World News

Hackers Went after Disgraced GOP Fundraiser and Now He Is After Them.

Posted September 20, 2018 10:45 p.m. EDT
Updated September 20, 2018 10:48 p.m. EDT

Of all the scandals swirling around the Trump White House, Republican fundraiser Elliott Broidy is in a category of his own.

Documents from the office of the president’s personal lawyer, Michael Cohen, revealed that Broidy had agreed to pay $1.6 million to a former Playboy model to keep her quiet about their affair, which led her to get an abortion. And emails stolen from his account showed he had used his White House access on behalf of the rulers of the United Arab Emirates while landing hundreds of millions of dollars in contracts with them for his private defense company.

Broidy, though, is not going quietly. His lawyers said this week that, after more than 80 subpoenas and months of cyber-forensic analysis, they had managed to identify as many as 1,200 other individuals targeted by the same cybercriminals.

The list of names the lawyers have compiled, they argue, will bolster Broidy’s case that the rulers of Qatar — the tiny Persian Gulf emirate that is a nemesis of the UAE— had targeted him for his advocacy against them.

Many of the other targets are well known enemies of Qatar: senior officials of the UAE and also of Egypt, Saudi Arabia, Bahrain and Syria; American, British and Dutch commentators known for their criticism of Qatar; and two former employees of a Washington public affairs firm with UAE ties.

Others on the list, though, have no obvious appeal as targets for Qatar, including several Syrian Americans, activists on multiple sides of the Syrian conflict, a former official of the Central Intelligence Agency, and, incongruously, a handful of Bollywood actresses.

The list of targets was collected in the course of lawsuits that Broidy filed earlier this year, accusing Qatar and several individuals of conspiring in the cyberattack against him. A federal judge in California last month dismissed the claim against Qatar on the grounds of sovereign immunity. But Broidy’s lawyers are still pursuing claims against the individual defendants, and the lawyers argue that their initial success at building at least a circumstantial case demonstrates the potential effectiveness of such litigation against even state-sponsored hackers.

Their litigation also offers the latest glimpse into an escalating cyberwar among Persian Gulf royals, some of whom have evidently turned to various forms of spying by high-priced international hackers to embarrass each other. Two lawsuits filed earlier this month, in Israel and in Cyprus, revealed that the rulers of the UAE had paid an Israeli firm to hack the smartphones of several senior Qatari officials and royals, including the emir.

Before the scandals, Broidy served as vice chairman of the Republican finance committee and enjoyed extensive access to President Donald Trump and his White House.

Broidy, his wife, and some other associates all received similar “phishing” emails, attempting to trick recipients into clicking a link to a bogus website and typing a password.

The links to the bogus websites always were presented in compressed shorthand, provided by the online service TinyURL and presumably used to mask details of the addresses that might reveal the ruse. So Broidy’s lawyers sent a subpoena to TinyURL asking what other shortened web links the service had provided to the same user over the previous year.

The response was 11,000 pages of “gibberish,” said Lee Wolosky, a lawyer for Broidy, so “we knew we were dealing with a serious player.”

Those 11,000 pages contained computer code setting up thousands of bogus webpages intended to trap at least 1,200 targets, and the code for each webpage contained the email address of its intended victim. Although it was unclear which targets fell for the trick, the hackers sent repeated emails to those who did not.

Lawyers for Broidy argued in court filings that the hackers who had stolen his emails almost always hid their location but at one point appeared briefly to have operated from a telecommunications network in Qatar. The government of Qatar has said it was not responsible.

Jassim Bin Mansour Al-Thani, media attaché for the Qatar Embassy in Washington, said Thursday in a statement that the assertions of Broidy’s lawyers were “weak supposition and conjecture.”

Now the new list of targets that the lawyers say they have identified adds other suggestive details to the claim.

At least 19 of the hackers’ targets are senior officials or prominent citizens of the UAE, including diplomats whose emails have previously been leaked to the public.

At least 15 of the targets are senior officials or diplomats from Egypt, a close ally of the UAE and a foe of Qatar. Among the Egyptian targets was Gen. Abbas Kamel, now the director of the Egyptian Intelligence Service and previously the chief of staff to President Abdel Fattah el-Sissi. Several embarrassing audio recordings from Kamel’s office have leaked through Islamist media, leading to speculation about spying by some foreign government sympathetic to Islamists — possibly Qatar.

At least two of the targets are American former employees of the Glover Park Group, a Washington public affairs firm that has worked for the UAE.

Several other targets were outspoken critics of Qatar, including Rabbi Shmuley Boteach of the U.S., British-based commentator Amjad Taha Yassin, and former Dutch intelligence analyst Ronald Sandee.

Others, however, were not obvious antagonists of Qatar. One, Kristin Wood, is a former official of the CIA; though she is now an adviser to a private security company that is part of DynCorp, which had worked for the UAE, there is no indication she was involved in that work or any other project that might have drawn Qatar’s interest. It is possible that hackers were hired to carry out many attacks for multiple clients. The Bollywood targets — including the stars Aishwarya Devan, Anushka Sharma, Meghanna Raj and Nikki Galrani — suggest the hackers may have been fans, the lawyers said. “My guess is, this was a frolic of the hackers,” Wolosky said.

In his opinion dismissing Broidy’s claim against Qatar, Judge John F. Walker of the U.S. District Court for central California noted “the growing prevalence of attacks in cyberspace” and suggested that “it may be an appropriate time for Congress to consider a cyberattack exception” to sovereign immunity. North Korea and Russia also have been accused of conducting such attacks on U.S. citizens.

Whatever the outcome in the courts, Wolosky argued, “we have evidence that establishes in the court of public opinion what really happened.”