Fact Checking The Democratic Debate on The Syria/Turkey Question

I’m not sure why it has me so fired up the last couple of days, but when I saw Joe Biden’s face on the television tonight being asked a question about President Erdogan’s new initiative in Syria and Donald Trumps decision to withdraw troops from the country I flicked off the TV and said “Fuck You. Fuck You. You know how many people died because of you?” Then I just kind of walked away for a second to calm down. When I walked back I proceeded to watch the rest of the debate surrounding Syria and I just shook my head the whole time.

I just couldn’t believe how perverted the Democrats logic was on this issue, which was easy to press forward given that there was no opposition to any of their points of view – so they all just piled on. So, for the purposes of this “article” I just want to fact check some of the so called information the international public was subjected to tonight.

What I think angered me most was the fact the nearly all the Democrats, with the exception of Tulsi Gabbard, essentially vowed to create a new permanent and more official War in Syria if they ever became President in 2020. But it’s almost as if they have no understanding why the USA “lost” the War in Syria in the first place? It was because Russia literally went all in to back/save Bashir al-Assad, for a number of reasons I am not going to talk about today. Meanwhile, the USA merely has 1,000 troops forced to operate under the rules of engagement, which esentially doesn’t allow them to fire a shot without permission. Russia on the other hand will blow anything and anyone up anytime, and they don’t give a f*ck about it either. Point being, for the USA to ever logistically “win” in Syria it would have had to dramatically stepped up military presence and directly taken on Russian forces already stationed on the ground there – id est the USA would literally have to go to War with Russia to win in Syria. Is that what the Democrats want? All out War with Russia? To bad there wasn’t anyone around to challenge their strong positions on this subject.

But that brings me to my second point. Why did Russia beat us to the punch in Syria? This was because of Joe Biden and Barack Obama’s decision to not invest more heavily in the country than we did, instead choosing to ship weapons and munitions to forces already on the ground in Syria, rather than have US forces do it directly for themselves. Such as was the case with arming the Kurds, whom were gifted more arms and munitions than you can shake a big stick at, which is now why Turkey has to target them militarily today, because the US armed them so heavily they became their own rogue militant threat in the region – which happens to border Turkey. Keeping up yet?

Point being, the decision to not invest in Syria more heavily, sooner, was Obama/Biden’s decision or indecision. Moreover, the decision to overthrow the the Assad regime in the first place was also made by Obama/Biden, and the decision to arm the Kurds so heavily was also made by Obama/Biden’s – leading to the crisis everyone is debating today. The Dems all said that Donals Trump has all the blood on his hands for what he did, but they need not look any further than the man man on stage with them, Joe Biden, whom has more blood on his hands than Doanld Trump could ever soak in – specifically in regards to talk to Syria. I guess if Biden is looking for the guilty, he need not look any further than a mirror.

Also, lets be real. There is a reason why Turkey “flipped” on the United States and why commentators now have to ask the question at the 2019 debate “does Turkey still belong in NATO?” The question is obviously yes, why do you think Donald Trump is doing what he is doing? To save NATO. Just think about it, if the US engages in Syria more heavily, specifically in regards to backing up the Kurds coming under assault, the US would literally be engaging with and against Turkey – a NATO member. So, it begs the question, if two NATO allies start bombing one another, what does that mean for Article 5 of the North Atlantic Treaty and which side would all the other NATO countries have to come in defense with? You see, stopping Erdogan in Syria now would mean two NATO countries going to War with one another, which would essentially spell the end of NATO entirely. By exiting Syria, Trump is avoiding a NATO breakup. In this sense, Trump is trying to save the NATO alliance for much bigger issues which may arise throughout the future – preserving its power structure. Does the Democrats want to break up NATO just to save the Middle Eastern Kurds? Is that really a deal they are willing to cut, also going to War with Turkey in the process? I think not, but just let them talk all loud and proud in front of a microphone for a night.

** EDITORS NOTE: Turkey flipped on the USA in 2016 to side with Russia because Russia showed Turkey some leaked cables in the weeks leading up the attempted coup of President Erdogan in July 2016, which was easily foiled by the President. As Turkey has now since also proven, not only did they see hacked materials from the US by their Russians counterparts meant to sway their opinions, but Turkey also produced evidence of their own that the CIA and Obama/Biden were behind the attempted coup – largely for many of the same fallacious notions you are hearing about the Syrian conflict in the Democrats debate today. Essentially, Obama/Biden and Israel wanted Erdogan out to get rid of Assad and create a new Kurdish state. As they say, the so called “Best laid plans of mice and men” – right? Or should it be, “how Biden/Obama f*cked up the Middle East and US relations for a decade?” There is a reason Turkey turned on the USA and Trump has nothing to do with it – it was all Obama/Biden **

I guess that’s all I really have to say here, I’m just being real about the situation. I have no ‘skin in the game,’ what do I have to gain from typing this out for you? I don’t support Trump and I am not a Democrat, but you better damn sure bet even I would give Donald Trump a high five for pulling out of Syria. Better to end it now and not to make it our next Afghanistan, or Iraq, or Vietnam, or Korea – etc.

The Real Reason Behind Turkeys New Syrian Initiative & Donald Trumps Withdrawal

Granted this article may come a few days too late, the main stream medias coverage of it comes a few years to late, and I say this because I once addressed this very situation, in detail, in the very first website I created in 2016. Entitled “How They United States Has Laid The Groundwork for The Middle Easts Next War” and drafted in July of 2017, the video you will find below describes everything you need to know about the current situation between the US, Turkey, Syria and NATO, as well as why Donald Trumps decision to unilaterally withdraw all troops from Syria comes as a direct response to potential NATO conflicts of interest in the near future. I could summarize it some more to get my word count up here, or you could just listen to it for yourself – enjoy!

