Thomas Rid @RidT Twitter profile

Last Seen Profiles

@MaiKivela

@Susu_jpg

@ladymorket

@AustralianArmy

@EmekaAmakeze

@UserArabic__

@par1y

@StreamElements

@98Memorial

@MorneMostert

@Ba_8000

@0RR09

@NPP_31516

@FNFmag

@MarsLeRoux

@betasquad5

@aass6619989723

@Mysimsuniverse_

@AtelierManawari

@RTRO80s

@allst9r

@ki_motm

@sean_mcloone

@anokhinalol

@Keifa_VRC

@JasonKingHQ

@robertomed6

@Buttercoinspl

@african_ju

@alexcarliera

@SteveScalise

@Trinity_xyzz

@T_Woodbury11

@zadama24

@WillSloanEsq

@annabelleeast_

Thomas Rid

@RidT

1 month

Absolutely remarkable reporting here. I strongly recommend reading all ~10,000 words. Some of the most stunning documentary evidence comes toward the end. Also really appreciated the historical depth.

Michael Weiss

@michaeldweiss

1 month

NEW: A yearlong investigation by @InsiderEng , @60Minutes and @derspiegel has uncovered evidence suggesting that Havana Syndrome may have its origin in the use of directed energy weapons wielded by the Russian GRU’s infamous Unit 29155.

425

4K

8K

8

173

544

Thomas Rid

@RidT

1 month

Just remarkable how the attribution of covert operations and violent attacks, beyond just cyber operations, has become a core feature of international affairs—and by how much the US leads in terms of intelligence-driven attributive capabilities, credibility, and speed.

14

40

175

Thomas Rid

@RidT

2 months

The Taurus leak is a welcome reminder: neither governments (nor anybody else) should not allow dial-in via open, unencrypted lines into meetings, no matter the subject. There is no good reason for Webex, Zoom, Teams not to have a bridge for WhatsApp or Signal calls into meetings

4

24

158

Thomas Rid

@RidT

2 months

The biggest irony in all of this: the German government, including the Bundeswehr (!), are way ahead of the curve—even ahead of the US gov't—with their initiative to implement a secure, end-to-end encrypted comms platform with video conference capability🤷‍♂️

Matrix | Germany | Digital sovereignty

The German public sector is leading the world with its vision of digital sovereignty. Germany has embraced the Matrix protocol as its strategy to deliver secure, decentralized and interoperable...

element.io

5

34

154

Thomas Rid

@RidT

2 months

👀

2

41

142

Thomas Rid

@RidT

2 months

It appears that the most noteworthy Russian active measure in a while just became public: 30-mins intercept of a German Air Force (Luftwaffe) phone call discussing deployment scenarios for the Taurus cruise missile in Ukraine, leaked on Telegram by RT's Simonjan. Likely authentic

5

52

141

Thomas Rid

@RidT

12 days

Earlier today Germany's federal criminal police arrested three German citizen who are suspected of working as spies for China's MSS in in Düsseldorf and Bad Homburg, for stealing "militarily useable innovative technologies"

5

45

142

Thomas Rid

@RidT

2 months

An observation on the Taurus leak that I have not seen elsewhere (could have missed it): The intercepted recording starts with BG Frank Graefe, in Singapore, saying "Hallo," to which the response is "Moin Moin Herr General, Hauptmann Irrgang hier." "Servus." (A common greeting)

4

52

140

Thomas Rid

@RidT

2 months

Why am I back on here? Simple. The alternatives have failed. I was badly informed. And just reading passively felt wrong.

21

5

122

Thomas Rid

@RidT

2 months

1) The intercept happened on the general's phone line. 2) The intercept happened on the general's end point (phone). There are other scenarios, but these are probably the most likely. Coincidence, yes, but the day before the story broke Sen Wyden highlighted Diameter/SS7 vulns

2

18

103

Thomas Rid

@RidT

2 months

My interpretation: the general, from a hotel room in Singapore, likely did not join by URL, but called a staff officer to phone-connect him into the meeting. The intercept likely started before entering the Webex session. So that leaves us with two most probable scenarios:

4

16

101

Thomas Rid

@RidT

1 month

Important to note that the details and evidence disclosed in this new reporting do not take us to a high confidence assessment, neither on the attribution nor on the use of such a weapon in specific cases. Alternative explanations, however, are becoming less convincing.

