Group items tagged

Before tuning in via Skype to oversee the murder and dismemberment of Saudi Arabian journalist Jamal Khashoggi, Saud al-Qahtani, a high-level adviser to the crown prince of Saudi Arabia, Mohammed bin Salman (MBS), was best known for running social media operations for the royal court and serving as MBS’s chief propagandist and enforcer. His portfolio also included hacking and monitoring critics of the Kingdom and MBS.

Al-Qahtani registered at least 22 domains since 2009, some of which have been used as command and control servers for malware

al-Qahtani’s posts on Hack Forums detail the hacking tools and services he purchased and used and the social media platforms and mobile apps he targeted. By June 2011, less than two years after joining the forum, he estimated that he had 90% of paid and free RATs on the market. Al-Qahtani also paid Hack Forum members to have social media accounts deleted and sought to manufacture engagement activity on major social media platforms, including YouTube and Facebook.

Two rival Persian Gulf nations have for the past year been conducting a tit-for-tat battle of leaked emails in US news outlets that appears, at least in part, to have been an effort to influence Trump administration policy toward Iran.

On one side is the United Arab Emirates, a wealthy confederation of seven small states allied with Saudi Arabia, Iran’s bitter foe. On the other is Qatar, another oil-rich Arab monarchy, but one that maintains friendly relations with Iran, with which it shares a giant natural gas field.

unfolding battle alarms transparency advocates who fear it will usher in an era in which computer hacking and the dissemination of hacked emails will become the norm in international foreign policy disputes

Project Raven, a clandestine team that included more than a dozen former U.S. intelligence operatives recruited to help the United Arab Emirates engage in surveillance of other governments, militants and human rights activists critical of the monarchy.

in 2016, the Emiratis moved Project Raven to a UAE cybersecurity firm named DarkMatter. Before long, Stroud and other Americans involved in the effort say they saw the mission cross a red line: targeting fellow Americans for surveillance.

former U.S. government hackers have employed state-of-the-art cyber-espionage tools on behalf of a foreign intelligence service that spies on human rights activists, journalists and political rivals

The Central Intelligence Agency has conducted a series of covert cyber operations against Iran and other targets since winning a secret victory in 2018 when President Trump signed what amounts to a sweeping authorization for such activities

The secret authorization, known as a presidential finding, gives the spy agency more freedom in both the kinds of operations it conducts and who it targets, undoing many restrictions that had been in place under prior administrations

Unlike previous presidential findings that have focused on a specific foreign policy objective or outcome — such as preventing Iran from becoming a nuclear power — this directive, driven by the National Security Council and crafted by the CIA, focuses more broadly on a capability: covert action in cyberspace.  

It was August 14, and Shreateh had just reached halfway around the world to pull off a prank that would make him the most famous hacker in the Israeli-occupied West Bank. He’d discovered a Facebook bug that would allow him to post to another user’s wall even if he wasn’t on the user’s friends list. Demonstrating the bug on Zuckerberg was a last resort: He first reported the vulnerability to Facebook’s bug bounty program, which usually pays $500 for discoveries like his. But Facebook dismissed his report out of hand, and to this day refuses to pay the bounty for the security hole, which it has now fixed. Where Facebook failed, though, techies from across the world stepped in to fix, crowdfunding a $13,000 reward for Shreateh. Now that money, and Shreateh’s notoriety, is about to launch the former construction worker into a new life. He’s using the funds to buy a new laptop and launch a cybersecurity service where websites will be able to request “ethical hacking” to identify their vulnerabilities. And he’s started a six-month contract with a nearby university to find bugs as part of their information security unit. He hacks and reports flaws on other universities’ sites in his free time.

