Dutch hacker says he logged into Trump’s Twitter account by guessing password

Twitter IA

A DUTCH ETHICAL COMPUTER hacker and cybersecurity expert claims to have logged into the personal Twitter account of United States President Donald Trump, reportedly after guessing his password. The hacker, Victor Gevers, took several screenshots of the private interface of Trump’s Twitter account, and shared them with Dutch news media, before contacting US authorities to notify them of the breach.

Trump attributes much of his popularity and electoral success to social media, and is especially fond of Twitter as a means of communication. He has tweeted nearly 20,000 times since 2015 (including re-tweets), with at least 6,000 of those tweets appearing in 2020 alone. His personal account, which uses the moniker @realDonaldTrump, has almost 90 million followers.

But Gevers, a self-described ethical computer hacker, cybersecurity researcher and activist, said he was able to guess the American president’s password and log into his Twitter account after four failed attempts. The hacker claims that Trump’s password was “maga2020!”. According to Gevers, Trump’s account did not require a two-factor authentication log-in process, which usually requires a password coupled with a numeric code that is sent to a user’s mobile telephone. As a result, Gevers said he was able to access Trump’s private messages on Twitter and —had he wanted to— post tweets in the name of the US president. He could also change Trump’s profile image, had he chosen to do so.

The Dutch hacker took several screenshots of the webpages he was able to access and emailed them to Volkskrant, a Dutch daily newspaper, and Vrij Nederland, an investigative monthly magazine. Shortly after accessing Trump’s account, Gevers said he contacted the US Computer Emergency Readiness Team (US-CERT), which operates under the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. He said the US president’s password was changed “shortly after”, and that he was then contacted by the US Secret Service.

Also on Thursday, a Twitter spokesman said the company’s security team had seen “no evidence to corroborate” Gevers’ claim. He added that the San Francisco, California-based social media company had “proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government”. Such measures included “strongly” encouraging such accounts to enable two-factor authentication, said the spokesman. But he did not specify whether Trump’s account had activated this feature. The White House also denied Gevers’ claim, calling it “absolutely not true” and adding that it would “not comment on security procedures around the president’s social media accounts”.

Author: Ian Allen | Date: 23 October 2020 | Permalink

After dropping charges, US prosecutors broaden indictment against Saudi spies

TwitterTwo days after dropping charges against three Saudi men for spying on American soil, United States prosecutors submitted a new indictment that restates the two original charges and adds five more. The original complaint was filed by the Federal Bureau of Investigation in November of last year in San Francisco, California. It accused three men of “acting as unregistered agents” of Saudi Arabia since 2015. The phrase is used in legal settings to refer to espionage.

According to the FBI, the Saudi government allegedly contacted Ali Alzabarah, a 35-year-old San Francisco-based network engineer working for Twitter. Ahmed Almutairi (also known as Ahmed Aljbreen), a “social media advisor” for Saudi Arabia’s royal family, arranged for Alzabarah to be flown to Washington to meet an unidentified member of the Saudi dynasty. He and another Twitter employee, 41-year-old Ahmad Abouammo, were allegedly given money and gifts by the Saudi government. These were given in return for the email addresses, IP addresses and dates of birth of up to 6,000 Twitter users who had posted negative comments about the Saudi royal family on social media.

Earlier this week, however, US government prosecutors filed a motion to drop the charges against the three men. The two-page filing did not offer a reason behind this sudden decision by the US government. Interestingly, however, it included a request to have the charges against the three men dismissed “without prejudice”, meaning that the US government could decide to file new charges against them in the future.

This has now happened, as the US government has filed fresh charges against the three men. In addition to the two original charges, the men have now been charged with acting as agents for a foreign government without notifying the US attorney general. They have also been charged with conspiracy to commit wire fraud, committing wire fraud and money laundering, aiding and abetting, and destroying, altering or falsifying records in a federal investigation. The indictment also specifies the financial rewards Abouammo allegedly received from the Saudi government in return for his services. These included a wire transfer for $200,000 to a shell company and associated bank account in Lebanon, as well as a luxury watch valued at $20,000.

