Kim Zetter Profile picture
Journalist - cyber/national security. Author - COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World's First Digital Weapon. https://t.co/334DzfSL1f
15 subscribers
Dec 23 11 tweets 3 min read
Mossad's exploding pager op began 10 yrs ago with explosives in walkie-talkies. Hezbollah bought 16,000+ of these, but Mossad didn't detonate them until this yr. In 2022 Mossad began booby-trapping pagers too. Unlike walkie-talkies, which only got worn in battle, Hezbollah wore pagers all the time cbsnews.com/news/israeli-m… To embed explosives, Mossad created pagers identical to model Hezbollah was using, but slightly larger to hold explosive. A Mossad agent claims they ran tests to determine how much explosive would injure the person carrying the pager without harming anyone next to them.
Jul 14 4 tweets 1 min read
AT&T paid hackers $370,000 to delete call records stolen from its Snowflake account. They provided video to AT&T showing deletion. It's believed to be the only complete set of the data stolen, though the hackers shared small snippets with a few people wired.com/story/atandt-p… AT&T learned about breach mid-April and paid the hackers on May 17, but didn't report the breach publicly until this last Friday when the published a blog post and a filed a regulatory disclosure with the SEC. AT&T had received a reporting exemption to withhold public reporting.
Oct 23, 2023 8 tweets 2 min read
Car bomb that killed daughter of Putin ally Alexander Dugin was smuggled into Russia in hidden compartment of a cat crate. The op was part of a raging shadow war being conducted by Ukraine's SBU spy agency, which has forged deep bonds with CIA since 2014
washingtonpost.com/world/2023/10/… "The cluttered car carrying a mother and her 12-year-old daughter seemed barely worth the attention of Russian security officials as it approached a border checkpoint. But the least conspicuous piece of luggage — a crate for a cat — was part of an elaborate, lethal plot."
Oct 19, 2023 5 tweets 2 min read
Thousands of IT workers contracting with US companies have for years secretly sent millions of dollars of their wages to North Korea to fund its weapons programs. They worked remotely with companies around US and used false identities to get jobs, per FBI apnews.com/article/north-… According to DoJ, North Korea dispatched thousands of skilled IT workers to live in China and Russia with the goal of getting hired by companies in the US and elsewhere as freelance remote employees. In some cases the workers infiltrated company networks and stole info from them
Jul 17, 2023 13 tweets 4 min read
Millions of emails intended for US military - including highly sensitive info - have been misdirected to Mali instead, due to people typing .ml in address instead of .mil. This, despite repeated warnings for a decade to double-check address before sending ft.com/content/ab62af… One misdirected email contained the travel itinerary for General James McConville, army's chief of staff, upcoming trip to Indonesia. It included a full list of hotel room #s for the general and 20 others, as well as details on how to collect his key at Grand Hyatt in Jakarta
Jan 26, 2023 5 tweets 2 min read
"To people unfamiliar with the American criminal justice system, Baldwin’s decision sounds reasonable: Something terrible happened, and he wanted to help. But...if you are involved in a serious incident, it’s best not to talk to the police unless you have an attorney present." "despite the ritualistic incantation of the Miranda warning on every TV police procedural, silence is a right that people can find hard to accept....Refusing to talk to the police seems like something people do only when they’ve got something to hide."
Dec 21, 2022 7 tweets 2 min read
During press call discussing Zelensky visit tomorrow, WH said US consulted closely with him “on the security parameters of him being able to depart” Ukraine. “He concluded that those security parameters were met. What he needed, we agreed with...and..we are executing accordingly" Biden/Zelensky discussed visit to US in phone call Dec. 11 then WH extended formal invite to come Dec 21st. Visit was only confirmed Sunday. Zelensky “indicated he was very keen” that his first visit outside of Ukraine be to the US to thank the US public for support given Ukraine
Dec 17, 2022 4 tweets 1 min read
Director James Cameron commissioned a scientific study to see if Jack in Titanic would have survived if Rose had just shoved over and made room for him on the raft. Conclusion: "There was no way they both could have survived." torontosun.com/entertainment/… “We took two stunt people..the same body mass of Kate and Leo and we put sensors all over them and inside them and we put them in ice water and..tested to see whether they could have survived..the answer was, there was no way they both could have survived. Only one could survive”
Dec 13, 2022 4 tweets 2 min read
Twitter has stopped paying rent on offices and is considering not paying severance packages to former employees, among other measures aimed at cutting costs. Also refused to pay $197,725 bill for private charter flights made the week of Musk’s takeover nytimes.com/2022/12/13/tec… Musk's personal attorney who he appointed head of legal is also no longer at Twitter. Musk was "unhappy with...decisions made by Mr. Spiro, a noted criminal defense lawyer who successfully defended the billionaire in a high-profile defamation case in late 2019"
Dec 12, 2022 5 tweets 3 min read
Hm. Ghost says Substack has switched to using its code. Substack has lost a lot of writers to Ghost because Substack's code/design is rigid/lacks features. "So we clicked 'view source' to look at what was going on and that’s when we discovered Ghost code is now powering Substack" Substack didn't credit Ghost for the code it's using. Substack knows its code is inferior to Ghost's (which is why so many writers have left Substack to go to Ghost) but instead of working on its own code, it took Ghost's open-source code without crediting Ghost. Image
Nov 23, 2022 7 tweets 2 min read
Semafor has obtained internal Slack messages among AP reporters/editors discussing how to treat claim by anonymous intel official that Russian missiles attacked Poland. It's messy, and it also raises questions about why reporter was fired for the error semafor.com/article/11/22/… "the slack messages on which the incident played out tell a different story, of honest mistakes, internal confusion, and a lack of a clear process that led to a disaster for one of the few news organizations whose Twitter presence is an authoritative account of world affairs"
Nov 16, 2022 4 tweets 1 min read
DHS has stalled research grants to study domestic terrorism/violence. Sources say privacy concerns around the data collection are the reason, but others say it’s politics and that DHS is concerned about criticism over the studies and what they might show
washingtonpost.com/national-secur… “Right now, if the secretary of Homeland Security turns to us and says, ‘Last year, how many serious attacks based on ideology or grievance happened?’ we can’t answer those fundamental questions,” the DHS official said. “We don’t know.”
