The Venezuelan government is getting ready for elections with a proxy for twitter that could be use for phishing attacks. What are they planing by having this Twitter proxy?
As many might remember during past presidential elections the majority of the population had problems resolving some domains for brief periods of times. Most end users solved this by restarting their computers, While websites that were critical to the government suffered DDoS (Distributed Denial of Service) attacks.
This year with the penetration of social networks and use that the student community of Venezuela have been giving to them to spread their message and denounce irregularities, The Venezuelan government seem to be preparing for a new attack, this time the target are the social networks.
Repeat as parrots
As every Venezuelan knows the presidential candidate and current president of the republic uses the twitter handle @chavezcandanga which is controlled by what I assume is his P.R. committee. This same group has a twitter application that makes the account of everyone who chooses to authorize it a robot (a bot account) that would automatically retweet him.
This app along with the fact that 46% of @chavezcandanga followers are ghost/fake accounts starts giving you an idea of his propaganda machinery, Here is a screenshot of the app in question RTChavezCandanga.
Lets find out who is behind this app and the proxy which are hosted under the same domain, in order to find out we will be querying the venezuela's national registry of domains maintained by the government it self.
As you can see it is clear that the Socialist United Party of Venezuela (PSUV) is responsible for anything related to finances, technical and administrative tasks for this domain.
Update: December 15, 2012
At this moment the IP 22.214.171.124 is still hosting a Twitter proxy although I don't see any malicious code you should be careful during the upcoming regional elections this upcoming Sunday the 16th.
I recommend you stay tuned and avoid accepting any new SSL certificates when using twitter during this weekend. I would also avoid to use my credentials if "mysteriously" you get prompt asking for them while navigating Twitter.com, specially if the URL doesn't begin with HTTP.