russia who sell server space to non-Russians) and [b] somebody in Russia might have celebrated.