You’re never truly safe on the internet – especially not on social media. We’re often reminded that once we put something out onto the open internet, we can never really take it back. This is especially true when there are spies for foreign governments working at the headquarters of a social media network you use.
Two disgraced former Twitter employees, Ali Alzabarah and Ahmad Abouammo, were Saudi plants. They were used by the Saudi government to collect account details and personal information for people the government had a bone to pick with – particularly loud critics. A man who acted as the middleman between Abuoammo, Alzabarah and the Saudi royal family, Ahmed Almutaiari, also faced charges.
Both accused spies worked for Twitter between 2013 and 2015, gathering details from and monitoring over 6,000 Twitter users. Alzabarah did most of the legwork, leaking all the details the pair had gathered to the Saudi government.
The Criminal Complaint
The Criminal Complaint, filed near Twitter’s headquarters in California, details the pair’s actions as well as the actions of the middleman. Almutaiari and Alzabarah are both Saudi citizens, and Abuoammo is an American citizen. All three were charged for acting as unregistered foreign agents, and Abuoammo was also charged with falsifying evidence in a federal investigation.
Abouammo worked for twitter as a media partnership manager, making it his job to properly award accounts of noteworthy figures with a “verified” symbol. In the process of verifying the official Twitter account for a Saudi journalist, Abouammo’s journey lead him to Almutaiari who identified himself as a designated representative for Saudi Arabia’s royal family.
While these connections were being cultivated, a Saudi official and owner of a charity was seeking a plant within Twitter who would cooperate with requests for information leaks. Almutaiari had connections with this individual via that charity, and arranged a meeting between the individual and Abouammo in London during a Twitter event. The individual gifted Abouammo with a watch worth approximately $20,000, which he later attempted to sell on Craigslist.
At some point, likely around December of 2014, Abouammo began leaking the information requested by the still unnamed Saudi official who purchased him the watch. Large cash payments, as vast as $100,000, were made to Abouammo by way of a bank account headquartered in Lebanon. The arrangement continued until Abouammo left Twitter to focus on co-founding a startup.
When questioned by the FBI, Abouammo claimed that such large payments were legitimate fees for consulting work, providing them with an invoice that the FBI now knows to be fabricated. Abouammo was arrested and charged for taking bribes, leaking information, and falsifying the invoices to interfere with the investigation.
Almutaiari directly reached out to Alzabarah, who was an engineer for Twitter. After a phone call, a meeting was arranged in Washington DC where Alzabarah met with the unnamed Saudi official. It is unclear what was exchanged or exactly what was asked of Alzabarah, but he responded by promptly returning to California and handing over the details he stole from over 6,000 Twitter users.
While it is not clearly known what the Saudi government intended to do with this information, red flags are raised when the individuals whose accounts were compromised were found to have been oppositional to the Saudi government and royal family. An account belonging to Omar Abdulaziz was siphoned and leaked to the foreign official. Omar Abdulaziz was a known associate of Jamal Khashoggi, a US permanent resident and Washington Post columnist who was assassinated by order of the Saudi Crown Prince for his dissenting opinions.
Alzabarah promptly returned to Saudi Arabia to escape arrest and has not since stepped foot on American soil due to the looming repercussions of the discovery of his illegal actions.
The damage could be far reaching if related to Turki Bin Abdul Aziz Al-Jasser’s arrest on March 15th for running a Twitter account called Kashkool. Turki Bin Abdul Aziz Al-Jasser then later died while being tortured in Saudi detention. According to Metro.co.uk, anonymous sources have explained that “They got his information from the Twitter office in Dubai. That is how he was arrested.”
Twitter has released a bevvy of statements to a vast array of reporting outlets, mostly detailing that sensitive information can only be accessed by vetted employees. They claim to respect the privacy of their users and to uphold the principals of free speech without retaliation. They have not formally detailed any steps or measures they may have taken to prevent bad actors from obtaining and leaking the information of prominent political critics or defectors of countries with hostile governments.
From this point forward, Twitter users should carefully consider their relationship with the platform and make an informed decision regarding their continued usage of the social network. It was alarmingly easy for Twitter employees to accept bribes and leak sensitive data like IP addresses to a government and a royal family with a history of assassinating those who oppose them. Will you continue to tweet?