The West Bank is no easy place to be a hacker, or to do anything in the technology sphere. The occupied region depends on Israel for electricity, water and telecommunications, including the sluggish Internet that crawls into the South Hebron Hills. Shreateh has a well and three water tanks on his roof because Yatta only receives several days of running water every few months. Blackouts are common, and the town often goes without electricity for whole days in the winter. Partly to blame is a complex system established by the Oslo accords that splits the West Bank into three zones under different combinations of Palestinian and Israeli control. “It’s like Swiss cheese,” says George Khadder, a tech entrepreneur who worked in Silicon Valley for 13 years. He sketches how Zones A, B and C weave in, out and around each other, with chunks of Israeli settlement territory in between. “The West Bank is like an archipelago, in terms of contiguity and services. This is absolutely a problem.” This access gap is clear on the drive from Jerusalem to Yatta, which requires passing through a military checkpoint that bars Shreateh from entering Israel. The road to Yatta passes several Israeli settlements, sprawling over hilltops with their separate telecom systems, brightly lit streets and green, well-watered lawns. “The dogs in Israel drink more water than Palestinians,” the taxi driver laughs.

Shreateh has his own website and 44,156 followers on Facebook, many of whom spam him with questions about hacking into their boyfriends’ profiles or raising their exam grades online. Shreateh ignores them. “I am an ethical hacker,” he says. “I don’t damage or destroy.” That makes him different from some other Palestinian hackers. The same month as Shreateh’s Facebook prank, hacktivists hijacked Google’s Palestine domain, redirecting it to a page with a Rihanna background song and written message: “uncle google we say hi from palestine to remember you that the country in google map not called israel. its called Palestine” This month, another group called KDMS hacked the websites of security companies AVG and Avira, among other companies, redirecting to a site displaying the Palestinian flag, a graphic of Palestinian land loss, and a similar message: “we want to tell you that there is a land called Palestine on the earth,” it read in part. “this land has been stolen by Zionist.’

evidence that the N.S.A. had infiltrated the backbone of the Middle East’s banking infrastructure.

Among the leaks on Friday was an extensive list of PowerPoint and Excel documents that, if authentic, indicate that the N.S.A. has successfully infiltrated EastNets, a company based in Dubai that helps to manage transactions in the international bank messaging system called Swift.

The latest leaks suggest that, by hacking EastNets, the N.S.A. may have successfully hacked, or at minimum targeted, computers inside some of the biggest banks in the Middle East, including ones in Abu Dhabi and Dubai in the United Arab Emirates; Kuwait; Qatar; Syria; Yemen; and the Palestinian territories.

Russian disinformation may come first to mind for interfering in U.S. politics, but some of the most damning evidence of efforts to influence the American public leads to Washington’s allies in the Middle East. Saudi Arabia and the United Arab Emirates are at the forefront of undermining democratic deliberation–from manipulating the impact of Donald Trump’s tweets, to tricking editors across the world into publishing propaganda.

The FBI in 2019 found evidence that employees at Twitter’s San Fransciso headquarters, groomed with bribes such as luxury watches, were co-ordinating with members of the Saudi royal family to obtain private information from Twitter users. In August 2022, a jury found one of these men guilty. Two others couldn’t be tried because they were in Saudi Arabia.

One of the most audacious deception operations appeared to be connected to the UAE. Between 2019 and 2021, op-eds that supported the foreign policy position of the UAE, Saudi, and the U.S. administration under Trump began appearing in numerous well-known U.S. outlets, such as Newsmax, The National Interest, The Post Millennial and the Washington Examiner. The catch: The journalists writing them did not actually exist.

Gauss marks the first time that apparently nation-state-created malware has been found stealing banking credentials, something that is commonly seen in malware distributed by criminal hacking groups.

Gauss appears to have been created sometime in mid-2011 and was first deployed in September or October of last year, around the same time that DuQu was uncovered by researchers in Hungary. DuQu was an espionage tool discovered on machines in Iran, Sudan, and other countries around August 2011 and was designed to steal documents and other data from machines. Stuxnet and DuQu appeared to have been built on the same framework, using identical parts and using similar techniques. Flame and Stuxnet also shared a component, and now Flame and Gauss have been found to be using similar code as well.

