The allegations of spying by former Twitter employees for Saudi Arabia underscore the risks for Silicon Valley firms holding sensitive data which make the platforms ripe for espionage.
The two Saudis and one US citizen allegedly worked together to unmask the ownership details behind dissident Twitter accounts on behalf of the Riyadh government and royal family, according to a federal indictment.
Analysts say the incident shows how massive databases held by Silicon Valley giants can be juicy targets for intelligence agencies, which can often apply pressure to company insiders.
“The Twitter case shows how data is not only an asset but a liability for companies,” said Adrian Shahbaz, research director for technology and democracy at the human rights group Freedom House.
“For companies collecting massive amounts of data, the challenge is how to keep it secure not only from hackers, but from rogue employees.”
Shahbaz said platforms such as Twitter and Facebook remain important tools for human rights activists, but that users should be aware of potential for data leaks — both in their countries, and from insiders.
“It’s been alarming to see how governments using tactics to exploit the inherent weaknesses of the internet… go after people expressing dissent,” he said.
“It’s a constant cat-and-mouse game between users and very well-resourced governments.”
Bruce Schneier, a security researcher and fellow at Harvard University’s Berkman Klein Center for Internet & Society, said it is not surprising to see governments targeting databases of tech platforms.
“We all assume it happens a lot. But this (prosecution) rarely comes up,” Schneier said.
No match for Russia
Schneier said there have long been fears about Chinese or Russian insiders pressured to introduce vulnerabilities in major software platforms, and that companies may be ill-equipped to thwart those efforts.
“The government of Russia versus Twitter is not a fair fight,” he said. “It’s hard to blame the tech companies.”
Because major tech firms have engineers from all over the world, Schneier said it enables intelligences services to seek out and pressure their expats for espionage purposes.
The case highlights the potential for insider threats, said James Lewis of the Center for Strategic and International Studies in Washington.
“Insider threats go back to biblical times,” he said, noting that the suspects were probably caught because they “did a terrible job of covering their tracks.”
Background checks enough?
According to an indictment unsealed Wednesday, US citizen Ahmad Abouammo and Saudi national Ali Alzabarah were recruited in 2014-2015 to use their positions in Twitter to gain access to private information related to accounts of critics of Riyadh.
Ahmed Almutairi, a marketing official with ties to the royal family, was a critical go-between who arranged contacts, prosecutors said.
Twitter said in a statement it restricts access to sensitive account information “to a limited group of trained and vetted employees.”
But John Dickson, a former US air force information warfare officer who is now with the security consultancy Denim Group, said private companies, even in Silicon Valley, are not equipped to for background checks needed to find potential spies.
“Most employers do cursory background checks for the most obvious stuff such as criminal records or bankruptcy,” he said.
“None of them does any semblance of a background check on nation-state threats.”
Dickson said it remains unclear if the tech platforms are cognizant of the sensitivity of the data they hold, and the draw of that information for intelligence services.
“They are still acting as social media companies,” he said.
“Their default is to get as many connections as possible, and the network effect enhances the platform.”
Shahbaz said the latest case illustrates a need for regulations to require tech platforms to limit how much data they collect and maintain.
“There might be a role for government to play in terms of data privacy legislation,” he said.
“There’s a case for collecting the bare minimum of data from users and allowing users to opt out” of certain kinds of data collection.
He said companies should also be required to inform victims if their data has been compromised “so they can take measures to protect themselves.”
Health Ministry Teams Up With Twitter to Respond to Queries Around COVID-19
The Union Health Ministry has teamed up with Twitter to launch a dedicated account to respond to Indian Twitter users’ queries related to COVID-19. The new account COVID India Seve using Twitter’s Twitter Seva platform, “a customised live query redressal service.” People can put their queries forward by tweeting to @CovidIndiaSeva to get a response from the authorities. The account describes itself as “Official @MoHFW_INDIA Handle for COVID-19 Response” and it was created in March. Twitter said that the service will enable the government to interact effectively with the public during the ongoing COVID-19 pandemic.
People in India can tweet to the @CovidIndiaSeva to seek guidance regarding steps to take if COVID-19 symptoms occur, know more about access to healthcare services, measures implemented by the government, among many other topics. According to Twitter, people will get answers to only broader questions, meaning personal queries won’t be dealt with through the new service.
Tweeting about the launch, Union Health Minister Harsh Vardhan wrote, “Experts will share authoritative public health information reg #COVIDー19 swiftly at scale, helping to build a direct channel for communication with citizens. Post your queries!”
@CovidIndiaSeva has been responding to the questions from Twitter users. NDTV journalist Akhilesh Sharma asked, ”Crucial question in everyone’s mind is that whether we are testing enough? What about rapid antibody based blood tests esp for COVID inflicted areas?”
Answering the question, @CovidIndiaSeva replied, “At present, 204 government labs and 86 NABL accredited private laboratory chains are involved in testing. The no. of collection centers have also been enhanced to 16,000 centers across India. We have already tested 4,05,320 people.” It went on to add, “Government of India has issued advisory to start rapid antibody based blood test for COVID-19 for areas reporting clusters (containment zone) and in large migration gatherings/evacuees centers.”
Twitter India has also been working with various state governments in the country to make the COVID-19 response management better. “It has also supported and enabled the Govt of Karnataka, Maharashtra, Jharkhand and Uttar Pradesh to set-up dedicated COVID-Response accounts. Govt. of Karnataka, Maharashtra,” it said in a statement.
Twitter Is Down for Some Users – You Are Not Alone
Twitter is down for many users across the globe. Reports are pouring from India, parts of Europe, Japan, as well as parts of the United States. We at Gadgets 360 are also facing issues when trying to access the micro-blogging platform, with some team members unable to the load the homepage, while others are unable to see their timelines or tweet. Twitter’s own support handle has yet to highlight the issue, though reports continue to flood in.
As seen on Down Detector, there have been hundreds of reports from across the globe, with most reports coming on for the Twitter website, with users of the Android app also reporting issues.
The Twitter status page says all systems are operational, as of a few seconds ago. As we mentioned, users are facing different problems, with some Gadgets 360 team members not affected at all, and others unable to tweet or load their timelines. The issue may be transient. To recall, the social network experienced a major outage earlier this month.
Are you facing issues with Twitter? Let us know in the comments below.
Twitter Said to Be Planning Bitcoin Payments as Tips on Its Platform
Twitter is considering a feature that would allow users to tip one another – in Bitcoins though.
The Information reports that the micro-blogging platform is working on implementing a new payment feature to let people send money to each other.
It is not yet clear whether the Twitter tipping feature would integrate with Jack Dorsey’s other company, Square, which is a financial services, merchant services aggregator, and mobile payment company based in San Francisco.
Dorsey has made absolutely no secret of his love of Bitcoin over the years.
NewsBTC has reported on the Twitter CEO opining that Bitcoin will one day be the currency of the internet and his company Square integrating cryptocurrency payments.
“Dorsey has been a major investor in the Bitcoin micropayments solution Lightning Network,” said the report.
Dorsey will move to Africa for three-six months this year to “define the future”.
“Sad to be leaving the continent for now. Africa will define the future (especially the bitcoin one!). Not sure where yet, but I’ll be living here for 3-6 months mid-2020. Grateful I was able to experience a small part,” said the Twitter CEO.
Dorsey has also hired Bitcoin developers for his payments company.
He is an advocate of digital currency bitcoin but he also says it is “not functional as a currency”.