Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Social Media

Senator Raises Concerns Over Insider Breach at Twitter

Sen. Bob Menendez Sends Letters to Twitter CEO, State Department
Senator Raises Concerns Over Insider Breach at Twitter
Sen. Bob Menendez, D-N.J.

U.S. Sen. Bob Menendez, D-N.J., is raising national security, user privacy and other concerns about the recent insider breach at Twitter and what role Saudi Arabia is playing in manipulating American tech firms to crack down on dissidents.

See Also: 2018 Banking Threat Landscape: An Inside Look at How Cybercriminals Target Financial Services

In separate letters to Twitter CEO Jack Dorsey and the U.S. State Department, Menendez, who is the ranking Democrat on the Senate Foreign Relations Committee, raises questions about failures to prevent infiltration attempts by two former Twitter employees who spied on critics of the Saudi government and the country's royal family.

The letters from Menendez come two weeks after the U.S. Department of Justice charged two former Twitter employees and a third person for allegedly mining Twitter's internal systems to help the Saudi government identify potential dissidents (see: Feds Allege Saudi Spies Infiltrated Twitter).

The three men allegedly attempted to pass along information to the Saudi government from Twitter's databases, including users' email addresses, IP addresses and dates of birth, according to federal prosecutors. The three suspects mainly targeted those who have criticized the Saudi royal family through the social media platform, according to the Nov. 5 indictment.

Privacy and Other Concerns

In the letter sent Dorsey on Nov. 12, Menendez refers to the charges against the three men by the Justice Department as "deeply disturbing" and notes that Twitter should do more to prevent exploitation of users' private data.

The senator asks that Twitter provide clarity on the number of users that were affected by this incidents and if the company is working with the U.S government to prevent surveillance of dissidents by foreign governments.

"Unfortunately, bad actors can and have used technological [innovation] for evil," Menendez writes to Twitter CEO Dorsey. "Governments around the world use these tools to promote their repressive agendas. The arrests of your former employees … highlights how these regimes will not stop at their own borders in order to pursue their repressive tactics and tighten their grip on power."

In the Nov. 12 letter to the State Department, which is addressed to U.S. Secretary of State Mike Pompeo and John Abizaid, the U.S. ambassador to Saudi Arabia, Menendez presses for more clarity on the diplomatic measures taken by the Trump administration concerning this recent incident and what role the Saudi government played in trying to obtain this data from Twitter.

"The recent charges by the U.S Justice Department are troubling and demonstrate that more needs to be done to guard against exploitation of social media private data to further oppressive monitoring and surveilling of dissidents," Menendez writes. "I, therefore, seek clarity regarding your efforts in this vein and our diplomatic efforts with the Kingdom."

On Monday, a spokesperson for Twitter says that the company is aware of the letter and plans to respond. A spokesperson for the State Department also told Information Security Media Group that the department had received the letter.

"We always work closely and cooperatively with the committees and seek to be as timely and responsive as possible to their requests for information," the State Department spokesperson says. "As a general matter, we don’t comment publicly on our engagements with oversight committees."

Twitter Infiltration Attempt

According to an indictment unsealed by the Justice Department earlier this month, two former Twitter employees, Ali Alzabarah, 35, a Saudi national, and Ahmad Abouammo, 41, of Seattle, attempted to access user data from Twitter's databases between November 2014 to March 2015.

A third man, Ahmed Almutairi, aka Ahmed Aljbreen, a 30-year-old Saudi national, acted as an intermediary between the Saudi government and the two former employees, according to federal prosecutors.

All three have been charged with acting as illegal agents of a foreign government, according to the Justice Department. Abouammo has been additionally charged with lying to FBI agents in an attempt to stall the investigation in October 2018, according to federal prosecutors (see: 7 Takeaways: Insider Breach at Twitter).

Further, the indictment notes that Abouammo and Alzabarah, the former Twitter employees, allegedly received goods and payments from the Saudi government as a reward.

While FBI agents arrested Abouammo earlier this month, Alzabarah and Almutairi are believed to be in Saudi Arabia, the court filings notes.

State-Sponsored Espionage

The charges the Justice Department has brought against these three men and the role that the Saudi government played in obtaining information about dissidents from Twitter highlight a growing trend among governments to deploy spyware and other methods against specific targets.

In December 2018, Twitter announced that state-sponsored hackers use the platform's customer support APIs to target an unspecified number of its users (see: Twitter Sees Signs of State-Sponsored Attack).

According to Twitter's account of the incident, these attacks would have revealed the country code associated with a user's phone number, if they had registered one with Twitter, as well as whether Twitter had locked their account. The company later shared details of the incident with law enforcement.

In another case, human rights groups and others called attention to the Israel-based cyber-intelligence firm NSO Group, which has been accused of selling technology that enables governments to spy on citizens. In May, for example, Facebook issued a warning to users of its WhatsApp messaging app after NSO's Pegasus spyware was used to perform remote code execution against targeted phones. According to WhatsApp, the attackers were facilitated by "an advanced cyber actor" (see: Attackers Exploit WhatsApp Flaw to Auto-Install Spyware).

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.