3

9

78

Thomas Rid

@RidT

2 months

Worth making explicit this point by Martin here: whatever the access method, almost certainly more intercepts from this source in Singapore have been captured.

Martin Wendiggensen

@Dr_Machinavelli

2 months

If this is true, it is concerning because the BGeneneral and LtCol mention a call they were on together (likely shortly) before (BG:"did you catch the end of that?" LTCol: "No, I left (…)". Likely the BGeneral participated in mulitple calls this way and Russia may have all

2

11

55

2

9

71

Thomas Rid

@RidT

2 months

My first time here. What a city.

5

2

68

Thomas Rid

@RidT

2 months

Looks like a classic active measure, many precedents during Cold War and after. The recipe: intercept politically divisive phone call or document, potentially doctor the file to make it more spicy, leak it, covertly or open. Here: highly likely authentic, and pretty open.

2

20

67

Thomas Rid

@RidT

2 months

Wyden warns of SS7 abuses by foreign governments (SS7 is an obscure, critical, and very easy-to-exploit telco protocol)

3

43

62

Thomas Rid

@RidT

2 months

Every time Russian intelligence operators (or contractors) get caught doing some incompetent, cheap, bumbling active measure I see a ton of comments talking them up in some form — Don’t. You risk making the problem worse. Post-exposure impact is a thing.

Etoiles de David taguées à Paris : la piste d’une opération d’ingérence russe privilégiée

Les actions auraient été commanditées par l’homme d’affaires moldave Anatolii Prizenko et, selon les informations du « Monde », largement relayées par le réseau de propagande prorusse Doppelgänger....

www.lemonde.fr

2

14

52

Thomas Rid

@RidT

12 days

Just last Weds am, 4/17, German police arrested two German citizens suspected of being Russian assets in Bayreuth, Bavaria. They had done reconnaissance on US bases, eg Grafenwöhr, passed on photos to RU intel, offered to commit sabotage with explosives

Bayreuth: Zwei mutmaßliche russische Saboteure in Bayern verhaftet

Nach SPIEGEL-Informationen hat die Polizei in Bayreuth zwei mutmaßliche Spione festgenommen. Sie sollen im Auftrag Russlands US-Stützpunkte ausgespäht und Anschläge auf militärische Transportwege...

www.spiegel.de

7

11

48

Thomas Rid

@RidT

2 months

Can’t wait for some setting or filter to reliably block all AI-created images and videos, for all my apps, all the time.

2

12

47

Thomas Rid

@RidT

2 months

Irrgang: "I would add you now, if you like." Graefe: "Thank you." Then: automated Webex voice: "You are accessing the conference now."

1

3

46

Thomas Rid

@RidT

2 months

Okay I have experienced Japanese toilets and Western civilisation is a myth.

7

1

44

Thomas Rid

@RidT

2 months

I study technology history for a living. I’m not writing a book on AI, but I’ve been following recent developments very closely. I skew towards sceptical views. And I think we are living through the most exciting and pivotal moment in technology history in my lifetime. Easily.

2

8

43

Thomas Rid

@RidT

2 months

Here's an very good, more technical breakdown of the SS7 intercept scenario, which indeed seems to be the most likely here.

