It’s recently come to light that Saudi Arabia may have done more than use social-media to suppress their political opposition. According to sources from the New York Times, the country was ‘grooming’ Ali Alzabarah, a Twitter engineer, to spy on the accounts of dissenters and other KSA regime targets.
Alzabarah had joined the company in 2013, and overtime attained a top engineering position that gave him access to the personal information and account activity of Twitter’s use base, including phone numbers, I.P. addresses, and other private data.
According to three of the NYT’s anonymous sources, Intelligence officials told Twitter executives that Alzabarah had become close with Saudi intelligence officials, who convinced him to collect data from several user accounts.
In 2015, Twitter had been warned by Western officials that Alzabarah had not only developed relations with Saudi intelligence agents, but agreed to spy on numerous accounts. Twitter had suspended the claim at the time and led an investigation that yielded no evidence of data collusion with the Saudis. Nonetheless, his employment with the company was quietly terminated by December of that year.
Twitter did excess damage control, sending dozens of safety alerts to the accounts Alzabarah had access to, some of which had fostered domestic activism or been critical of the Kingdom’s regime. The melange of accounts included policy experts, academics, journalists, and experts on security/surveillance, including some involved in Turkey’s infamous TOR product and its activist-friendly network.
If its accuracy is confirmed, these findings not only confirm that Saudi Arabia has been using malicious methods to control its online political discourse (which wouldn’t be a surprise), but that Twitter did not have proper intel to ensure their employees were accessing Twitter accounts for proper reasons. If found to be true, it would not be specific to Twitter however. Facebook recently fired an employee who had used a similar position to stalk female users’ profiles. In the absence of tight controls on data access, there is always the chance that employees will use their access for nefarious purposes.
As of yet, neither Twitter, the Kingdom of Saudi Arabia, or Alzabarah (now working for the Saudi regime) have commented on the matter. Twitter claims that it has been taking efforts to shut down Saudi spambot interference , but the recent NYT report seems to indicate that this is not a new phenomenon.