When Nation-States Attack
The Dissident — a documentary that tells the story of the assassination of Jamal Khashoggi — was released to U.S. audiences in December 2020.
Prior to Khashoggi’s murder (October 2018), for years, he was targeted online by Saudi’s “electronic army” (or “electronic flies”) — state-backed information operations anchored by a vast network of inauthentic Twitter accounts. These coordinated attacks against Khashoggi, driven by a combination of real accounts and sockpuppets (online identities that are used to mislead), were brilliantly integrated throughout The Dissident.
While Twitter has removed accounts linked to Saudi’s “electronic army” in the past, thousands remain. They continue to manipulate trending hashtags and to terrorize users — especially journalists, academics, and members of civil society — across Arabic Twitter (Saudi Arabia, based on number of users, is among Twitter’s top 10 leading countries).
Enter Ali Soufan
Ali Soufan, a former F.B.I. agent and friend of Khashoggi, in May 2020 was informed by the C.I.A. that Al Qaeda militants were plotting against him (Soufan served as a lead investigator on the September 11th attacks).
Shortly thereafter, Soufan became the target of an aggressive Twitter smear campaign. According to The New Yorker, “cybersecurity experts hired by Soufan traced at least part of the campaign to an official in the Saudi government.” Moreover, the “campaign appeared to have involved some of the same people who had targeted [Khashoggi].”
It was determined that the smear campaign against Soufan was “started by Hussain al-Ghawi, a self-proclaimed Saudi journalist” with a large Twitter following:
As Soufan and his team dug deeper, they discovered that al-Ghawi helped instigate a “vitriolic social-media campaign” targeting Khashoggi in the months prior to his killing.
The campaigns against Khashoggi and Soufan made false allegations that were “retweeted thousands of times by a legion of bots and fake accounts.”
Well, Shit. This Sucks
In October 2020, it was brought to my attention that my name (i.e. Geoff Golberg) was mentioned (and photo was included) in an Arabic Twitter thread that was being shared widely:
Among other things, the thread makes the following claims:
- I have an affiliation with Stanford University
- I have an affiliation with the Qatari government
- I am a CNN journalist
- I am a collaborator with several Qatari newspapers
- My work is aimed at defending Qatar, Hezbollah, and Turkey
None of these allegations are true, yet al-Ghawi’s tweets were retweeted thousands of times.
Unfortunately, I am unable to contest being slandered by a verified account via replying to the thread, as Twitter suspended my account in July 2019 — for referencing a sockpuppet account (the very existence of which violates Twitter Rules) as a “moron.”
Since Twitter has silenced my voice, I opted to post on LinkedIn outlining how I was being targeted (and where I tagged a number of Twitter executives hoping to get their attention):
Realizing I was being targeted in the same fashion (and involving the same Twitter accounts) as Jamal Khashoggi certainly made me feel uneasy.
Smear Attacks, Round Two (Upgraded To Video!)
Last month (March 2021), al-Ghawi tweeted episode #32 from his YouTube channel, JAMRA. In this episode, the same false claims that were tweeted about me in October 2020, were now being spread using video — a much more compelling medium than text.
As of April 5th, 2021, al-Ghawi’s tweet had been retweeted more than 6 thousand times and the video had been viewed nearly 450 thousand times:
In fact, the video embedded into al-Ghawi’s tweet — which used Twitter Media Studio in the process — has generated significantly more views than when posted to YouTube, natively (just over 100 thousand views, for comparison):
Worth noting that the video has nearly a thousand comments. Similar to Twitter, this engagement is driven by inauthentic accounts that violate platform rules.
As highlighted by İyad el-Baghdadi — a human rights activist that rose to prominence during the Arab Spring —propaganda like this “has in the past been coupled with hacks and other forms of state action”:
Mapping Hussain al-Ghawi (@halgawi)
Each dot (node) is an account @halgawi is Following. Colors represent communities (algorithmically determined by interconnectedness) and the size of each node represents how central the account is to the overall network.
