Tuesday , May 18 2021

Details of piracy operations targeting journalists on Twitter and managed from Sanaa (Special Report)

Publication of the site – News team

Friday, November 16, 2018 10:07 p.m. M

Journalists' accounts on the "Twitter" site of piracy by sources have revealed that it operates from the Sana capital and practiced a series of Twitter accounts, most of which are known to Yemeni journalists, requesting electronic tricks, which reflect the entire network related to The task of piracy and the acquisition of these accounts to the interests of those About these processes.

On October 30, Nabil Bakiri received a letter from an account called "Salah Khashoggi" who advised him to authenticate his account with the blue mark by writing Arab technical support to Twitter through the Wasab number assigned to this order.

The account of Salah Khashoggi was still new. It was created after the death of journalist Jamal Khashoggi in early October and someone hastened to create this account, which was followed on Twitter by politicians and media. His followers climbed to more than 20,000 in record time. To attract thousands of followers.

The account of Bakiri after Tkkirh

Al-Bakiri has followed these instructions through the Wattabat number, an American number assigned to this trick, based on asking the victim to give him an email, password via email and Twitter access data, on the pretext of completing the process of authentication

After a few minutes of messages through the Watsab number, the account was calculated and the data exchanged and the executors of the process corresponded with the friends who followed Nabil and followed it on Twitter, most of the journalists.

Among these people was the colleague Amer al-Damaini, who was sworn in the same way after his correspondence with reckless account of Nabil Al-Bakiri, exploiting the trust of colleagues and excluding their deception.

Read more: The history of hacking accounts on Twitter

The obvious activity in colleagues' accounts has been the resubmission of Twitter accounts of Salah Khashoggi's account and another account called "Saudi Singer". The authors continued to attract the victims in the same way.

After 24 hours, Amer al-Damini managed to completely recover his Twitter account. Upon entering the account, it was detected that the hacker sent a confirmation message to another account called "The Warrior", an account belonging to the group of Al-Houthi at Sana. Al-Houthis, and all accounts of the accounts that were hacked, most attributed to Gulf personalities.

The warrior's account that manages piracy operations

Due to the heavy reports at the expense of "Salah Khashoggi", the impostor canceled the Twitter account and, at the same time, documented the account of the Khashoggi Khasoggi blue mark, which lost accountants one of the important accounts through which they practiced Misinformation and recruitment of victims.

Piracy hacking

But Al-Bakiri's account remained under the control of the party that captured it. Counters blocked all observers who realized that the account was compromised and warned against treatment and continued to attract new figures.

Hackers resorted to changing the Nabil account to the "Yemen Satellite Channel" disguised as a channel that operates from Cairo and follows the family of former President Ali Abdullah Saleh and posted the account of several Twitter followers of Tariq Saleh in an attempt to attract new victims and after a whole day changed the "Nora al-Jarawi, leader of the General People's Congress. The account published several tweets, some of which provoked much debate and sensitivity, before they all learned that the account was not followed by puppy

Several media friends reported the account with the same trick and, due to repeated warnings, some of them survived because of the repeated publication of acts of treason in this way, such as colleague Imad al-Mushra, who received the same message but It was rejected, but others were also caught in the trap. Happy channel

A few hours later, he could recover his account, while Bakiri returned to one of his Twitter accounts and confirmed ownership of the account through a live broadcast from his Twitter page.

An image that shows the change of account of Nabil al-Bakiri to Noura al-Jarawi

Ten days later, al-Bakiri announced on his Facebook page that he had retrieved his first account on Twitter. He kept the two accounts, but the joy was not complete. Your alternative account was calculated and seized, as well as your first account of a Twitter campaign.

An image that shows how the account name has been changed to Yemen Today Channel

Political thought

It was clear that all harassment is the focus of journalists and activists who opposed the Houthi group, of several political parties, for the same trick and complained to the activists who belonged to the Party of the General of the People's Congress of their fallen victims of this trick logo from the assignment of the pirates account called "Ammar al-Hmeikani" Son of Saleh, who lives in the UAE, who wrote them asking them to document their pages.

"The piracy team took the trust of colleagues," said Amer al-Damini to the Post. "The fact that there were no previous piracy operations in Yemen has contributed to the lack of prudence."

