Questions about Twitter's notice of possible attacks by “state-sponsored actors”
It has been several weeks since Twitter alerted some of its users that so-called state-sponsored actors may have attempted to hack their accounts. Some of us who received this alert published the news on Twitter, and some of us talked to the media. The incident generated considerable interest and puzzlement.
We hoped to learn more by and by. Some of us sent inquiring emails to Twitter. We expected follow-up reporting by journalists who had read between the lines, had connected these alerts to other similar ones sent by different companies, or had talked to inside sources at Twitter.
Today, we are as clueless as when this started. We await answers to the following questions:
Nature of the attacks
- When did the attacks happen -- directly prior to the first alerts in December 2015, or during a longer period previously?
- Are the attacks ongoing?
- What were the attackers interested in? The alert email message speaks of phone numbers, IP addresses, and email. Was there anything else?
- How were the attacks detected?
- Were these automated brute-force attacks, or customized attacks with a human behind them, or something else?
- Did the attackers gain administrative or other direct access to Twitter's servers?
- Why does Twitter suspect that the attacks came from state-sponsored actors?
- How does Twitter define a state-sponsored actor?
- Has Twitter identified any specific state as the source of the attacks?
- Have the attacks come from actors with ties to the US government?
- Are all of the attacks coming from the same actor(s)?
- What else does Twitter know about the attacks?
Reasons for targeting
- What is the common element, if any, among the targeted accounts?
- Were accounts attacked because of not using Tor / because of using Tor / despite using Tor?
- Are Twitter's alerts sent by humans or by machines responding to irregular activity?
- Why did Twitter start sending the alerts now?
- Other companies have started sending out similar emails, e.g., Facebook, Google, and Yahoo. Is this a concerted effort? What is the background or the aim of the notifications?
- Why are there different kinds of notifications (email vs. popup)?
- What is the purpose of Twitter's recommendation to use Tor, when many of the targeted accounts already use Tor?
- Why isn't Twitter telling us more?
- Is Twitter's silence the result of a gag order?
- Has Twitter received warrants, subpoenas, or National Security Letters in connection with the attacks?
We, the undersigned, are owners of accounts that were notified of a possible attack. Other Twitter users have decided not to publicly reveal that they were targeted.
We all want to know how we got into this.
If anybody reading this post has knowledge or insight into what happened, please share it with us.
And to our friends in the news media: Feel free to contact us if it helps your reporting.
- Anne Roth – @annalist / @Anne_Roth – annalist[at]riseup.net
- Jens Kubieziel – @qbi – jens[at]kubieziel.de
- Colin Childs – @phoul – colin[at]torproject.org
- Coldhak – @coldhakca – contact[at]coldhak.ca
- Sascha Wagner – @sashw89
- Aeris – @aeris22 – aeris+ssa[at]imirhil.fr
- Herdir – @Herdir – hacker[at]herdir.net
- Collectif Café Vie Privée – @chiffrofete
- Philipp Winter – @__phw
- Doc Josiah Boone – @docboone71
- David Robinson – @jdormansteele – dwrob[at]oneeyedman.net
- Seattle Privacy Coalition – @seattleprivacy – contact[at]seattleprivacy.org
- Cassie – @myriadmystic
- Cédric Jeanneret – @swisstengu / @ethack_org / @orwallapp
- Hendrik Kraft – @hendrikkraft – sibiuaner[at]riseup.net
- Fabio Noris – @norisfabio
- Christopher Talib – @_piks3l
- Michael Carbone – @wandermfc
- Patrick R McDonald – @antagonismorg
- ctrlplus – @ctrlplus_
- Christian Tanner – @christiantanner
- Wendy – @Wendy71x
- Phil Mocek – @pmocek – phil[at]mocek.org
- economicmayhem.com – @economicmayhem
- Andrea Shepard – @puellavulnerata – andrea[at]persephoneslair.org
- Lee Colleton – @sleepylemur / @WikiLeaksEV – firstname.lastname@example.org / silently[at]riseup.net
- EvoluSiN – @EvoluSiN
- Jeremy Rand – @biolizard89
- Peter Welchering @welchering
- Theresia Reinhold – @Pandemonium21
- Fitzkarraldo – @fitzkarraldo
- CR1PT0 – @CR1PT0
- Wagabow – @Wagabow – wagabow[at]riseup.net
- Kurtis Hanna – @CaptainKurtis
- Restore The Fourth Minnesota – @RT4MN
- Paolo Ferrandi – @paferro