Author: Joseph Fitsanakis | Date: 30 July 2020 | Permalink

Without explanation, US dismisses charges against Saudis caught spying on US soil

Twitter IAIn a surprising move, the United States government is seeking to dismiss espionage charges it filed last year against three men, including a member of staff of Saudi Arabia’s royal family, who were caught spying on American soil. Last November, the Federal Bureau of Investigation filed a complaint in San Francisco, accusing the three men of “acting as unregistered agents” of Saudi Arabia. The phrase is used in legal settings to refer to espionage.

According to the FBI, the charges stemmed from an investigation that lasted several years and centered on efforts by the oil kingdom to identify and silence its critics on social media. In 2015, the Saudi government allegedly reached out to Ali Alzabarah, a 35-year-old network engineer working for Twitter, who lived in San Francisco. The complaint alleges that Ahmed Almutairi (also known as Ahmed Aljbreen), who worked as a “social media advisor” for Saudi Arabia’s royal family, arranged for Alzabarah to be flown from San Francisco to Washington to meet with an unidentified member of the Saudi dynasty.

Alzabarah, along with another Twitter employee, 41-year-old Ahmad Abouammo, were allegedly given money and gifts by the Saudi government in return for supplying it with private information about specific Twitter users, according to the FBI complaint. The information provided by the two Twitter employees to the Saudi authorities allegedly included the email addresses, IP addresses and dates of birth of up to 6,000 Twitter users, who had posted negative comments about the Saudi royal family on social media. Special Agents from the FBI’s Settle field office arrested Abouammo at his Seattle home. However, Alzabarah managed to flee the United States along with his family before the FBI was able to arrest him, and is believed to be in Saudi Arabia. The FBI issued a warrant for his arrest.

In a surprising move, however, US government prosecutors have now filed a motion to drop the charges against the three men. The motion, filed on Tuesday in San Francisco, is asking for permission from the judge in the case to have all charges against the three men dismissed “without prejudice”, meaning that the US government could decide to file new charges against them in the future. The two-page filing does not offer a reason behind this sudden decision by the US government. The Bloomberg news service, which reported the news on Tuesday, said it inquired about this case by calling and emailing the Saudi Embassy in Washington, the San Francisco US Attorney’s office, and Twitter. It received no responses.

Author: Ian Allen | Date: 29 July 2020 | Permalink

News you may have missed #905

Twitter IAFrench forces kill al-Qaeda head and capture ISIS leader in Mali. In the past few days, the French military successfully conducted two key operations in the Sahel, killing the emir of al-Qaeda in the Islamic Maghreb (AQMI), Abdelmalek Droukdal, and capturing Mohamed el Mrabat, a leader of the Islamic State in the Greater Sahara (EIGS) group. The US military assisted the French special operations forces by providing intelligence that helped locate the target.

Isis operations increase in Iraq as coalition withdraws. The Islamic State staged at least 566 attacks in Iraq in the first three months of the year and 1,669 during 2019, a 13 per cent increase from the previous year, according to security analysts who track the group’s activities. The jihadists have exploited a partial drawdown of the international anti-Isis coalition, analysts said, while tensions between the US and Iran, disruption caused by the coronavirus pandemic, and political paralysis in Baghdad, have also combined to provide an opportunity for the insurgents to regroup.

Twitter removes more than 170,000 pro-China accounts. Twitter has removed more than 170,000 accounts it says were tied to an operation to spread pro-China messages. Some of those posts were about the coronavirus outbreak, the social media platform has announced. The firm said the Chinese network, which was based in the People’s Republic of China, had links to an earlier state-backed operation it broke up alongside Facebook and YouTube last year.

FBI charges Twitter employees with working as spies for Saudi Arabia

TwitterUnited States authorities have charged two employees of the social media firm Twitter and a member of staff of Saudi Arabia’s royal family with spying for Riyadh. The Federal Bureau of Investigation filed a complaint on Wednesday in San Francisco, accusing the three men of “acting as unregistered agents” for Saudi Arabia. The phrase is used in legal settings to refer to espionage.

According to the FBI, the charges stem from an investigation that lasted several years and centered on efforts by the oil kingdom to identify and silence its critics on social media. In 2015, the Saudi government allegedly reached out to Ali Alzabarah, a 35-year-old network engineer working for Twitter, who lived in San Francisco. The complaint alleges that Ahmed Almutairi (also known as Ahmed Aljbreen), who worked as a “social media advisor” for Saudi Arabia’s royal family, arranged for Alzabarah to be flown from San Francisco to Washington to meet with an unidentified member of the Saudi dynasty.

