Profile picture
Thomas Rid @RidT
, 15 tweets, 5 min read Read on Twitter
Just wow. There are so many things wrong with this New York Times story that it's hard to know where to begin nytimes.com/2018/12/18/us/…
An American "security" company, Area 1, reportedly founded by former intelligence officials, made 1,100 sensitive diplomatic cables stolen from the EU available to The New York Times. I have so many questions.
First: the attribution to the PLA here is flimsy. What does "resembling techniques" even mean? No forensics details provided. Area 1 has no widely known track record of public forensic work and attribution. The New York Times really should have pushed them for more detail here.
This is so confusing. NYT writes stolen cables were:

1—"posted to open internet site"
2—"reminiscent of Wikileaks"
3—"not like Wikileaks"
4—"no effort to publish stolen cables"

Looks like two major contradictions to me. I think some clarifications/corrections are needed here.
What this story even is about hinges on this one key question that the NYT is not clear about: did the attacker intentionally "post" the hacked EU cables "to an open internet site"?
If the answer is no, then we're looking at a major ethical lapse on the part of Area 1 — and of the New York Times.

If the answer is yes, then we're looking at an attempted active measure *and* a major ethical lapse on the part of Area 1 — and of the New York Times.
Other questions: how did Area 1 get the stolen data? And from where precisely? How did they pass the stolen data on? To whom else? When? Did they inform EU or Belgian law enforcement? When? Has Area 1 maneuvered itself into legal jeopardy?
Also, let's spell out how nuts this thing is: I would not be surprised if some fringe politicians in Europe will see, or spin, this weird leak as an American active measure to drive a wedge between Europe and China.
Frantic last minute editing, don’t forget the date on the cover page
Here's the full Area 1 report, thanks @orenfalkowitz, cdn.area1security.com/reports/Area-1…

The attribution of this attack to the PLA looks more solid here, certainly at first glance. Plenty of IOCs and details published here.
I actually share Area 1's frustration here, and would take their statement at face value and assume they wanted to do the right thing and "prevent damage": so—genuine question @orenfalkowitz—what was your rationale in giving the 1,100+ unpublished cables to the New York Times?
Correction re my "more solid" statement on attribution. I have not done any in-depth analysis here myself and will await further analysis to come out. Meanwhile:
One last important note: we risk getting sidetracked by the lack of judgment & professionalism on display this morning.

The big story is this: 🇨🇳🕵️‍♂️🕵️‍♀️🕵️‍♂️🇪🇺 — Chinese intelligence owns EU diplomatic comms. At scale. The situation is much worse than reported en.wikipedia.org/wiki/Coreu
Strange I must have misread the headline and lede and the first couple paragraphs as something something about what the stolen cables revealed
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Thomas Rid
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!