Skip to main content

Home/ International Politics of the Middle East/ Group items tagged hackers

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Ed Webb

Path to Success for One Palestinian Hacker: Publicly Owning Mark Zuckerberg | Threat Le... - 0 views

www.wired.com/...all

Palestine Israel israelpalestine hacking hackers Facebook

shared by Ed Webb on 31 Oct 13 - No Cached
  • It was August 14, and Shreateh had just reached halfway around the world to pull off a prank that would make him the most famous hacker in the Israeli-occupied West Bank. He’d discovered a Facebook bug that would allow him to post to another user’s wall even if he wasn’t on the user’s friends list. Demonstrating the bug on Zuckerberg was a last resort: He first reported the vulnerability to Facebook’s bug bounty program, which usually pays $500 for discoveries like his. But Facebook dismissed his report out of hand, and to this day refuses to pay the bounty for the security hole, which it has now fixed. Where Facebook failed, though, techies from across the world stepped in to fix, crowdfunding a $13,000 reward for Shreateh. Now that money, and Shreateh’s notoriety, is about to launch the former construction worker into a new life. He’s using the funds to buy a new laptop and launch a cybersecurity service where websites will be able to request “ethical hacking” to identify their vulnerabilities. And he’s started a six-month contract with a nearby university to find bugs as part of their information security unit. He hacks and reports flaws on other universities’ sites in his free time.
  • The West Bank is no easy place to be a hacker, or to do anything in the technology sphere. The occupied region depends on Israel for electricity, water and telecommunications, including the sluggish Internet that crawls into the South Hebron Hills. Shreateh has a well and three water tanks on his roof because Yatta only receives several days of running water every few months. Blackouts are common, and the town often goes without electricity for whole days in the winter. Partly to blame is a complex system established by the Oslo accords that splits the West Bank into three zones under different combinations of Palestinian and Israeli control. “It’s like Swiss cheese,” says George Khadder, a tech entrepreneur who worked in Silicon Valley for 13 years. He sketches how Zones A, B and C weave in, out and around each other, with chunks of Israeli settlement territory in between. “The West Bank is like an archipelago, in terms of contiguity and services. This is absolutely a problem.” This access gap is clear on the drive from Jerusalem to Yatta, which requires passing through a military checkpoint that bars Shreateh from entering Israel. The road to Yatta passes several Israeli settlements, sprawling over hilltops with their separate telecom systems, brightly lit streets and green, well-watered lawns. “The dogs in Israel drink more water than Palestinians,” the taxi driver laughs.
  • Shreateh has his own website and 44,156 followers on Facebook, many of whom spam him with questions about hacking into their boyfriends’ profiles or raising their exam grades online. Shreateh ignores them. “I am an ethical hacker,” he says. “I don’t damage or destroy.” That makes him different from some other Palestinian hackers. The same month as Shreateh’s Facebook prank, hacktivists hijacked Google’s Palestine domain, redirecting it to a page with a Rihanna background song and written message: “uncle google we say hi from palestine to remember you that the country in google map not called israel. its called Palestine” This month, another group called KDMS hacked the websites of security companies AVG and Avira, among other companies, redirecting to a site displaying the Palestinian flag, a graphic of Palestinian land loss, and a similar message: “we want to tell you that there is a land called Palestine on the earth,” it read in part. “this land has been stolen by Zionist.’
  • ...1 more annotation...
  • As for Israeli hackers, he sees them as inferior, babied by the privilege of living without occupation. “Israeli hackers all come from university classes. They have companies and courses to teach them,” Shreateh scoffs. “Palestinian hackers come from Google search and YouTube videos. We all learned on our own.”
Ed Webb

How Two Persian Gulf Nations Turned The US Media Into Their Battleground - 0 views