Alzabarah, along with another Twitter employee, 41-year-old Ahmad Abouammo, were given money and gifts by the Saudi government in return for supplying it with private information about specific Twitter users, according to the complaint. The information provided by the two Twitter employees to the Saudi authorities allegedly included the email addresses, IP addresses and dates of birth of up to 6,000 Twitter users, who had posted negative comments about the Saudi royal family on social media.

Special Agents from the FBI’s Settle field office arrested Abouammo at his Seattle home on Tuesday. However, Alzabarah is believed to have fled the United States along with his family before the FBI was able to arrest him. He is currently believed to be in Saudi Arabia and is wanted by the FBI, which has issued a warrant for his arrest. The Saudi government has not commented on the case. Twitter issued a statement on Wednesday, saying it planned to continue to cooperate with the FBI on this investigation.

Author: Joseph Fitsanakis | Date: 07 November 2019 | Permalink

Trump’s Twitter feed is ‘gold mine’ for foreign spies, says ex-CIA analyst

Trump 2016With nearly 53 million Twitter followers, United States President Donald Trump could easily be described as the most social-media-friendly American leader in our century. It is clear that Trump uses Twitter to communicate directly with his followers while circumventing mainstream media, which he views as adversarial to his policies. However, according to former Central Intelligence Agency analyst Nada Bakos, foreign intelligence agencies are among those paying close attention to the president’s tweets. Bakos spent 20 years in the CIA, notably as the Chief Targeter of the unit that tracked down Abu Musab al-Zarqawi, the founder of al-Qaeda in Iraq, which later evolved into the Islamic State of Iraq and Syria. In a June 23 editorial in The Washington Post, Bakos argues that President Trump’s “Twitter feed is a gold mine for every foreign intelligence agency”.

All intelligence agencies, explains Bakos, build psychological profiles of foreign leaders. These profiles typically rely on information collected through intelligence operations that are “methodical, painstaking and often covert”. The final product can be crucial in enabling countries to devise strategies that counter their adversaries, says Bakos. But with Trump, covert intelligence-collection operations are not needed in order to see what is on his mind, since “the president’s unfiltered thoughts are available night and day”, she claims. The former CIA analyst points out that President Trump’s tweets are posted “without much obvious mediation” by his aides and advisors, something that can be seen by the frequency with which he deletes and reposts tweets due to spelling and grammatical errors. These unfiltered thoughts on Twitter offer a “real-time glimpse of a major world leader’s preoccupations, personality quirks and habits of mind”, says Bakos.

Undoubtedly, she argues, foreign intelligence agencies are utilizing President Trump’s tweets in numerous ways while building his personality profile. The most obvious ways are by performing content analysis of his tweets, which could then be matched against information collected from other sources about major US policy decisions. Additionally, foreign intelligence agencies could identify media sources that the US president seems to prefer, and then try to feed information to these sources that might sway his views. Countries like Saudi Arabia and Russia may have done so already, claims Bakos. The US president’s views, as expressed through Twitter, could also be compared and contrasted with the expressed views of his aides or senior cabinet officials, in order to discern who he agrees with the least. It is equally useful to analyze the issues or events that the US president does not tweet about, or tweets about with considerable delay. One could even derive useful information about Trump’s sleeping patterns based on his tweets, says the former CIA analyst.

Bakos does not go as far as to suggest that the US president should abstain from social media. But she clearly thinks that the US leader’s use of social media is too impulsive and potentially dangerous from a national-security perspective. She also laments that, throughout her career in the CIA, she and her team “never had such a rich source of raw intelligence about a world leader, and we certainly never had the opportunity that our adversaries (and our allies) have now”, thanks to Trump’s incessant social media presence.

Author: Joseph Fitsanakis | Date: 03 July 2018 | Permalink

Fake URL shortening service was part of British online spy operation

Iran protestsAn internet website that offered free URL shortening services appears to have been a front created by British intelligence in order to spread messages and monitor activists involved in protests in Iran and the Arab world. The website was used heavily during the Iranian presidential election protests of 2009, which became known as the Iranian Green Movement. After a brief hiatus, the website was used again in 2011, as the Arab Spring revolts in North Africa and the Middle East were intensifying. The information pointing to the use of the website comes from documents leaked by Edward Snowden, the American former intelligence employee who has been granted political asylum in Russia.