However, it must also be noted that the withdrawal of all troops from Syria this week marks yet another “L” on the scoreboard for the US military. It’s not just our defeat in Vietnam and Korea that’s on the scoreboard, we lost the War in Iraq under Obama, leading the formation of ISIS and the presence of troops there for a second time, we are currently losing the War in Afghanistan, and while I may 100% agree with our Presidents decision to do so, the withdrawal of all troops from Syria is essentially yet another giant loss for the United States military. Even if we wage more Wars everywhere on Earth than any other country in the world, surely all of these modern day losses don’t make the US look like the military powerhouse we tend to fancy ourselves to be. You would think that might stifle any War efforts in the future, but for some reason I doubt this.

Here’s A Translated Version of Jared Kushner & Donald Trumps Leaked So-Called “Deal of The Century”

Here’s a translated leaked version of the so-called “Deal of The Century” that Donald Trump and Jared Kushner are actively presenting as a new Treaty to resolve the centuries long Israeli-Palestine national dispute. It should be noted that a final version of this leaked document was first published by Israel Hayom on April 7th 2019 – in Hebrew. For the purposes of an English speaking audience, Rogue Media Labs has done its best to translate the leaked document into English here today. Please note that there are some small idiosyncrasies in the Hebrew language that do not translate to English, such as their alphabet and lettering system. Also note that this is only a preliminary draft, and the final proposal will not be presented for about another month.

Middle East Peace Plan – According To Trump Administration:

1. Agreement

A tripartite agreement will be signed between Israel, Palestine and Hamas, and a Palestinian state will be established, which will be called ‘New Palestine,’ which will be established on Judea, Samaria and Gaza, with the exception of the existing settlements.

2. Evacuation of land

The settlement as they exist today will remain in the hands of Israel and will be joined by new settlements. The areas where these development will grow is dependent on the area of ​​the isolated settlements that will be conjoined them.

3. Jerusalem

Will not be divided and shared by Israel and tNew Palestine, it will be the capital of Israel and New Palestine, and the Arab inhabitants will be the citizens of New Palestine – not Israel. The Jerusalem Municipality will be responsible for all areas of Jerusalem, except education of the residents of New Palestine – which will be the responsibility of the Palestinian government.

The new Palestinian Authority will pay the Jerusalem Municipality municipal taxes and water.

Jewish people will not be allowed to buy Arab homes, and Arabs will not be allowed to buy Jewish homes. No additional areas will be annexed to Jerusalem. Visitation rights to The Holy Places will remain as they are today.

4. Gaza

Egypt will lease new land to Palestine for the purpose of establishing an airport for the establishment of factories and commerce and for agriculture, other than housing. The size of the territories and the price will be determined between the parties through the mediation of the supporting countries (an explanation for the countries that support the continuation of the road).

5. The supporting countries

The countries that will financially support the implementation of this agreement are: the United States, the European Union and the oil-producing Gulf states.

The supporting countries will provide a budget of $ 30 billion over five years for national projects for New Palestine. (The cost of evacuating the isolated settlements and their location in the settlement areas will apply to Israel).

6. The division between the supporting countries

A. USA 20%
B. EU 10%
Third. The oil producing Gulf states – 70% – will be divided according to their oil production.
D. Most of the burden on oil producing countries is because they will be the main beneficiaries of this agreement.

7. Army

New Palestine would not be allowed to form an army. The only weapon allowed by New Palestine authorities would be light weapons held by the police.

A defense agreement will be signed between Israel and New Palestine, in which Israel will guarantee New Palestine from all external aggression and New Palestine will pay Israel for this protection.

The cost of this payment shall be in negotiations between the parties, mediated by the supporting countries.

8. Timelines and stages of execution

Upon signing the agreement:

A. Hamas will deposit all its weapons, including the personal weapons of the Egyptians.
B. Hamas members, including the leaders, will continue to receive salaries from the supporting countries until the establishment of the new government.
Third. All the borders of the Strip will be open to the passage of goods and workers to Israel and Egypt as they are today with Judea and Samaria and by sea.
D. Within a year, democratic elections will be held and a new government will be elected to Govern the territory of New Palestine. Every Palestinian citizen will be able to stand for election.

God. Prisoners – One year after the elections and the establishment of the government, currentl Palestinian prisoners of Israel will be released gradually for three years. Within five years, a seaport and airport will be established in New Palestine and by then the airport in Israel and the seaports in Israel will be used.

G. The borders between the new Palestine and Israel will be open to the passage of citizens and goods as is the case with friendly countries.
H. The bridge will come from: China 50%, Japan 10%, South Korea 10%, Australia 10%, Canada 10%, the United States and the European Union 10%.

9. The Jordan Valley

A. The Jordan Valley will remain in the hands of Israel as it is today.
B. Route 90 will turn into a four-lane toll road.
Third. Israel will issue a tender for paving the road.
D. Will give two crossings from New Palestine to Jordan, these crossings will be under the control of New Palestine.

10. Liability

A. If Hamas and Shas object to this agreement, the US will cancel all their financial support to the Palestinian people and ensure that no country in the world transfers any money to them.
B. If the PLO agrees to the terms of this agreement and Hamas or Islamic Jihad do not agree, the leaders of Hamas and Islamic Jihad will be held responsible and in the event of another round of violence between Israel and Hamas, the US will back Israel to personally harm Hamas and Islamic Jihad leaders.
Third. If Israel objects to this agreement, all economic support for Israel will cease.

#OpFunKill: Anonymous Activists Raise Awareness for Exotic Animal Hunting, Trade & Smuggling w/ Cyber Attacks Across Laos & Zimbabwe

No photo description available.

For those of you whom might not be familiar with me or my past, I very much used to be a member of the Anonymous hacker collective. In fact, my first ever operation was known as “Operation Cheetah Trade” (#OpCheetahTrade), a unique operation designed to track Cheetah smugglers out of Africa and into countries such as the United Arab Emirates in the Middle East – I assume because at the time I had just adopted my first baby kitten. However, while the operation was initially designed to track Cheetah smugglers out of Africa, before long enough the operation had quickly grown to encompass dog fighting rings and all other forms exotic animals smuggling, trade and exploitation in general.

