James O’Keefe — We got hacked (intricately) for $165,000…

Posted by Kane on September 15, 2021 5:23 am

NEWS JUNKIES -- CHECK OUT OUR HOMEPAGE


New video from Project Veritas last night — O’Keefe explains what happened

 

 

 

 

 

86
Leave a Reply

avatar
  Subscribe  
newest oldest most voted
Notify of
Bahama me
Bahama me
Michael Sears
Michael Sears

IF WE ONLY HAD 1/4 PATRIOTS OF THIS CALIBER, WE WOULD BLOW AWAY THE NAZIS. NO TURNING. NO COMPROMISE. NO TURNING BACK. THANK YOU JAMES. YOU ARE AN AMERICAN HERO!

PedroS
PedroS

Happens every day, it is known as Office365 and it is the cause of all these.

Humus B. Chitinme
Humus B. Chitinme

He’s gone a long way since acorn, he’s changed a lot and their law suit record is amazing! I’m proud of this guy, he’s taking it to the communists faces every day!

Not See Democrats
Not See Democrats

The Hack was somewhere within the Swamp by a 3 letter Democrat Agency.

BMF
BMF

Keep it up James.
We are with you.

BlackR1
BlackR1

The patriots at Project Veritas were victims of the Microsoft Azure hack. Microsoft originally denied the claims that they themselves were hacked, claiming instead it was an exploitation of SolarWinds, but have eventually admitted they themselves were breached.

The way these scumbags managed to pull this off was to access their Exchange (Outlook Mail) settings and create a “rule” that would ‘copy’ the scumbags on any transaction that was sent or received. They would then seize an opportunity to redirect any payments to themselves – a shell operation in northeast Africa.

If there is a Hell, there MUST be a special place for crooks like this.

In the meantime, as a professional in the business, I’d highly suggest you take a moment to go into your Hotmail, Live, MSN or Outlook settings on outlook.com, if applicable, and verify that your account doesn’t include a rogue “rule” that has been created. Also, enable MFA (Multi-Factor Authentication) if you haven’t already.

Several of my clients became aware of this issue when they suddenly began receiving a message on every attempt to send an email that “the following recipient could not be reached.” They of course had NO idea who that recipient was until I looked into their Microsoft Account and found a “rule” forwarding any and all email to another email recipient.

Thanks, be safe, stay healthy!

Fellow Patriot.

AuditEveryElection.com
AuditEveryElection.com

Also: if one’s transaction is greater than $X (one determines one’s own particular risk factor) then if any instructions change, verify them via phone conversation.

For me, X would be 0. If ANYTHING changes, I want to talk to someone.

Also James did mention that “a couple of the letters in the email address were different” so that’s really bad, on James or his staff’s part. They gave that money away. Perhaps they were using a mailreader that “only” displays the “friendly name” portion, and not the entire email address?

No, I went back and checked; at 1:01 he shows an image with some of it blackened out, but there is visible “onmicrosoft.com>” so it DID show the full, actual email address to the user who opened it and sent the money.

Mistakes happen; they’ll be more careful in the future, I am certain. Just donated.

The GoFundMe refund scam is atrocious.

God bless James, thank you for all you’re doing. Be safe.

Archer
Archer

Hard to believe someone wouldn’t bother to verify, re-verify, and then call a person to check the details again when wiring this amount of money. PV must be rolling in dough.

Nick
Nick

Exactly. They do great work, but they don’t need to beg for donations for the flooding. The donations should go to their sting operations.

Speakup
Speakup

Go Project Veritas!

Amelia N Dollars
Amelia N Dollars

These are some of the last true reporters left in this country who are uncovering and exposing corruptions and wrong doing.

JBrickley
JBrickley

The law firm impersonation via email regarding the wire transfer payment of $165k is what IT security professionals call a Spear Phishing attack. The un-redacted domain name is .onmicrosoft.com which is used by Office 365 when you do not have a registered domain name. i.e. should be @lawfirm.com so that’s a red flag. The lawyer and firm should be using a real domain name and not the generic onmicrosoft.com.

