Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Thomas Rid Profile picture
@RidT
Mar 6 9 tweets 2 min read Read on X
An observation on the Taurus leak that I have not seen elsewhere (could have missed it):

The intercepted recording starts with BG Frank Graefe, in Singapore, saying "Hallo," to which the response is "Moin Moin Herr General, Hauptmann Irrgang hier." "Servus." (A common greeting)
Irrgang: "I would add you now, if you like."

Graefe: "Thank you."

Then: automated Webex voice: "You are accessing the conference now."
My interpretation: the general, from a hotel room in Singapore, likely did not join by URL, but called a staff officer to phone-connect him into the meeting. The intercept likely started before entering the Webex session. So that leaves us with two most probable scenarios:
1) The intercept happened on the general's phone line.
2) The intercept happened on the general's end point (phone).

There are other scenarios, but these are probably the most likely.

Coincidence, yes, but the day before the story broke Sen Wyden highlighted Diameter/SS7 vulns
The Taurus leak is a welcome reminder: neither governments (nor anybody else) should not allow dial-in via open, unencrypted lines into meetings, no matter the subject.

There is no good reason for Webex, Zoom, Teams not to have a bridge for WhatsApp or Signal calls into meetings
The biggest irony in all of this: the German government, including the Bundeswehr (!), are way ahead of the curve—even ahead of the US gov't—with their initiative to implement a secure, end-to-end encrypted comms platform with video conference capability🤷‍♂️ element.io/matrix-in-germ…
Worth making explicit this point by Martin here: whatever the access method, almost certainly more intercepts from this source in Singapore have been captured.
Here's an very good, more technical breakdown of the SS7 intercept scenario, which indeed seems to be the most likely here.
One more thing on the Taurus leak: again, as so often, a major blunder on the part of Russian intelligence to publish the call's opening sequence that allows us narrow down the options. Reminds me of GRU posting their Podesta phishing email to Wikileaks along with the entire haul

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Thomas Rid

Thomas Rid Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @RidT

Thomas Rid Profile picture
May 3, 2023
Some of you asked. So here are a few reflections on how I've started using Twitter moving forward—and whatever will come to replace it. Some of you may want to do the same.

Because this approach works even if—when, really—Twitter itself has disappeared.
This, btw, was good nytimes.com/2023/04/18/mag…
Posts on Twitter, or Mastodon, are a bit like public events with drinks afterwards: crucial for inspiration, for meeting people, for keeping up-to-date. But what really matters are the human-to-human connections, not the platform of choice. Bear with me.
Read 9 tweets
Thomas Rid Profile picture
May 3, 2023
Hugely significant, precedent-setting outcome of the biggest insurance trial related to a cyberattack ever (I think): NotPetya was not "hostile or warlike action," insurers must pay $1.4B to Merck, ruled New Jersey appellate division judges Monday wsj.com/articles/merck…
Perhaps not how you articulate a winning argument. Image
The full court opinion is a fascinating read njcourts.gov/system/files/c… Image
Read 12 tweets
Thomas Rid Profile picture
Apr 16, 2023
This story is interesting. But it straight-up takes my quote out of context. Not great.

Bottom line: I told @josephmenn that I *do not* believe the Russian figures and boasting intercepted and publicized here is credible, in line with historical precedent washingtonpost.com/technology/202…
GlavNIVT's "report" should be treated with a great deal of caution. Surprised the analyst writing this didn't include a stronger caveat. Image
Quoting me as the main person supporting the "drew alarm" line there strikes me as a very poor choice. I was not and am not alarmed by this figure. It is exactly the kind of boasting and self-deception that you would expect from a disinformation shop in an authoritarian system. Image
Read 6 tweets
Thomas Rid Profile picture
Feb 19, 2023
This week Google/Mandiant published a blockbuster report on cyber ops in the context of the Russian invasion of Ukraine. Google is probably, next to Microsoft, the company with the most high-res visibility into CNE/CNA in and around the war. A few thoughts blog.google/threat-analysi…
This report is impressive work by a company that has invested an extraordinary amount of resources into defending Ukraine. Google, like Microsoft, deserves credit for doing the right thing and for publishing a big-picture, analytical report on cyber operations in Ukraine.
Also worth nothing that these two firms probably have more comprehensive telemetry than most SIGINT agencies today. Each of them.
Read 12 tweets
Thomas Rid Profile picture
Jan 23, 2023
Last week I was a student for five days, five hours per day—with ChatGPT fully integrated into teaching. Here's what we learned, just in time for Spring Term (which starts tomorrow. Class was Malware Analysis, taught by @juanandres_gs @alperovitch) alperovitch.sais.jhu.edu/five-days-in-c…
AI isn’t going to replace people. People who use AI well will replace people who don’t use AI well.
Our little educational experiment with ChatGPT @alperovitch made it into the FT, of sorts Image
Read 4 tweets
Thomas Rid Profile picture
Mar 1, 2022
Just wow wow wow. The Ukrainian newspaper Pravda leaked what appear to be personal data of 120,000 Russian soldiers fighting in Ukraine — if confirmed as accurate, we're probably looking at one of the best-timed and most devastating leaks of all time pravda.com.ua/news/2022/03/1…
6,616 pages of names, registration numbers, and places of service of Russians personnel — *just for volume comparison*, and nothing else: that's more pages than were ever published out of the Snowden cache. Image
Ukrayinska Pravda is a serious outlet, claiming to have a "reliable source." Intel penetrations of Russian gov and mil targets appear to be off the charts. GRU and others have a long history of catastrophic OPSEC. Still, I would want to see some independent confirmation here.
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(