www.buzzfeed.com/...iran-trump-leaks-emails-broidy

UAE Qatar Saudi KSA Egypt Iraq US USA hacking media propaganda

shared by Ed Webb on 29 May 18 - Cached
  • Two rival Persian Gulf nations have for the past year been conducting a tit-for-tat battle of leaked emails in US news outlets that appears, at least in part, to have been an effort to influence Trump administration policy toward Iran.
  • On one side is the United Arab Emirates, a wealthy confederation of seven small states allied with Saudi Arabia, Iran’s bitter foe. On the other is Qatar, another oil-rich Arab monarchy, but one that maintains friendly relations with Iran, with which it shares a giant natural gas field.
  • unfolding battle alarms transparency advocates who fear it will usher in an era in which computer hacking and the dissemination of hacked emails will become the norm in international foreign policy disputes
  • ...10 more annotations...
  • “You could spend years campaigning traditionally against someone or you could hack an email account and leak salacious details to the media. If you have no scruples, and access to hackers, the choice is obvious.”
  • This is the new warfare. This is something the governments use for commercial reasons, use for political reasons, and use to destroy their opponents
  • Tensions have been building for years between the UAE and Qatar. The two have feuded over Qatar’s support for the Muslim Brotherhood, the Islamist movement that many Persian Gulf monarchies see as a threat to their hereditary kingdoms. They’ve also been at odds over Qatar’s friendly relations with Iran and its backing of the Al Jazeera television channel, whose newscasts are often critical of Arab autocrats.The feud broke into the open on May 24 last year when someone hacked into the website and Twitter account of Qatar’s government news agency, QNA, and posted news stories and tweets that quoted the country’s emir, Sheikh Tamim bin Hamad Al Thani, making bizarrely pro-Iran statements.Qatar disavowed the remarks within an hour, and its foreign minister, Mohammed bin Abdulrahman Al Thani, quickly texted the UAE’s crown prince, Mohammed bin Zayed, that the statements weren’t true. Qatar took its official news website down, and still hasn’t brought it back online.But the damage had been done
  • The UAE and Saudi Arabia, with the backing of the Trump administration, used the hacked news stories as a pretext for severing relations with Qatar, imposing a blockade, and making 13 demands, including that Qatar cut all ties with Iran and shut down Al Jazeera and all other state-funded news sites.
  • “They weaponized fake news to justify the illegal blockade of Qatar,” said Jassim Al Thani, Qatar’s Washington-based media attaché. “In the year since then, we have seen their repeated use of cyberespionage, fake news, and propaganda to justify unlawful actions and obfuscate underhanded dealings.”
  • he FBI concluded that freelance Russian hackers had carried out the operation on the UAE’s behalf
  • In June of last year, someone began leaking the contents of a Hotmail account belonging to Yousef al-Otaiba, the UAE’s flashy ambassador to the United States. The leaks were distributed to a group of online news sites, including the Huffington Post, the Intercept, and the Daily Beast.“The leakers claimed the documents had been provided to them by a paid whistleblower embedded in a Washington, DC, lobbyist group, though it’s clear from even a cursory examination that they were printed out from Al Otaiba’s Hotmail account,”
  • “It’s not clear whether Otaiba’s inbox was hacked or passed along by someone with access to the account,”
  • The most damaging email leaks came in March when someone went after Elliott Broidy, a 60-year-old American hired to lobby for the UAE, and whose company, Circinus, has received more than $200 billion in defense contracts from the country. In recent years, he’s been one of the loudest American voices against Qatar, employing tactics ranging from anti-Qatar op-eds to personally lobbying Donald Trump to support the blockade against it.Broidy was in a prime position to lobby the president. He was the Republican Party’s vice chair of fundraising until April 13, when he resigned after the Wall Street Journal revealed that he’d used Trump’s lawyer, Michael Cohen, to pay a 34-year-old former Playboy model $1.6 million in hush money after he’d gotten her pregnant. The Journal said leaked emails played no role in that coverage.
  • “There was thought and calculation behind how this material was being distributed,” Wieder, who wrote about the emails in a follow-up story, told BuzzFeed News. “It’s not the old-school, WikiLeaks, ‘everything’s up on a site; make what you will of it.’”
Ed Webb

Qatar, UAE spend heavily on lobbyists amid a war of words | News & Observer - 1 views