Before the operation was over, through the Anonymous Intelligence Agency, hackers from around the world had managed to report 36 illegal animal trade web sites and their subscribers to INTERPOL and the FBI, closed 3 illegal dog fighting rings in Lebanon, Turkey & Czech Republic along with their websites and social platforms, and had even managed to set up a internal servers for people to report all kinds of animal abuse directly to international organizations such as PETA.

Learn More – Origins of #OpCheetahTrade: https://anonhq.com/?s=Cheetah+trade

I don’t bring any of this up to brag or relive my glory days, but rather because I just stumbled upon a new leak which reminds me of my previous work. The new operation is officially referred to as “Operation Fun Kill” (#OpFunKill), and essentially appears to the natural evolution of the operation I created many years ago. Today however, the operation appears to focus almost exclusively on the hunting/killing of animals around Africa and Asia for sheer sport by rich Caucasians or European tourists, as well as to raising awareness on behalf of animal exploitation/cruelty for the sake of money making – such as the serving of shark fin soup in Asia, elephant tusk ivory trade in Africa, seal skin clothing in Canada/Iceland – et cetera.

For the purposes of this website at least, I was first inspired to write about this operation after coming across a hack and leak of 12 websites across South Asia and Africa. While the hackers decided against releasing any data, at least for the time being, to serve as proof that they were there and the sites infrastructure was compromised, the hackers did release list of domains along with their IP Addresses, along with a list of open ports attached to each website. Additionally, to prove that they could leak the data if they really wanted, the hackers also listed the names, makes and version numbers of each sites internal databases.

As for why Laos has found itself such a high priority target in this operation, it stems as the result of a recent investigation carried out by the Environmental Investigation Agency. For example, the investigation quite literally calls the country of Laos a “lawless playground” for animal smuggling, exploitation and consumption, which doesn’t even pretend to have “even a pretense of law enforcement or regulation.” It is for this reason that vigilante hackers have started taking matters into their own hands. You are invited to learn more about the situation through the resources provided below.

View Full Investigation: http://eia-international.org/wp-content/uploads/EIA-Sin-City-FINAL-med-res.pdf

Targets of Hacks:


Data Leak: https://ghostbin.com/paste/bot3z

Learn More – Follow #OpFunKill Online: https://twitter.com/search?src=typd&q=%23OpFunKill

Browse Environmental Investigation Agency Report from Laos:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/04/EIA-Sin-City-FINAL-med-res.pdf”%5D

Recently Declassified Files from The DoD & CIA Paint an Interesting Portrayal of Middle Eastern History & The Bible

This article isn’t really “news,” so to speak, but rather an opportunity to consume some recently declassified files from the United States Department of Defense (DoD) and Central Intelligence Agency (CIA). More specifically, below you can find declassified files which contain information on ancient historical buildings, landmarks, infrastructure and mythology – including the Bible itself. Honestly, who isn’t interested in that? And if that doesn’t draw you in to want to read more then honestly, what are you even doing on my site?

The first document I would like to share is a release from the Department of Defense  yesterday, actually, showcasing aerial footage and photography of historical architecture and world heritage sites across Iraq – ancient Babylon. While the photos were originally assembled in the 1950’s to track enemy ground movements across the country, they do provide an interesting and unique perspective in terms of Middle Eastern history. Perhaps some of this is even more interesting given the fact that many world heritage sites across Iraq have since been lost forever – destroyed by the Islamic State over the course of the last decade.

Download Full Declassified Release/Study from DoD: https://roguemedia.co/wp-content/uploads/2019/04/near_eastern_landscapes_and_declassified_u2_aerial_imagery.pdf

Browse Release:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/04/near_eastern_landscapes_and_declassified_u2_aerial_imagery.pdf”%5D

The second release of documents I would like to share were included in a treasure trove of leaked documents released by the CIA in 2017 – the result of a Freedom of Information Act (FOIA) lawsuit. However, the subject of these particular documents is extremely peculiar. For example, they discuss the stories of Genesis, Adam and Eve and the Great Flood of Noah in terms of both history and climatology. Honestly, I have never come across anything like them in all of my years of academic study or online activism. Consequentially, this is why I am featuring them here today – simply to share interesting information with the world – you’re welcome!

Full CIA Reading Room Database: https://www.cia.gov/library/readingroom/home
Download Release from CIA: https://roguemedia.co/wp-content/uploads/2019/04/CIA-RDP79B00752A000300070001-8.pdf

Browse Documents:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/04/CIA-RDP79B00752A000300070001-8.pdf”%5D

Representative Ted Lieu Introduces US-Israel Directed Energy Cooperation Act, Authorizing Pentagon To Begin Testing/Deployment of Direct Energy Weapons Across Middle East

I am writing this article here today because I was fooled, and have been fooled all along. For those of you whom are not been aware, something referred to as “Direct Energy Weapons” have long since been rumored to have existed, but only on fringe back-page style websites – often peddled by end-timers and/or conspiracy theorists alike. For this every reason, I have always dismissed the notion of them as nothing more than nonsense –  but apparently I was wrong.

I bring this up because last week, March 15th 2019, representative Ted Lieu (D-CA) officially introduced a new bill entitled the “United States-Israel Directed Energy Cooperation Act” – otherwise known as H.R.6725. According to a press release dated March 14th made available on his website “the legislation authorizes the Department of Defense to carry out bilateral cooperation with Israel to develop directed energy capabilities that address threats to both nations.” More specifically, the bill provides a significant budget for the Pentagon “to carry out research, development, test, and evaluation activities, on a joint basis with Israel, to establish directed energy capabilities that address threats to the United States, deployed forces of the United States, or Israel, and for other purposes.” Specifying that “Directed energy weapons include laser weapons and particle beams; they are highly destructive but embraced by militaries for their infinite magazines and incredible speed and range.”