Cathal Mc Daid

@mcdaidc

2 months

5/12 Now the attack. First, Russia would modify the billing platform info (gsmSCF address) stored for the German roamer, in the Singapore network. This is done via a SS7 ISD command (with target's IMSI or MSISDN), from a GT (address) in the German network to a GT they control

2

4

37

2

10

40

Thomas Rid

@RidT

2 months

Google search is getting so bad that I’m beginning to be a little concerned about my Gmail account

1

12

40

Thomas Rid

@RidT

2 months

Almost all influence operations/active measures pour a little bit of oil into an existing fire. Then, in after action reviews for superiors and sponsors, operators would claim they were the arsonists or steered the blaze, thus causing more harm. Don’t help them.

0

14

34

Thomas Rid

@RidT

2 months

German MoD just confirmed intercept is authentic

Verteidigungsministerium bestätigt Abhörfall bei Bundeswehr

Ein geheimes Gespräch von Luftwaffen-Offizieren unter anderem zum Thema "Taurus" wurde abgehört. Das bestätigte das Verteidigungsministerium dem ARD-Hauptstadtstudio. Experten sprechen von einem...

www.tagesschau.de

3

7

35

Thomas Rid

@RidT

2 months

Reportedly we're looking at a Russian intercept of a Luftwaffe Webex conference call 👀

1

5

34

Thomas Rid

@RidT

2 months

Reporting by Die Zeit, with link to the leaked conversation

Ukraine-Krieg: Ministerium prüft offenbar abgehörtes Gespräch zwischen Offizieren

In einem vom russischen Staatsfunk veröffentlichten Audio diskutieren Bundeswehroffiziere über den Einsatz von Taurus-Raketen. Der Militärische Abschirmdienst ermittelt.

www.zeit.de

2

31

Thomas Rid

@RidT

2 months

German Chancellor Olaf Scholz describes leak as "very serious matter," pledges the affair will be investigated "very carefully, very intensively, and very quickly."

Germany confirms leak of Bundeswehr Ukraine war talks

Chancellor Olaf Scholz has pledged a quick investigation into Russian leaks of secret Ukrainian war talks. Bundeswehr has confirmed the talks were real, but couldn't rule out that the recording had...

www.dw.com

2

4

31

Thomas Rid

@RidT

2 months

Quantum resistance is in the news again, because of Apple, so this is a good moment to re-post Signal's brilliant, eminently teachable write-up on its own quantum resistance implementation, PQXDH, from last September

Quantum Resistance and the Signal Protocol

The Signal Protocol is a set of cryptographic specifications that provides end-to-end encryption for private communications exchanged daily by billions of people around the world. After its publica...

signal.org

0

11

30

Thomas Rid

@RidT

2 months

I find it very hard to agree with Cameron. Here, I fully agree with Cameron.

Hans von der Burchard

@vonderburchard

2 months

In Berlin, Cameron sent a pointed message to Scholz that he should not fall into Putin’s trap that sending Taurus would represent an escalation. “We’re not causing escalation, we’re allowing Ukraine to defend itself.” “There should be nothing to stop you helping that country.”

87

602

2K

2

5

28

Thomas Rid

@RidT

1 month

Earlier today at Yasukuni Shrine, Tokyo: Japanese press is watching and counting the budding flowers at the old Sakura benchmark tree (in fence): as soon as the tree’s fifth cherry blossom has opened, news will break that Sakura season is on 🌸 🌸 🌸 🌸 🌸.

1

2

26

Thomas Rid

@RidT

1 month

Today I saw both a level 3 earthquake and Godzilla in Tokyo.

1

24

Thomas Rid

@RidT

2 months

Taurus leak update: initial reports that there was an unauthorised participant in the WebEx meeting were wrong. There was no such unauthorised participant. Note: I hope they reveal some more detail on the insecure phone line. Still skeptical.

1

4

21

Thomas Rid

@RidT

2 months

This is a HUGE deal, will have a piece out on this in a few hours

Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private

We tested the end-to-end encrypted messenger’s new feature aimed at addressing critics’ most persistent complaint. Here’s how it works.

www.wired.com

1

7

22

Thomas Rid

@RidT

3 months

US recently conducted a cyberattack on an Iranian spy ship in the Red Sea, intended to sabotage Iran’s intel sharing with Houthis, three US officials tell NBC in very rare disclosure of remotely executed covert operation. Note: unclear how successful

U.S. conducted cyberattack on suspected Iranian spy ship

The covert operation was intended to inhibit the ship’s ability to share intelligence with Houthi rebels who have been attacking cargo ships in the Red Sea.

www.nbcnews.com

0

14

21

Thomas Rid

@RidT

2 months

Worth reading the entire post.