Spear Phishing is not “hacking” it is social engineering using insider information to make it look very legitimate. They impersonated the lawyer and if Project Veritas actually wired money to them then they were scammed not hacked. There are several steps you can take to help reduce these attacks but the most important is training of staffers to identify these phishing attacks. To always err on the side of caution and suspicion. If they had instead emailed or called the real lawyer directly they would have been alerted to the scam. Attention to detail is important when responding to emails or clicking links in emails. There are so many scammers out there. Most larger companies with IT staff, mandate phishing training and send fake phishing test emails to evaluate how well the training is working. If you mess up on these phishing tests you get sent back to remedial anti-phishing online training. Some employers have sadly had to terminate careless employees who kept repeatedly failing the phishing tests. “We’re sorry but you are either too careless or too dumb to work here anymore”.

Two network companies were in the process of merging. Ubiquity and UniFi and scammers launched a similar spear phishing attack impersonating the Ubiquity CFO instructing his accounting department to complete the merger by wire transferring millions of dollars. Whoopsie, it was a scam! They lost most of the money and never got it back. By the time someone raised a suspicion it was almost too late. https://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/

Spear Phishing attacks rely on insider information. In some cases that can be researched externally and in other scenarios hackers might have accessed Project Veritas systems or in this case perhaps the law firms systems. They knew enough to immediately inject the impersonated reply into that email chain. Which means somehow they were watching the conversation take place remotely. They prepared a 365 email account to trick the Project Veritas staffers.

Hacking is when the bad actors penetrate your network, have remote access to your computers and systems. Capture your passwords and use them. Sony (Columbia) Pictures was hacked for months and 100TB’s of data was exfiltrated before they unleashed a ransomware attack to destroy systems and data. It is believed to have been North Koreans who attacked them over the movie “The Interview (2014) staring Seth Rogan & James Franco”. The hackers had no intention of taking ransom money and providing decryption keys. They released sensitive information such as the salary information of management, stolen pre-release movies, various contracts with actors, etc. It was extremely embarrassing and damaging to Sony Pictures. Employees came to work after a 3-day weekend and all their screens had a message from the hackers and a skeleton image on the screen. The servers were all encrypted by the hackers. It was one of the worst hacks ever published in the media. Sony’s security was unimaginably poor, outdated and they didn’t even follow rudimentary best practices. The hackers likely had several employees click on phishing attacks, providing their passwords to the hackers or installing malware. The hackers then kept a low profile and jumped from system to system, causing issues where the users had to call the Help Desk and when a technician logged on with a privileged account, the hackers captured that password. Once they obtained highly privileged account passwords they could access servers and network switches, etc. They could access every computer in the company. They got into the HR department laptops and then captured the Workday passwords and had unmitigated access to the entire companies HR data. They stole every employee’s personal data. It was truly a nightmare of epic proportions.

An outfit like Project Veritas needs to seriously up their security game because they most certainly will see many more attacks in the future.

Les
Les

Thank you – quite interesting…and sobering.

Charles Snarkley
Charles Snarkley

Good points.

The Sony hack was likely an insider, they wanted to blame it on NK for movie publicity and lack of culpability. The FBI claims the Norks did it, but they couldn’t reliably tell you the day of the week, so who knows.

https://nypost.com/2014/12/30/new-evidence-sony-hack-was-inside-job-cyber-experts/

It is strange to call it ‘Phishing’. The Ph- prefix is back from the old days of Phone hacking that was Phreaking.

MinnieChimesInAgain
MinnieChimesInAgain

You make a good case for limiting online data as much as possible. At least until security can truly be relied upon.
Joe Biden, imo, did considerable damage to the reputation of our security teams when he made the statement, ‘We just have to get used to the hacks.’ I respectfully disagree. For him to tell the American public that they will continue to be targeted by criminals, unbeknownst to them in most cases, was irresponsible. Weak. He may as well have said, ‘I give up,…have at it.’ A National Security failure.

om72
om72

Yep, pretty common, I’ve seen it multiple times with companies that do wire transfers. People need to use common sense, but more importantly they need to use an email encryption service for financial transactions – sending bank transfer information via email is just asking for fraud.

BlackR1
BlackR1

I disagree. This was NOT just a phishing scheme.

I do not disagree that everyone should be aware of the scheme you describe, but this was NOT the case in this matter. In this case, I believe there was an infiltration & exploitation to the Azure server and the fault is not with Project Veritas.