Ted Lieu’s Press Release: https://lieu.house.gov/media-center/press-releases/reps-lieu-and-stefanik-reintroduce-bill-develop-directed-energy-defense
Track Bill: https://www.congress.gov/bill/115th-congress/house-bill/6725/text?format=txt
Copy of Bill: https://www.congress.gov/115/bills/hr6725/BILLS-115hr6725ih.pdf

Full Text of Bill:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/03/BILLS-115hr6725ih.pdf”%5D

This article, Representative Ted Lieu Introduces US-Israel Directed Energy Cooperation Act, Authorizing Pentagon To Begin Testing/Deployment of Direct Energy Weapons Across Middle East, is free and open source, published under an internationally recognized Rogue_Publishers_License. You are hereby free to republish, re-edit or re-use this content at your discretion, so long as this license is directly attached to it and my original work attributed.

Transcript of Vladimir Putin’s Annual Address To Federal Security Service (FSB) In Russia Earlier This Week

Earlier this week, March 6th 2019, Vladimir Putin addressed the Federal Security Service (FSB) for a recap of the 2018 year in review. While the President touched on many issues throughout the course of his speech, including the US’s withdrawal from internationally negotiated missile Treaties and the latest statistics regarding Russia’s efforts in the international War against terrorism, for the purposes of this article I would like to talk about Putin’s statements regarding international espionage and cyber hacking campaigns against his country. From the perspective of an American, I think it provides a unique insight into many of the issues currently circulating around global headlines – especially considering the fact that Putin’s words are censored here in the USA.

Rather than write hundreds and hundreds of words about what Putin said, wouldn’t you rather just read Putin’s words yourselves to draw your own conclusions? I thought you might! You’re welcome!!

Transcript – Putin’s Full Annual Address To FSB: http://kremlin.ru/events/president/transcripts/59978
English Translated Version: http://en.kremlin.ru/events/president/transcripts/59978

Putin Addressing the Capture of Over +600 Undercover Spies in 2018:

Furthermore, our counterintelligence agencies operated efficiently and aggressively last year. They conducted successful special operations to cut short the activities of 129 career officers and 465 agents of foreign intelligence services. We see that foreign special services have been trying to increase their Russia operations, doing their utmost to gain access to political, economic, scientific and technological information. This means that you must work even better to counter these activities. We see that, just like in the past, comparable or even stronger efforts are being taken to influence developments in Russia.

Therefore, our countermeasures must be effective, daily and based on modern solutions.
This especially concerns the protection of information on the design, testing and manufacturing of advanced Russian weapons systems, as well as advanced military and dual-use technology. Control in this sphere must be very strict and thorough. However, I would to draw your attention, colleagues, to the other side of this matter: this control must also be sensible, or smart, so to speak.

Putin On Foreign Cyber Attacks Targeting Russia:

Furthermore, it is important to enhance the security of national information resources, primarily, by promptly countering cyberattacks against government bodies, state corporations, communications providers and large companies, and to ensure the failsafe operation of confidential communications systems.

I would like to note that in the past three years coordinated cyberattacks, that is, attacks consisting of several linked actions, have become more frequent. Thus, while in 2014–2015 a little more than 1,500 cyberattacks were recorded a year, which is also quite a lot, but in 2016 their number reached 12,000, about 12,500 in 2017 and as many as 17,000 last year. In effect, these are well-planned large-scale operations that can deal a heavy blow at our national interests.

We must be ready for the continuation of this cyber offensive against Russia and the growth of related threats. In this context, it is important to take prompt additional measures to protect critical information infrastructure and to develop a state system of detecting, warning, and eliminating the effects of computer attacks.

Learn More – US & Russia Finally Agree We Have Each Declared Cyber War Against One Another: https://roguemedia.co/2019/02/27/as-us-cybercommand-declares-war-on-russia-heres-a-look-at-the-laws-international-regulations-governing-cyberwarfare/

Putin Addressing Movements of NATO & US’s Withdrawl from Missile Treaties:

I understand very well that your daily activities imply serious efforts. Your work is very demanding, given the nature of external and domestic challenges and security threats to Russia.
For example, tensions persist in the Middle East and several other parts of the world. Why am I saying this now? Because all this has its impact on us. The existing pockets of violence and instability provide conditions for terrorist activities, including in Russia, I regret to say.

I would also like to say that NATO continues to expand its infrastructure in close proximity to Russian borders, and the US decision to withdraw from the INF Treaty is a direct step towards eroding the system of international security agreements. This is certainly changing the operational situation, and regrettably, not for the better.

Therefore, I expect the staff of the central office, territorial divisions and special units of the FSB to act professionally and in a concerted manner to attain their goals promptly and efficiently.

Putin Addressing Advancements In Russia’s War On Terror:

I must note that the number of crimes related to terrorism has been decreasing in recent years; the Director will certainly mention this in his remarks. In general, over ten years, this figure has declined dramatically, from 997 to 9 last year. At the same time, please note that the number of prevented terrorist attacks remains high – about 20 a year. This level has been maintained for the last three years. We all know how sensitive and important this is; each strike that has not been averted costs lives.

So what does this reduction in the scope of the terrorist threat mean? First of all, it shows the results of our preventive operations, of our actions to disrupt the plans of terrorist networks and groups. Yet, at the same time, these figures suggest that terrorists still have the potential to prepare attacks. Moreover, as the situation shows, both in our country and elsewhere, both organised groups and single brainwashed fanatics may be behind these crimes.
It is necessary to use new forms and methods of countering such threats, step up preventive work to identify the recruiters and accomplices of terrorists, block the supply of weapons and money, and curb extremist propaganda online. The leadership of the National Anti-Terrorism Committee should keep these issues under constant review.

And of course, it is necessary to develop cooperation and coordinate efforts with our foreign colleagues, mainly in the CSTO and SCO, and with our colleagues in other countries. In this regard, I would like to stress once again, no matter how our current relations with certain countries evolve, Russia will always be open to the closest and most trust-based work in the fight against international terrorism, this common challenge for all of humanity.