Extrapolating from the number of infected Kaspersky customers, they speculate that there may be as many as tens of thousands of other victims infected with Gauss. By comparison, Stuxnet infected more than 100,000 machines, primarily in Iran. DuQu infected an estimated 50 machines, but was not geographically focused. Flame is estimated to have infected about 1,000 machines in Iran and elsewhere in the Middle East.

A highly sophisticated computer worm that has spread through Iran, Indonesia and India was built to destroy operations at one target: possibly Iran's Bushehr nuclear reactor.

Langner thinks that it's possible that Bushehr may have been infected through the Russian contractor that is now building the facility, JSC AtomStroyExport. Recently AtomStroyExport had its Web site hacked, and some of its Web pages are still blocked by security vendors because they are known to host malware. This is not an auspicious sign for a company contracted with handling nuclear secrets.

y messing with Operational Block 35, Stuxnet could easily cause a refinery's centrifuge to malfunction, but it could be used to hit other targets too, Byres said. "The only thing I can say is that it is something designed to go bang," he said.

The relationship is unique. Over the years, the United States has agreed to sell the UAE some of its most sophisticated and lethal military equipment, including MQ-9 aerial drones and advanced F-35 fighter jets, a privilege not bestowed on any other Arab country over concern about diminishing Israel’s qualitative military edge.Some of the influence operations described in the report are known to national security professionals, but such activities have flourished due to Washington’s unwillingness to reform foreign-influence laws or provide additional resources to the Department of Justice. Other activities more closely resemble espionage, people familiar with the report said.

The UAE has spent more than $154 million on lobbyists since 2016, according to Justice Department records. It has spent hundreds of millions of dollars more on donations to American universities and think tanks, many that produce policy papers with findings favorable to UAE interests.

Since 2012, it has been the third-biggest purchaser of U.S. weapons and built what many consider the most powerful military in the Arab world by cultivating close ties to the U.S. political, defense and military establishment.

"Cyber attacks are the new reality of modern warfare," said Hayat Alvi, lecturer in Middle Eastern studies at the US Naval War College. "We can expect more... from all directions. In war, the greatest casualty is the truth. Each side will try to manipulate information to make their own side look like it is gaining while the other is losing."

In April, Saudi-based broadcaster Al Arabiya briefly lost control of one of its twitter accounts, which was then used to spread a string of stories suggesting a political crisis in Qatar. Tweets included claims that the Qatari prime minister had been sacked, his daughter arrested in London and that a coup orchestrated by the army chief was underway.

there seems little sign such incidents made a significant difference either on the ground in Syria or to the wider geopolitical picture

Despite maintaining a low profile, Oman remains an extremely important regional actor, particularly as it is on good terms with both Iran and the Saudi-West alliance. In particular, Oman was the only gulf state to recognise the 1979 peace agreement between Egypt and Israel and more recently it has played a significant role in supporting the P5+1 talks over Iran's nuclear programme, including hosting the latest round of talks.

the Sultan rules through decree and occupies several positions at the top of government

Oman has managed to cultivate a reputation as the "world's most charming police state".

“Ever since the intifada broke out in Jerusalem, there has been an online virtual war between Palestinians and Israelis. Social networks are flooded with firsthand field news, while campaigns are launched on Twitter on a daily basis to put pressure on Israel and its supporters around the world.”

Raji al-Hams, a prominent presenter at Al-Aqsa TV, said his original Facebook page was closed down after it garnered 90,000 followers. He told Al-Monitor he received “a message Jan. 15 from the Facebook administration saying I had violated the website’s rules by posting [slogans] about the intifada along with pictures of armed Palestinians."

Israel has been urging dozens of Israeli Facebook users to submit reports to the Facebook administration claiming that Palestinian pages are inciting murder. These users mention the name of these pages in the reports and the Facebook administration shuts them down, as they contain posts inciting murder and violence, which violate Facebook’s conditions.