Saudi infiltration of Twitter

In 2014 and 2015, a team of Saudi agents allegedly stole proprietary and sensitive personal data from the American social media platform Twitter, in order to unmask anonymous dissidents of Saudi Arabia. Email addresses, phone numbers, internet IP addresses, dates of birth and a history of all the users' activity of Saudi dissidents, opponents and others, were among the stolen materials.

The United States Department of Justice charged two former Twitter workers and a Saudi intermediary with "acting as illegal agents of Saudi Arabia". Personal data of at least 6,000 Twitter accounts was acquired, according to the complaint.

Human rights groups ANHRI and Prisoners of Conscience have observed that some anonymous Saudi political activists on Twitter were identified and detained after the infiltration, and suspect that it is related. A Saudi scholar in exile in the United States sued Twitter, alleging that dozens of anonymous political activists he was in contact with have died, were tortured, or remain behind bars as a result of being found to have a connection to him.

Background
With roughly 10 million Twitter users, Saudi Arabia is the service's top Arab market. Not requiring use of real names further made Twitter a leading platform for political dissent in the country.

Saud al-Qahtani, one of Saudi Crown Prince Mohammed Bin Salman's top confidants at the time, posted a warning against masked Twitter accounts using his own verified Twitter account in August 2017. Asserting that governments can know the true names of those using Twitter anonymously, he brought up "technical methods" for tracing a person's IP addresses, as well as a "secret I'm not going to reveal." Twitter permanently banned al-Qahtani's account in September 2019, claiming "violations of our platform manipulation policies."

Perpetrators
Ali Alzabarah, a Saudi national, and Ahmad Abouammo, a U.S. citizen, were the two former Twitter employees that funneled the data, the complaint asserts.

Another Saudi national, Ahmed Almutairi, also known as Ahmed Aljbreen, worked as a middleman between Alzabarah, Abouammo, and representatives of the Saudi Royal Family. Almutairi is known for co-founding SMAAT, a Riyadh social-marketing firm that is controlled by the royal family and had a history of running political and commercial influence operations.

Bader al-Asaker, a Saudi official who heads the private office of Prince Mohammed and is a board member of Misk Foundation, a philanthropic organization affiliated with MBS, was also involved in the conspiracy, according to the complaint.

Timeline
Ali Alzabarah joined Twitter as a site reliability engineer in August 2013. Being involved in keeping the site up, he was given broad access.

In November 2013, Abouammo, who joined the firm as a member of Twitter's global media team to head the Middle East partnerships, met Alzabarah there.

In 2014, Abouammo was asked to authenticate an account belonging to a Saudi news personality by a public relations agency representing the Saudi Embassy. This request for a blue checkmark was followed by a request from a US-Saudi business group in Virginia to visit Twitter's headquarters. Bader al-Asaker was to be part of the visit, which was nominally for entrepreneurs.

On June 13, 2014, al-Asaker traveled to San Francisco to meet Abouammo.

Months later, Abouammo met al-Asaker in 2014 in London, where he was given a $20,000 watch. A week after returning to Twitter's headquarters, Abouammo accessed the system he used to verify users and obtained information about at least two Saudi dissidents, later passing the data to al-Asaker. That system, according to insiders who have used it, retains information such as email addresses, phone numbers and the latest log-in time – personal information usable to track a user in real life.

In February 2015, Abouammo got his operators in touch with Alzabarah. Alzabarah's ambitions were straightforward: he wanted to work in a high-ranking job for a "charitable organization run by al-Asaker."

In May 2015, and within the first week of arriving in San Francisco from Washington, D.C. where he met with al-Asaker, Alzabarah "began to access without authorization private data of Twitter users en masse." Over 6,000 users were compromised in six months, according to the FBI. 33 of those users, the Saudi government has already requested Twitter to provide their personal information through emergency disclosure demands.

Later in 2015, Abouammo departed Twitter for a position at Amazon in Seattle. Over the next two years, well over $300,000 in bank transfers were made from al-Asaker to Abouammo's various bank accounts.

On December 2, 2015, Alzabarah reportedly acknowledged to his superiors that he examined user data out of curiosity. His work-owned laptop was taken, and he was removed from the office. He returned to Saudi Arabia the next day after communicating that night with al-Asaker and then Dr. Faisal Al Sudairi, the Saudi consul general in Los Angeles. Alzabarah has not been seen since, according to authorities.

