US charges former Twitter staff over spying for Saudi
Two former Twitter employees spied on thousands of users of the social media platform for the Saudi government as it sought to crack down on dissidents, the US Department of Justice alleged on Wednesday.
Federal prosecutors charged Ali Alzabarah and Ahmad Abouammo, the former social media group employees, along with a third man, Ahmed Almutairi, who is accused of acting as an intermediary for Saudi Arabia, for their roles in the alleged scheme.
“The criminal complaint unsealed today alleges that Saudi agents mined Twitter’s internal systems for personal information about known Saudi critics and thousands of other Twitter users,” said David Anderson, the US attorney in San Francisco.
The case raises questions about the security of user data held by large social media platforms such as Twitter, which provide outlets for dissent in countries such as Saudi Arabia but also hold stores of information that are an attractive target for authoritarian regimes.
Mr Abouammo, 41, was arrested in Seattle on Tuesday, prosecutors said. Mr Alzabarah, 35, and Mr Almutairi, 30, are believed to be in Saudi Arabia, according to the justice department. The trio are charged with acting as illegal foreign agents, while Mr Abouammo is also charged with falsifying records.
Lawyers for the men could not be immediately identified. The Saudi embassy in Washington DC did not return a request for comment.
The information allegedly accessed by Mr Abouammo and Mr Alzabarah between 2014 and 2015 included the email addresses, IP addresses and dates of birth of people behind Twitter accounts targeted by the Saudi government and the Saudi Royal Family.
On one occasion in 2015, Mr Alzabarah allegedly accessed the email and IP addresses for four specific Twitter accounts. The same day, an unnamed Saudi official, who Mr Alzabarah is accused of having contact with, saved a note in his emails that referenced details about the users, prosecutors alleged.
“He is Turkey and has a friend, or something, and they use the same Michigan State University account,” the note allegedly said about one of the users. “This one is a professional . . . We tracked him and found that 12 days ago he signed in once without encryption,” the note allegedly said about another, referencing a specific IP address.
The justice department said that the information could have been used to identify and locate the Twitter users who published the posts. The former employees were given a luxury watch and cash in exchange for the information, prosecutors alleged.
John Bennett, a top FBI official in California, said the defendants operated “under the direction and control of the government of Saudi Arabia”.
“The FBI will not stand by and allow foreign governments to illegally exploit private user information from US companies,” he said in a statement.
A Twitter spokesperson said the company “limits access to sensitive account information to a limited group of trained and vetted employees”.
“We would like to thank the FBI and the US Department of Justice for their support with this investigation. We recognise the lengths bad actors will go to try and undermine our service,” the person added.