The news: The US Justice Department has charged two men who used to work at Twitter with accessing personal information on critics of the Saudi Arabian regime, which they collected and passed on to Saudi officials, the Washington Post reports.
Who were they? Ali Alzabarah was a site reliability engineer who joined Twitter in August 2013. Over time, he gained more responsibility until he was able to access personal data—including phone numbers and IP addresses—as part of his job. He is accused of collecting information on more than 6,000 Twitter users, including dissidents and political activists, over the course of a few months in 2015. The other man, Ahmad Abouammo, was a media partnerships manager. He is accused of taking information from three user accounts, at least one of which belonged to an outspoken critic of the Saudi royal family. Abouammo received at least $300,000 from the Saudi government in return for his services, according to the indictment.
A third individual: The court documents refer to a third person charged with spying: Saudi citizen Ahmed Almutairi. They allege he acted as an intermediary between Saudi officials and the Twitter employees. Both Alzabarah and Almutairi are Saudi citizens (believed to be in Saudi Arabia now), while Abouammo is a United States citizen. He was arrested in Seattle on Tuesday.
The political angle: This is the first time federal prosecutors have publicly accused Saudi Arabia of running agents inside the US. The court documents say that one of the men implicated is an associate of Saudi Crown Prince Mohammed bin Salman, who the CIA concluded probably ordered the assassination of Washington Post columnist (and outspoken critic of the regime) Jamal Khashoggi last year.
The insider threat: Given the vast amount of sensitive data tech companies hold about individuals and their everyday habits, it is obvious that their employees will be targets for espionage. This case is a reminder of how powerful these companies are, and how unaccountable: we know very little about their vetting and security procedures. It’s unlikely that this is an isolated case, but given Silicon Valley’s secretive culture, it’s hard to say for sure. Either way, the ease with which these three men operated is a reminder that hacking isn't the only way to access data illicitly: a well-placed insider with nefarious motives can wreak a lot of damage too.
Sign up here for our daily newsletter The Download to get your dose of the latest must-read news from the world of emerging tech.