An Qu

@hahahahohohe

2 months

Today while testing @AnthropicAI 's new model Claude 3 Opus I witnessed something so astonishing it genuinely felt like a miracle. Hate to sound clickbaity, but this is really what it felt like. Important context: I've been working on NLP for my mother tongue - the Circassian…

190

1K

6K

0

6

20

Thomas Rid

@RidT

2 months

Very odd, and completely irrational, but I can't stop using a polite "please" in LLM prompts.

2

1

20

Thomas Rid

@RidT

2 months

Best part of @Alperovitch Institute work is bringing in the classes I always wanted to take — extremely excited about this workshop taught by @Gabeincognito . Many thanks to @EllyRostoum for making it happen.

The Alperovitch Institute

@alperovitch

2 months

We are delighted to offer the 1st in our series of Alperovitch Advanced Workshops - Building with AI: an Introduction to Leveraging LLMs for Automation & Intelligence, taught by Gabriel Bernadett-Shapiro. Non-SAIS participants, contact @EllyRostoum . 👀👉

2

6

28

1

2

19

Thomas Rid

@RidT

19 days

A curious, revealing Chinese take on US attribution reports, esp Volt Typhoon This piece contains a picture-perfect textbook example of what intelligence analysts and scholars call “projection”

1

19

Thomas Rid

@RidT

3 months

Wednesday I tried the super impressive Vision Pro. Now Sora. It’s likely only a question of time until we will have immersive, high-res, personalised, interactive AI-generated experiences. Imagine a conversation with a dead relative, with superb face, voice & content simulation.

3

1

18

Thomas Rid

@RidT

2 months

One more thing on the Taurus leak: again, as so often, a major blunder on the part of Russian intelligence to publish the call's opening sequence that allows us narrow down the options. Reminds me of GRU posting their Podesta phishing email to Wikileaks along with the entire haul

3

7

18

Thomas Rid

@RidT

2 months

@stefant Excellent question, could be either. It's a conference call. All voices are clear in the same volume, and the static is very granular. I would guess that some form for intercept is most likely, as opposed to an activated microphone on some device.

0

2

17

Thomas Rid

@RidT

2 months

Looking for additional leads for a threat intel history question: when did the phrase IOC become popular in the industry? Kevin Mandia called it "Indicators of Attack" in a 2006 briefing. Mandiant uses the term in 2007. Both dates seem very late to me.

4

5

16

Thomas Rid

@RidT

5 days

@shashj Odd that the article doesn’t say how many weddings, or how specifically honeypots were a marker of recently exposed operations. Not calling into question the premise here, but a few more details would be nice from the FT.

3

83

Thomas Rid

@RidT

2 months

Wyden's letter to the president is more powerful than the Bloomberg story. Makes clear that there's no way for victims to detect such security breaches on the phone itself. Note specially second paragraph.

1

4

13

Thomas Rid

@RidT

11 days

Okay you focus on something else for a few hours, not paying attention much, and hello Germany catches yet another Chinese spy

Germany Arrests Aide to E.U. Lawmaker on Suspicion of Spying for China

The move came just hours after the authorities detained three other people suspected of passing secrets to Beijing.

www.nytimes.com

0

2

13

Thomas Rid

@RidT

2 months

@jfslowik Not disagreeing, just making the best of what we have here now. Could be much worse.

0

13

Thomas Rid

@RidT

2 months

Son, 6yo, on the way to school today, was disappointed that Claude 3 had no voice interface like ChatGPT. He’s not fully literate yet.