www.newsobserver.com/...article207455049.html

Qatar UAE US USA corruption lobbying Trump

shared by Ed Webb on 30 Mar 18 - No Cached
  • a multimillion-dollar battle for influence in Washington between bitter rivals Qatar and the United Arab Emirates
  • On Qatar's roster: Republican former U.S. Attorney General John Ashcroft, whose law firm received a $2.5 million retainer, and ex-advisers to Donald Trump's presidential campaign. The UAE has an arrangement with The Harbour Group, a public relations and public affairs firm, for up to $5 million annually. The UAE's ambassador to the United States also relies heavily on his former director of legislative affairs, Hagir Elawad. She's now a registered lobbyist who earns $25,000 a month as the embassy's chief liaison to Capitol Hill.
  • a business associate of Broidy's, George Nader, had wired $2.5 million for an influence campaign Broidy was coordinating in Washington that accused Qatar of being a state sponsor of terrorism. Nader is a political adviser to the UAE and now a witness in the U.S. special counsel investigation into foreign meddling in American politics
  • ...3 more annotations...
  • a top fundraiser for Trump filed a lawsuit against the government of Qatar and several lobbyists working for Qatar, claiming they hacked his and his wife's emails. Elliott Broidy alleged that hackers from Qatar broke into their email accounts and Qatar's lobbying team then distributed the emails to journalists in an effort to discredit him.
  • Agents of foreign governments are required to register with the Justice Department before lobbying so that there is a public record of their activities. But neither Broidy nor Nader is registered
  • Qatar has been under siege since early June, when the UAE, Saudi Arabia, and its other neighbors severed ties over claims the small, gas-rich monarchy was funding terrorism, disrupting Gulf unity and fomenting opposition across the region. They cut Qatar's air, sea and land routes, creating a de facto blockade. The countries vowed to isolate Qatar economically until it heeds their demands. But Qatar, which has denied supporting or funding terror groups, has insisted it can survive indefinitely on its own. The crisis, according to Qatari officials, was triggered nearly a year ago when hackers took over their state-run news agency and posted fabricated comments attributed to Qatar's ruler that called Iran an "Islamic power" and said Qatar's relations with Israel were "good."
Ed Webb

