BrianKrebsMay 2, 2024

It's always amazed me that ID.me, which you have to use in order to interact w/ the IRS online these days, has a top level domain from the country of Montenegro. Ublock Origin says they're injecting tracking links from Italy's TLD when you login at the irs.gov website.

What's next? Cookies from Colombia? AI from Anguilla?

Show threadEvan B🥥ehsMay 2, 2024
@briankrebs The US is in a position of power where I don't think a country would consider hijacking domains it uses. Not to defend this, but
Show threadyoppMay 2, 2024
@eb @briankrebs and on top of that Montenegrin IT capabilities can be summed up to a fact that we had major cyberattack in ‘22 that wiped out most of gov services and some of them are not restored as for today :) Had to ask US for a help and so on. So yeah, it’s highly unlikely to be ME operation
Show threadBrianKrebsMay 2, 2024
@alex @eb IDK anything about Montengegrin IT capabilities, so I'll take your word for it. But it's worth pointing out that poorly secured or maintained IT resources can be commandeered to do crazy stuff. So your statement fills me with more dread. Thank you.
Show threadEvan B🥥ehsMay 2, 2024
@briankrebs @alex related: my recent https://boehs.org/node/medicicnes
It’s Been a Year and georgia.gov Continues to Be Hacked

Illegal drug transactions facilitated through Georgia's employee portal

Show threadyopp
@eb @briankrebs I’ve seen another subtle hack recently: I suppose CMS haven’t been patched, so all the content on a website had few words in article to be made in links that also point to some shady pharma site. I wonder if it’s possible to check backlinks from Georgia’s site. But referrer check is 👌. So simple, much efficient!
May 2, 2024 at 7:43pmWeb