An unknown hoax Twitter virus spreading through a link successfully seized five accounts of prominent users.
Emirati academics have Twitter accounts hijacked by hoax virus
ABU DHABI // Influential Emiratis on the social-media site Twitter have had their accounts hijacked in what has been described as a targeted, malicious attack.
Five prominent writers and academics with at least 30,000 followers each were hit by a virus that was spread through a link, directing each to a hoax mirror Twitter site.
After typing in their personal details, their accounts were taken over by a mystery hacker.
A message critical of the Syrian president Bashar Al Assad appeared on followers' Twitter pages, along with other religious messages and words of advice, prompting some to believe the attack was political.
All of the messages were in Arabic.
"It seems to be a targeted attack on UAE-based writers and intellectuals," said Sultan Al Qassemi, an Emirati commentator and active Tweeter whose account was targeted.
"As far as I know, the ones affected are writers based in the UAE."
Mr Al Qassemi said that a private message from a friend with a link to "important news" seemed legitimate.
But the link led to the mirror site that was under an internet address other than Twitter's.
While Mr Al Qassemi knew it was a hoax and did not sign in, others were less attentive.
The accounts targeted on Thursday included those of the writer Ahmed Al Shaikh, who has more than 32,000 followers, and Dr Abdulkhaleq Abdulla, a political-science professor with more than 33,000 followers.
Also hit were Dr Sulaiman Al Hattlan, the chief executive of the Arab Strategy Forum and Al Hattlan Media, who has more than 75,000 followers, and Dherar Al Falasi, the general manager of the Watani programme, with more than 48,000 followers.
Yesterday, Dr Ebtisam Al Ketbi, a political-science professor who tweets under the name, or handle, @Ekitbi and has more than 37,000 followers, was added to the list of those affected but was able to retrieve her account.
"I don't know who hijacked it," she said. "I got a message from Dr Abdulla with a link. When I clicked on the link, the virus entered. It seems like Khawatir Hob [love thoughts] has taken over my account."
Dr Al Hattlan was not so lucky. His account has had its handle changed to @iDorarr and a string of Tweets have been posted, mostly of a religious nature but also at least one with a clear anti-Assad message.
Mr Al Qassemi said the first thing the hacker did was change the users' Twitter handles.
"And then they change the email associated to the account," he said. "So even if you click on I forgot my [login details], you cannot recover your Twitter account.
"Then you would have to contact Twitter, who are very helpful but obviously get a large number of requests a day."
Another sign that the attacks had been targeted was that the hacker managed to dupe Dr Al Hattlan into verifying a new account with his real email address.
"Until now they have been tweeting some general advice, some prayers and one message was anti-Syrian president Bashar Al Assad," he said. "It seems like they wanted to take advantage of these accounts as they all have followers in the thousands."
Dr Al Hattlan was surprised to discover that people had been re-tweeting the messages sent by the hacker, without questioning the new name of the account or who it belonged to.
He said the police cybercrime unit was now investigating the matter.
Dr Abdulla also said he believed the attack was targeted.
"I think it was very specific. Some people were targeted," he said. "Those attacked are all active on Twitter and take a public stance on issues – lately Syria."
Dr Abdulla thanked Mr Al Qassemi after he regained access to his account yesterday, tweeting that he could not have done so without his assistance.
Mr Al Qassemi has been liaising with Twitter representatives to help the Emiratis regain access to their accounts.
Last month Sheikh Abdullah bin Zayed, Minister of Foreign Affairs, was victim of a similar hijack for a few hours.
It was unclear whether the latest incidents were the work of the same hacker.