According to the leaked documents, the website, lurl.me, was devised by a specialist until of the Government Communications Headquarters (GCHQ), Britain’s intelligence agency that collects signals intelligence. The unit, called Joint Threat Research Intelligence Group (JTRIG), devised the website as part of an operation codenamed DEADPOOL. The leaked documents state that the purpose of the website was to operate as a “shaping and honeypot” tool, by helping disseminate messages in support of the protests while at the same time allowing the GCHQ to monitor the protesters’ online activities. Lurl.me first appeared in June 2009 as a self-described “free URL shortening service”, using the slogan: “we help you get links to your friends and family fast”. It was used repeatedly on Twitter and other social media platforms to spread messages against the government of Iran. But the vast majority of social media accounts that made use of the website, like @2009iranfree, were operational only for a short period of time, had few followers, and ceased all activity at the end of the Iranian Green Movement. By that time, hardly anyone was using lurl.me. But the website made its appearance again on social media in April of 2011, with messages against the government of Syria. According to Vice’s Motherboard website, Tweets using the lurl.me service appeared to be active only between 9 a.m. and 5 p.m. UK time, and only on weekdays.

Both in 2009 and 2011-2013, lurl.me was used to instruct anti-government activists on how to avoid being monitored by the authorities. Some links contained instructions on how to access the Internet via satellite. Others provided directions on using proxies to access websites that were blocked by the authorities. At the same time, however, the documents leaked by Snowden show that the GCHQ also used the service to track the activities of anti-government activists who clicked on the lurl.me links, and even to ‘deanonymize’ (=to establish the real identity) of these users.

IntelNews first reported on JTRIG in February 2014, when its existence was first revealed by Snowden. The specialist unit has been associated with targeting self-described ‘hacktivist’ groups like Anonymous or LulzSec, using malware, social engineering, and other techniques. JTRIG also appears to have conducted online intelligence operations against the government of Argentina.

Motherboard reports that lurl.me was last used in November 2013, shortly after Snowden began leaking files from his secret hiding place in Russia. Motherboard said it contacted GCHQ for a reaction to the lurl.me allegations, but the agency said it would “not comment on intelligence matters”.

Author: Joseph Fitsanakis | Date: 02 August 2016 | Permalink

Research: Spies increasingly using Facebook, Twitter to gather data

Spying on social networkingBy JOSEPH FITSANAKIS | intelNews.org |
During the past four years, this blog has reported several incidents pointing to the increasing frequency with which spy agencies of various countries are utilizing social networking media as sources of tactical intelligence. But are we at a point where we can speak of a trend? In other words, is the rapid rise of social networking creating the conditions for the emergence of a new domain in tactical intelligence collection? This past week saw the publication of a new research paper (.pdf), which I co-authored with Micah-Sage Bolden, entitled “Social Networking as a Paradigm Shift in Tactical Intelligence Collection”. In it, we argue that recent case studies point to social networking as the new cutting edge in open-source tactical intelligence collection. We explain that Facebook, Twitter, YouTube, and a host of other social networking platforms are increasingly viewed by intelligence agencies as invaluable channels of information acquisition. We base our findings on three recent case studies, which we believe highlight the intelligence function of social networking. The first case study comes out of the Arab Spring, which, according to one report, “prompted the US government to begin developing guidelines for culling intelligence from social media networks”. We also examine NATO’s operations during the 2011 Libyan civil war (Operation UNIFIED PROTECTOR), when Western military forces systematically resorted to social networking media to gather actionable intelligence, by utilizing open sources like Twitter to pinpoint targets for attack. Finally, we examine the sabotage by Israeli security services of the 2011 “Welcome to Palestine Air Flotilla” initiative, a campaign organized by several European groups aiming to draw worldwide attention to the travel restrictions imposed by Israeli authorities on the Occupied Territories. Read more of this post

