from Hacker News

How Saudi Arabia Infiltrated Twitter

by blatherard on 2/20/20, 11:39 AM with 91 comments

  • by duxup on 2/20/20, 4:06 PM

    I worked on a support team for a company that that had some major financal institutions as a customer.

    We had remote access to their networks at times. My very first day I was amazed how much access I had at will.

    One day it was announced that a customer had come to us and demanded everyone had to meet X requirements to be able to work on their networks.

    Not long after another financal institution made a similar request.

    Some folks inside the company were a bit riled up by the requirements (background checks, some other things). They felt the requirements were absurd.

    Considering the access we had I thought they weren't strict enough. As just a lowly support dude hired during the dot com boom because the company needed warm bodies (who could do some independent thinking / troubleshooting) ... I had a lot of access.

    I don't know if they were thinking about spying like this, but I'm always amazed how much access people have to data and etc just from a technical support perspective (forget developers...).

    Later the company outsourced support to other countries... I'm not even sure you need spies in the US / would know anyone was spying under those circumstances.

    Support teams are probabbly a hell of a lot cheaper / easier to infiltrate / they get little / poor management / oversight. I saw tons of strange choices by our outsourced technical support staff, every single time I raised concerns it was discarded by something to the effect of "yeah they suck".

    And that doesn't account for all the financial institutions who outsourced their own direct ops teams to other countries ... I'd call them and if they ever were capable of following instructions 9x out of 10 they'd open up the wrong network / modems / etc.

  • by baybal2 on 2/20/20, 3:56 PM

    I'd also remind that Twitter is surprisingly leaky for Chinese using it, even for people who can get foreign simcards to register an account.

    API leak is one hypothesis, another one is that they got a mole there too.

    The same goes to Facebook. A number of FB users got detained in China with no better explanation than MSS getting access to FB's internal information like phone ID and IMSI data in user database.

    The most probable explanation people have crafted is following:

    1. Using internal or external tips, MSS gets user account info of a person of interest

    2. Their mole accesses the user database for info on cookies, IMSI, advertising ID and such

    3. MSS than cross-references the data with data on the open market, like IMSI databases sold by mobile advertising companies

    4. One way ticket to Heilongjiang is issued the next day, once the identity of the person is confirmed using logs of phone companies or ISPs.

  • by loup-vaillant on 2/20/20, 5:17 PM

    > Ali Alzabarah was panicked. His heart raced as he drove home from Twitter’s San Francisco headquarters in the early evening on Dec. 2, 2015.

    Ok, how could you possibly know that? That's a pretty good guess, but writing it like it was the start of a novel… fells like read bait, really. Especially given the following:

    > Alzabarah, Abouammo, and al-Asaker did not respond to requests for comment.

  • by mc32 on 2/20/20, 3:24 PM

    I don’t know why they started the blue checkmark.

    It’s not to verify identity. It’s more like imprimatur (anointed by Twitter as whatever). And that is stupid because it’s basically up to the whims of the company and becomes open to abuse internally and externally.

  • by komali2 on 2/20/20, 4:00 PM

    I remember serious concerns about Australian citizens suddenly being legally required to be spies for the Australian government regardless of where in the world they're working due to a new anti encryption law sometime in 2016. That and Twitter somehow being caught with their pants down regarding user phone numbers and other personal information makes it all the more important that all the engineers and product people on this site make it very clear to management that the systems must be set up in a way that simply doesn't allow people to access that information. It's morally good and it might prevent you from making the papers as a host of a bunch of spies that got your Chinese, Saudi Arabian, or Turkish users assassinated or jailed.

  • by dgellow on 2/20/20, 7:58 PM

    > At 5:17 p.m. he called a handler, identified as Associate-1 in the FBI complaint, who arrived in a white SUV two hours later. Driving around Alzabarah’s neighborhood, the two men called “Foreign Official-l” — al-Asaker, according to the Washington Post — at 7:20 p.m., and again at 7:22 p.m. and 7:31 p.m. They then called Dr. Faisal Al Sudairi, the Saudi consul general in Los Angeles, at 8:30 p.m., 8:38 p.m., and 9:26 p.m. Shortly after midnight, the consul general called Alzabarah back and spoke with him for three minutes.

    Slightly off-topic: I feel that gives a good idea of how much information can be extracted from very simple metadata (here timestamp and number called) in that kind of context.

  • by BrandoElFollito on 3/1/20, 12:26 PM

    Shit happens (a spy makes his way to your organization). In large companies, especially such as Twitter, there are processes to handle such cases.

    The process does not include firing the employer first thing in the morning. It includes calling the equivalent of the FBI for your country.

    The way Twitter failed to handle this case is staggering.

  • by grandridge on 2/20/20, 3:32 PM

    They bought a huge chunk?

  • by BryantD on 2/20/20, 7:57 PM

    I was wondering if it was an SRE when the original story came out.

    I'd be interested in seeing perspectives on how you avoid this scenario. While you could isolate data access by team in many models, you're still going to have engineers who have access to valuable data. Random access audits? But what about the scenario where your database lives on someone else's hardware?

    I guess you could always decide you want to use your cloud providers FedRAMP-compliant offerings.

  • by seemslegit on 2/20/20, 10:28 PM

    tldr; With money.

  • by saber6 on 2/20/20, 3:52 PM

    Yet another reason why Twitter should be banished to the depths of hell - what a stupid shit-show of a company.

    I eagerly anticipate their downfall. Just like I did MySpace. And hopefully someday, Facebook. Fuck these parasites.

  • by onetimemanytime on 2/20/20, 4:37 PM

    People from certain countries are different, they have different values and some loyalties to the old country. IMO, it's wayyy much easier to corrupt people from second or even third world countries, there corruption id the norm.

    Money is not an issue for a nation state and then they can fix things for family back home etc etc so they are bound to find people that say yes.