Aug 6, 2018 - Technology

How Russian hackers hide inside abandoned email accounts

A man in a hoodie types on a black computer in darkness.

Photo: Lisa Forster/picture alliance via Getty Images

Researchers have used "[email protected]," a single email address listed in one of special prosecutor Robert Mueller's indictments, as a key to trace new details of the inner workings of social media disinformation campaigns.

Why it matters: The "allforusa" account was a real email address that had been abandoned by its creator and then compromised and reused, a tactic that allows hackers to evade detection and legitimize deceptive activity — in this case, including thousands of comments posted on the FCC's site about net neutrality rules.

The report from the cyberintelligence firm GroupSense, released Monday, follows a trail of password-based clues connecting the "allforusa" account to 9.5 million other email addresses and related social media accounts, many used to distribute inflammatory content and inauthentic messages, including 40,041 postings on the FCC site.

"Allforusa" wound up in the Mueller indictment after the Russian-intelligence-backed Internet Research Agency likely purchased access to a group of hijacked accounts, according to the GroupSense report. Mueller linked the email address with fraudulent Paypal accounts that the IRA used to pay for pro-Trump, anti-Clinton ads during the 2016 election.

What they're saying:

Compromised email accounts are being used to influence public opinion on important topics... The availability and sheer volume of these compromised accounts enables threat actors to conduct campaigns under the guise of actual citizens.
— GroupSense's report

Allegations have previously come from both sides of the net neutrality debate that people are gaming the system, such as using other people’s identities to post comments, including those of people who have died, per the WSJ.

  • This isn’t entirely a new game. The WSJ found there have been allegations of falsified or fraudulent postings related to comments with the Consumer Financial Protection Bureau, the Federal Energy Regulatory Commission, and the Securities and Exchange Commission.
Go deeper