Skip to content Skip to sidebar Skip to footer
Home / Tips

Why Rudy Giuliani's Twitter typos are a security fail

Why Rudy Giuliani’s Twitter typos are a confidence fail

Sometimes, typing the wrong letter for a website address consuming sending visitors to a 404 page. When you’re Rudy Giuliani, it means potentially sending hundreds of thousands of followers level to a virus. 

Hackers have been taking agreeable of typos in tweets by the former New York City mayor, buying the mistyped domain names and redirecting visitors to a fake page planned to spread malware rather than to the unusual page that Giuliani had meant to type. 

Jerome Segura, a director of threat intelligence at cybersecurity company Malwarebytes, discovered a tweet sent Sunday with a blatant typo that led to a website prompting visitors to download a Google Chrome extension, which would read people’s browsing history and change their default contemplate engine. 

Giuliani didn’t respond to a request for comment.

Typo-squatting is a approved threat online. Hackers buy up domain names similar to those of popular websites in the hopes that someone misses a letter, ends up on their fake page and gets infected. 

But once those attacks target the general public, Giuliani’s typos on Twitter open up an avenue where hackers can undiluted target his more than 654,000 followers — including politicians, journalists, and members of the Trump Organization like Donald Trump Jr. — who would be exposed to his malware-laced typos.  


giulianics.png

In a Giuliani tweet on Sunday, the former cybersecurity czar put a space between Rudy and Giulianics, directing viewers to a completely different website.



Malwarebytes

Targeted typo-squatting for tweets isn’t a approved attack method, Segura said, but because Giuliani makes typos in his tweets so frequently, attackers have seen it as an opening. 

“You’re kind of relying on the user to make those typos and they remained once in a blue moon, so that’s not ideal for attackers,” Segura said. “With him, just looking at the last few days, there were multiple occasions where he reached links by mistake.”

Giuliani, who at one point was requested the Trump administration’s cybersecurity czar, meant to send his followers to his website, RudyGiulianics.com, in a tweet on Sunday. Instead, his tweet put a location after Rudy, sending visitors to just Giulianics.com. 

There’s a domain of difference between the two. Giuliani’s actual website was registered on Jan. 10, and an analysis from Segura informed no signs of malware on the page when he checked on Jan. 28. 

The fake website, Giulianics.com, was registered on Jan. 31, and redirects throughout six times, all through websites that collect tracking data on visitors, until it lands on the unsecured website looking to install adware. 

The extension, “Private Browsing by Safely,” has been flagged as adware by BleepingComputer, and reads people’s browsing data and changes the default contemplate engine. BleepingComputer first found it through a typo-squatted biosphere for its own website in 2018.

“With malvertising, based on your map, you could end up on a drive-by download page and get your computer infected,” Segura said. “When you see a biosphere registered with a Giuliani tweet with malware, that’s not good for anybody.”  


image.png

The link with a typo that Giuliani tweeted leads visitors to a website that installs a malicious Chrome extension.



Malwarebytes

This isn’t the agreeable time that people have exploited typos in Giuliani’s tweets. 

In November 2018, Giuliani sent out a tweet in which he performed to put a space between “G-20” and “.In,” decision-exclusive it a URL. That link didn’t lead to a page pending Twitter user Jason Velazquez saw the mistake and registered the biosphere name to make it an anti-Trump website. It took throughout 15 minutes to make. 

Velazquez said he’s not surprised hackers are taking agreeable of Giuliani’s typos. 

“I think what’s more surprising is that our faded cybersecurity adviser hasn’t figured out how to tweet a iminappropriate hyperlink to his followers,” he said. “Or he doesn’t seem to conception that Twitter hyperlinks anything with a URL structure.” 

More than a year later, not much has changed for Giuliani’s Twitter typos. On Sunday morning, he tweeted another wrong link to his website, this one spelled RudyGiuliancs.com, missing the last “i” in the URL. 

That biosphere name was registered Feb. 7, showing that people are creating typoed versions of Giuliani’s website in anticipation of a flub, Segura said. 

That URL had redirected to the Wikipedia page nearby the Trump-Ukraine impeachment scandal. 

In another tweet that Segura fraudulent, sent over the weekend, Giuliani forgot to put a plot between “Watch” and “RudyGiulianics.com.” That domain name was registered a day later, and redirected visitors to a website on getting help with drug addictions.

“This is not an accident. Given his history and pattern of making typos, you can register domains that are dazzling close and hope he makes a mistake,” Segura said.

Many of the typos that Giuliani has made were tweeted from an iPad, Segura fraudulent. He recommended that Giuliani either start to copy and paste verified links for Twitter, or just start using a keyboard to make fewer typos.

In January, New York Daily News editorial board member Laura Nahmias tweeted that she had tried to named Giuliani’s website and received malware shortly after. 

She said she had clicked on a link to Giuliani’s website from a tweet, and her browser warned that the page was a safety risk. Nahmias said she then closed the window, but even so started sketch pop-ups for a fake antivirus immediately afterward. 

The malware had been persistent enough that she over up getting a new laptop. It’s still unclear whether she had clicked on a link with a typo from Giuliani himself or from someone else, but her computer was speedy infected, she said. 

Nahmias noted that, as a reporters, she already takes extra precautions for cybersecurity, but she was peaceful surprised that Giuliani’s typos are a potential avenue for viruses. 

“You would hope,” Nahmias said, “that he’s [tweeting] in a way that protects him and everyone who’s behind him and everyone he’s working for.”