Skip to main content

Mohammad Bin Salman Al Saud Sends Two Twitter Twits Ahmad Abouammo And Ali Alzabarah To Spy On Twitter Users....


Allegations that two former Twitter employees spied on users for the Saudi government have spotlighted the threat posed by insiders who exploit their access to the mountains of sensitive data held by tech companies.

The Twitter case adds an alarming international dimension to the longstanding problem of rogue employees who steal information or snoop on others.

"It's stupid to think foreign intelligence services would spend tens of millions trying to hack a company like Twitter when they can pay less than $100,000 to bribe employees," cybersecurity expert Robert Graham of Errata Security said Thursday.

Detecting insider access isn't easy, despite the availability of tools to do so, experts say. Yet the wealth of data that these companies have turned them into lucrative targets.

Companies that provide email, social media, search and other services have troves of personal data, including users' location, hobbies, political views and connections to other users. Many services also have users' private emails and other conversations.

While activists fearing repercussions might use a pseudonym in public posts, that's ultimately tied to a real account. An employee can look up the email address or phone number used to sign up and the locations used to access the app.

The coordinated spying effort unveiled Wednesday included the user data of over 6,000 Twitter users, including at least 33 usernames for which Saudi Arabian law enforcement had submitted emergency disclosure requests to Twitter, investigators said.

Most big tech platforms already take measures to prevent employees from abusing their position to spy on a crush they saw on Tinder.

Detecting well-instructed moles working for foreign governments is a "whole different kind of problem" because they may be cannier about what data they access and how to justify it, said John Scott-Railton, a researcher with the internet watchdog Citizen Lab.

He said companies can erode collaboration and trust if they put up too many silos, but they become a target if they put up too few.

Wednesday's federal complaint in San Francisco alleged that the Twitter employees were able to access the private data, including a user's email account, despite holding jobs that didn't require access to Twitter users' private information. That violated company policy, according to the complaint.

Ahmad Abouammo and Ali Alzabarah were charged with acting as agents of Saudi Arabia without registering with the U.S. government. Prosecutors say they were rewarded by Saudi royal officials with a designer watch and tens of thousands of dollars funneled into secret bank accounts.

Twitter said in a statement that it "limits access to sensitive account information to a limited group of trained and vetted employees," but declined to elaborate on how the breach described by prosecutors happened. A year ago, after reports first surfaced of Twitter insiders targeting Saudi dissidents on the platform, the company said that "no other personnel have the ability to access this information, regardless of where they operate."

It's not clear how Twitter's security practices compare to other tech giants or if they have improved since 2015, when Abouammo and Alzabarah stopped working at the San Francisco company.

Google, Facebook and Apple didn't respond to email and phone requests for comment Thursday on how they prevent rogue employees from accessing users' email and other online services. Microsoft, which owns LinkedIn, declined comment.

"We should not assume that the Saudi government is the only government that has thought about doing this," said Suzanne Spaulding, a former undersecretary for cybersecurity at the U.S. Department of Homeland Security.

Spaulding said tech companies that are holding so much private data need to do a better job of segregating that data and limiting who can see it. "These are people who didn't need access to this information to do their job," she said of the indicted former Twitter employees.

Jake Williams, president of Rendition Infosec and a former U.S. government hacker, said no one should be surprised when a foreign intelligence service infiltrates a big tech company. He said better auditing inside company networks can detect the espionage.

"Too often, logging is written purely for the purposes of troubleshooting outages and service issues, not tracking insiders," he said.

But Tarik Saleh, a security engineer at DomainTools, said it takes resources for companies to look for anomalies in employees' access to data. While artificial intelligence systems in recent years have had moderate success in automatically scanning for unusual activity, "once you're in the weeds, it's extremely difficult," he said. "Very few organizations can do it right, even sophisticated ones like the NSA or the CIA."

Tony Cole, chief technical officer at Attivo Networks, said that rather than focus solely on detecting unauthorized access, it's better for companies to limit data access to authorized individuals to begin with. Such systems can also flag unauthorized attempts, he said.

