back to article Ex-Twitter staff charged with spying for Saudi royals: Duo accused of leaking account records, including those of critics

Two now-ex Twitter employees have been charged with spying on behalf of Saudi Arabia – after they allegedly leaked internal records for accounts linked to critics of the Saudi royal family, including the assassinated journalist Jamal Khashoggi, while working for the social network. A criminal complaint [PDF] filed in a US …

  1. Mark 85

    Four years?

    It took four years for this? Didn't Twitter notice someone popping the files?

    1. doublelayer Silver badge

      Re: Four years?

      It sounds like their job included looking at specific user accounts and they made some attempt to limit their targets. Logically, Twitter should have had controls on even small numbers of accounts accessed, but I don't know the details of what these people were doing. If it involved something like trying to identify if users were bots or not, it's possible that the criminals hid their account sweeps in something like that, and removed the data they were interested in from that data stream rather than deliberately accessing the profiles. Given the article's figures of six thousand accounts accessed for a target count of thirty three, that approach might have been the one taken.

      1. Halfmad

        Re: Four years?

        This would require information security staff and we all know having those working internally, properly resourced and supported by senior management is a rarity these days.

    2. Anonymous Coward
      Anonymous Coward

      Re: Four years?

      This happened 4 years ago and only just came out

  2. Claverhouse Silver badge
    Mushroom

    What's Sauce for the Goose...

    America can always triumph in the Loony Laws competition !

    Just like the oft-mocked US Customs question: 'Are you in favour of subverting the government of the United States by force ?...

    ' unregistered foreign agents'

    "Excuse me, sir, my name is Billy Bunter, and I want to register in America as a foreign spy; please give me the proper forms..."

    .

    .

    As for this case, it could be argued they were simple patriots to the Saudi state --- no matter one's opinion of that state --- I feel quite certain British nationals working in Germany c 1938 would be now applauded for sending back information on links between British proto-fascists and the Hitlerite state.

    1. Twanky
      Flame

      Re: What's Sauce for the Goose...

      Firstly: How the hell can a wristwatch be worth $20,000? It's obscene. Yeah, I know it's only worth what someone is willing to pay for it... and 'Veblen' goods. Blah.

      Secondly: I don't care if the motivation was patriotism to the Saudi Kingdom or filthy lucre or anything else. The key point is surely that with enough motivation people's personal information can be extracted from social media systems and cloudy services (for example Uber with it's 'God View' access - later renamed 'Heaven View' - has a fine track record in this regard).

      Over the past few years the news has been littered with stories of people being doorstepped by MSM reporters for expressing politically incorrect opinions on social media and some have even self-harmed after being confronted. If reporters can extract real addresses and contact details from social media when they want to then these systems must be as watertight as sieves.

      1. anothercynic Silver badge

        Re: What's Sauce for the Goose...

        $20,000 is cheap. Patek Philippe, Chopard and higher-end Breguet watches retail for at least 6 figures. And watches like that tend to be discrete, they are absolutely beautiful works of engineering, and they are a joy to wear. Not a criticism of your post, just a clarification. I agree with you on the rest of the post.

        1. Steve Graham

          Re: What's Sauce for the Goose...

          "discreet"

          Most watches are discrete.

  3. Blockchain commentard

    If Twitter was concerned about privacy, perhaps they shouldn't insist on demanding so much private information when signing up?

  4. sbt
    Facepalm

    Cutting their own throats

    Too much of this sort of thing and every organisation handling PI will implement no foreign hires policies. And it won't just be the Russians and the Chinese nationals out in the cold.

    1. phuzz Silver badge

      Re: Cutting their own throats

      But what if your spouse is from a foreign country, surely pressure might be put on you then? Or perhaps one of your kids is involved with someone from another country? Or maybe they just try and bribe someone?

      Proper internal security with auditing and someone actually reading and responding to the audit logs is the answer, not banning foreign hires.

  5. Anonymous Coward
    Anonymous Coward

    So that's why they need to know your Mobile Number for 2FA

    ... so they know what address to send the Bone Saw/Angle Grinder Operatives arround to.

    Ghilling Effects.

  6. Aristotles slow and dimwitted horse

    It's a start...

    But let's just conveniently sweep under the rug the billions and billions in guns, bombs and planes that the US sell them eh?

    1. phuzz Silver badge
      Facepalm

      Re: It's a start...

      At least the US government hasn't banned selling weapons to the Saudis, and then "accidentally" sold them anyway. "By mistake". At least three times.

      After all, who among us hasn't accidentally written an illegal export license eh?

  7. Anonymous Coward
    Anonymous Coward

    leaked as many as 6,000 Twitter profile records to Saudi officials

    what goes round, comes round... Given how happy the US are to tap into phone calls made by their "strategic friends" in Europe, presumably their Saudi friends took notice and paid enough to gain access to that one, pesky twitter account run by their Top US Friend? I'll show them yours if you show them mine? :)

  8. Twitchy Eye

    "Our company limits access to sensitive account information to a limited group of trained and vetted employees", really actually vetted?

    Or more likely "sign this NDA and agree not to do bad stuff." Vetting foreign citizens in nearly impossible, because access to their criminal history is also impossible.

    Never mind the fact that the labor shortage in California is so bad they'll take anyone with a pulse.

  9. Timo

    PBS Frontline episode

    There was just a documentary in the US about this - on "Frontline".

    https://www.pbs.org/wgbh/frontline/film/the-crown-prince-of-saudi-arabia/

    Seems the new crown prince was (is) looking for ways to finger many people as dissidents.

    Not sure if they've got it region-locked but was interesting to watch, if almost 2 hours in duration.

  10. John Savard

    The job isn't finished

    But when is the United States going to demand the extradition of the Saudi portion of this conspiracy? Justice isn't done until everyone who was involved in this is brought to justice.

    1. Imhotep

      Re: The job isn't finished

      I doubt that the Saudi nationals involved have broken any law for which they can be extradited.

  11. Anonymous Coward
    Anonymous Coward

    I hope

    MI6 have recruited in Google, Facebook etc.

    I expect lots of staff on backhanders and lots of firms holding private data will be a little worried at moment

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like