Twitter beefed up security after reporting unauthorized access to several accounts linked to Saudi Arabia.
SAN FRANCISCO (CN) – Ahmad Abouammo had no justifiable reason to access the private data of Twitter users for his work as a media strategist, former colleagues testified Tuesday in a trial where he is accused of using his access company insiders to spy for the Saudis. Arabia.
Prosecutors say Abouammo used an internal Twitter tool called a “profile viewer” to gain access to personal identifiers such as email addresses, phone numbers and login locations of anonymous dissidents who criticized the Saudi Arabian government.
Seth Wilson, who heads Twitter’s information security team, said Abouammo’s interest in the account “raises some red flags,” since Abouammo would have had no reason to use the profile viewer tool in his management work. of media partnerships. “I could not find a reasonable justification for the accesses,” Wilson testified.
Jurors were also treated to an exhaustive display of spreadsheets detailing the dates and time stamps of every instance where Abouammo viewed various profiles from late 2014 to February 2015.
The logs showed Abouammo’s particular interest in @Mujtahidd, the handle of an anonymous activist who tweets critically about the Saudi royal family. Abouammo viewed the personal data associated with this account several times during January and February 2015.
Prosecutors say Abouammo passed his findings to Bader Al-Asaker, a senior aide to Crown Prince Mohamed Bin Salman, in exchange for a luxury watch and hundreds of thousands of dollars, which he laundered through a bank account in Lebanon.
Abouammo and former associate Ali Alzabarah were charged in 2019 with acting as agents on behalf of a foreign government. Abouammo, who left Twitter in 2015 to work for Amazon, was arrested at his home in Seattle, while Alzabarah fled to Saudi Arabia.
The pair also accessed a number of other accounts, many of which have now been suspended for violating Twitter’s policies. Alzabarah was the more prolific of the two, as Abouammo’s lawyer, Jerome Matthews, pointed out to the jury. He noted that some of the accounts had not been accessed by Abouammo at all, and that many other employees had specifically viewed the @Mujtahidd account; including those whose jobs did not give them good reasons.
Wilson said only customer support and “trust and security” staff would have reason to use the profile viewer tool with any regularity. Alzabarah, a site engineer, certainly not. “Alzabarah, because of the nature of his role, would have had very little reason or justification for access, and the amount of access raised doubts,” Wilson said.
The red flags prompted Twitter to try to curb unauthorized access to user accounts by its employees. “It certainly affected us from the point of view where we had identified individuals who were misusing and abusing their access for nefarious purposes,” Wilson said. “So the long-term goal of the program was to identify ways we could record and identify it, but how we could stop it or detect it more quickly.”
To justify his contact with Al-Asaker, his receipt of money and time, and his interest in accessing various user accounts, Abouammo’s defense team has relied heavily on his role as the sole manager of media partnerships. for Twitter Middle East North Africa (MENA). The region.
Abouammo’s lawyers argued that Abouammo was simply doing his job and cultivating business relationships in an emerging market.
But Lara Cohen, Twitter’s vice president of partners who held the same job as Abouammo in 2014, said there was no reason for anyone on the media team to use the profile viewer tool and that she had never used it. himself.
Cohen said media partnerships managers acted as “white-glove” liaisons between public figures and Twitter’s internal support teams, but were not allowed to provide more attentive customer service to high-profile users.
Cohen also said it would have been a violation of Twitter policy for employees to look at a user’s sensitive data just out of curiosity. “There was a lot of focus around not having access to someone’s private data unless you are authorized to do so,” she testified.
“Was a media partnerships manager allowed to view a Twitter user’s personally identifiable information, even if a known account requested it?” Assistant US Attorney Christine Bonomo asked, to which Cohen replied, “No. And I’ve never had or known anyone who did that.”
Cohen said the same policy applies to managers in emerging markets.
“There’s always been a lot of careful privacy about not accessing information you didn’t need,” she said.
Abouammo’s attorney, Angela Chuang, noted that Cohen has never worked with government officials or foreign dignitaries, although she manages celebrity partnerships.
Chuang asked Cohen if her job involved “trying to maintain relationships and not let them dry up.” When Cohen answered yes, Chuang asked if her celebrity clients were demanding.
“Yes,” she replied. “But it was clear there was no special treatment.”
Read the Top 8
Sign up for Top 8, a roundup of the day’s top stories delivered straight to your inbox Monday through Friday.
