State sponsored raids

21clt2bassa2…we are alerting you that your twitter account […] may have been targeted by state-sponsored hackers.” This was the message that Twitter used in order to warn some 50 of its users – but the number is a provisional one – notifying them they were targeted by a computer attack, bent on snatching their IP addresses, email addresses and phone numbers.

The event dates back a month – the earliest warnings were given on December 11, 2015 – but it emerged in all of its implications last Tuesday, when some owners of the targeted accounts decided to speak out on the http://state-sponsored-actors.net website. With a lengthy call, which was translated in four languages and endorsed by more than thirty individuals and organizations, the signers asked Twitter to clarify what did happen. Actually, after having issued the warning, the Californian company refused to give further explanation, thus fueling doubts and concern among those who were involved. Concerns that appear to be justified – as the issue, dotted by a series of unclear elements, seems far from being over.

The first problem is related to the character of the attacks and the dynamics under which they have been carried out. It is actually unclear whether the perpetrators of the digital raid may have had direct access to Twitter’s servers by exploiting the vulnerabilities of the company’s defensive boundaries; or by forcing the individual accounts of the targets. It is still to be clarified whether the intrusion attempts were generated by bots – i.e. machines that were programmed in order to operate autonomously, with the intention of snatching the greatest possible load of personal information from the legitimate owners – or if they were carried out by hackers being hired expressly against specific targets (this scenario being certainly more worrisome, in comparison with the first one). Also: how Twitter did manage to detect the aggression against itself and to link it to government-related actors? Knowing the methodology with which such attacks were unleashed (and then the kind of resources that were invested, in order to carry them out) could certainly provide precious information relating to the context in which they were developed.

Not even the profile of the targeted individuals and groups is helping in shedding any light. ‘We have many hypotheses, but no certainty’ – we are being told by Anne Roth, a German activist and journalist among the signers of the call ‘Many of the receivers of the mail by Twitter are involved in the struggle against mass surveillance and use Tor (a.n. – a popular software for protecting your privacy and anonymity online). But that is not true for each and all of us’. Actually, and differently from what initially emerged, it was not only those linked to the digital activism scene to be reached by Twitter’s warning message. For example after the publication of the call CR1PT0, an IT security company featuring the Italian Army and Guardia di Finanza in its clients’ portfolio, did step forward.

But, above all, it is Twitter’s ostentatious silence to leave a wide space for other questions. A stance that may lead to think about a gag order, that is a judiciary measure – mostly used in the US and in Great Britain – issued by a court with the aim to prevent spreading of information about a given judiciary case. Already in the past Twitter itself was the recipient of such non-publication obligations: back then, it was December 2010, and a injunction by Washington’s Department of Justice imposed the social network to cooperate with the inquiries regarding the Cablegate – the publication of the entire database of US diplomatic messages by Wikileaks – warning it against releasing the news to the press.

As Andrea Shepard – one of the main Tor Project developers, who promoted the initiative as well – states: ‘Twitter’s behavior is awfully mysterious. And it is for this reason that it is important to keep attention alive on this issue. At least until they are going to decide to share a greater numbers of details with us’. Perhaps, by then, it will be possible to understand who the state sponsored actors are and for which reason Twitter was so reluctant in telling their name.