Year In Review: State of Human Rights In North Africa & Middle East 2018 – 2019

(AI) – On February 26th 2019, Amnesty International released their newest investigative report entitled “Human Right In The Middle East & North Africa.” The 77 page document highlights the state of human rights, current affairs and political issues, events and debates throughout the geographic areas of the Middle East and North Africa. More specifically, Amnesty’s report highlights the state of affairs in 17 countries during the calendar year of 2018, including Yemen, Iraq, Saudi Arabia, Qatar, United Arab Emirates, Iran, Bahrain, Jordan, Lebanon Syria, Libya, Egypt, Tunisia, Algeria, Morocco, Israel and Palestine.

More Information – Review of Report: https://www.amnesty.org/en/latest/research/2019/02/human-rights-in-the-middle-east-and-north-africa-2018/
Download Full 77 Page Report Here: https://www.amnesty.org/download/Documents/MDE0194332019ENGLISH.PDF

View Full Report:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/02/MiddleEast_NorthAfrica_Year_Review_2018.pdf”%5D

This report was originally published by Amnesty International on February 25th 2019. It was republished, with permission, under a Creative Commons BY-NC-ND 4.0 International License, in accordance with the Terms & Conditions of Amnesty International | Formatting Edits and PDF added and embedded by Rogue Media Labs

Amnesty Investigation – State Sponsored Hackers Launching Massive Hacking Operations Across Middle East & North Africa



  • We have identified several campaigns of credentials phishing, likely operated by the same attackers, targeting hundreds of individuals spread across the Middle East and North Africa.
  • In one campaign, the attackers were particularly going after accounts on popular self-described “secure email” services, such as Tutanota and ProtonMail.
  • In another campaign, the attackers have been targeting hundreds of Google and Yahoo accounts, successfully bypassing common forms of two-factor authentication.


From the arsenal of tools and tactics used for targeted surveillance, phishing remains one of the most common and insidious form of attack affecting civil society around the world. More and more Human Rights Defenders (HRDs) have become aware of these threats. Many have taken steps to increase their resilience to such tactics. These often include using more secure, privacy-respecting email providers, or enabling two-factor authentication on their online accounts.

However, attackers too learn and adapt in how they target HRDs. This report documents two phishing campaigns that Amnesty International believes are being carried out by the same attacker (or attackers) likely originating from amongst the Gulf countries. These broad campaigns have targeted hundreds, if not a thousand, HRDs, journalists, political actors and others in many countries throughout the Middle East and North Africa region.

What makes these campaigns especially troubling is the lengths to which they go to subvert the digital security strategies of their targets. The first campaign, for example, utilizes especially well-crafted fake websites meant to imitate well-known “secure email” providers. Even more worryingly, the second demonstrates how attackers can easily defeat some forms of two-factor authentication to steal credentials, and obtain and maintain access to victims’ accounts. As a matter of fact, Amnesty Tech’s continuous monitoring and investigations into campaigns of targeted surveillance against HRDs suggest that many attacker groups are developing this capability.

Taken together, these campaigns are a reminder that phishing is a pressing threat and that more awareness and clarity over appropriate countermeasures needs to be available to human rights defenders.

Phishing Sites Imitating “Secure Email” Providers

Amnesty International has identified several well-crafted phishing sites for the popular email services Tutanota and ProtonMail. The providers are marketed as “secure email” solutions and have consequently gained some traction among activists.

These sites contain several elements that make them especially difficult for targets to identify as fakes. For instance, the attackers managed to obtain the domain tutanota.org and used it to almost completely replicate the original website for the Tutanota service, which is actually located at tutanota.com.

No automatic alt text available.

Many users rightfully expect that online services control the primary .com.org and .net domain variants of their brand. If an attacker manages to acquire one of these variants they have a rare opportunity to make the fake website appear significantly more realistic. These fake sites also use transport encryption (represented by the https:// prefix, as opposed to the classic, unencrypted, http://). This enables the well-recognized padlock on the left side of the browser’s address bar, which users have over the years been often taught to look for when attempting to discern between legitimate and malicious sites. These elements, together with an almost indistinguishable clone of the original website, made this a very credible phishing site that would be difficult to identify even for the more tech-savvy targets.

If a victim were tricked into performing a login to this phishing site, their credentials would be stored and a valid login procedure would be then initiated with the original Tutanota site, giving the target no indication that anything suspicious had occurred.

No automatic alt text available.

Because of how remarkably deceptive this phishing site was, we contacted Tutanota’s staff, informed them about the ongoing phishing attack, and they quickly proceeded to request the shutdown of the malicious infrastructure.

These same attackers were also operating a ProtonMail phishing website (another popular email service marketed as secure) located at protonemail.ch, where the additional letter “e” is all that distinguishes this well-built replica from the original valid website protonmail.ch.

No automatic alt text available.

No automatic alt text available.

Widespread Phishing of Google and Yahoo Users

Throughout 2017 and 2018, human rights defenders and journalists from the Middle East and North Africa region have been sharing with us suspicious emails they have been receiving. Investigating these emails, we identified a large and long-running campaign of targeted phishing attacks that has targeted hundreds, and likely over one thousand people overall. Most of the targets seemingly originating from the United Arab Emirates, Yemen, Egypt and Palestine.

It is worth noting that we found this campaign to be directly connected to some attacks included in section 2.4.2 of a technical report by UC Berkeley researcher Bill Marczak, in which he suggests various overlaps with other campaigns of targeted surveillance specifically targeting dissidents in the UAE.

Our investigation leads us to additionally conclude that this campaign likely originates with the same attacker – or attackers – who cloned the Tutanota and ProtonMail sites in the previous section. As in the previous campaign, this targeted phishing campaign employs very well-designed clones of the commercial sites it impersonates: Google and Yahoo. Unlike that campaign, however, this targeted phishing campaign is also designed to defeat the most common forms of two-factor authentication that targets might use to secure their accounts.

Lastly, we have identified and are currently investigating a series of malware attacks that appear to be tied to these phishing campaigns. This will be the subject of a forthcoming report.

