Posted by Kane on September 15, 2021 5:23 amNEWS JUNKIES -- CHECK OUT OUR HOMEPAGE
New video from Project Veritas last night — O’Keefe explains what happened
IF WE ONLY HAD 1/4 PATRIOTS OF THIS CALIBER, WE WOULD BLOW AWAY THE NAZIS. NO TURNING. NO COMPROMISE. NO TURNING BACK. THANK YOU JAMES. YOU ARE AN AMERICAN HERO!
Happens every day, it is known as Office365 and it is the cause of all these.
He’s gone a long way since acorn, he’s changed a lot and their law suit record is amazing! I’m proud of this guy, he’s taking it to the communists faces every day!
The Hack was somewhere within the Swamp by a 3 letter Democrat Agency.
Keep it up James.
We are with you.
The patriots at Project Veritas were victims of the Microsoft Azure hack. Microsoft originally denied the claims that they themselves were hacked, claiming instead it was an exploitation of SolarWinds, but have eventually admitted they themselves were breached.
The way these scumbags managed to pull this off was to access their Exchange (Outlook Mail) settings and create a “rule” that would ‘copy’ the scumbags on any transaction that was sent or received. They would then seize an opportunity to redirect any payments to themselves – a shell operation in northeast Africa.
If there is a Hell, there MUST be a special place for crooks like this.
In the meantime, as a professional in the business, I’d highly suggest you take a moment to go into your Hotmail, Live, MSN or Outlook settings on outlook.com, if applicable, and verify that your account doesn’t include a rogue “rule” that has been created. Also, enable MFA (Multi-Factor Authentication) if you haven’t already.
Several of my clients became aware of this issue when they suddenly began receiving a message on every attempt to send an email that “the following recipient could not be reached.” They of course had NO idea who that recipient was until I looked into their Microsoft Account and found a “rule” forwarding any and all email to another email recipient.
Thanks, be safe, stay healthy!
Also: if one’s transaction is greater than $X (one determines one’s own particular risk factor) then if any instructions change, verify them via phone conversation.
For me, X would be 0. If ANYTHING changes, I want to talk to someone.
Also James did mention that “a couple of the letters in the email address were different” so that’s really bad, on James or his staff’s part. They gave that money away. Perhaps they were using a mailreader that “only” displays the “friendly name” portion, and not the entire email address?
No, I went back and checked; at 1:01 he shows an image with some of it blackened out, but there is visible “onmicrosoft.com>” so it DID show the full, actual email address to the user who opened it and sent the money.
Mistakes happen; they’ll be more careful in the future, I am certain. Just donated.
The GoFundMe refund scam is atrocious.
God bless James, thank you for all you’re doing. Be safe.
Hard to believe someone wouldn’t bother to verify, re-verify, and then call a person to check the details again when wiring this amount of money. PV must be rolling in dough.
Exactly. They do great work, but they don’t need to beg for donations for the flooding. The donations should go to their sting operations.
Go Project Veritas!
These are some of the last true reporters left in this country who are uncovering and exposing corruptions and wrong doing.
The law firm impersonation via email regarding the wire transfer payment of $165k is what IT security professionals call a Spear Phishing attack. The un-redacted domain name is .onmicrosoft.com which is used by Office 365 when you do not have a registered domain name. i.e. should be @lawfirm.com so that’s a red flag. The lawyer and firm should be using a real domain name and not the generic onmicrosoft.com.
Spear Phishing is not “hacking” it is social engineering using insider information to make it look very legitimate. They impersonated the lawyer and if Project Veritas actually wired money to them then they were scammed not hacked. There are several steps you can take to help reduce these attacks but the most important is training of staffers to identify these phishing attacks. To always err on the side of caution and suspicion. If they had instead emailed or called the real lawyer directly they would have been alerted to the scam. Attention to detail is important when responding to emails or clicking links in emails. There are so many scammers out there. Most larger companies with IT staff, mandate phishing training and send fake phishing test emails to evaluate how well the training is working. If you mess up on these phishing tests you get sent back to remedial anti-phishing online training. Some employers have sadly had to terminate careless employees who kept repeatedly failing the phishing tests. “We’re sorry but you are either too careless or too dumb to work here anymore”.
Two network companies were in the process of merging. Ubiquity and UniFi and scammers launched a similar spear phishing attack impersonating the Ubiquity CFO instructing his accounting department to complete the merger by wire transferring millions of dollars. Whoopsie, it was a scam! They lost most of the money and never got it back. By the time someone raised a suspicion it was almost too late. https://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/
Spear Phishing attacks rely on insider information. In some cases that can be researched externally and in other scenarios hackers might have accessed Project Veritas systems or in this case perhaps the law firms systems. They knew enough to immediately inject the impersonated reply into that email chain. Which means somehow they were watching the conversation take place remotely. They prepared a 365 email account to trick the Project Veritas staffers.
