The Department of Justice charged two former Twitter employees with spying on behalf of Saudi Arabia and accessing private information on dissidents of the regime and its de facto leader Crown Prince Mohammed bin Salman. According to the complaint, which was unsealed Wednesday, former Twitter workers Ali Alzabarah, a Saudi citizen, and Ahmad Abouammo, a U.S. citizen, snooped on thousands of users targeted by the Saudi government and “mined Twitter’s internal systems for personal information about known Saudi critics.” Abouammo, who worked as a media partnerships manager at Twitter, was arrested Tuesday in Seattle; Alzabarah, who was hired as a site reliability engineer, is believed to be in Saudi Arabia. A third individual, Saudi citizen Ahmed Almutairi, has also been charged for acting as an intermediary between the workers and Riyadh.
The three men are accused of working with the head of a Saudi charity founded by Mohammed bin Salman, Bader Al Asaker, who, according to the complaint was “working for and at the direction of” MBS. After meetings with Saudi officials, Alzabarah and Abouammo began accessing sensitive information that could be used to identify and locate critics of the regime. At one point, Abouammo set up a limited liability company to receive $300,000 in wire transfers from the Saudi government. “The information allegedly accessed by Mr Abouammo and Mr Alzabarah between 2014 and 2015 included the email addresses, IP addresses and dates of birth of people behind Twitter accounts targeted by the Saudi government and the Saudi royal family,” according to the Financial Times. “On one occasion in 2015, Mr Alzabarah allegedly accessed the email and IP addresses for four specific Twitter accounts. The same day, an unnamed Saudi official, who Mr Alzabarah is accused of having contact with, saved a note in his emails that referenced details about the users, prosecutors alleged.”
The saved draft email included in the complaint gives a sense of how the information provided by the Twitter employees can be weaponized against dissidents, wherever they are. The draft email referenced multiple users. “He is in Turkey and has a friend, or something, and they use the same Michigan State University account,” the draft email said of one targeted user. “This one is a professional. He’s a Saudi that uses encryption. … We tracked him and found that 12 days ago he signed in once without encryption from IP [redacted] at 18:40 UTe on 05/25/2015,” the email described another. “This one does not use a cell phone at all, just a browser. He’s online right using Firefox from a windows machine.”
A Twitter spokesperson said the company “limits access to sensitive account information to a limited group of trained and vetted employees.” “We understand the incredible risks faced by many who use Twitter to share their perspectives with the world and to hold those in power accountable,” the spokesperson said. “We have tools in place to protect their privacy and their ability to do their vital work.”