Oct 29, 2022 4 tweets 1 min read
“hacked messages are also believed to have included highly sensitive discussions with senior international foreign ministers about the war in Ukraine.” Obvious question is why was she using personal phone for top-secret conversations? dailymail.co.uk/news/article-1… “phone was reportedly compromised when Truss was Foreign Secretary, but the details were suppressed by Johnson and the Cabinet Secretary Simon Case, who ordered a news blackout…the phone was so heavily compromised it has now been placed in a safe in a secure government location”
Oct 17, 2022 5 tweets 1 min read
Associated Press is seeking candidates to help scrape election results on Nov. 8. Experience with web scraping required; Python skills preferred. Work to be done remotely on Nov 8 from 5pm ET to 3 am. Candidates will attend 2-hr training. Pay starts at $20/hr, students welcome DM me for the email address if you want to apply
Oct 16, 2022 4 tweets 1 min read
Russian police/military “snatched men off the streets and outside Metro stations…lurked in apartment building lobbies…raided office blocks and hostels…invaded cafes and restaurants…rounded up dozens at a Moscow shelter for the homeless” washingtonpost.com/world/2022/10/… “I don’t want to kill people, and I don’t want to be killed, so I really have to lie low now….We live at a time when your neighbors could report on you. They might call police and say that there is a young guy staying in this house when he should be fighting fascists in Ukraine”
Oct 14, 2022 4 tweets 2 min read
This isn’t true. The timing doesn’t match. Musk’s team asked the Pentagon to pay for Starkink in a letter sent on Sept 8. The Twitter tiff only occurred last week. Doesn’t change that his response below is provocative; but the service cutoff wasn’t prompted by the tiff. Also, Starkink is a much better name than Starlink, tyvm.
Oct 3, 2022 4 tweets 1 min read
Like call for encryption backdoors the call for forcing proof of identity online re-emerges every couple of years. He lays out all pros/cons, but bottom line is do we keep blaming platforms for failing to police harmful actors without giving them power to easily identify them? If platforms can’t be trusted to hold identity info, 3rd-party companies can handle identity issue for them. “Once an identity is affixed to an account, a platform could decide whether to permit pseudonyms.” This way people get anonymity but can be held accountable when needed
Aug 31, 2022 5 tweets 2 min read
State Department reached settlement with three former NSA analysts who worked for the UAE providing exploits used for cyber surveillance. The three are "prohibited from participating directly or indirectly in any activities subject to the ITAR for 3 years"
state.gov/u-s-department… Here's a story about the settlement from @SuzanneMSmalley cyberscoop.com/former-us-inte…
Aug 23, 2022 7 tweets 2 min read
It was clear when Mudge left Twitter something was wrong. Now he’s blowing whistle. Says company doesn’t properly delete data, too many staff access central controls/sensitive info; senior execs cover up vulns; some staff may be working for foreign intel cnn.com/2022/08/23/tec… “About half of the company's 500,000 servers run on outdated software that does not support basic security features such as encryption for stored data or regular security updates by vendors”
Aug 16, 2022 5 tweets 3 min read
Great story detailing US intel on Putin's plans before war, the need to persuade partners, and the challenge of helping a "less-than-perfect democracy" defy Russia, without NATO firing a shot @shaneharris @karendeyoung1 @ikhurshudyan @AshleyRParker @LizSly
washingtonpost.com/national-secur… Highlights from Post story about war intel: US discovered Putin was sharply increasing $ for military ops while leaving pandemic response underfunded. Every decision to arm Ukraine had to avoid giving Russia reason to escalate, which frustrated Ukraine.

washingtonpost.com/national-secur…
Aug 1, 2022 10 tweets 2 min read
Assassination of al-Qaida leader Ayman al-Zawahri occurred at 6 am Kabul time (9:49 pm EST) on Sat July 30, says senior admin official. He was killed with two Hellfire missiles on balcony of safe house where he and family had been living since last year. No others were killed. al-Zawahri has been in hiding for yrs. Last year intel was watching for al Quaeda presence in Afghanistan. This year intel identified that al-Zawahri's wife, daughter and her children moved into safe house in downtown Kabul and al-Zawahri later joined them. He never left house.