Hacking is when the bad actors penetrate your network, have remote access to your computers and systems. Capture your passwords and use them. Sony (Columbia) Pictures was hacked for months and 100TB’s of data was exfiltrated before they unleashed a ransomware attack to destroy systems and data. It is believed to have been North Koreans who attacked them over the movie “The Interview (2014) staring Seth Rogan & James Franco”. The hackers had no intention of taking ransom money and providing decryption keys. They released sensitive information such as the salary information of management, stolen pre-release movies, various contracts with actors, etc. It was extremely embarrassing and damaging to Sony Pictures. Employees came to work after a 3-day weekend and all their screens had a message from the hackers and a skeleton image on the screen. The servers were all encrypted by the hackers. It was one of the worst hacks ever published in the media. Sony’s security was unimaginably poor, outdated and they didn’t even follow rudimentary best practices. The hackers likely had several employees click on phishing attacks, providing their passwords to the hackers or installing malware. The hackers then kept a low profile and jumped from system to system, causing issues where the users had to call the Help Desk and when a technician logged on with a privileged account, the hackers captured that password. Once they obtained highly privileged account passwords they could access servers and network switches, etc. They could access every computer in the company. They got into the HR department laptops and then captured the Workday passwords and had unmitigated access to the entire companies HR data. They stole every employee’s personal data. It was truly a nightmare of epic proportions.
An outfit like Project Veritas needs to seriously up their security game because they most certainly will see many more attacks in the future.
Thank you – quite interesting…and sobering.
The Sony hack was likely an insider, they wanted to blame it on NK for movie publicity and lack of culpability. The FBI claims the Norks did it, but they couldn’t reliably tell you the day of the week, so who knows.
It is strange to call it ‘Phishing’. The Ph- prefix is back from the old days of Phone hacking that was Phreaking.
You make a good case for limiting online data as much as possible. At least until security can truly be relied upon.
Joe Biden, imo, did considerable damage to the reputation of our security teams when he made the statement, ‘We just have to get used to the hacks.’ I respectfully disagree. For him to tell the American public that they will continue to be targeted by criminals, unbeknownst to them in most cases, was irresponsible. Weak. He may as well have said, ‘I give up,…have at it.’ A National Security failure.
Yep, pretty common, I’ve seen it multiple times with companies that do wire transfers. People need to use common sense, but more importantly they need to use an email encryption service for financial transactions – sending bank transfer information via email is just asking for fraud.
I disagree. This was NOT just a phishing scheme.
I do not disagree that everyone should be aware of the scheme you describe, but this was NOT the case in this matter. In this case, I believe there was an infiltration & exploitation to the Azure server and the fault is not with Project Veritas.
This theft occurred because the Microsoft Azure (Enterprise) servers had been compromised. Microsoft has admitted this and I’ve personally investigated Microsoft Azure accounts that have been modified.
Further, I gave depositions regarding a theft that occurred from a 3rd party client of mine who had the exact same thing occur to him which is why no party thought anything was odd or out of place.
The email addresses were IDENTICAL, because the email had been created on the Azure server, logged in as the user himself.
That’s precisely why many large companies are yet to jump onto the idea of expanding Active Directory Services, outside of their corporate networks. I’ve seen the same thing.
You can find out where the message came from by looking at the source of the email. However; like you say, if they are “in” at the Microsoft level, they aren’t spoofing, they’re working “through” the account of the compromised 3rd party.
The company I worked for was a govt contractor so we had to use the military training program. Ya, don’t delete it, call your IT office or security monitor immediately. Every year we had to go through it. So happy to be retired now.
Probably cia or fbi or doj
You gotta be careful. Cut a check. Walk it over to your attorneys. No wire transfer bulls**t.
PV was specifically targeted. They were not a random target.
Take no shit! Right on!!!
Criminal element? Democrat hacker? Deep State hacker?
Peaceful hack I suppose?
NO PHONE CALL TO CHECK THE NEWLY GIVEN ACCOUNT NUMBER?
God bless James and Project Veritas. They’re over the target and in harm’s way.
Probably the FBI or other partisan US spy agency that has been corrupted into an arm of the democrat party. Project Veritas is on the side of truth, so they will be attacked by our fake government. Simple.
We are the leaders we have been waiting for…
beeld bak beeta
That was thoughtful.
Comments like yours are what I come to CFP to read, for sure.
What are you, about 12?
We need truth uncovered, now more than ever. This work is absolutely vital to overcoming the tremendous evil we all know is vast by all the recent exposure! God bless PV!