Fake Security Alerts Work

In other campaigns, for example in our Operation Kingphish report, we have seen attackers create well developed online personas in order to gain the trust of their targets, and later use more crafty phishing emails that appeared to be invites to edit documents on Google Drive or participating in Google Hangout calls.

In this case, we have observed less sophisticated social engineering tricks. Most often this attacker made use of the common “security alert” scheme, which involves falsely alarming the targets with some fake notification of a potential account compromise. This approach exploits their fear and instills a sense of urgency in order to solicit a login with the pretense of immediately needing to change their password in order to secure their account. With HRDs having to be constantly on the alert for their personal and digital security, this social engineering scheme can be remarkably convincing.

The following is one example of a phishing email sent by this attacker.

No automatic alt text available.

No automatic alt text available.

Clicking on the links and buttons contained in these malicious emails would take the victim to a well-crafted and convincing Google phishing website. These attackers often and regularly create new sites and rotate their infrastructure in order to avoid detection and reduce the damage of unexpected shutdowns by domain registrars and hosting providers. You can find at the bottom of this report a list of all the malicious domains we have identified.

Image may contain: text

No automatic alt text available.

How Does the Phishing Attack Work?

In order to verify the functioning of the phishing pages we identified, we decided to create a disposable Google account. We selected one of the phishing emails that was shared with us, which pretended to be a security alert from Google, falsely alerting the victim of suspicious login activity, and soliciting them to change the password to their account.

The first step was to visit the phishing page.

No automatic alt text available.

When we logged into the phishing page, we were redirected to another page where we were alerted that we had been sent a 2-Step Verification code (another term for two-factor authentication) via SMS to the phone number we used to register the account, consisting of six digits.

No automatic alt text available.

Sure enough, our configured phone number did receive an SMS message containing a valid Googleverification code. After we entered our credentials and the 2-Step Verification code into the phishing page, we were then presented with a form asking us to reset the password for our account.

No automatic alt text available.

To most users a prompt from Google to change passwords would seem a legitimate reason to be contacted by the company, which in fact it is.

After checking the security events on our disposable Google account, we noticed that a password change was in fact issued by Windows computer operated by the attackers, seemingly connecting from an IP address that Google geolocates within the USA.

No automatic alt text available.

(The IP address used by the attackers to automatically authenticate and modify our Google account,, is actually an unauthenticated Squid HTTP proxy. The attackers can use open proxies to obscure the location of their phishing server.)

The purpose of taking this additional step is most likely just to fulfill the promise of the social engineering bait and therefore to not raise any suspicion on the part of the victim.

After following this one last step, we were then redirected to an actual Google page. In a completely automated fashion, the attackers managed to use our password to login into our account, obtain from us the two-factor authentication code sent to our phone, and eventually prompt us to change the password to our account. The phishing attack is now successfully completed.

Similarly, we created a new Yahoo account and configured two-factor authentication using the available phone verification as visible in the account settings:

No automatic alt text available.

Image may contain: text

No automatic alt text available.

Challenges in Securing Online Accounts

Finding a secure way to authenticate users is a very difficult technical issue, although some progress has been made over the years that has raised the bar of difficulty for attackers attempting to compromise accounts at scale.

Two-factor authentication has become a de-facto standard that is almost always recommended as a required step for securing online accounts. With two-factor authentication procedures enabled, users are required to provide a secondary form of verification that normally comes in the form of a numerical token that is either sent via SMS or through a dedicated app to be installed on their phone. These tokens are short-lived, and normally expire after 30 seconds. In other cases, like that of Yahoo, the user is required instead to manually allow an ongoing authentication attempt by tapping a button on their phone.

Why is this useful? Requiring a secondary form of authentication prevents some scenarios in which an attacker might have obtained access to your credentials. While this can most commonly happen with some unsophisticated phishing attempts, it is also a useful mitigation to password reuse. You should definitely configure your online accounts to use different passwords (and ideally use a password manager), but in the case you reuse – accidentally or otherwise – a password which was stolen (for example through the numerous data breaches occurring all the time) having two-factor authentication enabled will most likely mitigate against casual attackers trying to reuse the same password on as many other online accounts as possible.

Generally, there are three forms of two-factor authentication that online services provide:

  • Software token: this is the most common form, and consists in asking the user to enter in the login form a token (usually composed of six digits, sometimes it includes letters) that is sent to them either via SMS or through a dedicated app the user configured at the time of registration.
  • Software push notification: the user receives a notification on the phone through an app that was installed at the time of registration. This app alerts the user that a login attempt is being made and the user can approve it or block it.
  • Hardware security keys: this is a more recent form of two-factor authentication that requires the user to physically insert a special USB key into the computer in order to log into the given website.

While two-factor push notifications often provide some additional information that might be useful to raise your suspicion (for example, the country of origin of the client attempting to authenticate being different from yours), most software-based methods fall short when the attacker is sophisticated enough to employ some level of automation.

As we saw with the campaigns described in this report, if a victim is tricked into providing the username and password to their account, nothing will stop the attacker from asking to provide the 6-digits two-factor token, eventually the phone number to be verified, as well as any other required information. With sufficient instrumentation and automation, the attackers can make use of the valid two-factor authentication tokens and session before they expire, successfully log in and access all the emails and contacts of the victim. In other words, when it comes to targeted phishing software-based two-factor authentication, without appropriate mitigation, could be a speed bump at best.

Don’t be mistaken, two-factor authentication is important and you should make sure you enable it everywhere you can. However, without a proper understanding of how real attackers work around these countermeasures, it is possible that people are misled into believing that, once it is enabled, they are safe to log into just about anything and feel protected. Individuals at risk, human rights defenders above all, are very often targets of phishing attacks and it is important that they are equipped with the right knowledge to make sure they aren’t improperly lowering their level of caution online.

While it is possible that in the future capable attackers could develop ways around that too, at the moment the safest two-factor authentication option available is the use of security keys.