Exclusive: Ex-NSA cyberspies reveal how they helped hack foes of UAE - 0 views

www.reuters.com/...usa-spying-raven

US USA UAE intelligence espionage NSA

shared by Ed Webb on 11 Jul 19 - Cached
  • Project Raven, a clandestine team that included more than a dozen former U.S. intelligence operatives recruited to help the United Arab Emirates engage in surveillance of other governments, militants and human rights activists critical of the monarchy.
  • in 2016, the Emiratis moved Project Raven to a UAE cybersecurity firm named DarkMatter. Before long, Stroud and other Americans involved in the effort say they saw the mission cross a red line: targeting fellow Americans for surveillance.
  • former U.S. government hackers have employed state-of-the-art cyber-espionage tools on behalf of a foreign intelligence service that spies on human rights activists, journalists and political rivals
  • ...20 more annotations...
  • surveillance techniques taught by the NSA were central to the UAE’s efforts to monitor opponents
  • Various reports have highlighted the ongoing cyber arms race in the Middle East, as the Emirates and other nations attempt to sweep up hacking weapons and personnel faster than their rivals. The Reuters investigation is the first to reveal the existence of Project Raven, providing a rare inside account of state hacking operations usually shrouded in secrecy and denials.
  • While this activity raises ethical dilemmas, U.S. national security lawyers say the laws guiding what American intelligence contractors can do abroad are murky. Though it’s illegal to share classified information, there is no specific law that bars contractors from sharing more general spycraft knowhow, such as how to bait a target with a virus-laden email.
  • The hacking of Americans was a tightly held secret even within Raven, with those operations led by Emiratis instead. Stroud’s account of the targeting of Americans was confirmed by four other former operatives and in emails reviewed by Reuters.
  • Mansoor was convicted in a secret trial in 2017 of damaging the country’s unity and sentenced to 10 years in jail. He is now held in solitary confinement, his health declining, a person familiar with the matter said. Mansoor’s wife, Nadia, has lived in social isolation in Abu Dhabi. Neighbors are avoiding her out of fear security forces are watching. They are correct. By June 2017 Raven had tapped into her mobile device and given her the code name Purple Egret, program documents reviewed by Reuters show. To do so, Raven utilized a powerful new hacking tool called Karma, which allowed operatives to break into the iPhones of users around the world.
  • the UAE has been accused of suppressing free speech, detaining dissidents and other abuses by groups such as Human Rights Watch. The UAE says it is working closely with Washington to fight extremism “beyond the battlefield” and is promoting efforts to counter the “root causes” of radical violence. Raven’s targets eventually would include militants in Yemen, foreign adversaries such as Iran, Qatar and Turkey, and individuals who criticized the monarchy, said Stroud and eight other former Raven operatives. Their accounts were confirmed by hundreds of Raven program documents reviewed by Reuters.
  • “Some days it was hard to swallow, like [when you target] a 16-year-old kid on Twitter,” she said. “But it’s an intelligence mission, you are an intelligence operative. I never made it personal.”
  • the program took aim not just at terrorists and foreign government agencies, but also dissidents and human rights activists. The Emiratis categorized them as national security targets
  • Emirati security forces viewed human rights advocates as a major threat to “national stability,”
  • Reached by phone in London, Donaghy, now a graduate student pursuing Arab studies, expressed surprise he was considered a top national security target for five years. Donaghy confirmed he was targeted using the techniques described in the documents. “I’m glad my partner is sitting here as I talk on the phone because she wouldn’t believe it,” he said. Told the hackers were American mercenaries working for the UAE, Donaghy, a British citizen, expressed surprise and disgust. “It feels like a betrayal of the alliance we have,” he said.
  • Stroud had already made the switch from government employee to Booz Allen contractor, essentially performing the same NSA job at higher pay. Taking a job with CyberPoint would fulfill a lifelong dream of deploying to the Middle East and doing so at a lucrative salary. Many analysts, like Stroud, were paid more than $200,000 a year, and some managers received salaries and compensation above $400,000.
  • Karma was particularly potent because it did not require a target to click on any link to download malicious software. The operatives understood the hacking tool to rely on an undisclosed vulnerability in Apple’s iMessage text messaging software. In 2016 and 2017, it would be used against hundreds of targets across the Middle East and Europe, including governments of Qatar, Yemen, Iran and Turkey, documents show. Raven used Karma to hack an iPhone used by the Emir of Qatar, Sheikh Tamim bin Hamad al-Thani, as well as the phones of close associates and his brother.
  • Providing sensitive defense technologies or services to a foreign government generally requires special licenses from the U.S. State and Commerce Departments. Both agencies declined to comment on whether they issued such licenses to CyberPoint for its operations in the UAE. They added that human rights considerations figure into any such approvals.
  • But a 2014 State Department agreement with CyberPoint showed Washington understood the contractors were helping launch cyber surveillance operations for the UAE. The approval document explains CyberPoint’s contract is to work alongside NESA in the “protection of UAE sovereignty” through “collection of information from communications systems inside and outside the UAE” and “surveillance analysis.”
  • “It was incredible because there weren’t these limitations like there was at the NSA. There wasn’t that bullshit red tape,”
  • Under DarkMatter, Project Raven continued to operate in Abu Dhabi from the Villa, but pressure escalated for the program to become more aggressive. Before long, senior NESA officers were given more control over daily functions, former Raven operatives said, often leaving American managers out of the loop. By mid-2016, the Emirates had begun making an increasing number of sections of Raven hidden from the Americans still managing day-to-day operations. Soon, an “Emirate-eyes only” designation appeared for some hacking targets.
  • Stroud began searching a targeting request list usually limited to Raven’s Emirati staff, which she was still able to access because of her role as lead analyst. She saw that security forces had sought surveillance against two other Americans. When she questioned the apparent targeting of Americans, she received a rebuke from an Emirati colleague for accessing the targeting list, the emails show. The target requests she viewed were to be processed by “certain people. You are not one of them,” the Emirati officer wrote.
  • Days later, Stroud said she came upon three more American names on the hidden targeting queue.
  • occupations were listed: journalist
  • When Stroud kept raising questions, she said, she was put on leave by superiors, her phones and passport were taken, and she was escorted from the building. Stroud said it all happened so quickly she was unable to recall the names of the three U.S. journalists or other Americans she came across in the files. “I felt like one of those national security targets,” she said. “I’m stuck in the country, I’m being surveilled, I can’t leave.” After two months, Stroud was allowed to return to America. Soon after, she fished out the business card of the FBI agents who had confronted her at the airport. “I don’t think Americans should be doing this to other Americans,” she told Reuters. “I’m a spy, I get that. I’m an intelligence officer, but I’m not a bad one.”
Ed Webb

Qatar's Al Jazeera website hacked by Syria's Assad loyalists | Reuters - 0 views

www.reuters.com/...-hacking-idUSBRE8830ZI20120904

hackers hacking jazeera media television internet Syria Qatar KSA Saudi

shared by Ed Webb on 04 Sep 12 - No Cached
  • Ed Webb on 04 Sep 12
     
    Conflict by other means
Ed Webb

Exclusive: Secret Trump order gives CIA more powers to launch cyberattacks - 0 views

