A Canadian non-profit organization which specializes in privacy, security and freedom of speech may itself be the target of a cyber attack.
Winnipeg-based Coldhak was one of several Canadian Twitter users to recently receive a message from the company warning that a “small group of accounts” may have been compromised by “state-sponsored actors.”
“We believe that these actors (possibly associated with a government) may have been trying to obtain information such as e-mail addresses, IP addresses, and/or phone numbers,” the warning message received by Coldhak said. “At this time, we have no evidence they obtained your account information, but we’re actively investigating this matter.”
The message went on to suggest that users visit The Tor Project, Inc. and download the organization’s free online security program, which protects the identity of its users online – though as more than one reply to Coldhak’s post noted, Twitter has been accused of blocking users who try using Tor with Twitter itself – or that they visit the Electronic Frontier Foundation’s website for tips on safely browsing social media.
In an interview with Reuters, Coldhak cofounder Colin Childs said the organization has seen “no noticeable impact” from the attack, and while Coldhak retweeted reports from other users who said they received the notice, such as privacy and security researcher Runa Sandvik and Toronto-based security researcher Noris Fabio, none mentioned why they might have been targeted.
According to an article published on Dec. 11, Vice contributor Sarah Jeong exchanged emails with seven Twitter users who had received the message, including Coldhak, which noted that Childs is a contractor for Tor Project. Sandvik also used to program for the Tor Project, though Jeong wrote that she did not find a common link between all seven users.
While fellow social-networking giants Google and Facebook both have policies in place that notify users of potential state-sponsored attacks, this is the first time Twitter has issued such a warning.
Twitter has not released additional information regarding the attack, and no governments which may have sponsored the attack have been named.