Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google AMP Flaw Exploited By Russian Hackers Targeting Journalists (salon.com)

Posted by EditorDavid on from the "accelerating"-mobile-pages dept.

An anonymous reader writes: Russian hacktivist group Fancy Bear (also referred to as APT28, Sofacy, and Strontium) has been using a flaw in Google's caching of Accelerated Mobile Pages (AMP) to phish targets, Salon reports. To make matters worse, Google has been aware of the bug for almost a year but has refused to fix it... The vulnerability involves how Google delivers google.com URLs for AMP pages to its search users in an effort to speed up mobile browsing. This makes Google products more vulnerable to phishing attacks.
Conservative blogger Matthew Sheffield writes in the article that most of the known targets "appear to have been journalists who were investigating allegations of corruption or other wrongdoing by people affiliated with the Russian government." One such target was Aric Toler, a researcher and writer for the website Bellingcat who specializes in analyzing Russian media and the country's relationship with far-right groups within Europe and America... another journalist who writes frequently about Russia, David Satter, was taken in by a similar AMP phishing message... Shortly after Satter was tricked into visiting the fake website and entering his password, a program that was hosting the site logged into his Gmail account and downloaded its entire contents. Within three weeks, as the Canadian website Citizen Lab reported, the perpetrators of the hack began posting Satter's documents online, and even altering them to make opponents and critics of Russian President Vladimir Putin look bad.
Google told Salon they've "made a number of changes" to AMP -- without saying what they were. (After contacting Google for a comment, AMP's creator and tech lead blocked public comments on a Github bug report about Google's AMP implementation.) "More things ... will come on Google's side in the future and we are working with browser vendors to eventually get the origin right," AMP's tech lead wrote last February.

Jason Kint, CEO of a major web publishing trade association, told Salon that "This report of an ongoing security issue is troubling and exactly why consolidation of power and closed standards are problematic. The sooner AMP migrates to the open web and becomes less tied to the interests of Google, in every way the better."

57 comments

  1. The sooner Google cans AMP the better by Anonymous Coward · · Score: 5, Interesting

    "The sooner AMP migrates to the open web and becomes less tied to the interests of Google, in every way the better"

    The sooner Google cans AMP entirely the better. It is truly awful.

    1. Re:The sooner Google cans AMP the better by Anonymous Coward · · Score: 0

      lol, I was actually thinking along the same lines. But "The sooner Google REMOVES AMP from the open web" and "cans AMP entirely", I think pretty much covers it.

  2. Kushner used private email for WH business by Anonymous Coward · · Score: 0

    Lock her up?

  3. Re:Why are we concerned with anything from Salon? by Hentai007 · · Score: 1

    Da, ya soglasen ...

    I mean yes totally agree fellow freedom loving American! pigdog liberals destroy our fine motherland! Er homeland, da da homeland.

  4. Fiddlesticks by Anonymous Coward · · Score: 0

    Here we go again, claims of Russian hackers causing mischief but where's the proof? Is this just a few malcontents paid by (((Soros))) and the MSM to spread unjustified rumours or another Deep State CIA plot? Our great President denies there's any truth to these allegations and that should be enough for all patriotic Americans. Besides Hillary did far worse.

    Hope this is OK. I can churn this sort of stuff out with no trouble, maybe 100 posts a day and I'd really like to work in St Petersburg. Please let me know.

    1. Re:Fiddlesticks by Anonymous Coward · · Score: 0

      Yeah you've got the major math worked out here, haven't you? (((SOROS))) = (((FBI))) You ***RETARDED*** (((NAZI)))) KKK UUU NNN TTT ZZZ !!!

    2. Re:Fiddlesticks by Anonymous Coward · · Score: 0

      Shut up boris. We already know you work in St Petersburg.

    3. Re:Fiddlesticks by Anonymous Coward · · Score: 0

      I don't think he's Russian, fiddlesticks is a Muslim term which means- let's fuck some more goats.

    4. Re: Fiddlesticks by Anonymous Coward · · Score: 0

      You're clearly a beginner at Boolean Troll math: you missed the OR and your own attempt at a proof has many logical and syntactical errors.

      2/10.

    5. Re: Fiddlesticks by Anonymous Coward · · Score: 0

      It actually means "cheats small bloodsucking insects".

    6. Re: Fiddlesticks by Anonymous Coward · · Score: 0

      Is true, but I do not make enough to live on pushing Putinist propaganda pamphlets on Politkovskaya Prospekt and would like to join you guys in bringing down Western society. Will work for vodka and blinis.

