Unknown individuals tried to hack Caruana Galizia’s blog by impersonating her

Miguela Xuereb

Unknown individuals attempted to gain access to Daphne Caruana Galizia’s blog by impersonating her and sent emails to a company handling the security of her blog. Testifying on Friday morning, a witness told the board of inquiry that once an unusual hacking attempt took place when an unknown individual tried to gain access to vital details. Had they succeeded, those behind the attack could have sent emails on behalf of Daphne Caruana Galizia, received emails sent to her and cloned her website. The hacking attempt was described as an atypical attack since it was a case of social engineering.

Court-appointed expert Keith Cutajar also testified on Friday.

The public inquiry into the assassination of journalist Daphne Caruana Galizia is tasked with determining whether the state did all it could to prevent the assassination.

The board of inquiry is chaired by Judge Emeritus Michael Mallia, and composed of Chief Justice Emeritus Joseph Said Pullicino and Madame Justice Abigail Lofaro.

Lawyers Therese Comodini Cachia and Jason Azzopardi assisted the Caruana Galizia family.

The next sitting is on Wednesday at 9.30 am.

10:25 The witness has finished testifying. The inquiry will now continue behind closed doors.
Monique Agius
10:23 A DDoS attack is quite expensive and is quite a resource-intensive method. Such attacks are carried out by "professional criminals", the witness says.

The attack happened on 11 February 2017.

Dr Comodini Cachia remarks that the date of the attack is significantly close to the story concerning Chris Cardona.
Monique Agius
10:20 The services provided consultancies and minor services. The blog was hosted by a different company.

He explains that one of the attacks suffered by the blog, is a DDoS attack. Such attacks crash websites with bogus traffic.
Monique Agius
10:18 He explains that while hacking is usually anonymous and automated, this was different.

In 20 years in the field, this was the first case of an attempted hacking by social engineering, the witness tells the board.
Monique Agius
10:18 "They asked for email servers and DNS records," he says. They were looking for details, the kind of information which would allow you to change the URL and send emails on her behalf as well as emails she would receive. This information would have allowed them to clone her website.

The witness says that this attack could have potentially led to the identification of her sources.

The witness says that he had informed Daphne Caruana Galizia about the attack who had engaged a lawyer.
Monique Agius
10:14 The report is very technical and contains information which would allow tracing in case of an investigation.

The company started handling the blog in 2014.

In February 2017, the company started receiving emails from a person impersonating Daphne Caruana Galizia. Whoever was behind the emails started asking the company's employees on how to access the blog.

The witness says while they had replied to the person/s, the company did not give the person/s any information which they were after and realised what was happening. Whoever it was, used various emails and emailed different employees within the company.

This is not a standard way to hack, the witness remarks.

"This is an example of social engineering. They knew the names of the people in our organisation and had their emails," the witness says, noting how usually a hacking attempt would be anonymous.
Monique Agius
10:13 Dr Comodini Cachia explains that Daphne Caruana Galizia had asked him to prepare a security report. The lawyer has asked the witness to explain in simple words the report.
Monique Agius
10:12 Another witness is up next.
Monique Agius
10:11 Cutajar has finished testifying.
Monique Agius
10:10 The report is exhibited in court.
Monique Agius
10:08 There are no more phone logs for the two mobile phones after 6.40 pm, Cutajar tells the Board of Inquiry.
Monique Agius
10:06 Cutajar says that he has 1 "hit" (i.e. logged in to the antenna) for Joe Gerada's mobile on 31 January while for Chris Cardona's number he has 12-15 hits for the same date.

The logs for the two phones end at 6.40 pm.
Monique Agius
10:04 Cutajar explains that the problem remains with triangulating the data since at present he only has data from one antenna.

If data was available from another two antennas, he could see where the two mobiles were.
Monique Agius
10:03 The conference was organised by the European Commission.
Monique Agius
10:02 After some research, the location was found. The conference venue is very close to the antenna.
Monique Agius
09:59 Judge Mallia refers to Cardona's trip to Germany. He asks how far is the hotel and the conference venue from Velbert.

Cutajar says that he did not know where the conference was held.

Dr Azzopardi reads out from Daphne Caruana Galizia that the conference was in Essen.
Monique Agius
09:57 Cutajar is explaining by way of example how phones connect to different antennas.

Referring to German service providers, he explains how their antennas function in Germany.

O2 have replied to the questions.
Monique Agius
09:56 Chief Justice Said Pullicino is now asking questions.

"We're talking about two phones one registered on Mimcol and the other on Dr Cardona," Cutajar says.

"The phones are typically in close ranges."
Monique Agius
09:55 The antenna is in "very comfortable range" to Velbert, Cutajar says.
Monique Agius
09:55 The antenna has a maximum range of 150km which can be reduced by some 20%. But the distance from the antenna to Velbert is around 20km.
Monique Agius
09:53 The signal intensity decreases with weather conditions and buildings. However, the antenna from which data was obtained is on the outskirts of Essen.
Monique Agius
09:52 Dr Comodini Cachia says she understands that the court expert could not do any triangulation and has details only from one tower. She asks if it is close to Velbert.

The antenna is in Essen.

Velbert is approximately 20km from the antenna from which the court expert has data. He describes this as "a very reasonable range".

The expert was unable to triangulate the exact position because he did not receive any information from other towers in the area which would have enabled him to triangulate the position of the two mobile phones which were in close range of each other.
Monique Agius
09:51 Speaking about the report, he says it is detailed.
Monique Agius
09:50 Cutajar explains that the data shows that two mobiles were close to an antenna. He tells the court, that if he receives further information he would be informing the board.
Monique Agius
09:49 Cutajar says that he has sent requests to service providers in Germany, to which he has not received any replies.
Monique Agius
09:49 The board asks whether the report is final, Cutajar replies in the affirmative.

The report is final although some data is still expected from service providers. Due to the passage of time and data retention policies, it is unlikely that any data will be received.
Monique Agius
09:47 Today's witness is Keith Cutajar who is presenting a report. Cutajar is a court-appointed expert. His report concerns the geolocation of former minister Chris Cardona's mobile phone in Germany at the beginning of 2017 during an official visit.
Monique Agius
09:46 Good morning and welcome to this live blog. The board of inquiry chaired by Judge Emeritus Michael Mallia has just entered the court room.
Monique Agius

Highlights from the last court hearing:

  • “I was so drawn to him that we used to travel together, he got me permission to operate my taxi from Portomaso and he used to pay for my travel,” said Theuma.
  • The board asked whether Fenech tried to reach out to Theuma following his arrest. Theuma answered with a “no”.
  • Theuma explained how at times, Fenech used to mention travelling to Bangladesh, Dubaj, Rome, Azerbaijan and France.
  • While crying, Theuma said that he is truly sorry for what he has done.
  • “If it turns out that there’s another person that gave me money to commission the murder apart from Yorgen Fenech, I ask the President to not only revoke my presidential pardon but to also give me the death penalty,” said Theuma.