It has been revealed that two former twitter employees have been formally charged by the Department of Justice for working with the Saudi Arabian government to eavesdrop on the accounts of political dissidents.
The two men, Ali Alzabarah , 35, and Ahmad Abouammo , 41, are alleged to have accessed the account data of Twitter users that allowed Saudi Arabia to identify those users and where they were. This activity covers a large number of accounts, with Alzabarah being accused of accessing 6,000 accounts in 2015, while Abouammo is alleged to have accessed three twitter accounts, in both cases they had no authorization to access that data.
Alzabarah is believed to be in Saudi Arabia currently, and federal warrants have been issued for his arrest, while Abouammo was arrested in Seattle, Washington on Tuesday 5th November. Speaking about the case, FBI Special Agent in Charge John F Bennett noted that “Insider threats pose a critical threat to American businesses and our national security”, identifying the security implications of the case, he continued, “The FBI will not stand by and allow foreign governments to illegally exploit private user information from U.S. companies. These individuals are charged with targeting and obtaining private data from dissidents and known critics, under the direction and control of the government of Saudi Arabia.”
Abouammo is a U.S. citizen who worked as a media partnerships manager for Twitter between 2013 and 2015, while Alzabarah is a Saudi Citizen who during the same 2013 to 1015 period, was a site reliability engineer for the social media company.
The alleged activity targeted political dissidents critical of the Saudi state and the royal family, including Omar Abdulaziz, the Canada based critic of Saudi state policy. Abouammo and Alzabarah are accused of accessing significant amounts of private data, including the targeted twitter user’s email address, phone numbers, IP address for location information, logs of their online activity including browser information, along with the types of devices being used to access the account. According to the Department of Justice, this amount of information is enough to identify and locate the users behind the accounts.