WATCH OUT! All of the tinyurl links on the old flyer have been infected with malware. Do not use them. Rather, access those items here.
[ To read of the other hacks: By clicking on this link- STOP PRESS- MORE CYBER ATTACKS , you’ll be taken to the end of this post to read of the second attack of Sun 20th March; read on below to learn about the first one]
[Posted: Thurs 17th March] Today we learnt that the 5,000 flyers that we had distributed across Edinburgh were proving slightly toxic. Click here to download a pdf of this flyer. The five webpages and you-tube videos mentioned on the flyer (and that these dodgy tinyurls were tied to) can now be accessed directly here on our main website. This site will always be safe, because it is our only site and is now maintained by top security analysts; it is guaranteed to be free of malware. It is tested on a daily basis by the security company we have contracted to keep the site safe and secure. Any questions? Contact us at info@twingaza.com
The infected tinyurls on the old flyer can instead be accessed directly as follows:
To write to your local Councillors asking them to support the bid: click on www.twingaza.com/what-you-can-do/#Cllr-letter
Jewish political scientist Norman Finkelstein “It’s not about Hamas” in 4-mins: click on youtu.be/UmeraZ3SGh0
The petitioner (Pete) says in 8 mins “Why we should twin”: click on youtu.be/z6C6K0Twakw
Pete’s been maligned as antisemitic; the stories behind the smears are exposed: click on www.bogusantisemitism.org/rogues-gallery/#pete-gregson.
Amnesty’s 15 min film sums it up: “The Israel Palestine Apartheid Explainer”: click on youtu.be/AUGICfaULXA
(see more films about why we should twin here)
What’s going on and who’s responsible?
Every day and for some weeks, the petitioner (Pete) has been monitoring (using Google Analytics) the countries that have been accessing this website and the number of visits their citizens make. The number of daily hits on the site have dropped from 60 a couple days ago to 8 now; presumably folk have been put off by the infected tinyurl links on the old flyer.
What does clicking on the tinyurl links do? Well, it depends on which tinyurl you click on and whether you are using a Mac or a PC – and also which browser you’re using. Macs and iPhones don’t seem to be affected (they have good built-in protection). Also Chrome users on PCs. But PCs using Google, MS Edge and Internet Explorer can give trouble; one Edge user reported on 17th March that he has McAffee anti-viral protection, but after clicking on a tinyURL, he unkowingly set up a cookie on his browser; every site he visited thereafter triggered a bogus McAffee site that appeared first, that kept asking for him to renew his subscription. He could only get rid of it by clearing his browsing history.
Another user, who clicked on the Amnesty video link at www.tinyurl.com/amnesty-israel , should have been taken directly to You-tube to see the “The Israel Palestine Apartheid Explainer” video at https://youtu.be/AUGICfaULXA with this image:
What they actually got was a website that was saying what a great place Israel was. Here’s what the user saw:
Google Analytics allows us monitor traffic to our website; we can see there has been only 1 visit from Israel, but 32 visits are at “not set” status- so possibly these are Israelis who’ve disguised their geographic location. It’s impossible to imagine it is anyone but an Israeli- who wanted our bid to fail- who would do this.
So- What Do We Do?
We only discovered the issue at 9:00 am on the 16th March as we were about to flyer Leith, so instead we spent much of the day in scoping the problem. Immediately yesterday when the twinning steering group figured out that whoever had poisoned our tinyURLs was obviously going to place malware on the main website www.twingaza.com as well, Pete contacted the web security firm (that he uses for his other main site www.bogusantisemitism.org, on which they have done a marvellous job) and employed them to look after the TwinGaza one as well. What they do is monitor the site, regularly scouring it for malware- and install a firewall to protect it from hackers. They give Pete daily reports confirming the site is safe to use, reporting any suspected hacking attempts.
What about the flyers?
We had already distributed 5,000 flyers with the dodgy tinyurl links.
In the end we decided to pulp the 8,000 new flyers that were ready for distribution and order fresh ones. The new ones will not have any tinyurls- readers will be asked to come to this post here on our main website to get the links directly. You can download a copy of the new flyer here; they look like this:
STOP PRESS- MORE CYBERATTACKS
[Posted Sun 20th March] The petitioner’s (Pete Gregson) email MS Outlook account was hacked some time between 17th and 20th March 2022; he had observed that some journalists he was emailing did not get the emails he’d sent on Friday18th March – and on Sunday 20th he discovered the email account that he reserves for dealing with politicians, the press and the Gaza Mayor’s officer had been deactivated and the usual reactivation process was not working.
Microsoft confirm it was a hack and that he should report it to the Police and his local authority. (See the transcript of the chat confirming this here).
Pete has now reported the hacking as a cybercrime to the Police at https://reporting.actionfraud.police.uk/reporting
He has been an IT professional for 8 years; he holds a Postgrad Diploma in Information Systems. He is careful to keep his email secure with two-step verification. It would take a sophisticated hacker to break into the Microsoft system.
In another attack, the Mayor’s office in Gaza, with whom he is in daily contact, suffered a spamming attack from Wednesday 16th March which rendered Pete’s communications with them impossible (see evidence here). He is pleased to say that they have now been able to overcome that.
Following the tinyURL hack described above, he had arranged for the www.twingaza.com website to be protected by a US Security Company.
They reported that on Friday 18th March the site had suffered 22 attacks; but on Saturday 19th March it was 47. Their report can be viewed at https://www.twingaza.com/wp-content/uploads/2022/03/cpreport-twingaza.com-2022-03-18.pdf
[Update 21st March] On Monday at about 14:30, the website just went down with a 403 HTTP error. (403 forbidden errors normally happen when the website index file is missing or the website files have improper file permissions). We haven’t figured why this happened yet. Pete has now upgraded his protection with the cybersecurity company from basic to professional and the site was fixed. It was off for two hours. He is now making enquiries with his Hosting service to explore what happened.