  5. Makes Sense by Anonymous Coward · · Score: 0

    This information fits in perfectly with my perfectly rational political philosophy, "Everybody Who Disagrees With Me Online Is A Secret Nazi KKK Russian Plant Traitor". Now we just have to figure out why we keep losing so many elections all the time.

    1. Re:Makes Sense by AutodidactLabrat · · Score: 1

      2.86 million MORE voters say you're wrong.
      That and the 4 million MORE democrat votes for house races still resulting in a Republican house
      How does that work again?
      The problem is NOT that we don't reach voters!

    2. Re:Makes Sense by Anonymous Coward · · Score: 0

      House.
      Senate.
      President.
      Supreme Court.
      State Govs.
      State Legislatures.
      It's AMAZING that you retards somehow have convinced yourselves that you're winners after losing everything it's possible to lose.

    3. Re: Makes Sense by mSparks43 · · Score: 1

      You forgot
      Global hegemony

      Which is kinda the point of tfa.

    4. Re: Makes Sense by Anonymous Coward · · Score: 0

      "How does that work again?"

      Let me see if I can help. There are rules. Liberals think they don't apply to them. But they do. Did that help?

  6. "a major web publishing trade association" by Nutria · · Score: 2

    Is it so minor that Salon couldn't name Digital Content Next (which I had to Google)?

    --
    "I don't know, therefore Aliens" Wafflebox1
  7. Fancy Bear = FSB by Anonymous Coward · · Score: 0

    Fancy Bear = FSB

  8. Re: Conservative Blogger by Anonymous Coward · · Score: 0

    Because it's assumed, since most editors are raging liberals.

  9. flea collars that work on kids... by Anonymous Coward · · Score: 0

    signs of the times? phewww.. wacky is an understatement? wtf.. cease fire stand down,, thanks again...

  10. Russian hackers? by Anonymous Coward · · Score: 0

    So you're telling me America invents the internet (see Al Gore) and RUSSIANS are hacking into it, and we don't nuke them or 'nothin'? Gee whiz this Trump guy is in bed with some dudes.

  11. What's worse ? by Anonymous Coward · · Score: 0

    A country where a monster is put into power in a parody of democracy ?

    Or a country where a monster is freely, wilfullty and knowingly elected to power ?

    1. Re:What's worse ? by Anonymous Coward · · Score: 0

      A country where a monster is put into power in a parody of democracy ?

      Or a country where a monster is freely, wilfullty and knowingly elected to power ?

      OK, what the hell do Canada and Germany have to do with this?

  12. Hello? Project Zero? by 93+Escort+Wagon · · Score: 2

    If you guys really don't treat Google any differently than companies which aren't your employers, this seems like something you should've been all over.

    --
    #DeleteChrome
  13. Re: Conservative Blogger by Anonymous Coward · · Score: 0

    And 11 of Jesus' disciples were liberals. Trump = Judas obviously, but you knew that when you voted for him

  14. Re: Fancy Bear = FSB by Anonymous Coward · · Score: 0

    Fancy Bear = CIA

  15. Re:Why are we concerned with anything from Salon? by AutodidactLabrat · · Score: 1

    Do wish I had your skill at turning republican'ts into targets of ridicule

  16. Apple's stripping AMP-links by rainer_d · · Score: 4, Interesting

    in IOS 11:

    https://www.macrumors.com/2017...

    But hey, they're a walled garden and just after your money.

    --
    Windows 2000 - from the guys who brought us edlin
    1. Re:Apple's stripping AMP-links by 93+Escort+Wagon · · Score: 1

      It sounds like Google specifically requested this from all browser makers - Safari may just have been the first to implement.

      Perhaps the request came about because of this flaw?

      --
      #DeleteChrome
  17. IP and Language are not the source by rtb61 · · Score: 2

    We all know from reports, that IP address and language usage are most definitely not the source of those attacks. They could come from any where in the world. Lets be brutally honest and real, if I wanted to hack the US government, I would do it from a bootable thumb drive, which would be well hidden when not in use and I would route all those attacks so that they would appear to come from Russia or China and I would tend to use tools sourced from those locations to better cover up tracks. How do you source an attack from a foreign country, to easy attack a noobs computer in that foreign country and you control it to send out your attacks. Russians would have to be pretty stupid to do that attack direct from their home computer. But, ah ha, you claim why would Russia care if hackers attack the US because criminals are criminals and they are weak to temptation and they will hack locally as well as abroad. Their local attacks, they of course would do abroad, from a bot, probably the US.

