The reports of spying on Saudi Arabia by former Twitter workers underline the threat that Silicon Valley companies have sensitive data that allow platforms to develop espionage.
The Saudi and one American citizen allegedly worked together to reveal details of ownership behind dissident Twitter accounts, according to a federal indictment, on account of the Riyadh government and the royal family.
Analysts say it shows that vast Silicon Valley companies ‘ servers can be juicy targets for intelligence agencies, frequently pressurizing insiders.
“The Twitter case shows that information is not only a business tool but a duty,” said Adrian Shahbaz, Technology and Democracy research director at Freedom House.
“The problem is not only how we keep it safe from hackers, but also from rogue employees of companies that collect massive amounts of data,” Shahbaz said platforms such as Twitter and Facebook remain important resources for human rights activists, but users should also be aware of the possibility of data leaks-in their country as well as from insiders.
“It was disturbing to see how governments use strategies to manipulate the internet’s inherent weaknesses….,” he said.
Bruce Schneier, a security researcher and fellow at Berkman University’s Berkman Klein Center for Internet & Society told Harvard that it was not shocking to see governments targeting repositories of software platforms.
“We all think this happens a lot, but it never comes up,” said Schneier.
No match for Russia
Schneier said that there have been concerns for Chinese and Russian insiders that the major software systems could implement vulnerabilities, and that businesses could struggle to thwart these efforts.
“Russia’s government versus Twitter isn’t a fair fight,” he said. “Tech businesses are hard to blame.” Because major technology corporations have engineers from all over the world, Schneier said it allows intelligence services to hunt for and target their expatriates for spying.
James Lewis of the Center for Strategic and International Studies in Washington said that this case demonstrates the ability to target insiders.
“The risks of insiders return to biblical times,” he said, adding that accused people were probably caught because “they did a terrible job of covering their paths.”
Full background checks
According to an indictment unsealed Wednesday, in 2014-2015, US citizens Ahmad Abouammo and Saudi national Ali Alzabarah were hired in Twitter in order to gain access to private information related to Riyadh critics ‘ accounts.
Ahmed Almutairi, a publicity officer connected to the royal family, was a crucial agent who arranged contacts.
Yet, former US aviation intelligence agency warfare agent John Dickson who now works with the Denim Group security advice agency said that private companies, including in Silicon Valley, are not prepared to conduct background checks necessary to find possible spies.
“Many employers make cursory background checks for the clearest items, such as criminal records and bankruptcy,” he said.
“None of them looks like a background check on the risks to a nation state.” Dickson said it remains unclear if the technology companies are aware of the importance of their data and the information they provide for intelligence services.
“We continue to act as social media companies,” he said.
“Their goal is to connect as many as possible and boost the platform’s network effect.” Shahbaz said the latest case shows that regulations require software companies to restrict how much information they collect and retain.
“There could be a role for government in the privacy law,” he said.
“It is a case where users collect limited data and allow users to opt out” of certain forms of data collection.
He also said that businesses should be required to inform victims when their data was breached “to take action to protect themselves.”