This theft occurred because the Microsoft Azure (Enterprise) servers had been compromised. Microsoft has admitted this and I’ve personally investigated Microsoft Azure accounts that have been modified.

Further, I gave depositions regarding a theft that occurred from a 3rd party client of mine who had the exact same thing occur to him which is why no party thought anything was odd or out of place.

The email addresses were IDENTICAL, because the email had been created on the Azure server, logged in as the user himself.

Take care.

WindUpRubberFinger(dot)com
WindUpRubberFinger(dot)com

That’s precisely why many large companies are yet to jump onto the idea of expanding Active Directory Services, outside of their corporate networks. I’ve seen the same thing.

You can find out where the message came from by looking at the source of the email. However; like you say, if they are “in” at the Microsoft level, they aren’t spoofing, they’re working “through” the account of the compromised 3rd party.

Humus B. Chitinme
Humus B. Chitinme

The company I worked for was a govt contractor so we had to use the military training program. Ya, don’t delete it, call your IT office or security monitor immediately. Every year we had to go through it. So happy to be retired now.

CT
CT

Probably cia or fbi or doj

Duckandcover
Duckandcover

You gotta be careful. Cut a check. Walk it over to your attorneys. No wire transfer bulls**t.

JustGram
JustGram

PV was specifically targeted. They were not a random target.

Christopher
Christopher

Take no shit! Right on!!!

Obama bin Biden
Obama bin Biden

Dupe.

Maximillian
Maximillian

Criminal element? Democrat hacker? Deep State hacker?

name
name

Peaceful hack I suppose?

Humus B. Chitinme
Humus B. Chitinme

Mostly peaceful

RFWOODWORKS
RFWOODWORKS

NO PHONE CALL TO CHECK THE NEWLY GIVEN ACCOUNT NUMBER?

AOConMyNuts
AOConMyNuts

God bless James and Project Veritas. They’re over the target and in harm’s way.

Watergeek
Watergeek

Probably the FBI or other partisan US spy agency that has been corrupted into an arm of the democrat party. Project Veritas is on the side of truth, so they will be attacked by our fake government. Simple.

Maybe We Were Born For This
Maybe We Were Born For This

We are the leaders we have been waiting for…

Pesky Wabbit
Pesky Wabbit

beeld bak beeta

OwenMathi.s8
OwenMathi.s8

ok

Vince
Vince

That was thoughtful.

Comments like yours are what I come to CFP to read, for sure.
/sarc

What are you, about 12?

Don B.
Don B.

We need truth uncovered, now more than ever. This work is absolutely vital to overcoming the tremendous evil we all know is vast by all the recent exposure! God bless PV!

WindUpRubberFinger(dot)com
WindUpRubberFinger(dot)com

Project Veritas has been exposing what most people would call conspiracy theories. But they’re not theories once they’re exposed!

This is precisely why they are being attacked. They are being attacked on all fronts –because there are so many real conspiracies!

With each attack Project Veritas is made stronger. With each attack Project Veritas gains more credibility and more viewers.

Those who oppose the truth can’t see this. It’s largely why they are attacking them in the first place. The truth is a mirror by which all those opposing it can see themselves. Stopping the truth is a way for those who want to avoid the truth, to feel a little better. When you’re a liar, the less people know, the better.

There is an end to this. The side of evil and lies gets weaker and weaker in the face of truth.

Just look at the vaccine push. As more truth comes out, the weaker their argument gets. If any of what’s been said about vaccines by our “officials” were true, their narrative wouldn’t change daily. People like Fauci are running from their lies, running from the truth, but it’s catching up!

God speed patriots! Our country isn’t done yet!

Maybe We Were Born For This
Maybe We Were Born For This

Know that when u r taking flak, u r over the target! #blessjamesokeefe #Courage is contageous #saveAmerica

Observer
Observer

This may be old news to the CFP readers but I guarantee that a large sad swath of the population is just now getting an understanding of the whole phish pond corruption.

octaviojimenez77@gmail.com
octaviojimenez77@gmail.com

What losers when you’re losing the argument and being caught as a fraud go after the opposition’s bank account that’s all they’ll do

MarkSmith
MarkSmith

Prolly a gubment entity.