    Private military/security contractors are notoriously corrupt, lie, cheat and steal to be able to factually 'kill' for profit. Now would a private military/security contractor be open to being paid millions to attack local companies, news agencies, pretty much anybody? Of course (they already 'kill' for profit) and would they be smart enough to source that local attack from an overseas bot (of course), so news article an empty crock of shite.

    Make no claim about the attacks without localised proof, want to say Russia, well, where is the evidence of a Russian at the keyboard, in person actually typing in the commands, a russian owned computer is not a russian, it is just a potential bot. Want real computer law enforcement, then start crafting computer crime investigation and prosecution treaties you fuck knuckle moronic dick heads (oh that's right, you fucking pieces of shit, you can't do that because you can not hide your espionage activities behind those criminal activities, after all those espionage activities are criminal activities and in reality often nothing more than that because private contractors who already 'kill' for profit, so what is a little computer hacking to them).

    --
    Chaos - everything, everywhere, everywhen
    1. Re: IP and Language are not the source by mSparks43 · · Score: 1

      they're not doing it from their "home" computer. fancy bear is a whole ru government department with several thousand staff.

    2. Re:IP and Language are not the source by Anonymous Coward · · Score: 0

      There's a difference between noob computers and static organizations, and it can be easily distinguished by whether attacks come from IP addresses assigned to an ISP or to business lines. Further, when the attacks come from a range of IP addresses that have also been used in other attacks, it's generally OK to assume the same group is responsible for both.

      Or, you know, maybe it's Trump supporters who are altering articles to make Putin opponents look bad, and they're hacking computers in Russia to make it seem like the Russians are doing it! Or maybe it's the NSA because they're a bunch of fuck knuckle moronic dick head pieces of shit! Yeah that seems likely. Let's demand proof, and have the USA take Russia to court!

    3. Re: IP and Language are not the source by Anonymous Coward · · Score: 0

      And because there is only a few thousand computers in the entire world, all belonging to the US and Russian governments, the poor sods are forced to use their own IP addresses and are denied any redirection possibilities.

      Oh if only there were more computers and someone had invented things like onion routing.... alas...

      The level of incredulity the idiotic "russia has hacked the planet" shills demand is staggering.

    4. Re:IP and Language are not the source by Anonymous Coward · · Score: 0

      Hi Fancy Bear related troll! How has your day been going over in the troll farm where you work?

    5. Re: IP and Language are not the source by Anonymous Coward · · Score: 0

      WOoooooooooooooOOOOOoooosh

    6. Re: IP and Language are not the source by mSparks43 · · Score: 1

      why go to all that effort? being known as the most elite state sponsored cyber division globally is part of their strategy.
      Kinda like a navy seals badge.

      Should navy seals go to as much effort to hide the fact they are navy seals?

    7. Re: IP and Language are not the source by rtb61 · · Score: 1

      The proof of this of course being your imagination. Nothing but a wild scheme by the Clinton Crime Clan to stay out of prison.

      --
      Chaos - everything, everywhere, everywhen
  18. Re: Fancy Bear = FSB by Anonymous Coward · · Score: 0

    CIA is discrediting RU dissidents? lol

    Do you get in the way of somebody cooking you a free lunch too?

  19. FB TW GO by Anonymous Coward · · Score: 0

    So facebook twitter google all got hacked by the russians to elect president trump - what do the americans think about this then - proof?

  20. Re:FUCK DRUMPF REEEEEEEEE!!!! by Anonymous Coward · · Score: 0

    Maybe you consume too much mainstream media propaganda. Which supports perpetual war and destruction of small nations without nukes. Something Clinton and McCain champion.

  21. Sure Commie by Anonymous Coward · · Score: 0

    Whoever cares for his nation is a "judas" ? Only in the twisted world of you Marxists.

    1. Re: Sure Commie by Anonymous Coward · · Score: 0

      "Whoever cares for his fellow rich white men..."

      FTFY.

  22. Sure Hillary by Anonymous Coward · · Score: 0

    Keep improving your Agent Provocateur BS. Not good enough !

  23. Sorry, but I don't believe you by Anonymous Coward · · Score: 0

    I'm sure Google has this issue, and has been refusing to fix it, but the ever so common accusations of "Russian hackers"... cough up some evidence, JUST ONCE, and we may start to listen. For now, all we've ever seen are baseless accusations and propaganda, something America is very good at.

