In early December 2015, a small group of Twitter users received an email informing them that state-sponsored hackers may have tried to obtain sensitive data from their accounts.
It was the first time the micro-blogging site had warned of such attacks and formed part of a new policy to provide information about cyber attacks from government-backed organizations.
“We believe that these actors (possibly associated with a government) may have been trying to obtain information such as email addresses, IP addresses, and/or phone numbers,” the warning stated. “But we don’t have any additional information at this time.”
Some of the victims, which included security researchers, filmmakers and privacy advocates, responded to the emails with requests for more information. When they were met with a wall of silence they began reaching out to each other and eventually coordinated to publish an open letter this week demanding answers.
Speculation around who may be behind the attacks has included Russia, China and Iran, however most of those targeted believe the source of the hacks to be the U.S. government, specifically the National Security Agency (NSA).
“Since we are a rather diverse group of people or groups who got those notices, it’s really hard to guess,” Anne Roth, a senior advisor on a German parliamentary inquiry into mass surveillance, tells Newsweek. “Specifically because we live in a lot of different countries.
“The fact that Twitter doesn’t want to release any additional information and didn’t even reply to our emails in some cases makes me think they may have a gag order—that makes me think there’s a connection to U.S. law enforcement.”
Fellow victim Jens Kubieziel, a board member of TorServers.net, also points to a potential gag order imposed on Twitter by the U.S. government preventing any more information about the attacks from getting out. When asked to provide details of its policy to inform users of such attacks, or whether it had received warrants, subpoenas or National Security Letters in connection with the attacks, a company spokesman said Twitter had no further comment on the matter.
The NSA did not respond to a request for comment on Twitter’s policy.
It is not clear exactly how many people were sent emails, although more than 50 of the targeted users have joined a Twitter group to highlight the extent of the issue. The open letter, signed by 35 of the victims, lists 22 questions dealing with the nature of the attacks, reasons for targeting and the legalities of not divulging more information.
“Already the term ‘state-sponsored actor’ leaves me with more questions than answers,” Roth says. “Of course it would make a difference to know whether I’m being investigated by the Russian government’s bot army, my own government or the NSA.
“Twitter could help us understand some of these questions. They choose to remain silent and that makes me wonder why they sent those emails in the first place.”