In Online Ruse, Fake Journalists tried to hack Saudi critics

Hackers who act as journalists tried to intercept the communication of a prominent Saudi opposition figure in Washington, The Associated Press has found.

One attempt included the production of a fake BBC secretary and a comprehensive request for television interviews; the other concerned the imitation of the fallen Washington Post columnist Jamal Khashoggi to deliver a malicious link.

Defenders of media rights denounced hacking efforts, which they believe would make it more difficult for real reporters to do their job.

"It's incredibly dangerous to use these tactics," said Elodie Vialle, head of the technology desk at the Paris-based Reporters Without Borders. "The chilling effect is that people no longer talk to journalists, but ultimately undermine the freedom of information."

The most involved masquerade took place in February of this year, when someone posing as a BBC journalist named "Tanya Stalin" mailed the Washington-based Saudi dissident Ali AlAhmed to a live broadcast about Saudi Arabia by e-mail. Stalin contacted AlAhmed for several days, sent him a list of proposed subjects and talked to him through the logistics of his alleged television appearance.

AlAhmed said that from the beginning he knew something was wrong.

To begin with, Stalin said she was "secretary to the editor-in-chief," a title that did not correspond to a job that was mostly carried out by producers or bookers. Still Odd, the message came about Gmail instead of an official BBC address.

And then there was her eyebrow increasing surname.

The Stalin organization threw me off, "AlAhmed said in a recent interview. I asked my wife, who is Russian, and she said: "No one has this name. & # 39; & # 39;

AlAhmed was right. The BBC said she was not aware of someone named "Tanya Stalin" and worked for the broadcaster and that the title she claimed did not exist formally. An Associated Press analysis of her reports suggests that the interview request was a sloppy fall, trying to get AlAhmed to click on a malicious link and break into his inbox.

AlAhmed believes that Saudi Arabia is behind Stalin's emails, as well as dozens of other suspicious messages he has received in the past year. One message from November 2017 comes from Khashoggi, whose murder on the basis of the Saudi consulate in Istanbul last month focused international attention on the brutality of the leadership of the Arab kingdom.

The Saudi Embassy in Washington did not return any written questions from the AP.

The American editor of Washington Post, Marty Baron, said that the theft of Khashoggi's identity is vile & # 39; used to be.

A researcher with internet watchdog Citizen Lab recently checked AlAhmed's emails and confirmed that they were malicious – although he was not looking for a link between the various messages or accusing someone of the hacking campaign.

"This was a targeted operation designed to access his accounts and private communications," said John Scott-Railton, whose group is based at the Munk School of Global Affairs at the University of Toronto. "This seems to be closely linked to his political activities."

Some messages – such as a request to install a "free security update" called "Ninja Security" – were generic phishing messages of the type used by criminals and spies around the world. But many of the 40 strange messages recovered from AlAhmed's inbox were closely aligned with current events in the Gulf.

The most disturbing was a message from May 31, dressed to look like it came from an event photo service, complete with photos from AlAhmed with a microphone during a question and answer session with the Qatari Foreign Minister from the American Enterprise Institute in Washington.

The photos, which seem to have been drawn from a publicly available video of the event, suggest that the hackers or someone who worked with them closely monitored AlAhmed's location.

"That e-mail was actually when I felt fear," said AlAhmed, who says that his work is largely self-financed. "They are physically here, they are looking at me."

Scott-Railton said that the perseverance of the hackers – and the variety of different tactics they used to open the inbox of AlAhmed – pointed to a labor-intensive attempt to jeopardize the Saudi horde.

"People were given the assignment to sit on his computer in a longer period of time and crawl into his head," said Scott-Railton.

As a critic of Saudi Arabia's ruling family, AlAhmed has been a regular on Arabic and English language cable news for more than a decade. He has long served Washington's journalists as a source for the problems of the kingdom, especially with regard to extremist propaganda in the school books of the country.

Saudi Arabia is a well-known practitioner of cyber espionage. The country was unveiled in 2015 as a customer of the infamous Italian hacking company Hacking Team and a mysterious Saudi investor has since taken a minority share in the company, according to a Motherboard report published this year.

Recent reports from Citizen Lab and human rights group Amnesty International have also documented the use of Israeli spy software to break into the smartphones of Saudi human rights activists, including the resident Omar Abdulaziz, who worked with Khashoggi on several confidential projects before the columnist was killed.

The one behind the false Tanya Stalin persona or the fake email from Jamal Khashoggi gives an idea of ​​how the ever overlapping overlap between espionage and journalism has evolved in the internet age, with government-supported hackers routinely appearing as journalists or news organizations to hunt their prey. Even the FBI imitated reporters to hack their goals, at some point they pretended to be an AP journalist to locate a computer where a bomb threatens.

Scott-Railton explained that disguising as a journalist was a perfect way to get someone to let their guard down and click on a link or open an attachment.

"It ticks all kinds of boxes," he said. "It explains messages from nowhere and as part of the communication with journalists that you expect to receive documents, such as questions in advance."

The attempt to hack AlAhmed under Khashoggi's name was a simple link by e-mail, but Tanya Stalin's ruse was unusually involved.

The hackers created a fake LinkedIn profile with more than 500 connections to confirm its identity and passed it on as a graduate of journalistic schools in Columbia and Berkeley. The photo of the profile consisted of a headshot of Souad Mekhennet, a real journalist from the Washington Post who wrote about national security and the Middle East and dealt with the aftermath of Khashoggi's death.

It is not clear why the hackers used the photo of Mekhennet in the sham profile or that they even tried very hard to improve the personality & # 39; Tanya Stalin & # 39; to make it credible. Stalin did not immediately return messages that are looking for comments. Nor was there anyone behind the fake mail of Khashoggi.

Baron, the chief editor of the Washington Post, said in his statement on Wednesday that he condemned the use of the image of Mekhennet and Khashoggi & # 39; s name.

"To be clear, none of these prominent journalists had any involvement in these despicable plans," he said.