This technology is supported for example by Google’s Advanced Protection program, by Facebook and as of recently by Twitter as well. This process might appear painful at first, but it significantly raises the difficulty for any attacker to be successful, and it isn’t quite as burdensome as one might think. Normally, you will be required to use a security key only when you are authenticating for the first time from a new device.

That said, security keys have downsides as well. Firstly, they are still at a very early stage of adoption: only few services support them and most email clients (such as Thunderbird) are still in the process of developing an integration. Secondly, you can of course lose your security key and be locked out of your accounts. However, you could just in the same way lose the phone you use for other forms of two-factor authentication, and in both cases, you should carefully configure an option for recovery (through printed codes or a secondary key) as instructed by the particular service.

As with every technology, it is important individuals at risk are conscious of the opportunities as well as the shortcomings some of these security procedures offer, and determine (perhaps with the assistance of an expert) which configuration is best suited for their respective requirements and levels of risk.

How the Bypass for Two-Factor Authentication Works

The servers hosting the Google and Yahoo phishing sites also mistakenly exposed a number of publicly listed directories that allowed us to discover some details on the attacker’s plan. One folder located at /setup/ contained a database SQL schema likely used by the attackers to store the credentials obtained through the phishing frontend:

No automatic alt text available.

A folder located at /bin/ contained an installation of Selenium with Chrome Driver, which is a set of tools commonly used for the automation of testing of web applications. Selenium allows to script the configuration and launch of a browser (in this case Google Chrome) and make it automatically visit any website and perform certain activity (such as clicking on a button) in the page.

While the original purpose was to simplify the process of quality assurance for web developers, it also lends itself perfectly to the purpose of automating login attempts into legitimate websites and streamlining phishing attacks. Particularly, this allows attackers to easily defeat software-based two-factor authentication.

No automatic alt text available.

Yet another folder called /profiles/ instead contained hundreds of folders generated by each spawned instance of Google Chrome, automated through Selenium as explained.

No automatic alt text available.

Because all the profile folders generated by the spawned Google Chrome instances operated by the attackers are exposed to the public, we can actually get a glimpse at how the accounts are compromised by inspecting the History database that is normally used by the browser to store the browsing history.

No automatic alt text available.

Through the many Chrome folders we could access, we identified two clear patterns of compromise.

The first pattern of compromise, and most commonly found across the data we have obtained, is exemplified by the following chronological list of URLs visited by the Chrome browser instrumented by the attackers:

  1. https://mail.yahoo.com/
  2. https://guce.yahoo.com/consent?brandType=nonEu&gcrumb=%5BREDACTED%5D&done=https%3A%2F%2Fmail.yahoo.com%2F
  3. https://login.yahoo.com/?done=https%3A%2F%2Fmail.yahoo.com%2F
  4. https://login.yahoo.com/account/challenge/push?done=https%3A%2F%2Fmail.yahoo.com%2F&authMechanism=primary&display=login&yid=[REDACTED]&sessionIndex=QQ–&acrumb=[REDACTED]
  5. https://login.yahoo.com/account/challenge/phone-obfuscation?done=https%3A%2F%2Fmail.yahoo.com%2F&authMechanism=primary&display=login&yid=[REDACTED]&acrumb=[REDACTED]&sessionIndex=QQ–&eid=3640
  6. https://login.yahoo.com/account/challenge/phone-verify?done=https%3A%2F%2Fmail.yahoo.com%2F&authMechanism=primary&display=login&yid=[REDACTED]&acrumb=[REDACTED]&sessionIndex=QQ–
  7. https://login.yahoo.com/account/challenge/pre-change-password?done=https%3A%2F%2Fguce.yahoo.com%2Fconsent%3Fgcrumb%3D[REDACTED]%26trapType%3Dlogin%26done%3Dhttps%253A%252F%252Fmail.yahoo.com%252F%26intl%3D%26lang%3D&authMechanism=prima$
  8. https://login.yahoo.com/account/security/app-passwords/list
  9. https://login.yahoo.com/?done=https%3A%2F%2Flogin.yahoo.com%2Faccount%2Fsecurity%2Fapp-passwords%2Flist%3F.scrumb%3D0
  10. https://login.yahoo.com/account/security/app-passwords/list?.scrumb=[REDACTED]
  11. https://login.yahoo.com/account/security/app-passwords/add?scrumb=[REDACTED]

As we can see, the attackers are automatically visiting the legitimate Yahoo login page, entering the credentials, and then following all of the required steps for eventual two-factor authentication that might have been configured by the victim. Once the full authentication process is completed, the attackers proceed to create what is commonly known as an “App Password”, which is a separate password that some services, including Yahoo, offer in order to allow third-party apps that don’t support two-factor verification to access the user’s account (for example, if the user wants to use Outlook to access the email). Because of this, App Passwords are perfect for an attacker to maintain persistent access to the victim’s account, as they will not be further required to perform any additional two-factor authentication when accessing it.

In the second pattern of compromise we identified, the attackers again seem to automate the process of authenticating into the victim’s account, but they appear to additionally attempt to perform an “account migration” in order to fundamentally clone the emails and the contacts list of from the victim’s account to a separate account under the attacker’s control:

  1. https://mail.yahoo.com/
  2. https://guce.yahoo.com/consent?brandType=nonEu&gcrumb=%5BREDACTED%5D&done=https%3A%2F%2Fmail.yahoo.com%2F
  3. https://login.yahoo.com/?done=https%3A%2F%2Fmail.yahoo.com%2F
  4. https://login.yahoo.com/account/challenge/password?done=https%3A%2F%2Fmail.yahoo.com%2F&authMechanism=primary&display=narrow&yid=[REDACTED]&sessionIndex=QQ–&acrumb=[REDACTED]
  5. https://login.yahoo.com/account/challenge/phone-obfuscation?done=https%3A%2F%2Fmail.yahoo.com%2F&authMechanism=primary&display=narrow&yid=[REDACTED]&acrumb=[REDACTED]&sessionIndex=QQ–&eid=3650
  6. https://login.yahoo.com/account/challenge/phone-verify?done=https%3A%2F%2Fmail.yahoo.com%2F&authMechanism=primary&display=narrow&yid=[REDACTED]&acrumb=[REDACTED]&sessionIndex=QQ–
  7. https://login.yahoo.com/account/yak-opt-in/upsell?done=https%3A%2F%2Fguce.yahoo.com%2Fconsent%3Fgcrumb%3D%5BREDACTED%5D%26trapType%3Dlogin%26done%3Dhttps%253A%252F%252Fmail.yahoo.com%252F%26intl%3D%26lang%3D&authMechanism=primary&display=n$
  8. https://guce.yahoo.com/consent?brandType=nonEu&gcrumb=%5BREDACTED%5D&done=https%3A%2F%2Fmail.yahoo.com%2F
  9. https://mail.yahoo.com/m/
  10. https://mg.mail.yahoo.com/neo/m/launch?
  11. https://mg.mail.yahoo.com/m/
  12. https://mg.mail.yahoo.com/m/folders/1
  13. http://www.gmail.com/
  14. https://www.gmail.com/
  15. https://www.google.com/gmail/
  16. https://mail.google.com/mail/
  17. https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1#
  18. https://mail.google.com/intl/en/mail/help/about.html#
  19. https://www.google.com/intl/en/mail/help/about.html#
  20. https://www.google.com/gmail/about/#
  21. https://accounts.google.com/AccountChooser?service=mail&continue=https://mail.google.com/mail/
  22. https://accounts.google.com/ServiceLogin?continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&service=mail&sacu=1&rip=1
  23. https://accounts.google.com/signin/v2/identifier?continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&service=mail&sacu=1&rip=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin
  24. https://accounts.google.com/signin/v2/sl/pwd?continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&service=mail&sacu=1&rip=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin&cid=1&navigationDirection=forward
  25. https://accounts.google.com/CheckCookie?hl=en&checkedDomains=youtube&checkConnection=youtube%3A375%3A1&pstMsg=1&chtml=LoginDoneHtml&service=mail&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&gidl=%5BREDACTED%5D
  26. https://mail.google.com/accounts/SetOSID?authuser=0&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fauth%3D[REDACTED]
  27. https://mail.google.com/mail/?auth=%5BREDACTED%5D.
  28. https://mail.google.com/mail/u/0/
  29. https://mail.google.com/mail/u/0/#inbox
  30. https://mail.google.com/mail/u/0/#settings/general
  31. https://mail.google.com/mail/u/0/#settings/accounts
  32. https://mail.google.com/mail/u/0/?ui=2&ik=%5BREDACTED%5D&jsver=OeNArYUPo4g.en.&view=mip&fs=1&tf=1&ver=OeNArYUPo4g.en.&am=%5BREDACTED%5D
  33. https://api.shuttlecloud.com/gmailv2/authenticate/oauth/[REDACTED]%40yahoo.com?ik=[REDACTED]&email=[REDACTED]@yahoo.com&user=0&scopes=contactsmigration,emailmigration
  34. https://api.login.yahoo.com/oauth2/request_auth?client_id=[REDACTED]&redirect_uri=https%3A//api.shuttlecloud.com/gmailv2/authenticate/oauth/c$
  35. https://api.login.yahoo.com/oauth2/authorize
  36. https://api.shuttlecloud.com/gmailv2/authenticate/oauth/callback?email=%5BREDACTED%5D&code=%5BREDACTED%5D
  37. https://mail.google.com/mail/u/0/?token_id=%5BREDACTED%5D&ik=%5BREDACTED%5D&ui=2&email=%5BREDACTED%5D%40yahoo.com&view=mas

In this rather longer chronology of URLs visited by the Chrome browser instrumented by the attackers we can see that they designed the system to attempt a login into Yahoo with the stolen credentials and request the completion of a two-factor verification process, as requested by the service. Once the authentication is completed, the phishing backend will automatically connect the compromised Yahoo account to a legitimate account migration service called ShuttleCloud, which allows the attackers to automatically and immediately generate a full clone of the victim’s Yahooaccount under a separate Gmail account under their control.

After such malicious account migration happened, the attackers would then be able to comfortably search and read through all the emails stolen from the victims leveraging the full-fledged functionality offered by Gmail.





























































































































































































































This article was originally published by Amnesty International on December 18th 2018. It was republished, with permission, under a Creative Commons BY-NC-ND 4.0 International License, in accordance with the Terms & Conditions of Amnesty International | Formatting Edits and Tweets added/embedded by Rogue Media Labs

How Palestinian Authorities are Oppressing Their Own Peoples

Yesterday Human Rights Watch released an investigative report entitled “‘Two Authorities, One Way, Zero Dissent:’ Arbitrary Arrest and Torture Under the Palestinian Authority and Hamas,“chronicling the conditions endured by Palestinian activists under the rule of Hamas. According to the report, Palestinian activists are routinely subjected to arrest and torture at the hands of their own Government. It is an interesting and unique look inside the current situation facing the people of Palestine, whom are essentially being persecuted from both sides – by Israeli authorities and Hamas.

At the present moment in time the Israeli Government refuses to recognize Palestinian as its own nation-state, demanding that Hamas be removed from Governance before Israel will ever begin to consider a two state solution. Moreover, the strict/prolonged military blockade of Gaza/Palestine was only enacted after Hamas continued to use imports to advance militaristic agendas, including the developments of weapons and fortification of underground tunnels. In other words, contrary to popular belief, as the report below outlines, Israel is not solely responsible for the human rights tragedy as it presently exists inside Palestine

Full 159 Page Report from Human Rights Watch:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2018/10/palestine1018_web4.pdf”%5D

This report was originally published by Human Rights Watch on October 23, 2018. It was republished, with permission, under a Creative Commons BY-NC-ND 3.0 US Licensein accordance with the Terms & Conditions of Human Rights Watch. Formatting edits added by Rogue Media Labs.