Fake journalists tried to hack Saudi critic

Hackers impersonating journalists tried to intercept the communications of a prominent Saudi opposition figure in Washington, The Associated Press has found.

One attempt involved the fabrication of a fake BBC secretary and an elaborate television interview request; the other involved the impersonation of slain Washington Post columnist Jamal Khashoggi to deliver a malicious link.

Media rights defenders denounced the hacking effort, which they said would make it harder for genuine reporters to do their jobs.

“It’s incredibly dangerous to employ this kind of tactic,” said Elodie Vialle, who heads the technology desk at Paris-based Reporters Without Borders. “The chilling effect is that people are deterred from speaking to journalists. In the end, it undermines the freedom of information.”

The most involved masquerade took place in February of this year, when someone posing as a BBC journalist called “Tanya Stalin” emailed Washington-based Saudi dissident Ali AlAhmed inviting him to a live broadcast about Saudi Arabia. Stalin engaged with AlAhmed over several days, sending him a list of proposed topics and talking him through the logistics of his purported television appearance.

AlAhmed said he knew from the beginning that something was up.

For starters, Stalin said her position was “Secretary to the Editor In Chief,” a title that didn’t correspond to a job typically done by producers or bookers. Odder still, the message came over Gmail rather than from an official BBC address.

And then there was her eyebrow-raising last name.

“The Stalin business threw me off,” AlAhmed said in a recent interview. “I asked my wife, who is Russian, and she said: ‘No one has this name.’”

AlAhmed was right. The BBC said it wasn’t aware of anyone called “Tanya Stalin” working for the broadcaster and that the title she claimed to hold did not formally exist. An Associated Press analysis of her messages suggests the interview request was a sloppily executed trap, an attempt to get AlAhmed to click a malicious link and break into his inbox.

AlAhmed believes Saudi Arabia is behind Stalin’s emails, as well as dozens of other suspicious messages he has received over the past year. One November 2017 missive purportedly came from Khashoggi, whose killing last month on the grounds of the Saudi Consulate in Istanbul has refocused international attention on the brutality of the Arab kingdom’s leadership.

The Saudi Embassy in Washington did not return written questions from the AP.

Washington Post Executive Editor Marty Baron said the hackers’ theft of Khashoggi’s identity was “contemptible.”

A researcher with internet watchdog Citizen Lab recently reviewed AlAhmed’s emails and confirmed they were malicious — although he stopped short of drawing a link between the different messages or blaming anyone for the hacking campaign.

“This was a targeted operation designed to gain access to his accounts and private communications,” said John Scott-Railton, whose group is based at the University of Toronto’s Munk School of Global Affairs. “This does appear to be closely linked to his political activities.”

Some of the messages — like a prompt to install a “free security update” called “Ninja security” — were generic phishing messages of the type used by criminals and spies the world over. But many of the 40-odd malicious messages recovered from AlAhmed’s inbox were closely attuned to current events in the Gulf.

Most troubling was a May 31 message dressed up to look like it came from an event photography service, complete with pictures of AlAhmed holding a microphone during a question and answer session featuring the Qatari foreign minister at the American Enterprise Institute in Washington.

The photos, which appear to have been pulled off a publicly available video of the event, suggest that the hackers or someone working with them had been tracking AlAhmed’s whereabouts closely.