Sept. 14, 2011: A journalist tweets using his mobile phone during a news conference in Caracas, Venezuela. Bad idea. Venezuela's political battle is playing out in a new way on Twitter, where the accounts of at least nine critics of President Hugo Chavez have been mysteriously taken over by hackers who post pro-government messages along with insults and threats.AP Photo/Fernando Llano
CARACAS, Venezuela – Over months, Venezuelan TV soap opera writer Leonardo Padron built a Twitter following of about 250,000 people by posting more than a dozen messages a day, many of them skewering President Hugo Chavez.
On Aug. 29, Padron issued a typical shot: "Chavez knows of the immense death toll that there is in this country, so why such indifference to the subject of insecurity?"
Three days later, however, the tweets picked a new target: Padron himself. "In no way have I contributed to combat racism, discrimination, cultural alienation," one note read. "My soap operas feed these evils in our society."
Padron had fallen victim to an unknown hacker or group of hackers who have hijacked the accounts of at least nine well-known Chavez critics, posting curse-filled insults, threats and slogans such as "Long live Chavez."
One late-night post called a journalist a homosexual, and another threatened a Chavez opponent: "I'm going after you little by little, Damned Narco." Doctored photos show opponents wearing red berets of the sort favored by the socialist leader.
The burst of Twitter hacking has opened a new battlefield in Venezuela's heated political wars. Some Chavez critics say their email accounts have also been compromised.
A group calling itself "N33" has claimed responsibility for the Twitter attacks, and those targeted have had "N33" appear on their Twitter profiles.
All sorts of theories have been circulating about who is behind N33, ranging from Chavez allies to opponents trying to make the government look bad. Some wonder if it could be a single young hacker trying to make a statement.
Padron heard from an acquaintance that his account was sending out insults. He had been wondering why he wasn't able to sign in to Twitter. Suddenly, it was clear: Someone had stolen his password and shut him out.
"It's an invasion, a humiliation. It's as if you're about to go into your house and the door doesn't open with your key, and you sense there's someone inside posing as you," Padron told The Associated Press in an interview.
"You don't imagine that your 2.0 life is going to be stolen, that your voice is going to be expropriated," Padron said. "Of course, I began to have a very strong feeling of indignation."
Other victims of the attacks this month have included an activist, a humorist, three journalists, a TV show host, an ex-diplomat and a former Chavez supporter, all of them openly critical of Chavez.
Some of the victims have complained to authorities. Attorney General Luisa Ortega Diaz said that two prosecutors are collecting evidence and will talk to witnesses.
Both Twitter and Google say the attacks most likely involved phishing, a form of Internet fraud in which victims are tricked into revealing passwords or other personal information through emails with links to pages that appear to be authentic. Once a victim enters a password for Twitter or an email account on a fraudulent page, hackers are able to use it to take over the real account and change the password.
About 2 million Venezuelans, or 8 percent of the population, are Twitter users, according to figures by the local research company Tendencias Digitales. That gives Venezuela the second highest Twitter penetration in the region, after Uruguay.
Chavez's opponents regularly use the social networking site to spread critical commentary, while the government goes on Twitter to promote its policies and attack opponents. Chavez's Twitter account, chavezcandanga, reached the milestone of 2 million followers on Aug. 31.
That very day, the attacks by N33 began. In a Sept. 2 statement posted on the Internet, it called itself a group without links to "any government entity."
The statement was read aloud on state television by the host of the late night talk show La Hojilla, or "The Razor," a program that often denounces Chavez opponents.
In the statement, N33 said it had hijacked accounts to retaliate for "improper use of Twitter" and for attacking Chavez while he undergoes cancer treatment. It said Chavez's "convalescence hasn't been enough of a reason for these opposition characters ... to diminish their load of rage and bad intentions."
N33 has also taken over Gmail accounts, usually at night, stealing personal messages and photos and posting them on Twitter.
While the attacks on Twitter accounts died down after the first week of September, N33 continued posting items extracted from email accounts on a Twitter account, Cain--Supremo, until that account was suspended by Twitter. Another account has since appeared purporting to represent N33.
Activist Rocio San Miguel, whose Twitter account was taken over, also saw her personal photos and documents as well as insults and threats against her appear on the N33 Twitter feed.
"It's a feeling of powerlessness," San Miguel told the AP. "Without a doubt, they want to frighten and intimidate."
San Miguel leads an organization focused on national security and defense issues, and she likened the attacks to a sort of terrorism, saying they seem aimed at making an example of certain government critics to inhibit others.
Padron said it took him three days to block his own account. He also had to recoup email accounts that had been seized.
One of pirate posts on Padron's Twitter account sent greetings to the website "Table of Scorpions," a similarly mysterious, unsigned blog that has posted recorded phone conversations of opposition politicians.
Venezuelan law imposes prison sentences for cyber-spying or accessing others' accounts, and one 17-year-old Venezuelan was arrested four years ago for hacking into government websites. He was later released and the status of his case is unclear.
Twitter said that phishing schemes are a leading hazard.
"Most attempts to gain access to accounts target users by sending them fraudulent messages meant to trick them into sharing their passwords," Twitter spokeswoman Kristen Hawley said in an email. "A personal email account that's compromised is the second most likely way an intruder gains access to Twitter accounts."
Rafael Nunez, a Venezuelan online security expert who has experience as a hacker, noted that while N33 describes itself as a group, many of its messages are written in the first person. One such message on Twitter boasted: "I've got you going crazy."
"It's a single virtual speaker, but behind that speaker there could be collaborators," said Nunez, who heads the Venezuelan information security company Clean Perception.
Nunez was imprisoned in the United States for more than eight months in 2005 for hacking a Defense Department website and was later released. He calls himself an "ethical hacker" who saw hacking as a challenge and now uses his knowledge to improve online security.
After studying some of the latest attacks, Nunez said N33 apparently gained access to Gmail accounts by phishing for passwords or using software that enabled keystroke logging.
Nunez said he doesn't know of other countries where Twitter accounts have been similarly taken over in such a systematic way.
As for who might be behind it, Nunez said there are only theories for now.
"The language is very immature," Nunez said. "It's like a kid."