As can be seen, the orange community — generally speaking — consists of the more recent accounts that @halgawi opted to follow on Twitter (vs. accounts from the green and red communities which were among the first accounts that al-Ghawi followed).
Included among the orange community are a material number of inauthentic accounts.
We would implore Twitter’s Trust & Safety team to review @halgawi’s social graph (both Following and Followers networks).
It is trivially easy to see that the account has been in violation of Twitter Rules for years. The intent of this post, however, is to provide a high-level summary, rather than a deep-dive into the data/analysis.
For those interested in scanning the Following network, feel free to check out the graphic in this LinkedIn post (screenshot captured below):
Infiltrating Twitter HQ
Bader Al Asaker (@Badermasaker) is the Saudi crown prince’s top aide (Al Asaker has led the crown prince’s private office since 2017). He is also the chairman of the MiSK Foundation, a technology-focused nonprofit founded by Prince Mohammed bin Salman’s charitable foundation:
In November 2019, The U.S. Department of Justice (DOJ) charged “two former Twitter employees with spying for Saudi Arabia by accessing the company’s information on dissidents who use the platform.” One of the former Twitter employees, for example, was accused of accessing “personal information of more than 6,000 Twitter accounts in 2015 on behalf of Saudi Arabia.”
According to the New York Times, at the end of 2015, DOJ investigators informed Twitter “executives that the Saudi government was grooming employees to gain information about the company’s users.”
While the DOJ complaint doesn’t mention Al Asaker by name, based on other details provided in the court documents, it may be inferred that he was “the foreign official” that cultivated relationships with the former Twitter employees, resulting in them acting as agents of Saudi Arabia inside the United States.
Given the role Al Asaker played, one would think the DOJ would push Twitter to suspend his account. Instead, Twitter CEO, Jack Dorsey, actually follows Al Asaker:
Around the same time (late 2015) that DOJ investigators were informing Twitter executives of the infiltration, a Saudi billionaire (via his investment firm) became Twitter’s second largest shareholder (at the time, Prince Alwaleed bin Talal owned a larger share of Twitter than Jack Dorsey).
OK, So What’s Your Point?
Despite Twitter permanently suspending 88 thousand accounts in December 2019 (and attributing them to the Saudi government), their executive team continues to allow millions of inauthentic accounts to play a role in distorting the public debate across the Kingdom.
In addition to allowing the manipulation of Saudi trending hashtags, we have seen how Twitter remains complicit in allowing U.S. citizens to be terrorized (and smeared) by Saudi’s “electronic army” of flies.
Amazon CEO, Jeff Bezos, is a frequent target of said smear attacks, proving that even the richest person in the world doesn’t have enough power to hold Jack Dorsey accountable to enforce Twitter Rules.
Given the (large) role social media platforms like Twitter and Facebook play in today’s society, it is important to remember that each organization has one person who ultimately calls the shots. Effectively, Mark Zuckerberg and Jack Dorsey function as dictators of incredibly powerful countries.
Hence, when personal relationships (has Dorsey ever met or communicated with Bader Al Asaker?) and business relationships (Prince Alwaleed bin Talal’s investment into Twitter) introduce conflicting interests to tech oligarchs like Dorsey, it is critically important for the U.S. government to step-up and protect their citizens from attacks originating from foreign nation-states.
Social Forensics maps and monitors social connections and activity.
We create purposefully designed tools to manage social data analytics needs across various industries. Our focus is audience segmentation and identifying coordinated inauthentic behavior (CIB) across social media platforms.
Geoff Golberg is an NYC-based researcher (and entrepreneur) who is fascinated by graph visualization/network analysis — more specifically, when applied to social networks and blockchain activity. His experience spans structured finance, ad tech, and digital marketing/customer acquisition, both at startups and public companies.
Geoff is the Founder/CEO/Janitor of Social Forensics.