Twitter Users Hit By ‘State-Sponsored’ Hackers

The attack appears to have targeted researchers and activists working on privacy-related technology.


It’s the type of message no Twitter user wants to receive: their account has been targeted by “state-sponsored actors” attempting to swipe their email address and phone number.

But that’s exactly the news that an array of Twitter users, many who do privacy- and security-related jobs, began to get on Friday. Among those targeting: programmers working on Tor, a browser that helps users maintain anonymity online. While Twitter hasn’t revealed how many users were targeted, one public list includes 35 accounts belonging to security researchers, privacy activists, and developers.

Among those targeted are Coldhak — a Canadian non-profit “dedicated to furthering privacy, security and freedom of speech” — and its head, Colin Childs. Runa Sandvik, a prominent privacy activist who has worked for Tor in the past, also received a notification that she was targeted.

Facebook and Google have in the past provided similar notices of state-sponsored hacking attempts to its users, but Friday’s messages are the first time Twitter has alerted its users of such activity.

According to Twitter, the attackers attempted to swipe email addresses, IP addresses, and phone numbers. Beyond that basic information, the company has provided no information on the attack. A spokesman for Twitter would not comment on how many users were targeted, any shared characteristics of those targeted, or what state was behind the attack.

China has in the past targeted U.S. companies, including Microsoft and Google. Iran has carried out attacks on U.S. banks. North Korea has invested heavily in its cyber capabilities and last year infiltrated the servers and Sony Pictures. Russian hackers recently broke into a Pentagon email system. The United States also maintains a formidable hacking force, and has in the past sought ways to get around encrypted communications tools, including Tor, according to documents leaked by Edward Snowden.

While the full scope of the attack on Twitter is unclear and may have included others as well, it targeted at least in part a group of users involved in developing and promoting the use of a set of technologies used to evade surveillance by authoritarian states. Sandvik, for example, trains journalists in the use of encryption and other tools to protect sensitive sources. One of the key tools in doing such work is Tor, a powerful platform — first developed for the U.S. Navy — that allows users to mask their physical location and identity. Childs works for Tor as a translation coordinator.

Tools such as Tor are key in allowing dissidents and journalists to maintain their anonymity online. China actively tries to block Tor, and Iran has also attempted to clamp down on the service.

In the wake of terrorist attacks in Paris and San Bernardino, Tor and other secure communication tools — most importantly, those that provide encrypted communications — have been heavily criticized by U.S. officials for allowing terror operatives to plan attacks away from the prying eyes of the NSA.  

In recent years, secure communication tools have both grown increasingly accessible and popular, and terror groups have embraced their use to the point that FBI Director James Comey last week said “use of encryption is part of terrorist tradecraft now.”


Elias Groll is a staff writer at Foreign Policy. Twitter: @EliasGroll

Trending Now Sponsored Links by Taboola

By Taboola

More from Foreign Policy

By Taboola