Application security, Threat Management, Threat Intelligence

Analysis of email address in Mueller indictments exposes 9M weaponized email accounts

Probing an email address found in Special Counsel Robert Mueller's indictments of 13 Russians for interfering in the U.S. presidential election led GroupSense researchers to the discovery of more than nine million stolen, leaked or abandoned email accounts -- likely part of a large botnet aimed at spreading misinformation, including generating false comments on the FCC's net neutrality filing site.

After finding and analyzing the password for [email protected] -- an email address linked to Russia's Internet Research Agency (IRA) in the Mueller indictments -- in its GroupSense BreachRecon database, researchers believed the password was computer-generated.

Based on the characteristics of that password, the GroupSense team looked for similar password combinations of five letters and five numbers in its database, which contains information about hundreds of breaches -- “and found 4.7 million of them that had this combo,” said company founder and CEO Kurtis Minder.

Hijacked email accounts had been used in conjunction with stolen credentials from previous breaches and used in campaigns, according to the company's “Shark20385” report.

Researchers ran the 4.7 milllion-strong batch against the FCC's efforts to accept public comments regarding its net neutrality repeal effort and found more than 30,000 accounts generating comments -- many of them the exact same message, which were posted “all in one second,” indicating an enormous botnet intended to “influence policy discourse,” Minder said. 

Many of the compromised accounts, GroupSense noted, are still being used to exert influence on public opinion.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.