Updated 11.40am

A court-appointed IT expert said on Friday said he could safely say that the phones of Chris Cardona and an associate "could have been" at a German town on the night they allegedly visited a brothel in 2017.

Keith Cutajar said he had no technical reason to doubt that the town of Velbert had been covered by an antenna. However, the triangulation process was rather problematic, given that so far only one of the two service providers had answered the expert’s calls for additional information.

Basing his findings on technical phone location data provided by a German service provider, Cutajar explained to a board conducting the public inquiry into the assassination of Daphne Caruana Galizia how he had worked his way through records linked to one particular antenna. 

Caruana Galizia had claimed in January 2017 that Cardona and an official in his ministry had visited a brothel while in Germany on official business. The former economy minister denied the allegation and sued the journalist. 

IT expert Cutajar said that the sole antenna in the area was located on a factory roof just north of Essen, which is around 20km to 30km away from Velbert, where Acapulco brothel is located.

The expert explained that Velbert was located directly south of the antenna, with little interference in between. 

Records related to two mobile phones and two SIM cards, one registered at Mimcol, the other registered in the name of “Dr Cardona.”

Both phones were linked to the antenna, meaning that they were “very close" [vicinissimi], he said. 

Asked by parte civile lawyers Jason Azzopardi and Therese Comodini Cachia to gauge the location of the brothel which, based on Caruana Galizia's own entry on her Running Commentary on January 31, 2017, was some half an hour’s drive from Essen, the expert said Velbert was within the antenna’s range.

“I find no technical reason why not,” he said, adding that on January 31, the Mimcol phone had registered a single hit with the antenna at around 6pm.

The other phone had logged 12 to 15 times up to 6.40pm, with no further data having been requested beyond that timeframe, said the expert, adding that it was unlikely that such data would be available today, given that the German service providers keep such tap files up to a maximum of 10 weeks. 

Daphne's website targeted by unique 'social engineering attempt'

Just days after the Velbert incident, Caruana Galizia's website had been targeted by a unique “social engineering attempt,” details of which were divulged during Friday’s sitting by another witness.

Ian Castillo's company had handled the blog since 2014, providing the journalist with advice on how to improve readership.

“This was probably the only case I remember where we had a social engineering attempt,” said the expert, drawing an analogy to when someone pretended to be “a metre reader to gain access to your home”.

The company had received an e-mail on February 11, 2017, claiming to be from Caruana Galizia.

Over the next two or three days, other similar emails followed, eliciting a response at first, before recipients realised that the sender was not actually Caruana Galizia. 

Cloning the website would have enabled the ‘hackers’ to send out and receive emails, mirroring the journalist and thus potentially also identifying her sources

The sender of those emails clearly knew the names of the persons within the organisation and their email addresses, explained the witness, adding that those emails had been intended to trace data, which could have served to change Caruana Galizia's website. 

Cloning the website would have enabled the ‘hackers’ to send out and receive emails, mirroring the journalist and thus “potentially also identifying her sources”.

Fortunately, the attempt was detected and the email exchange was abruptly stopped, said Castillo, explaining that such social engineering was no ordinary hacking attempt. 

Asked by the board whether the incident had been reported to the police, the witness said he had immediately spoken to Caruana Galizia who had engaged a lawyer to handle the matter. 

“Daphne was our only customer targeted by such a social engineering attempt,” concluded the witness, confirming that the first email had reached his company on February, 11, 2017.

“Significantly close to the Cardona incident," Comodini Cachia remarked to the board.

“Yes, merely 10 days later,” added Azzopardi. 

The inquiry continues on Wednesday.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.