Project Veritas has been exposing what most people would call conspiracy theories. But they’re not theories once they’re exposed!
This is precisely why they are being attacked. They are being attacked on all fronts –because there are so many real conspiracies!
With each attack Project Veritas is made stronger. With each attack Project Veritas gains more credibility and more viewers.
Those who oppose the truth can’t see this. It’s largely why they are attacking them in the first place. The truth is a mirror by which all those opposing it can see themselves. Stopping the truth is a way for those who want to avoid the truth, to feel a little better. When you’re a liar, the less people know, the better.
There is an end to this. The side of evil and lies gets weaker and weaker in the face of truth.
Just look at the vaccine push. As more truth comes out, the weaker their argument gets. If any of what’s been said about vaccines by our “officials” were true, their narrative wouldn’t change daily. People like Fauci are running from their lies, running from the truth, but it’s catching up!
God speed patriots! Our country isn’t done yet!
Know that when u r taking flak, u r over the target! #blessjamesokeefe #Courage is contageous #saveAmerica
This may be old news to the CFP readers but I guarantee that a large sad swath of the population is just now getting an understanding of the whole phish pond corruption.
What losers when you’re losing the argument and being caught as a fraud go after the opposition’s bank account that’s all they’ll do
Prolly a gubment entity.
This is not a hack. It’s called phishing, and candidly I’m a little disappointed that project veritas fell for this. Considering what they do they should have some training on this. I work in the financial industry’s and they train us on this. They should have known this was a fraudulent email.
Also please anytime you send a wire to someone call them to verbally confirm the account number prior to sending the wire. This is standard protocol in the real estate industry among others and should be in all situations. Unless the money you’re wiring is money you can live without
It was more than simply phishing if they knew the day amount and lawfirm the money was to go to.
Perhaps you could offer to donate your services to Project Veritas and join the patriots in action.
Were was gorge soreass?
Didllin’ little kids.
LOL James never give out personal info if you dont know or call them first to verify.
That wasnt very smart
i love PV but… ANYTIME ANYONE asks you to send banking info you HAVE to PAINSTAKINGLY verify FIRST… sloppy…
despite that, i’m donating, they do god’s work
Stop dead in your tracks. In the 70s wire fraud was
prevalent. So, we’ve had time to understand. PV, just an oversight. Expensive one but it won’t happen again🇺🇲🇺🇲
God Bless you James. All the best. You are a true patriot, an honest journalist, and a great American.
Thank you 🙏 10,000 x
Haters gonna hate. O’Keefe is causing change. He’s exposing the cockroaches and they don’t like the light. May God put his protection over this man and his organization while he does the work of the People. He needs protection from all the enemies who wish him harm. We need more good people like him exposing the truth.
FOCKING MOVE TO A NEW, HIGHER LOCATION WHERE YOU FOCKING CAN’T GET FLOODED!
Project Veritas works harder than any organization to out the criminals, they are doing the work of the MSM & they have grown very quickly.
I just donated to them again & I’ll keep on donating, I have always donated to Judicial Watch too – but have you ever seen their Organization & how many Lawyers they have on Staff?
Probably the NSA
Just ordered some merch to help support the cause. Keep up the great work!
Donation on the way.
That’s an old type of scam. Always check with the supplier if you get an email like this.
Common spearphishing would be to send an email w/ the invoice/payment request posing as the lawyer… but if the request came within the same email string (ie a reply that includes the previous emails) then that seems to imply a malware infection or compromised credentials somewhere.
Gods speed and blessings to Project Veritas
This is a well known type of fraud and has been a common tactic for at least a decade, anyone in banking industry, real estate industry, or investment industry could’ve told you how to protect yourself from this type of fraud. Not sure how a guy as smart as Okeefe could allow this to happen. OKeefe really needs to hire a consultant to help him understand how to protect his business from cyber threats and financial fraud.
Not everyone is a technology guru. Mr. O’keefe would be best served to stick with what he does best – exposing the liars, the cheaters and in the cases of democrats, PP and antifa/blm, the murderers. He should hire tech pros to handle ‘back-office’ technology/security requirements. But donations are on their way anyway.
It’s not technology dude technology has nothing to do with this. Literally common sense. When sending funds via wire using wiring instructions provided to you via email you should scrub that email. To ensure that it is a good email. And no matter what you think of the email you should always call to confirm verbally the account number. This is the best way to ensure you don’t fall victim to wire fraud
It was probably a dim-witted accountant. You’re right anyone working in the industries you listed would have figured this out really quickly. Also it’s never a good idea to send wires without confirming the account number verbally. I repeat verbally
They could use some donations right now. 👍
< CITIZEN FREE PRESS -- HOMEPAGE