  24. I was confused by b0bby · · Score: 1

    I was confused by the summary, since I have only seen AMP links in my news app. The problem is that you can send links to AMP stories, and those links have a google.com URL. This was used for spear-phishing these journalists.

    On Oct. 12, 2016, Toler received an email supposedly from Google alerting him that he had recently changed his security settings to enable older email programs to access his account. “Please be aware that it is now easier for an attacker to break into your account,” the message warned. It invited him to click on a Google AMP URL redirected to a fake webpage designed to capture his email credentials and transmit them to hackers.

    It's pretty sneaky, and really brings home that you should never, ever click on email links.

  25. Agreed 110% rtb61 - how/why? Simple... apk by Anonymous Coward · · Score: 0

    See subject: ANY FOOL can "bounce off/thru" a proxy server system & appear to be 'someone else' entirely (especially if they can mimic another language that's NOT their native tongue).

    * E.G. - I'm SURE I'm not the only one capable of it (the proxy part) & I speak 3 spoken 'human' languages FLUENTLY (2 more 'so/so') & program in a dozen computer languages...

    APK

    P.S.=> Back to music here Paul McCartney & 'Wings' tune "JET" https://www.youtube.com/watch?v=M8V1nFCP058/ (in honor of the "JET" FUSION REACTOR (which I consider massively newsworthy - a practical application of NUCLEAR FUSION for "the good" http://www.theregister.co.uk/2017/09/25/geeks_guide_jet/ "hotter than the sun"... apk

    1. Re: Agreed 110% rtb61 - how/why? Simple... apk by Anonymous Coward · · Score: 0

      So you admit to being a Russian shill? Got it. Also you admit to hating Jews? Got it.

  26. Re: Sorry by slashrio · · Score: 1

    For me it was the opposite...

    --
    "Trump!!", the new Godwin.
  27. Re:Why are we concerned with anything from Salon? by slashrio · · Score: 1

    More Sicherheitsschutzstaffel (SS) required!

    --
    "Trump!!", the new Godwin.
  28. How fancy is your bear? by Anonymous Coward · · Score: 0

    If you look at the indicators of "fancy bear", all you have to do is use ToR and a program from a language that uses cyrillic. Translated, that means you can use Tor & any random freeware program from the Ukraine and everyone will assume you're under Putin's direct command.

    Most hacks in the world originate from China, Russia & the USA, so this is not even news. Call me when you actually catch someone.

  29. LOL, wtf? Let me ask YOU a question... apk by Anonymous Coward · · Score: 0

    No, no Russian here (but they are NOT the enemy). As far as Jews? Please. Some have been my best pals but they ran from this question too:

    WHY HAVE "YOU & YOURS" been KICKED from 8++ nations over time?

    Argentines in the 1940 under Perrone, Spanish inquistion, France (1306), Egypt (despoiled/robbed by jews), Arabs (pre & post 1948), England (1330 Edward longshanks), Romans under titus, Russia pogroms and Germany who got rid of them from their nations.

    They're ALL nazi german's too? No.

    Should anyone doubt any of this see Jacob Javits' crony Rosenthal spill the beans on it https://www.youtube.com/watch?v=D4zMVZ8HnFI/ where he called all Christianity fools for helping Israel and the biggest scam of all time per their beliefs below from their Talmud. This is the province of the synagogue of Satan (Khazar/Pharisees whom Jesus Christ himself kicked to the curb out of the temple):

    Barbara Spectre, a jew, tells everyone it's jews orchestrating the muslim migrant problem in Europe https://www.youtube.com/watch?v=MFE0qAiofMQ/ . No migrant raping of women in Poland. Tons in Sweden. Do the math. Use common-sense. This is to get muslims and other goyim/gentiles to wipe one another out as incompatible cultures that will clash and always have.

    ABOVE ALL ELSE I didn't do the saying, THEY did... how f'ing sad & STUPID!

    I'm only doing what Jesus himself did along w/ Jeremiah to their OWN... trying to 'smarten them up'... can't be done apparently!

    APK

    P.S.=> For a people that breed for intelligence? Not very 'smart' (egotistical & megalomaniacal if you ask me) especially writing certain things they did in their "TALMUD" which considers non-jews pigs, to be raped, robbed & enslaved!

    (Sadly, which I know not EVERY jew believes in, but if fucks up the torah jews hard - but like in a prison (proof of HOW folks WILL act, like it or not) they WILL 'pool together' w/ other Khazar/Phariseee jews (who would MOW THEM DOWN, like George Soros has PROVEN he would thru the Nazi's he betrayed them for)...

    NO SHIT - How sad... apk