news.yahoo.com/ch-cyberattacks-090015219.html

Iran Russia US USA Trump CIA hacking cyberwar cybersecurity

shared by Ed Webb on 15 Jul 20 - Cached
  • The Central Intelligence Agency has conducted a series of covert cyber operations against Iran and other targets since winning a secret victory in 2018 when President Trump signed what amounts to a sweeping authorization for such activities
  • The secret authorization, known as a presidential finding, gives the spy agency more freedom in both the kinds of operations it conducts and who it targets, undoing many restrictions that had been in place under prior administrations
  • Unlike previous presidential findings that have focused on a specific foreign policy objective or outcome — such as preventing Iran from becoming a nuclear power — this directive, driven by the National Security Council and crafted by the CIA, focuses more broadly on a capability: covert action in cyberspace.  
  • ...19 more annotations...
  • countries include Russia, China, Iran and North Korea — which are mentioned directly in the document — but the finding potentially applies to others as well
  • offensive cyber operations with the aim of producing disruption — like cutting off electricity or compromising an intelligence operation by dumping documents online — as well as destruction, similar to the U.S.-Israeli 2009 Stuxnet attack, which destroyed centrifuges that Iran used to enrich uranium gas for its nuclear program
  • freed the agency to conduct disruptive operations against organizations that were largely off limits previously, such as banks and other financial institutions
  • it lessened the evidentiary requirements that limited the CIA’s ability to conduct covert cyber operations against entities like media organizations, charities, religious institutions or businesses believed to be working on behalf of adversaries’ foreign intelligence services, as well as individuals affiliated with these organizations
  • “as long as you can show that it vaguely looks like the charity is working on behalf of that government, then you’re good.”
  • Since the finding was signed two years ago, the agency has carried out at least a dozen operations that were on its wish list, according to this former official. “This has been a combination of destructive things — stuff is on fire and exploding — and also public dissemination of data: leaking or things that look like leaking.” 
  • “We’re playing semantics — destabilization is functionally the same thing as regime change. It’s a deniability issue,”
  • “Our government is basically turning into f****ing WikiLeaks, [using] secure communications on the dark web with dissidents, hacking and dumping,”
  • critics, including some former U.S. officials, see a potentially dangerous attenuation of intelligence oversight, which could have unintended consequences and even put people’s lives at risk
  • “Trump came in and way overcorrected,” said a former official. Covert cyber operations that in the past would have been rigorously vetted through the NSC, with sometimes years-long gaps between formulation and execution, now go “from idea to approval in weeks,” said the former official. 
  • an unknown group in March 2019 posted on the internet chat platform Telegram the names, addresses, phone numbers and photos of Iranian intelligence officers allegedly involved in hacking operations, as well as hacking tools used by Iranian intelligence operatives. That November, the details of 15 million debit cards for customers of three Iranian banks linked to Iran’s Islamic Revolutionary Guard Corps were also dumped on Telegram.Although sources wouldn’t say if the CIA was behind those Iran breaches, the finding’s expansion of CIA authorities to target financial institutions, such as an operation to leak bank card data, represents a significant escalation in U.S. cyber operations
  • These were operations the “CIA always knew were an option, but were always a bridge too far," said a former official. “They had been bandied about at senior levels for a long time, but cooler heads had always prevailed." 
  • “It was obvious that destabilization was the plan on Iran,”
  • Neither these two Iran-related findings, nor the new cyber finding, mention regime change as a stated goal, according to former officials. Over time, however, the CIA and other national security officials have interpreted the first two Iran findings increasingly broadly, with covert activities evolving from their narrow focus on stopping Tehran’s nuclear program, they said. The Iran findings have been subject to “classic mission creep,” said one former official.
  • senior Trump officials weren’t interested in retaliating against Russia for the election interference
  • The CIA’s “deconfliction is poor, they’re not keeping people in the loop on what their cyber operations are,”
  • This more permissive environment may also intensify concerns about the CIA’s ability to secure its hacking arsenal. In 2017, WikiLeaks published a large cache of CIA hacking tools known as “Vault 7.” The leak, which a partially declassified CIA assessment called “the largest data loss in CIA history,” was made possible by “woefully lax” security practices at the CIA’s top hacker unit, the assessment said.
  • Removing NSC oversight of covert operations is a significant departure from recent history, according to Eatinger. “I would look at the intel community as the same as the military in that there should be civilian control of big decisions — who to go to war against, who to launch an attack against, who to fight a particular battle,” he said. “It makes sense that you would have that kind of civilian or non-intelligence civilian leadership for activities as sensitive as covert action.”
  • “People thought, ‘Hey, George W. Bush will sign this,’ but he didn’t,” said a former official. CIA officials then believed, “‘Obama will sign it.’ Then he didn’t.”“Then Trump came in, and CIA thought he wouldn’t sign,” recalled this official. “But he did.”
1 - 8 of 8
Showing 20 items per page