Ocean Lotus doesn’t get the same press as Chinese, Russian, or North Korean hacking groups but they’ve posed particular menace to Vietnamese exiles. Would love to learn more about this particular actor.
Before it was taken offline, I got through to the person running CyberOne’s Facebook page. They had some interesting things to say when I asked them if they ever participated in offensive operations.
In a conversation — apparently tapped out over the phone — the CyberOne representative denied working for the Vietnamese government.
They also sent me an ALL-CAPS denial that they were behind Ocean Lotus — at one point dangling the possibility that they could collaborate with @Reuters to investigate the group.
I lost touch with the representative — who identified themselves as Hải — when Facebook yanked CyberOne’s account mid-conversation.
Hải, wherever you are, I’m still up for chatting. DM me and we’ll get to the bottom of this.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Huge scoop from @Bing_Chris: the US Treasury and the US NTIA have been breached by hackers. A foreign government is suspected and the National Security Council met Saturday to discuss the fallout. reut.rs/3oP3FAs
Here's the @Reuters story on today's hastily convened press conference blaming Iran for the 'Proud Boys' email threats. reuters.com/article/us-usa…
I note these paragraphs in particular:
As Dimitri - who knows a thing or two about publicly blaming a foreign power for election cyber mischief! - notes, this was a *blisteringly* fast attribution:
To start with, the message was unsolicited and came in the middle of the night — around 1am Iran time — according to several recipients I spoke too. The gut feeling many had when they saw the SMS was that they were being targeted by hackers. Here’s one reaction: ↘️
New: A deepfake disinformation operation is targeting UK lawyer Mazen Masri and Palestinian rights campaigner Ryvka Barnard - a sign of how this technology is being popularized as a propaganda-spreading tool. reuters.com/article/us-cyb…
New: We're releasing a potted guide to recognizing GAN-created imagery in the wild, with input from @MuniraMustaffa, @HaoLi81, and others. Read it to understand how we determined Oliver Taylor was a fake - and how you can spot similar creations. graphics.reuters.com/CYBER-DEEPFAKE…
As far as I can tell, Oliver Taylor's writing career began late last year with a (now-deleted) article in the Jerusalem Post on Malaysia's Mahathir Mohammad web.archive.org/web/2020050521…
There's some NSO news today, but I'd like to enlist Twitter's help to find more. Here's how you can pitch in:
About a month ago, WhatsApp began issuing messages to 1,400 targets of Pegasus spyware, sending in-app "green badge" warnings to users. Here's what they look like:
Several people in India and Morocco have since come forward to self-identify as targets of NSO spyware. But we believe there are more out there haven't made themselves known and we'd like to speak to them. If you know of anyone who has received this warning, we're keen to talk:
-@Reuters has also collected pictures of what the "missed calls" associated with the spyware targeting look like. If you or anyone you know has seen this kind of activity, I encourage you to get in touch.
I’m at a press conference on how #GDPR is frustrating US law enforcement efforts online. DEA’s Jae Chung and DOJ’s Jason Gull speaking now.
Gull: “WHOis is turning into WHOwas ... We have information on who owned a domain six months ago, or a year ago now. It’s like having an old phone book.”
Problematic for urgent requests to preserve data in investigations.
Gull notes that WHOis was always problematic — full of false information and outdated information. He said about 1/4 of all entries were proxied through privacy services, but that many were very cooperative. Now the process of sending requests to preserve evidence is slower.