Picture of Fabrizio Baiardi

Fabrizio Baiardi

Fabrizio Baiardi is a Full Professor at Università di Pisa where he has chaired one of the first degree on security of ICT infrastructures. His main research interests are formal approaches to risk assessment and resilience of critical ICT infrastructures. Fabrizio Baiardi has been involved in the risk assessment and management of several systems and of industrial control systems with SCADA components. He has authored several papers on ICT security and currently teaches university courses on security related topics.

Neglecting symptoms does not help

It is very significant that just when Twitter is targeted by an attack enabled by the stealing of credential of some of its employees, U.S. prosecutors have filed a superseding indictment in federal court against two former Twitter employees for allegedly spying on dissidents on behalf of Saudi Arabia.

The Department of Justice had alleged last year that two former Twitter employees, Ahmad Abouammo and Ali Alzabarah, have been recruited by a Saudi national with ties to the royal family. The two employees have abused their access to Twitter to collect sensitive information about Saudi dissidents, including location data, email addresses, and phone numbers. They also allegedly targeted a close associate of American journalist Jamal Khashoggi that was murdered in 2018, according to the CIA, at the behest of Saudi Crown Prince Mohammed bin Salman.

Abouammo has worked as Twitter’s head of social media partnerships for the Middle East and North Africa. He allegedly met with a Saudi official in 2014 and soon after accessed Twitter users’ information. He pleaded not guilty last year and is in U.S. custody. Before Abouammo left Twitter, he allegedly passed on his contacts to Alzabarah, a site reliability engineer. According to the prosecutors, Alzabarah used that information to access data about 6,000 users.

News about the indictment come shortly after Twitter suffered from an insider breach we have described in previous posts.
The two breaches raise questions about Twitter’s ability to control its employees’ access to sensitive information of its own users. In relation with this case, Twitter claims that

“we understand the incredible risks faced by many who use Twitter to share their perspectives with the world and to hold those in power accountable”

but to assure its users it told it had “tools” in place to protect user privacy.

Hence, the new attack is just a further symptom of an old, unsolved, problem.


More to explore

La startup Haruspex sbarca in Silicon Valley

L’azienda di cybersecurity spezzino-pisana è stata selezionata dal prestigioso programma “Global Startup Program” dell’Italian Trade Agency, a San Francisco. Per il momento il programma sarà svolto in virtuale dato il persistere delle limitazioni agli ingressi sul suolo statunitense.

Leave a Comment

Your email address will not be published. Required fields are marked *