Saudi Arabia reportedly recruited Twitter employees to steal personal data of activists
Saudi Arabian officials allegedly paid at least two employees of Twitter to access personal information on users the government there was interested in, according to recently unsealed court documents. Those users were warned of the attempt in 2015, but the full picture is only now emerging.
According to an AP report citing the federal complaint, Ahmad Abouammo and Ali Alzabarah were both approached by the Saudi government, which promised “a designer watch and tens of thousands of dollars” if they could retrieve personal information on certain users.
Abouammo worked for Twitter in media partnerships in the Middle East, and Alzabarah was an engineer; both are charged with acting as unregistered Saudi agents — spies.
Alzabarah reportedly met with a member of the Saudi royal family in Washington, D.C. in 2015, and within a week he had begun accessing data on thousands of users, including at least 33 that Saudi Arabia had officially contacted Twitter to request information on. These users included political activists and journalists critical of the royal family and Saudi government.
This did not go unnoticed and Alzabarah, when questioned by his supervisors, reportedly said he had only done it out of curiosity. But when he was forced to leave work, he flew to Saudi Arabia with his family literally the next day, and now works for the government there.
The attempt resulted in Twitter alerting thousands of users that they were the potential targets of a state-sponsored attack, but that there was no evidence their personal data had actually been exfiltrated. Last year, The New York Times reported that this event had been prompted by a Twitter employee groomed by Saudi officials for the purpose. And now we learn there was another employee engaged in similar activity.
The cases in question are still open and as such more information will likely come to light soon. I asked Twitter for comment on the events and what specifically it had done to prevent similar attacks in the future. It did not respond directly to these queries, instead providing the following statement:
We would like to thank the FBI and the U.S. Department of Justice for their support with this investigation. We recognize the lengths bad actors will go to try and undermine our service. Our company limits access to sensitive account information to a limited group of trained and vetted employees. We understand the incredible risks faced by many who use Twitter to share their perspectives with the world and to hold those in power accountable. We have tools in place to protect their privacy and their ability to do their vital work. We’re committed to protecting those who use our service to advocate for equality, individual freedoms, and human rights.