In July of this year, the U.S. government requested to drop the two spy charges against two former Twitter employees and to file a host of new charges. Ahmad Abouammo and Ali Alzabarah, along with a third man named Ahmed Almutairi, had been charged as acting as illegal agents of a foreign government. The charges alleged that in 2014 and 2015, Almutairi and Saudi officials allegedly convinced the former employees to hack into private information stored on the Twitter accounts of individuals critical of the Saudi government.
The Hack Reached Extensively Into Twitter
Abouammo, at the time still employed by Twitter, is said to have met with a Saudi official in London in late 2014. Within days, he had allegedly accessed data from Twitter from a prominent critic of the Saudi royal family. In the months following the meeting, Abouammo maintained regular contact with Saudi officials.
The information the former employees had access to was significant. In addition to their user data and history on Twitter, the complaint revealed that Abouammo and Alzabarah could also view each compromised user’s IP address and browser information. Abouammo, under the direction of Saudi officials, was able to shut down individual accounts, citing ‘violations’ of Twitter’s terms and services.
In addition to the specific targets, Alzabarah allegedly accessed the accounts of over 6,000 Twitter users during late 2014 and early 2015. His intrusion gave him access to user biological data in addition to the account and browser information.
New Charges Added to the Twitter Hack Case
The original request was submitted “without prejudice, ” allowing the government to file new charges still. That’s precisely what happened. Instead of the original two charges, the U.S. government brought the number to seven in their latest indictment. These charges include acting as an agent for a foreign government without notice to the attorney general; conspiracy to commit wire fraud; wire fraud; money laundering; destruction, alteration, or falsification of records in federal investigations; aiding and abetting; and criminal forfeiture.
The new complaint adds on to the original factual accusations. It also provides more details on the large number of accounts compromised. According to the complaint, Abouammo and Alzabarah accessed a multitude of accounts, ranging from journalists, celebrities, and other organizations well within the public eye.
The indictment also accuses the Saudi officials of transferring Abouammo $200,000 via wire transfer to a Lebanese bank, in addition to a watch valued at around $20,000. The FBI also accuses the former employee of lying during their recent interview, not disclosing the watch, and turning in a falsified and backdated receipt from Saudi officials. He told the FBI the payment was for media consulting services.
Twitter’s Cybersecurity Under the Microscope with recent Hacks
The news comes at a time when Twitter’s security is also under scrutiny. In mid-July, hackers managed to get into some of the most prominent accounts on the service. From former President Barack Obama to rapper Kanye West, the hack proved that even verified users were not safe from the sort of intrusion in the Saudi case. Not unlike Abouammo and Alzabarah’s inside knowledge, Twitter went on to announce that its own employee tools were used in the hack. It is clear that the social media platform isn’t entirely secure—don’t count on the service itself to protect your information.