The Malta Independent 27 April 2024, Saturday
View E-Paper

  • Home
  • >
  • Local
  • >
  • News
  • >
  • 'Targeted' attack on Daphne's website 'could have…

'Targeted' attack on Daphne's website 'could have potentially exposed her sources' - witness

Friday, 19 June 2020, 09:52 Last update: about 5 years ago

The public inquiry into Daphne Caruana Galizia's murder continued today with the testinomy of IT experts Keith Cutajar and Ian Castillo,

Cutajar presented the inquiry with details regarding the position of the mobile phone belonging to former minister Chris Cardona in Germany at the beginning of 2017 during an official visit. Caruana Galizia had alleged that the minister had been to a brothel with an aide, with Cardona later filing for libel.

Castille testified on a hacking attempt on Caruana Galizia's website, which he said must have been carried out by a professional criminal.

“This was a targeted specific attack. I've been in this industry for 20 years... handled many ordinary hacking attempts. This was the only case I remember where we had social engineering. Someone did research to try and get information before the attack," he told the board of inquiry.

The inquiry is tasked, among others, to determine whether the State did all it can to prevent the murder from happening.

The inquiry is led by retired judge Michael Mallia, former chief justice Joseph Said Pullicino and Judge Abigail Lofaro.

Follow the minute by minute proceedings below

10.35 The inquiry is continuing behind closed doors.

10:30 The judges order the press out of the room. 

10:29 Castillo steps down from the witness stand.

10:28 Castillo says it takes a professional criminal to carry out such an attack. “It's a resource intensive attack. I reported the issue immediately to Daphne Caruana Galizia, who engaged a lawyer and I believe that she filed a police report about the matter.” 

10:27 Another attack on her website was a DDoS (distributed denial of service) which crashes her web server with bogus traffic. 

10:26 He adds: “This was a targeted specific attack. I've been in this industry for 20 years... handled many ordinary hacking attempts. This was the only case I remember where we had social engineering. Someone did research to try and get information before the attack.” 

10:26 Castillo says that this attack could have "potentially led to the identification of her sources". 

10:25 He says that had they succeeded, they would have sent an email on behalf of Daphne and received an email from her and cloned her website and published any information they had wanted to. 

10:24 What is significant is that it is not a standard hacking attempt. Castillo says this wasn't bots trying to penetrate defences, this was a person who knew people's names and email addresses. They were asking for DNS servers and other records. They were looking for the details to change the URL daphnecaruanagalizia.com. 

10:23 The report is very technical as it needed a lot of detail. His company, which handled the blog, had received an email on 11 February 2017 asking how to access the blog. The email purported to come from Caruana Galizia but was "spoofed" and was a social engineering attack, he says. 

10:21 Therese Comodini Cachia asks about a report he had been asked to draw up by Daphne Caruana Galizia and asks him to explain it in simple terms. 

10:21 Ian Castillo now takes the stand to present a report on the hacking of Running Commentary, Caruana Galizia’s blog. 

10:20 After answering some questions on the copies of the report, the witness steps off the stand. 

10:19 QUICK RECAP: The expert report is based on the geolocation data from one cell tower in Germany. The information can put Cardona’s mobile phone in both Essen, where the conference was held, and Velbert, where he allegedly went to a brothel. The expert says to have a more accurate location for the mobile phones, he would need to have information from three cell towers, which would allow triangulation of data. The reference is to ‘mobile phones’ because these concern one that belonged to Cardona and another that belonged to his aide. 

10:11 The logs are for 31 January 2017, from 2pm to 7pm. The mobile phones were continuously connected to that antenna, at least for six hours, he adds. 

10:10 The expert says: "On the basis of probability, I find no technical reason why not... I daresay the connection was 1-2km from the antenna. We're talking almost metres. The problem is not where the antenna is but the triangulation... you'd need 3 antennae for that accuracy." 

10:10 Azzopardi quotes Daphne Caruana Galizia’s blog that the conference for which Cardona and his aide attended was in Essen, spread over one-and-a-half days. 

10:03 When you have two mobiles hitting the same antenna, they are typically very close to each other, within a 20km range, he explains. 

10:03 The expert indicates that the mobile phones was very probably in Velbert. He says that Velbert is exactly south of the antenna, while Essen is Southwest. This means that the antenna had a max range of 100km as there was no city in the way. The phone was "in a very comfortable range". 

10:00 QUICK REMINDER: The issue concerns a story written by Daphne Caruana Galizia in January 2017, when she alleged that Chris Cardona and his aide had gone to a brothel in Velbert, while on official government work. Caruana Galizia claimed that she had a source at the brothel who gave her the information. Cardona and his aide denied the allegations and filed for libel, even premptively blocking the journalist’s bank accounts. During the course of the libel the geolocation data of the mobile phones was requested and secured. However, the libel case never ran its full course. The data that was kept under lock and key in court was requested by the public inquiry. 

09:57 Lawyer Jason Azzopardi thumps his fist on the table triumphantly. 

09:57 The expert replies that the tower is 2-3km north of Essen, not far from Velbert. "It is definitely within a reasonable range," he says. 

09:56 Lawyer Therese Comodini Cachia asks what area is covered by the cell tower in question. 

09:55 One antenna had connections from the mobile phones of the subjects continually for two days, but the expert was unable to triangulate the exact position because only one antenna was connected to the phones. 

09:54 The report concerns the geolocation of former minister Chris Cardona’s mobile phone in Germany at the beginning of 2017 during an official visit. The report is final although some data is still expected from service providers. This is because it is unlikely that they will receive any feedback due to the passage of time and data retention policies. 

09:52 The judges enter the courtroom and the first witness is called. IT Expert Keith Cutajar takes the stand and presents a technical report.

 

 

 

  • don't miss
News