Some cybersecurity firms offer not just monitoring but active measures to try to detect employee misbehavior — such as introducing as bait bogus data with commercial value and seeing if workers suspected of previous wrongdoing take that bait, said Alex Holden, chief security officer of Hold Security in Milwaukee.

Experts said tech companies — particularly social media and email providers — must recognize that they will be targets of insider threats given the types of information they hold.

"We've talked to them about it for years and they've kind of listened with half an ear maybe," former FBI counterintelligence agent Frank Montoya said.

Holden said the new cases of data abuse that pop up every month point to "a certain amount carelessness among companies."

Facebook recently made headlines when it disclosed that it had left millions of user passwords exposed on its network in plaintext that should have been encrypted.

And then there was the CapitalOne hack, in which a former Amazon Web Services employee who knew her way around the network stands accused of obtaining records on roughly 100 million people.

Until recently, tech companies were also routinely letting employees and contractors review users' audio interactions with digital assistants. While that was done to improve services, many of the conversations leaked. Companies scaled back their practices and offered better disclosures only after news reports emerged. Source

Comments

Popular posts from this blog

White EVANGELICAL Keith Thomas Kinnunen, 43, Is The West Freeway Church Of Christ Shooter

Church of Christ shooter who killed two named as Keith Thomas Kinnunen, 43  A gunman who opened fire at a packed church and killed two has been named as Keith Thomas Kinnunen. Kinnunen, 43, was himself shot dead by a retired FBI agent turned security guard at the West Freeway Church of Christ in White Settlement, Texas Sunday morning. Kinnunen has previous arrests for aggravated assault with a deadly weapon as well as theft of property, NBCDFW reported. The church’s service is live-streamed online every Sunday, with horrific video footage capturing the moment Kinnunen opened fire and killed two, before he himself was neutralized. Parishioners could be seen screaming with fear and hiding under pews in the moments after the shooting.His victims have since been named as church deacon Anton Wallace and Richard White. Kinnunen was also arrested on illegal weapons charges in New Jersey in 2016, when he described himself as ‘homeless,’ and claimed to be visiting the state to take photos of …

UPDATE: GAY LOVERS Kam McLeod, 19, And Bryer Schmegelsky, 18, Named As DANGEROUS SUSPECTS In The Gruesome Murders Of An Australian Backpacker And His American Girlfriend

Two murderous Sodomites on the run Two teenagers initially thought missing in Canada are now named as DANGEROUS SUSPECTS in the gruesome murders of an Australian backpacker and his American girlfriend  Two teenagers who were previously described as missing have been named as suspects in the murders of an American woman and her Australian boyfriend in Canada. Police named Canadian teens Kam McLeod, 19, and Bryer Schmegelsky, 18, as suspects in the murders of Lucas Fowler, 24, and Chynna Deese, 23, on Tuesday. The two teenagers were described as missing on Monday but police named them as suspects after they were found, alive, in northern British Columbia. Now, they are believed to be in Saskatchewan - 1156 miles from where the young couple's bodies were found - and are thought to be dangerous. The pair, who are elementary school friends, left Vancouver Island for Whitehorse ins search of work sometime before the murders.   They stopped communicating with their families severa…

Black EVANGELICAL Grafton Thomas, 37, Of The Hudson Highlands Cooperative Parish Brings A Machete To Hanukkah Party & Hacks Up Five JEWS

Horrifying moment 'terrorist' bursts into Hanukkah party with a machete to stab five as carnage is revealed and cops link him to second synagogue stabbing - but his pastor says he's mentally ill  Horrifying images have emerged of the moment an attacker armed with a machete burst into a Hanukkah party in upstate New York on Saturday and the carnage he left behind inside the rabbi's home. Grafton E Thomas, 37, of Greenwood Lake, pleaded not guilty after he was arraigned on five counts of attempted murder and one count of burglary in Ramapo Town Court late Sunday morning. His bail was set at $5million. He is accused of stabbing five people in Monsey, New York. Chilling images from inside the property show bloodied floors and overturned chairs following the assault which has been labeled 'an act of terrorism' by Governor Andrew Cuomo. One surveillance photo shows the suspect wearing a hood and scarf making his way up stairs to Rabbi Chaim Rottenberg's …