After arrival in Saudi Arabia, Alzabarah became the CEO of the Misk Initiatives Center, a branch of Mohammed bin Salman's Misk Foundation, which he created in 2011 and whose secretary-general was al-Asaker.

On October 20, 2018, FBI agents in Seattle questioned Abouammo about his efforts on behalf of Saudi officials. In an attempt to hinder the inquiry, Abouammo purportedly lied to the investigators and supplied them with a forged invoice.

On November 5, 2019, as part of the complaint, federal warrants for both Ali Alzabarah and Almutairi were issued. Both were accused of operating as undeclared agents of a foreign government. On the same day, Abouammo was apprehended in Seattle, WA, and had his first federal court appearance in Seattle on November 6, 2019.

On February 24, 2021, a federal judge rejected a request to dismiss charges against Abouammo.

Twitter response
On the condition of anonymity, a business representative of Twitter told The Washington Post in 2019 that access to the instrument panel is now restricted to a small group of "trained and vetted" workers, citing worries about staff safety.

Criticism
According to former employees, Twitter did not have plans to handle situations in which a personnel with access to sensitive data built strong ties with foreign powers. A former colleague of Abouammo's said that US, UK, and Israeli security agencies all pressured members of Twitter's media team for private information.

The departure of Ali Alzabarah didn't cause a stir in Twitter. "One day the general counsel came to me and said there was this crazy thing that happened. They're out of the company," a former Twitter executive remarked. "You can never talk about it," "inside, it was a total nonthing. No one in the rank and file who had ever heard of it. It was a nonissue."

Omar Abdulaziz, a dissident who was connected to writer Jamal Khashoggi, feels that criticizing the Saudi Arabian regime on social media is now risky. "We were using Twitter ten years ago to expose our opinion on what was really going on there, and we felt safe," he added. "For us, it was a safe platform. That's no longer the case."

Known victims
Although Twitter has not revealed the identity of those who may have been unmasked as a result of the claimed attack, human rights groups, such as ANHRI, linked three Saudis detained since 2015 with using Twitter handles @sama7ti, @coluche_ar, and @mahwe13, all critical of the Saudi government. Another human rights organization, Prisoners of Conscience, reported an additional case of a Saudi male who posted critical comments on Twitter under the handle @albna5y and was imprisoned in September 2017.

Turki bin Abdulaziz al-Jasser (@coluche_ar)
Al-Jasser, a Saudi man suspected of running an anonymous Twitter account, was apprehended in early 2018. He was linked to @coluche_ar, one of the accounts obtained by the Twitter breach, according to ANHRI.

Though al-Jasser was reported to have died in jail after being tortured, Saudi officials notified a United Nations team monitoring enforced disappearances in February that he was being kept at Al Ha'ir Prison near Riyadh, according to MENA Rights Group.

Abdulrahman al-Sadhan (@sama7ti)
Following a March 2018 arrest and charges that he used a popular parody account to criticize the Saudi government, Abdulrahman al-Sadhan, a 37-year-old Red Crescent relief worker, was convicted by Saudi Arabia's specialized criminal court and sentenced to 20 years in prison followed by an additional 20-year travel restriction.

Lawsuits
Omar Abdulaziz's account was one of those breached. On February 17, 2016. A message from Twitter's security staff notified him that his and a limited number of other users' personal information had been compromised due to a "bug." "The email address and phone number linked to your account was viewed by another account," said the message. He later filed a lawsuit against the company for allegedly failing to disclose the event. The accusations are false, according to Twitter.

In June 2020, Ali al-Ahmed, a Saudi scholar living in exile in the United States, sued Twitter over the 2016 breach, alleging that the company's negligence resulted in the loss and torture of dissidents within Saudi Arabia. al-Ahmed claimed to have been in continuous contact with a number of anonymous Twitter accounts maintained by Saudi state employees and pro-democracy advocates in the period leading up to the breach. Exposing their phone numbers and email addresses, dozens of those who were in direct touch with Ali have died, were tortured or remain behind bars as a result of being found to have a connection to him, he claims.