Skip to main content

Mohammad Bin Salman Al Saud Sends Two Twitter Twits Ahmad Abouammo And Ali Alzabarah To Spy On Twitter Users....


Allegations that two former Twitter employees spied on users for the Saudi government have spotlighted the threat posed by insiders who exploit their access to the mountains of sensitive data held by tech companies.

The Twitter case adds an alarming international dimension to the longstanding problem of rogue employees who steal information or snoop on others.

"It's stupid to think foreign intelligence services would spend tens of millions trying to hack a company like Twitter when they can pay less than $100,000 to bribe employees," cybersecurity expert Robert Graham of Errata Security said Thursday.

Detecting insider access isn't easy, despite the availability of tools to do so, experts say. Yet the wealth of data that these companies have turned them into lucrative targets.

Companies that provide email, social media, search and other services have troves of personal data, including users' location, hobbies, political views and connections to other users. Many services also have users' private emails and other conversations.

While activists fearing repercussions might use a pseudonym in public posts, that's ultimately tied to a real account. An employee can look up the email address or phone number used to sign up and the locations used to access the app.

The coordinated spying effort unveiled Wednesday included the user data of over 6,000 Twitter users, including at least 33 usernames for which Saudi Arabian law enforcement had submitted emergency disclosure requests to Twitter, investigators said.

Most big tech platforms already take measures to prevent employees from abusing their position to spy on a crush they saw on Tinder.

Detecting well-instructed moles working for foreign governments is a "whole different kind of problem" because they may be cannier about what data they access and how to justify it, said John Scott-Railton, a researcher with the internet watchdog Citizen Lab.

He said companies can erode collaboration and trust if they put up too many silos, but they become a target if they put up too few.

Wednesday's federal complaint in San Francisco alleged that the Twitter employees were able to access the private data, including a user's email account, despite holding jobs that didn't require access to Twitter users' private information. That violated company policy, according to the complaint.

Ahmad Abouammo and Ali Alzabarah were charged with acting as agents of Saudi Arabia without registering with the U.S. government. Prosecutors say they were rewarded by Saudi royal officials with a designer watch and tens of thousands of dollars funneled into secret bank accounts.

Twitter said in a statement that it "limits access to sensitive account information to a limited group of trained and vetted employees," but declined to elaborate on how the breach described by prosecutors happened. A year ago, after reports first surfaced of Twitter insiders targeting Saudi dissidents on the platform, the company said that "no other personnel have the ability to access this information, regardless of where they operate."

It's not clear how Twitter's security practices compare to other tech giants or if they have improved since 2015, when Abouammo and Alzabarah stopped working at the San Francisco company.

Google, Facebook and Apple didn't respond to email and phone requests for comment Thursday on how they prevent rogue employees from accessing users' email and other online services. Microsoft, which owns LinkedIn, declined comment.

"We should not assume that the Saudi government is the only government that has thought about doing this," said Suzanne Spaulding, a former undersecretary for cybersecurity at the U.S. Department of Homeland Security.

Spaulding said tech companies that are holding so much private data need to do a better job of segregating that data and limiting who can see it. "These are people who didn't need access to this information to do their job," she said of the indicted former Twitter employees.

Jake Williams, president of Rendition Infosec and a former U.S. government hacker, said no one should be surprised when a foreign intelligence service infiltrates a big tech company. He said better auditing inside company networks can detect the espionage.

"Too often, logging is written purely for the purposes of troubleshooting outages and service issues, not tracking insiders," he said.

But Tarik Saleh, a security engineer at DomainTools, said it takes resources for companies to look for anomalies in employees' access to data. While artificial intelligence systems in recent years have had moderate success in automatically scanning for unusual activity, "once you're in the weeds, it's extremely difficult," he said. "Very few organizations can do it right, even sophisticated ones like the NSA or the CIA."

Tony Cole, chief technical officer at Attivo Networks, said that rather than focus solely on detecting unauthorized access, it's better for companies to limit data access to authorized individuals to begin with. Such systems can also flag unauthorized attempts, he said.

Some cybersecurity firms offer not just monitoring but active measures to try to detect employee misbehavior — such as introducing as bait bogus data with commercial value and seeing if workers suspected of previous wrongdoing take that bait, said Alex Holden, chief security officer of Hold Security in Milwaukee.

Experts said tech companies — particularly social media and email providers — must recognize that they will be targets of insider threats given the types of information they hold.

"We've talked to them about it for years and they've kind of listened with half an ear maybe," former FBI counterintelligence agent Frank Montoya said.

Holden said the new cases of data abuse that pop up every month point to "a certain amount carelessness among companies."

Facebook recently made headlines when it disclosed that it had left millions of user passwords exposed on its network in plaintext that should have been encrypted.

And then there was the CapitalOne hack, in which a former Amazon Web Services employee who knew her way around the network stands accused of obtaining records on roughly 100 million people.

Until recently, tech companies were also routinely letting employees and contractors review users' audio interactions with digital assistants. While that was done to improve services, many of the conversations leaked. Companies scaled back their practices and offered better disclosures only after news reports emerged. Source

Comments

Popular posts from this blog

UPDATE: GAY LOVERS Kam McLeod, 19, And Bryer Schmegelsky, 18, Named As DANGEROUS SUSPECTS In The Gruesome Murders Of An Australian Backpacker And His American Girlfriend

Two murderous Sodomites on the run Two teenagers initially thought missing in Canada are now named as DANGEROUS SUSPECTS in the gruesome murders of an Australian backpacker and his American girlfriend  Two teenagers who were previously described as missing have been named as suspects in the murders of an American woman and her Australian boyfriend in Canada. Police named Canadian teens Kam McLeod, 19, and Bryer Schmegelsky, 18, as suspects in the murders of Lucas Fowler, 24, and Chynna Deese, 23, on Tuesday. The two teenagers were described as missing on Monday but police named them as suspects after they were found, alive, in northern British Columbia. Now, they are believed to be in Saskatchewan - 1156 miles from where the young couple's bodies were found - and are thought to be dangerous. The pair, who are elementary school friends, left Vancouver Island for Whitehorse ins search of work sometime before the murders.   They stopped communicating with their families severa…

MUSLIM KNIFE ATTACK In Prague Metro

Video: Popeyes Employee Deriance Ra'Shaiel Hughes, 29, Body Slams Elderly Woman

Popeyes worker who 'body-slammed' a customer, 55, leaving her with a broken leg and six broken ribs is arrested as it's revealed altercation happened because she was charged twice for her $13.11 meal A Popeyes employee has been arrested after being caught on video body-slamming a customer outside a Tennessee store. Deriance Ra'Shaiel Hughes, 29, has been charged with felony aggravated assault after allegedly attacking Debra Staggs in a dispute over her check. Rocky McElhaney Law Firm which is representing Staggs, 55, said she was trying to get a refund after being charged twice for her $13.11 meal. Video of the attack quickly went viral with the footage showing people chasing Staggs outside the restaurant. She is then body slammed to the ground by a man who is now believed to be Hughes. Staggs has been left with a broken leg, nine fractures in her elbow and six broken ribs. She has already had two operations and is expected to need months of rehabilitation. S…