- The Washington Times - Thursday, February 20, 2020

Rudolph W. Giuliani’s digital typos are creating cybersecurity threats for his hundreds of thousands of followers on Twitter.

Cybercriminals are hijacking the incorrect website domain names that President Trump’s personal lawyer shares to redirect visitors to web pages with malware.

Jerome Segura, Malwarebytes threat intelligence director, identified three examples of cyber-hooligans exploiting Mr. Giuliani’s digital gaffes on Twitter in the last seven days alone.

On Sunday, Mr. Giuliani tweeted a link to his personal website, RudyGiulianics.com but inadvertently included a space between “Rudy” and “Giulianics.com.” Upon clicking the link tweeted by Mr. Giuliani, Mr. Segura wrote for Malwarebytes, a series of redirects served users with a browser extension that “can read your browser history, the data you enter on sites, and can change your default search engine.”

Two other tweets from Mr. Giuliani linking to his website in recent days have separately combined the correct web address with the word “Watch” and erroneously excluded the letter “I.” Mr. Segura discovered that the domains Mr. Giuliani inadvertently linked to in those cases sent users to a substance-abuse website and to a Wikipedia page for “Trump — Ukraine scandal.”

It is not clear who is responsible for the “typosquatting,” which is what it’s called when cybercriminals hijack web addresses and mimic domains that depend on typos.

“Giuliani is a popular and controversial figure with a history of making typos that have become predictable,” Mr. Segura said. “Political adversaries and detractors will be interested in his audience to try and ridicule him by capitalizing on [mis]-typed links. Crooks and criminals are typically more interested in follower count to maximize their profits on malicious redirects and malware installs.”

Typosquatting that leads to malware is against Twitter’s rules and the company is working to ensure that users see a warning message when they click on such links, the company said.

Mr. Segura told The Washington Times that two types of typosquatters appear to be taking aim at Mr. Giuliani.

“We’ve seen clear examples of domains being registered shortly after a tweet to send out political messages or make fun of Giuliani. These could be the work of individuals acting on their own or directed by political adversaries,” Mr. Segura wrote in an email. “On the other hand, we’ve now also seen a case of a website mimicking Giuliani’s that is used purely as a traffic redirection scheme meant to generate revenue. Crooks are known to target popular brands or personalities and piggy-back on the attention they get in order to fuel their own malvertising campaigns.”

Mr. Giuliani responded that he was not aware of typosquatting of his account.

“I have no such knowledge other than that media story,” Mr. Giuliani said.

The list of those who are not fans of Mr. Giuliani is long. As a leading advocate for Mr. Trump, Mr. Giuliani has been involved in several high-stakes matters including the House impeachment of the president.

The former New York City mayor also has been involved in several nongovernmental, international issues. In 2018, he worked at the behest of a global consulting firm run by former FBI Director Louis Freeh on corruption in Romania. Mr. Giuliani runs “Giuliani Security & Safety,” a “full-service security, investigative and crisis management consulting firm” that lists as clients governments, global corporations, law firms, energy industries, financial institutions and universities.

This month’s examples of typosquatting on Mr. Giuliani’s Twitter account are not the first instances of cybercrime involving his account. New York Daily News editorial board member Laura Nahmias tweeted last month that she attempted to open Mr. Giuliani’s personal website and consequently began experiencing tech problems.

“[M]y attempt to open Giuliani’s website last week seems to have left my desktop computer with a persistent “spoofing” virus that’s requiring many days and multiple IT Department interventions to fix,” Ms. Nahmias tweeted. “I am not joking.”

She added on Twitter, “I can’t be the only person this happened to, right? It’s causing constant pop-ups on my computer.”

She probably was not the only person affected, and Mr. Giuliani is far from the only target of malicious typosquatters.

Twitter is also not the only online platform where cybercriminals cloak malware and spread it through users Americans know, trust, or follow on social media. U.S. officials have begun sounding the alarm about LinkedIn as a tool of foreign influence in American affairs.

Ronnie Obenhaus, an official with the Department of Defense’s Cyber Crime Center, has warned that foreign adversaries are looking to spread malware through LinkedIn. He described the sophisticated efforts used to infiltrate LinkedIn users’ trusted networks to raise the visibility of posts that appear legitimate but are actually malicious.

“For illumination purposes, if there is a link that is a part of an article that sounds legitimate, and you agree with the title of the article, and “like” the post; that article will be shown as “liked” by you to those in your trusted circle,” Mr. Obenhaus said in a message. “Someone else may see that you ‘liked’ the article and may want to actually read the content, so they click the link. This act introduces vulnerability and increases the risk of malware being installed on their system. The malicious actor has manipulated your connections into trusting malicious content.”

Mr. Obenhaus said such efforts are a risk associated with blindly accepting LinkedIn requests including from people who users don’t know who may, in turn, share content that appears — but is not — harmless.

LinkedIn Trust & Safety head Paul Rockwell said his platform seeks out signs of state-sponsored activity and works to quickly remove bad actors before LinkedIn gets alerts of misbehavior.

Twitter is testing new ways to flag false and misleading information, according to a demo obtained by NBC News on Thursday. A new policy that could be rolled out as early as next month would flag tweets containing political and medical misinformation with a red banner reading “harmfully misleading” to warn users, according to NBC.

A Twitter spokesman said the demo is one design option that would involve community feedback. Twitter is disputing NBC’s suggestion that such a policy could come next month.

Beginning March 5, Twitter also is implementing a new enforcement effort aimed at synthetic and manipulated media.

“We’re exploring a number of ways to address misinformation and provide more context for tweets on Twitter,” the Twitter spokesman said in a statement. “Misinformation is a critical issue and we will be testing many different ways to address it.”

Sign up for Daily Newsletters

Manage Newsletters

Copyright © 2021 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.


Click to Read More and View Comments

Click to Hide