Profile picture
Raphael Satter @razhael
, 7 tweets, 3 min read Read on Twitter
Yesterday I reported on the attempts to digitally compromise @AliAlAhmed_en, a DC-based Saudi opposition figure. The hackers masqueraded as journalists for the BBC and the WaPo, but they also tried other tactics too. Here’s one that caught my eye ...
apnews.com/cee0e8a5338e4b…
In May of this year the hackers sent him a message that (badly) mimicked an event photography service, sending him a link to what were apparently pictures of him at a recent event. That’s Ali in the picture below, holding the microphone. 🎤
documentcloud.org/documents/5028…
Here’s the thing: That photo isn’t publicly available. You wouldn’t get it by doing a Google image search for Ali, for example.

The phishing message doesn’t make it clear, but Ali said the pics came from a Feb. 1 event at @AEI, the DC think tank.
aei.org/events/changin…
Here’s the video in question. Skip forward to 36:00 and you’ll hear Ali’s question and then briefly see him handle the microphone.
Here’s a screenshot I took off the same video, which is what I suspect the hackers did too. But how would they know to sit through an @aei video from four months previous to find photos of Ali?
The whole thing is rather eerie. Ali wasn’t listed as a participant (he was a member of the audience) and while he was quoted in the event transcript (link in AEI page above) it’s not clear how you’d know to look there unless you already knew he had asked a question.
I have admittedly very limited experience but this is the first case I’ve encountered personally where traditional surveillance (whether physically at the event or remotely by someone who watches the DC think tank scene closely) has been leveraged to craft a phishing message.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Raphael Satter
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!