0

1

12

Thomas Rid

@RidT

2 months

The upcoming data security EO is a big deal, finally an overdue step towards tackling the commercial availability of granular geolocation data (a glaring counterintelligence problem), among other things.

0

10

12

Thomas Rid

@RidT

30 days

My fav thing about (private) Signal usernames and no-number-contacts is that you can control who is able to add your name *to their own address book* — if they don't have a phone number (or email), they can't create an entry. No secondary breach risk; less spam down the line.

1

0

12

Thomas Rid

@RidT

2 months

Just out, by @camillefrancois and yours truly

At Signal, A Revolution in Messaging

Today Signal makes phone numbers private and rolls out usernames—a historic, overdue step to protect users.

www.lawfaremedia.org

1

3

11

Thomas Rid

@RidT

1 month

Touché

From ‘War on the Rocks’ to ‘AI on the Rocks’: A New Chapter for an Ambitious Project - War on the...

Dear War on the Rocks Community, As we reflect on an incredible decade of delivering in-depth analysis and perspectives on strategy, defense, and foreign

warontherocks.com

3

10

Thomas Rid

@RidT

2 months

Currently in class with @Gabeincognito benchmarking different AI models against each other on a range of questions—more fascinating, and inconsistent, than expected. Bottom line: ChatGPT (4) usually outperformed by others, especially Le Chat and Perplexity.

1

3

10

Thomas Rid

@RidT

19 days

Wow, many congratulations @DAlperovitch !

Institute for Security and Technology

@IST_org

20 days

Cyber Philanthropy/ist of the Year Finalists: 🔹Dmitri Alperovitch 🔹 @Hewlett_Found 🔹 @CraigNewmark 🔹Eric Wegner and the @Cisco team

1

2

7

0

9

Thomas Rid

@RidT

2 months

Tokyo, day 4: experience earthquake in a swaying high-rise while looking at Mount Fuji in brilliant sunshine.

2

1

9

Thomas Rid

@RidT

3 months

What will all this mean? Well, not that reality as we know it is over. Quite the opposite: we will use technology in new ways, like for better virtual meetings, which will highly likely put a prime on the real thing: proper meetings, real travel, provably authentic imagery

1

0

9

Thomas Rid

@RidT

2 months

🔥 Wyden: "Authoritarian governments have abused these tools [SS7 services] to track Americans in the United States" < There's likely a huge story there, maybe more than one

2

3

9

Thomas Rid

@RidT

2 months

False equivalency. This “analysis” (actually, the source is correct, “feeling”is a better term) may sound satisfyingly aggressive, but it’s really a question in disguise: what kind of covert influence operations are ethically acceptable for an open democracy?

0

1

9

Thomas Rid

@RidT

10 days

Curious story, written with the right amount of caution on attribution, and a helpful quote by @BenSRead at the end

Hackers publish fake story about Ukrainians attempting to assassinate Slovak president

The Czech News Agency (CTK) said the attackers breached its site to post the fake article, but it was not distributed to the service's clients.

therecord.media

0

6

9

Thomas Rid

@RidT

2 months

Kudos to the Swiss government for taking what looks like aggressive international action against a problem they discovered at home

0

4

8

Thomas Rid

@RidT

2 months

This is really a remarkable letter. Worth reading very carefully. 👀

1

3

8

Thomas Rid

@RidT

3 months

Just clarifying: my example was deliberately dystopian — of course simulating such a conversation is a terrible idea.

JD Work

@HostileSpectrum

3 months

@RidT Sadly I would believe conversing with a dead relative reconstructed by the present state of AI will be a sad & hollow experience, destructive to the emotional memories we carry of our departed loved ones. At least well into more heavily lifelogged futures.

