- Federal prosecutors have charged 2 former Twitter employees suspected of spying for the Saudi Arabian government, according to a criminal complaint unsealed Wednesday.
- The complaint alleges the former Twitter employees spied on more than 6,000 Twitter accounts of users critical of Saudi Arabia.
- Facebook's ex-security chief, Alex Stamos, took to Twitter to talk about the risk of spying at tech companies. He said "there will be more" scandals like this.
- Visit Business Insider's homepage for more stories.
Two former Twitter employees are being charged by US authorities alleging they spied on more than 6,000 Twitter accounts since 2015, The Washington Post first reported on Wednesday.
According to former Facebook security chief Alex Stamos, we can expect to see more of these scandals in the future.
1) This is a huge deal.
— Alex Stamos (@alexstamos) November 6, 2019
2) Lots of tech employees have access to data and families back home.
3) All big tech companies need internal monitoring and hunting teams.
4) KSA wouldn't be at the top of my list of high-risk countries with lots of citizens in SV. There will be more. https://t.co/flZYxWuOqF
Stamos specifically tweeted about the need for tech companies to focus on detection and prevention going forward.
Something I've said to security audiences:
— Alex Stamos (@alexstamos) November 6, 2019
"We are all pretty good at technical infosec defense; the big tech companies are at least in the same league as state attackers. We are children when it comes to human intelligence."
Tech companies don't typically perform the same background checking that is required for high-level security clearance in the US government, although employees may similarly have access to sensitive information. Stamos said that tech companies don't conduct single scope background investigations (SSBIs), which involve interviewing employers, teachers, and other affiliates, or polygraph tests, both of which are standard practice in the intelligence community.
Stamos tweeted about the need for tech companies to have internal controls that can prevent employees from being tempted to share information.
"I think having good internal controls is a fundamental duty to employees to make it less likely they might get pressured for access," he wrote.
Nope, didn’t say that at all. I think having good internal controls is a fundamental duty to employees to make it less likely they might get pressured for access.
— Alex Stamos (@alexstamos) November 7, 2019
Companies also need to incorporate more modern, non-discriminatory preventative measures, Stamos said, and should conduct "internal hunting" for compromised employees.
I think this work can be done technically, with good preventative controls, a rapid operational response and internal hunting. The clearance process could be argued to be the 20th century solution to a problem for which there are more modern, non-discriminatory approaches.
— Alex Stamos (@alexstamos) November 7, 2019
In his Twitter thread, Stamos warned "there will be more."
Read the full complaint and list of charges against the two former Twitter employees over at The Washington Post.
Join the conversation about this story »
NOW WATCH: 8 weird robots NASA wants to send to space