Most importantly, Al-Qahtani appears to have been integral to Saudi Arabia’s relationship with Hacking Team: Someone also identifying himself as Saud Al-Qahtani had a large correspondence over the years with Hacking Team using the official government email email@example.com, and firstname.lastname@example.org, according to company emails leaked by hackers in 2015.“We here at the Center for Media Monitoring and Analysis at the Saudi Royal Court (THE King Office) would like to be in productive cooperation with you and develop a long and strategic partnership,” Al-Qahtani wrote using that .gov.sa address in a message sent directly to Hacking Team’s co-founder and CEO David Vincenzetti in 2015.
“We need you to come ASAP”
In 2012, years before the government-affiliated email@example.com email address reached out to Hacking Team, someone calling themselves “Saud Al-Qahtani” and representing themselves as a member of the Saudi government, reached out to Hacking Team saying the Saudi government was interested in buying spyware, according to the emails. That Al-Qahtani identified as an employee of “royal court of saudi arabia, the king office,” and used the email firstname.lastname@example.org.Al-Qahtani’s verified Twitter handle, where he makes strong political statements against Saudi Arabia’s enemies in the region, is @saudq1978, which was created in February 2011. The email@example.com email address was also used in 2009 to register an account on the popular website Hack Forums, which predates both the Hacking Team emails and the registration of the verified Twitter account, Motherboard has learned.
Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at firstname.lastname@example.org, or email email@example.com
In its entry about Nokia2mon2, the forum wiki calls him “one of the most known Hack Forums users.”Nokia2mon2 made hefty donations, amounting to more than $10,000, to the forum, according to awards given to him by the site’s moderation team and listed on his user profile. Nokia2mon2 made 501 posts on the site between 2009 and April 2016, when the account went inactive. The user often asked for help using and buying spyware.“IS THERE ANY RAT THAT CAN INFECT MAC PC?“ Nokia2mon2 asked in March 2014, using the infosec lingo for Remote Access Tool, software that can be used to control computers remotely and is popular among malicious hackers who want to break into victims’ computers and steal their files or turn on their webcams.In another thread, the user said they were looking for an “expert” who could help with njRAT, a relatively popular and easy to use piece of spyware, because “AFTER executing THE FILE IN VICTIM after 1 SECOND its [disconnected].” The user offered $200 for their service.
“The rumor was that he was using Hack Forums to get tools to spy on journalists, foreigners, and dissidents.”