1

0

2

0

7

Thomas Rid

@RidT

2 months

Important reporting

Reuters

@Reuters

2 months

Two years into office, President Donald Trump authorized the CIA to launch a clandestine campaign on Chinese social media to try to turn public opinion in China against the government, according to former US officials

30

96

148

1

7

Thomas Rid

@RidT

2 months

Siri's position today reminds me of the Internet Explorer twenty years ago

1

0

7

Thomas Rid

@RidT

2 months

At some point in the not-too-distant future it may become possible to text and call from WhatsApp to Signal (or ... Webex👀), all end-to-end encrypted. Meta's "Interop" proposal sounds exciting. Can't wait to see the @signalapp posts discussing its merits.

Making messaging interoperability with third parties safe for users in Europe

To comply with a new EU law, the Digital Markets Act (DMA), which comes into force on March 7th, we’ve made major changes to WhatsApp and Messenger to enable interoperability with third-party messa…

engineering.fb.com

3

1

6

Thomas Rid

@RidT

2 months

@bill_e_ghote Fair, not for engineers and information security professionals, but for elected politicians, many reporters, and the wider public

0

5

Thomas Rid

@RidT

2 months

@shashj That line was simply incorrect *already in 2006*

0

4

Thomas Rid

@RidT

2 months

Echt, mangelnde Cybersicherheit ist nicht das Kernproblem hier

1

4

Thomas Rid

@RidT

2 months

Extremely impressive implementation, "usernames" is arguably a misnomer here. These aren't like social media handles.

Keep your phone number private with Signal usernames

Signal’s mission and sole focus is private communication. For years, Signal has kept your messages private, your profile information (like your name and profile photo) private, your contacts private,...

signal.org

1

4

Thomas Rid

@RidT

2 months

@UK_Daniel_Card Extremely strong position in terms of baked-in market access, anti-competitive setup, far inferior product, probably doomed

0

2

Thomas Rid

@RidT

25 days

@sunnyc7 @d4nd3l10n2 @techspence @craiu Oh wow, thank you both! The pressure for the next one is real …

0

3

Thomas Rid

@RidT

2 months

@shanvav @gavinbwilde @SAISHopkins That sounds fantastic. Sorry I missed it. Thank you for engaging with our students.

0

3

Thomas Rid

@RidT

29 days

@shashj After initiating contact a (temp) user name is no longer visible to you, and turns into the chosen account name. So far no chaos for me in Signal — in contrast to my legacy and outdated address book ;)

0

2

Thomas Rid

@RidT

2 months

@gcaw Thank you, Graeme, next time I will have a translation AI in hand to mount an appropriate defense against the over-eager toilet seat

1

0

3

Thomas Rid

@RidT

3 months

#MSC2024 Wehrkunde at 60 is operating at a new level: more overcrowded, overheated, and overwhelming than I’ve ever seen it. Platitudes/insights ratio in tech policy events so far not impressive.

0

1

Thomas Rid

@RidT

2 months

(in this @alperovitch class )

0

2

Thomas Rid

@RidT

3 months

@HostileSpectrum Strongly concur. I would never go there myself.

0

2

Thomas Rid

@RidT

2 months

@harries_matthew For Russian intel, yes ;)

1

0

2

Thomas Rid

@RidT

2 months

Key section in the Signal post:

1

0

1

Thomas Rid

@RidT

2 months

@schwartzonsec @alperovitch @Gabeincognito @EllyRostoum Let’s see how it goes. Ideally yes. We will post with more lead time next time.

0

1

Thomas Rid

@RidT

2 months

Sense of annoyance in the room with Gemini moralizing (incompetently) on some issues, like war in Ukraine-related questions.

1

0

1

Thomas Rid

@RidT

29 days

@JasonLeopold Fascinating story. One question. Do you know if any of the DTRA personnel exposed on 31 March 2022 were *not* publicly identifiable before the Russian exposure? In other words, did the dump include previously undisclosed private data?

0

1

Thomas Rid

@RidT

1 month

@DanielSerwer Let them. Conspiracy narratives will continue to corrode closed systems. A sign of weakness.

0

1

Thomas Rid

@RidT

2 months

@jonathanchait Maybe it isn’t

0

1