Two former twitter employees have been charged with spying for Saudi Arabia. They used geolocating and other tools available to Twitter to provide a wealth of personal information including location, IP address, names of users who shared the same computer and other details to help the Kingdom located and identify its targets.
Saudi Arabia Wanted to Locate its Critics
Saudi Arabia a country which does not offer the same protections for free speech as we enjoy in most of the Western World has been accused of luring an American resident, journalist Jamal Khashoggi, a critic of the Kingdom, to his own assassination. Knowing that this country will go to such lengths to silence its detractors and others it regards as its enemies, makes it shocking that the employees of an American company like Twitter would assist the Saudi Arabia. Two of its former employees are charged with doing just that just that, pulling back the mask of anonymity which Twitter provides its users and helping the Kingdom identify and locate its detractors.
The pair of former Twitter employees allegedly accessed the accounts and provided information on over 6,000 individuals of interest to Saudi Arabia including Twitter users who were critical of the Kingdom’s Royal family. It’s unknown at this time who these individuals are or if the information revealing their names and locations was used by Saudi Arabia to harass or otherwise harm these individuals.
Saudi Arabia Recruited Spies within Twitter including One American
The country recruited spies within Twitter who could provide them with specific information on Twitter users that is unavailable to Twitter users and outside observers. One of the alleged spies recruited within Twitter is an American Citizen apparently paid $300,000 to spy for the Kingdom while another former Twitter employee was a Saudi citizen. Authorities have also brought charges against a third Saudi national who was not a Twitter employee. The spying occurred prior to the murder of Khashoggi and at least one account may be related to that crime.
This is the first time US federal prosecutors have brought espionage charges to bear against Saudi Arabia. But the case reveals that the sophisticated spying operations of foreign countries are almost certainly being deployed against the largest American social media companies who have been data mining Americans and others for years and possess a wealth of personal information on all their users. More incredibly, Twitter CEO Jack Dorsey met with crown prince Mohammed bin Salman (aka MbS) six months after Twitter uncovered the spies. The nature of the meeting is unclear but the company has been the recipient of significant investments from Saudi interests.
Social Media Companies Have Rich Data on All of Us
Beyond the specific threats of this case and the dangers these 6,000 individuals may have been put in, the case reveals the staggering amount of incidental information revealed to Twitter when people use the social media platform. The spies were able to understand when and where a Twitter user accessed the platform providing in many cases very precise location information not dissimilar from how your smartphone knows where you are at all times. This is great when you want to use a ride-sharing app but completely unnecessary when you want to post on Twitter.
Beyond location, the spies within Twitter could tell if more than one user shared the same computer. Revealing this information alone can often unmask the true identity of a Twitter user since a critic of Saudi Arabia might use a nom de plume like “KingdomCritic” when authoring political posts but also have an account under his real name “John Smith” when use Twitter for other purposes. Of course, knowing that KingdomCritic is likely John Smith, and knowing who John Smith’s friends and family are not only puts John Smith in danger but jeopardizes the safety of friends and family who may still live in the Kingdom.
One of the Twitter software engineers Ali Alzabarrah when confronted by the Twitter claimed he was accessing the accounts out of curiosity and the company seized his company laptop and escorted him from the company. The next day, he fled the United States for Saudi Arabia with his family. The espionage complaint brought in US District Court in San Francisco revealed that warrant has been issued for his arrest but its unclear if it will ever be enforceable.
Cyber security and cyber spying threaten each of us and the dangers extend far beyond Twitter or Saudi Arabia. This case reveals not only the lengths that bad actors will go to, to access our private information but more importantly the capabilities that Internet companies have to spy on us making us vulnerable to spying, rogue employees and hackers. It’s often unclear how much you are revealing about yourself when you use the Internet. That’s why we recommend that everyone sign up with MyProfyle’s Free For Life Identity Protection™ service because it remains the best way to find out if your information has been exposed.