Analysis: CIA Open Source Center monitors Facebook, Twitter, blogs

CIA HQ

CIA HQ

By JOSEPH FITSANAKIS | intelNews.org |
The Associated Press has been given unprecedented access to the United States Central Intelligence Agency’s Open Source Center, which is tasked with, among other things, monitoring social networking media. The Center, which was set up in response to the events of 9/11, employs several hundred multilingual analysts. Some are dispatched to US diplomatic missions abroad, but most work out of “an anonymous industrial park” in the US state of Virginia, which the Associated Press agreed not to disclose. The analysts, who are jokingly known in CIA OSINT (open-source intelligence) parlance as “ninja librarians”, engage in constant mining of publicly available information. The latter ranges from articles found in scholarly journals, to civilian television and radio station programs, as well as information available on the Internet. According to the Associated Press report, the Center began paying particular attention to social networking websites in 2009, when Facebook and Twitter emerged as primary organizing instruments in Iran’s so-called “Green Revolution”. The term describes the actions that Iranians opposed to President Mahmoud Ahmadinejad took to protest the disputed election results that kept him in power. Since that time, the CIA’s Open Source Center has acquired the ability to monitor up to five million tweets a day, and produces daily snapshots of global opinion assembled from tweets, Facebook updates and blog posts. Its executive briefings reportedly find their way to President Barack Obama’s Daily Brief on a regular basis. The Associated Press was given access to the Center’s main facility, and interviewed several of its senior staff members, including its Director, Doug Naquin. He told the news agency that the CIA Open Source Center had “predicted that social media in places like Egypt could be a game-changer and a threat to the regime”, but had been unable to foresee the precise development of Internet-based social activism in the Arab world. Read more of this post

US intel wants to automate analysis of online videos

IARPA logo

IARPA logo

By IAN ALLEN | intelNews.org |
A new project funded by the US intelligence community’s research unit aims to automate the collection and analysis of videos from YouTube and other popular online platforms, with the intent of unearthing “valuable intelligence”. The program is called Automated Low-Level Analysis and Description of Diverse Intelligence Video (ALADDIN). It is directed by the Intelligence Advanced Research Projects Activity (IARPA), whose mission is to work under the Director of National Intelligence to create hi-tech applications for America’s intelligence agencies. Few people are aware of the existence of IARPA, which was quietly established in 2007, is based at the University of Maryland, and is staffed mostly by CIA personnel. The research body’s latest project apparently aims to equip the US intelligence community with the ability to scan “for the occurrence of specific events of interest” embedded in online video files, and then “rapidly and automatically produce a textual English-language recounting [and] describing the particular scene, actors, objects and activities involved”. Read more of this post

US government urged to release data on social networking spying

Facebook

Facebook

By IAN ALLEN | intelNews.org |
An Internet watchdog has filed a court complaint to force the US government to disclose how its law enforcement and spy agencies monitor social networking sites, such as Facebook and Twitter. IntelNews regulars have known since October that the CIA has invested in a private software company specializing in monitoring online social media, such as YouTube, Twitter and Flickr. Additionally, we have previously reported on persistent rumors that the National Security Agency, America’s communications spying outfit, is actively monitoring popular social networking sites in order to make links between individuals and construct maps of who associates with whom. Now the San Francisco-based Electronic Frontier Foundation (EFF) wants to find out the extent to which US intelligence and law enforcement agencies are secretly monitoring social networking sites on the Internet. Read more of this post

News you may have missed #0151

Bookmark and Share

News you may have missed #0064

Bookmark and Share

News you may have missed #0042

  • Postcards containing Cold War spy messages unearthed. The postcards, containing chess moves, were posted in 1950 by an unidentified man in Frankfurt, thought to have been an undercover agent, to Graham Mitchell, who was then deputy director general of MI5. The problem is, researchers are not quite sure whether the cryptic text on the postcards is based on British or Soviet codes, because Mitchell was suspected of being a secret Soviet agent at the time.
  • Is NSA actively mapping social networks? There are rumors out there that NSA is monitoring social networking tools, such as Tweeter, Facebook and MySpace, in order to make links between individuals and construct elaborate data-mining-based maps of who associates with whom.
  • US Senate bill would disclose intelligence budget. The US Senate version of the FY2010 intelligence authorization bill would require the President to disclose the aggregate amount requested for intelligence each year. Disclosure of the budget request would enable Congress to appropriate a stand-alone intelligence budget that would no longer need to be concealed misleadingly in other non-intelligence budget accounts.

Bookmark and Share