"It would be possible to count on this great breakthrough and avoid new companions' victims if they all responded to the warning we did on the first day, but unfortunately most of the colleagues did not cooperate enough to circulate what was done with their partner Nabil Bakiri first and second, Grande" .

Nabil al-Bakiri told "The Post" that what is happening is a desperate attempt to get information from targeted journalists, so that the benefit of this group, underlining that such a method is the behavior of Malshawi Aharan and a form of terrorism practiced For this group, there is nothing worthwhile to be afraid of. A Twitter account is just a platform to express a position and opinion on many problems.

"I felt there was something wrong with that, but I preferred to follow it to see what they wanted and I did not realize the value of the account until they could take it," said Abdul Salam al-Shurahi, a member of the Post.

Wide network

What stands out about piracy operations is the existence of a large network of accounts belonging to the hacker, some of which are in fraud and fraud of followers, and promote the account that was made in their hands and comments on how to follow the first owner.

"What drew attention is that they do not propagate any blackmail inspired by Houthi or adopt their point of view. Instead, they publish content that creates tension and whisper, as in the joke written in the name of Nora al-Jarwi. Deliberately ignored the hacker , And it saw little of the circle of friends of the victims. "

An image that shows the type of device compromised in the user account and in the user's IP

"Unfortunately, even the followers of these accounts could not recognize the change in the existing tweets published by pirates, which is clear in comparison to the time line of the total tweets in the account, and this also reflected the excessive illiteracy of many Yemen in Twitter" .

For the network through which it operates, it seems clear that there are several accounts on Twitter for Houthis, including an account called "Mujtahid" (mejholidd), An account that worked to promote Houthis, was written by pirates who kept their Bakiri partner's account, and the information arose after being recovered for a temporary period.

The "Warrior" accountWarriorYemeni) And identifies yourself as a worker for Houthis and points out the existence of the word "management" in the account, which receives the confirmation of piracy for each account and the publication of the most prominent accounts that were hacked, especially supporters of the Arab Alliance, while that the Yemeni accounts that were intercepted to not address them, to ensure that other victims continue to fall.

The list of followers followed by this account shows the existence of several names of fictitious accounts that operate in the same circle of piracy, in addition to the accounts of the leaders of Huthi, including Muhammad Ali al-Huthi, spokesman Abdul Malik al- Ajri and Houthi, Mohammed Abdul Salam, but the most prominent is the existence of accounts with the name of Shiite leaders Iraq and Lebanon, and everyone is working on leaning against each other in piracy and interacting with all the tweets they publish.

This large amount of Twitter accounts are used to inform any account run by them, and it has been observed that many of these accounts also deceive the existence of any piracy, to divert attention from what is happening.

In the piracy process, which was exposed to colleague Amer al-Damini, we followed the IP that appeared in the intrusion of your email, and the data showed that its location in the capital Sanaa, and uses the Net Yemen network in communications through of a DSL, which indicates according to technology experts that operations Piracy is carried out from an office or apartment house and is equipped with high precision techniques for this process.

Data that show the user's IP and the type of telecommunication company connected


The technology security and information engineer, Fouad Al-Karezi, said that users of social networking sites face many problems when using these sites. At the forefront of these problems is the penetration of personal accounts or email.

The reasons for this are attributed to the lack of knowledge of the security of some users on the platforms.

It is recommended to use more means of protection and security because they are ideal for them as Internet users. Among these options we should always focus: all user information must be real, especially in the email. Social communication.

Among the tips there is the importance of each platform and the means to connect a password completely different from the other platform, in addition to using an application Google Authenticator Provided by Google's parent company to protect your digital accounts, be it Facebook or Twitter or Entgram or Snabchat or even Gemel and Abizaid: "I always recommend this application and the effectiveness to protect your digital life."

"If you have questions about your phone number, you must leave your registered phone number and you can only protect yourself by email, Google Authenticator To activate binary verification.

As for Facebook, you must include between three and five trusted friends, through which you will be happy to recover your account in case of hacking.

As for Amer al-Damini, he asked for caution to communicate between media colleagues from Twitter and not respond to any anonymous account or suspicious links sent by some, advising the need to investigate any request through Twitter or others.

Al-Damaini emphasizes the importance of banning all suspicious accounts of hacking, reporting immediately and alerting the followers, as well as seeking to acquire knowledge and culture of information security technology, such as protecting accounts on social networks and knowing how to behave in the event that a colleague is hacked.

Source link