Twitter Security Director Says Former Employees Viewed Various Saudi Accounts
SAN FRANCISCO — In 2014, Twitter began building a system to record when employees viewed user information. It didn’t take long for the system to sound the alarm.
The new technology revealed that two Twitter employees were looking into the personal information of dissidents who criticize the Saudi government, a Twitter security executive testified on Tuesday. But the logs also showed that employees viewed information associated with other accounts, including the official account of King Salman and an account sharing news from Lebanon and Saudi Arabia.
Seth Wilson, director of information security at Twitter, said: “It certainly raised some red flags.
New details on the scope of employee access come from the trial of former Twitter employee Ahmad Abouammo, who was accused of collecting dissident personal information and handing it over to Saudi Arabia in exchange for luxury watches and hundreds of thousands of dollars. became clear in of dollars.
In 2019, the Justice Department indicted him and his former colleague Ali Alzabara for acting as agents of foreign powers in the United States without properly disclosing their work. He claimed he did not share personal information with Saudi officials, and said other employees also viewed account information for no apparent reason.
Wilson investigated Abuanmo’s access to a user’s Twitter account and found that he likely browsed dissident phone numbers and email addresses in the early months of 2015. said he did. Internet Protocol address. It may be used to identify devices on the Internet network and estimate the user’s location.
“If I recall, there were some accounts that seemed commensurate with their job responsibilities of helping individuals authenticate their accounts,” Wilson said. “But a good number, I suspected. I couldn’t find any justification for access.”
Wilson also testified that Al-Zabala saw information linked to King Salman’s Twitter account and Abuanmo’s account.
Wilson said the investigation prompted a review of Twitter’s security and the company sought to limit the number of employees with access to sensitive information.
“We have identified individuals abusing or abusing access for malicious purposes,” he said. “The long-term goal of this program was to identify not just how to log and identify it, but how to stop or detect it earlier than it did in 2014 and 2015.”
