Turkmenistan: Is a Hacker Attempting a Phishing Expedition Amidst Explosion Chaos?
A curious message about the Abadan explosion showing up on a number of Russian-language social media and citizens' reporting sites could be a phishing attempt by an unscrupulous hacker, a Russian hackers' website warns.
The writer introduces himself as "Imalbek Yanisiev, a photojournalist for the youth human rights group, Ikhtyk namirusil [Our Cause]."
That was the first grounds for suspicion, as there isn't known to be any sort of independent human rights group by that name in Turkmenistan, a country where civil society has been ruthlessly suppressed.
Yanisiev then goes on to describe what purports to be a first-hand account of the chaotic scene in Abadan, with shells still flying and Turkmen riot troops patrolling the streets. As other citizen journalists have reported, he notes that authorities are arresting anyone who tries to take pictures.
Yet another red flag that calls his credibility into question is that he claims police are arresting "first of all, representatives of opposition parties, organizations and movements."
But...this is Turkmenistan. There aren't really any significant groups of this nature -- unless they've been very well hidden underground and are just surfacing now?
The account goes on to say, convincingly, "According to our unconfirmed information, the fire at the warehouse is a provocation by the authorities. It is an excuse to settle scores with us, the opposition, the people who want freedom, democratic reforms."
The Russian news service regnum.ru was among the Russian-language news sites that took the report at face value and quoted it at length in a report yesterday about the explosion in Abadan.
Yet the Russian hackers' sites habrahabr.ru and XakNet.ru questioned what was really going on with the piece, as it contains a link to photographs at the end of the message at keeperfile.ru. When unsuspecting users clicked on the link, it requests that they use existing accounts at Google, mail.ru and other sites to access the photos. This seemed likely to be a scam typical of other social networking sites, where the hacker "phishing" or seeking unauthorized access to people's passwords, gets them to re-log again to a page on the theory that they will likely use the same password they have used at other sites. Then their log-on is used to gain access to their other accounts and harvest their data.
"For the unseasoned user, it seems plausible," says XakNet.ru, which added that the domain for Imalbek Yanisiev's site was registered just recently, on June 20, 2011, and he has no other social graph, i.e. identifiable presence on other social media sites. The pictures seem realistic enough, but the page is incomplete and the banners don't work.
So what's it all about? One unattached malicious hacker? A regime tool trying to gather people's passwords to monitor them? A more elaborate plot to seed exaggerated stories of the explosion to discredit human rights groups trying to cover it accurately? The Kremlin-inspired Russian media plot the Turkmen Foreign Ministry always fears?
XakNet.ru said they hoped their warning would prompt users to be more cautious on how they trusted information from this source, but Yanisiev's article is already spreading like wildfire across numerous Live Journal blogs and social media sites, with quite a few people reacting to it as if it is authentic.
Sign up for Eurasianet's free weekly newsletter.