NOVEMBER 7, 2019
SAN FRANCISCO — The Saudi government, frustrated by growing criticism of its leaders and policies on social media, recruited two Twitter employees to gather confidential personal information on thousands of accounts that included prominent opponents, prosecutors alleged Wednesday.
The complaint unsealed in U.S. District Court in San Francisco detailed a coordinated effort by Saudi government officials to recruit employees at the social media giant to look up the private data of thousands of Twitter accounts, including email addresses linked to the accounts and internet protocol addresses that can give up a user’s location.
The accounts included those of a popular critic of the government with more than 1 million followers and a news personality.
The complaint also alleged that the employees — whose jobs did not require access to Twitter users’ private information — were rewarded with a designer watch and tens of thousands of dollars funneled into secret bank accounts. Ahmad Abouammo, a U.S. citizen, and Ali Alzabarah, a Saudi citizen, were charged with acting as agents of Saudi Arabia without registering with the U.S. government.
The Saudi government had no immediate comment through its embassy in Washington.
The criminal complaint against the two former Twitter employees and a third man who ran a social media marketing company that did work for the Saudi royal family comes a little more than a year after the execution of Jamal Khashoggi, a Washington Post columnist and prominent critic of the Saudi government, who was dismembered in the Saudi consulate in Istanbul.
Allegations reveal the extent the Saudi government went to control the flow of information on Twitter, said Adam Coogle, a Middle East researcher with Human Rights Watch.
The platform is the main place for Saudis to express their views, and about a third of the nation’s 30 million people are active users. But the free-wheeling nature of Twitter is a major source of concern for the authoritarian regime, Coogle said.
The government has used different tactics to control speech and keep reformers and others from organizing, including employing troll armies to harass and intimidate users online. It has even arrested and imprisoned Twitter users.
The crown prince’s former top adviser, Saud al-Qahtani, who also served as director of the cyber security federation, started the “Black List” hashtag to target critics of the government. He ominously tweeted in 2017 that the government had ways of unmasking anonymous Twitter users.
“Does a pseudonym protect you from #the_black_list? No,” al-Qahtani wrote, according to a report by Coogle released this week. “1) States have a method to learn the owner of the pseudonym 2) the IP address can be learned using a number of methods 3) a secret I will not say.”
“If you combine that with what we know about at least these two individuals and what went on in 2014 and into 2015, it’s pretty chilling,” Coogle said.
Al-Qahtani has been sanctioned for his suspected role in orchestrating the brutal killing of Khashoggi. His Twitter account was suspended in September for violating its platform manipulation policy.
Twitter acknowledged that it cooperated in the criminal investigation and said in a statement that it restricts access to sensitive account information “to a limited group of trained and vetted employees.”
“We understand the incredible risks faced by many who use Twitter to share their perspectives with the world and to hold those in power accountable,” the statement said. “We have tools in place to protect their privacy and their ability to do their vital work.”
A critic said Twitter didn’t live up to its principle of restricting access to information about private individuals to the smallest possible number of employees.
“If Twitter had implemented this principle, this misappropriation of information would not have been possible,” said Mike Chapple, who teaches cybersecurity at the University of Notre Dame’s Mendoza College of Business. “Social media companies must understand the sensitivity of this information and restrict access to the smallest possible number of employees. Failing to do so puts the privacy, and even the physical safety, of social media users at risk.”
Abouammo was also charged with falsifying documents and making false statements to obstruct FBI investigators — offenses that carry a maximum penalty of 30 years in prison if convicted.
At his appearance in Seattle federal court Wednesday, Abouammo was ordered to remain in custody pending a detention hearing set for Friday.
His lawyer, Christopher Black, declined to comment, as did Abouammo’s wife, who did not give her name.
The complaint said Abouammo, a media partnership manager for Twitter’s Middle East region, and Alzabarah, a site reliability engineer at Twitter, worked with an unnamed Saudi official who leads a charitable organization belonging to a person named Royal Family Member 1.
Prosecutors said a third defendant, a Saudi named Ahmed Almutairi who worked as a social media adviser for the Saudi royal family, acted as an intermediary with the Twitter employees.
The complaint said Almutairi recruited Alzabarah and flew him to Washington, D.C., in the spring of 2015, when a Saudi delegation visited the White House.
“Within one week of returning to San Francisco, Alzabarah began to access without authorization private data of Twitter users en masse,” the complaint said.
The effort included the user data of over 6,000 Twitter users, including at least 33 usernames for which Saudi Arabian law enforcement had submitted emergency disclosure requests to Twitter, investigators said.
After being confronted by his supervisors at Twitter, Alzabarah acknowledged accessing user data and said he did it out of curiosity, authorities said.
Alzabarah was placed on administrative leave, his work-owned laptop was seized, and he was escorted out of the office. The next day, he flew to Saudi Arabia with his wife and daughter and has not returned to the United States, investigators said.
A warrant for his and Almutairi’s arrests were issued as part of the complaint.