Bashar al-Assad's Secret Online Accounts
The bloodthirsty Syrian dictator's email was used to register secret accounts on Twitter and the porn site XVideos
In the video, there is a pile of crackers meant to represent an apartment building in the Syrian city of Homs. It is being shelled by a toy car with a straw taped to its top, a stand in for a government tank.
The video, which is a crude rendition of a real war crime, is not funny, but, according to The Guardian, Bashar al-Assad, Syria’s now exiled dictator, loved it. In 2012, a Syrian hacktivist sent the British newspaper a cache of emails from the accounts of Assad and his wife, Asma. These emails show the blood-drenched couple purchasing luxury items, including Louboutins and chandeliers, while mocking political reforms.
The Guardian’s scoop is now a decade old, but the Assads’ emails still have secrets to reveal. New investigative tools and data, which were unavailable in 2012, show the online activity of the couple, including secret Twitter accounts and the dictator’s apparent subscription to a porn site.
The Assads used two email accounts, sam@alshahba.com for Bashar and ak@alshahba.com for Asma, set up via a multinational company, Al Shahba, owned by regime fixer, Soulieman Marouf. With these accounts, along with aliases, the Assads were able to secretly make online purchases and use internet services, despite being subject to financial sanctions.
Asma al-Assad’s alias was Alia Kayali Marouf, a name taken from a woman who was Al Shahba’s company secretary in the UK and an apparent relative of the family’s fixer. It is also close to the name on a LinkedIn account created using the ak@alshahba.com email address.
Bashar al-Assad appears to have appropriated Soulieman Marouf as his alias. Sam@alshahba.com is very close to the actual email used by Marouf and, in April 2010, it was used to register a Twitter account under the name Solly Marouf.
It’s possible to confirm the creation of Bashar al-Assad’s account because, in 2022, Twitter suffered a data breach that revealed the emails of users, including the Syrian dictator.
Four years later, Asma al-Assad signed up for her own Twitter account, which given the username, appears to be a family account.
Neither account was very active. The only post was made by Bashar al-Assad’s account, on the day it was created. It contained a single word, the name Samer.
It appears the accounts were primarily used by the couple to personally monitor critics. The leaked emails show Asma al-Assad informing her husband about a successful effort, by her staff, to complain to Twitter about a list of accounts they said were impersonating her and her husband. Twitter removed the accounts.
The Twitter data breach wasn’t the only site whose leaked data contained the Assads’ email accounts.
In 2019, years after her email was publicly exposed, Asma al-Assad used it to register a Neiman Marcus account. Meanwhile, Bashar al-Assad’s account was used to sign up for the music site Last.fm and picture sharing site 500px, both under the username Ramimak, which may be a reference to his cousin, the sanctioned regime financier Rami Makhlouf.
Another tool, OSINT Industries, reveals even more online activity of Bashar al-Assad.
OSINT Industries uses emails and phone numbers to extract account user metadata from websites and apps. Bashar al-Assad’s email was to sign up for a wide range of sites, including Facebook, Instagram and the porn site XVideos. Assad’s Facebook shows he has another, currently undiscovered email and phone number. A full OSINT Industries report is included below.
This email metadata makes it clear that, despite their diplomatic isolation, the Assads were able to engage with the global economy. If all Asma al-Assad needs is a semi-anonymous email to buy from Neiman Marcus, vetting and sanctions systems are failing.
