Two separate incidents reported this week have once again highlighted how insiders with legitimate access to systems and data can be far more dangerous to enterprise security than external attackers.
On Thursday, the US Department of Justice announced indictments against two former Twitter employees for allegedly accessing private information tied to Twitter accounts belonging to several individuals of interest to the government in Saudi Arabia. A third individual based in Saudi Arabia was also indicted on related charges.
US national Ahmad Abouammo (age 41) of Seattle and Aliz Alzabarah (35) of Saudi Arabia are accused of using their Twitter employee credentials to collect information that helped Saudi officials identify individuals critical of the regime in the country. They are alleged to have provided the information — which included email addresses, phone numbers, IP addresses, and dates of birth — to officials working on behalf of the Saudi government and the Saudi royal family.
The charging documents described Abouammo as a former media partner manager at Twitter responsible for the Middle East and North Africa region.
In that role, he was involved in assisting notable Twitter accounts in the region — including those belonging to brands, journalists, and celebrities — with content and Twitter strategy as well as sharing best practices. Alzabarah was a site reliability engineer, with no authorized access to the Twitter account data. Even so, he is alleged to have accessed nonpublic data associated with more than 6,000 accounts, including 33 accounts for which Saudi officials had previously pressed Twitter for more information.
Abouammo allegedly received a luxury watch valued at more than $20,000 and hundreds of thousands of dolla ..
Support the originator by clicking the read the rest link below.