RicoD
RicoD

This is not a hack. It’s called phishing, and candidly I’m a little disappointed that project veritas fell for this. Considering what they do they should have some training on this. I work in the financial industry’s and they train us on this. They should have known this was a fraudulent email.

Also please anytime you send a wire to someone call them to verbally confirm the account number prior to sending the wire. This is standard protocol in the real estate industry among others and should be in all situations. Unless the money you’re wiring is money you can live without

Brad
Brad

It was more than simply phishing if they knew the day amount and lawfirm the money was to go to.

Rebelinme2
Rebelinme2

Perhaps you could offer to donate your services to Project Veritas and join the patriots in action.

Rebelinme2
Rebelinme2

Perhaps you could offer to donate your services to Project Veritas and join the patriots in action.

Major king Kong
Major king Kong

Were was gorge soreass?

OldRktSciGy
OldRktSciGy

Didllin’ little kids.

JimBob
JimBob

LOL James never give out personal info if you dont know or call them first to verify.

That wasnt very smart

buck naked
buck naked

i love PV but… ANYTIME ANYONE asks you to send banking info you HAVE to PAINSTAKINGLY verify FIRST… sloppy…

buck naked
buck naked

despite that, i’m donating, they do god’s work

Zakky
Zakky

Stop dead in your tracks. In the 70s wire fraud was
prevalent. So, we’ve had time to understand. PV, just an oversight. Expensive one but it won’t happen again🇺🇲🇺🇲

Learntocode80211
Learntocode80211

God Bless you James. All the best. You are a true patriot, an honest journalist, and a great American.

Thank you 🙏 10,000 x

TeenkerbelleBR
TeenkerbelleBR

Haters gonna hate. O’Keefe is causing change. He’s exposing the cockroaches and they don’t like the light. May God put his protection over this man and his organization while he does the work of the People. He needs protection from all the enemies who wish him harm. We need more good people like him exposing the truth.

Mozart
Mozart

FOCKING MOVE TO A NEW, HIGHER LOCATION WHERE YOU FOCKING CAN’T GET FLOODED!

Kureelpa
Kureelpa

Project Veritas works harder than any organization to out the criminals, they are doing the work of the MSM & they have grown very quickly.
I just donated to them again & I’ll keep on donating, I have always donated to Judicial Watch too – but have you ever seen their Organization & how many Lawyers they have on Staff?

Capt. Hook
Capt. Hook

Probably the NSA

DarnTootin'
DarnTootin'

Just ordered some merch to help support the cause. Keep up the great work!

Buck
Buck

Donation on the way.

grumpyMitch
grumpyMitch

That’s an old type of scam. Always check with the supplier if you get an email like this.

notme
notme

Common spearphishing would be to send an email w/ the invoice/payment request posing as the lawyer… but if the request came within the same email string (ie a reply that includes the previous emails) then that seems to imply a malware infection or compromised credentials somewhere.

JimBob
JimBob

phone call

donduzit
donduzit

Gods speed and blessings to Project Veritas

justfortheLOL
justfortheLOL

This is a well known type of fraud and has been a common tactic for at least a decade, anyone in banking industry, real estate industry, or investment industry could’ve told you how to protect yourself from this type of fraud. Not sure how a guy as smart as Okeefe could allow this to happen. OKeefe really needs to hire a consultant to help him understand how to protect his business from cyber threats and financial fraud.

allonright
allonright

Not everyone is a technology guru. Mr. O’keefe would be best served to stick with what he does best – exposing the liars, the cheaters and in the cases of democrats, PP and antifa/blm, the murderers. He should hire tech pros to handle ‘back-office’ technology/security requirements. But donations are on their way anyway.

RicoD
RicoD

It’s not technology dude technology has nothing to do with this. Literally common sense. When sending funds via wire using wiring instructions provided to you via email you should scrub that email. To ensure that it is a good email. And no matter what you think of the email you should always call to confirm verbally the account number. This is the best way to ensure you don’t fall victim to wire fraud

RicoD
RicoD

It was probably a dim-witted accountant. You’re right anyone working in the industries you listed would have figured this out really quickly. Also it’s never a good idea to send wires without confirming the account number verbally. I repeat verbally

Hogan
Hogan

They could use some donations right now. 👍