The hacked accounts of verified users on Twitter are likely being bought and sold to unknown Saudi entities and Twitter appear to be doing little about it. This post details a number of examples of this problem, putting it in the wider context of the problematic Gulf Twittersphere.

**Update: Since I wrote this blog and it was circulated, at least two of the accounts have lost their verified status, @sheynasteiner and @N20. Sadly, @twcdaveschwartz still remains verified, despite the fact he passed away in 2016! N20 was a bit of a wild card in my analysis but it turns out my hunch was correct. … Nicole Jade Parks is still verified. Will keep an eye out, thanks @qdepim for the tip off.

*****************************************

The Late David Shwartz would be perhaps disturbed to note that his verified Twitter account has now been possessed by a pro-Saudi Twitter account. David, who was a meteorologist with the Weather Channel, sadly passed away from cancer on Saturday 30th July 2016. The NY Times did a fitting obituary.

May you rest in peace @TWCDaveSchwartz ! One of the kindest, happiest, wisest & authentic humans I’ve ever known. 💙 pic.twitter.com/iGhraHjtgR — Stephanie Abrams (@StephanieAbrams) July 30, 2016

Despite David’s passing, I discovered today that his verified Twitter account @TWCDaveSchwartz, is very much alive. It was taken over by someone with the Arabic name فعاليات القصيم , which translates as ‘Al Qassim Events’. As you can see from the image below, the handle @TWCDaveSchwartz, remains, but the name above it is in Arabic.

Right now David’s former account does not contain much information. It has one retweet from Zayad bin Neheet (a saudi poet briefly imprisoned for criticising media onslaught against Qatar) praising Al Qassim and Prince Faisal bin Mishal, the governor of Al Qassim. The account is followed by a few hundred, mostly Saudi-based accounts. As you can see from below, one of the most recent followers has a banner photo of Mohammed bin Salman (MBS), the Saudi Prince-cum-journalist slayer.

There is nothing sinister in particular about the new name. Al Qassim is a region in Saudi Arabia and there are two other Twitter accounts called something similar (@kas_garden134 and the other @qassim_events). They both promote events in the region. What is sinister though is how someone managed to access the verified account of a deceased man…

Twitter’s Indifference (Twindifference)

Twitter has temporarily suspended its verified accounts program. The blue verification badge was originally designed to let ‘people know that an account of public interest is authentic’. Writing in Prospects Magazine, Rafael Behr explained the reason for the decision to suspend verification, ‘the company stopped giving out any more blue ticks last year because verification was being interpreted—and abused—as a kite mark of veracity. And Twitter certainly didn’t want responsibility for that.’ The blue badge, sadly, also means that those people who have it retain a certain amount of credibility and legitimacy. In an age of fake news and fake accounts, it lets people know that your account is real (Ironic side note, Twitter also suspended its verification program to focus on ‘information quality’ ahead of US midterms)

While it is entirely insensitive to exploit someone’s account this way, Twitter appear to have done little to combat it. Although I came across David’s account today, others had already noticed the problem as far back as 2018.

So you hijack a man who died of cancers account to promote tourism with a rubbish resolution background. FAIL pic.twitter.com/DnPm7XdMKP — Spectrum (@spectrumaots) March 16, 2018

This happened twice now, both speaking Arabic. — Garrett ⛈ (@WeatherGarrett) March 16, 2018

Twitter user @TVShowsFan was also blocked on March 14 2018 by the new user who still appeared to be using David’s profile picture at the time.

Understandably, people who knew or admired David were upset by this. He died in 2016. Two years later, and despite numerous protestations to Twitter, his account is still possessed by some unknown entity.

It was an individual tweet that was talking about some festival if I remember correctly, I then DM the account since we both followed each other saying that he should give up ownership of the account because it’s disrespectful to dishonor someone who died of cancer — Spectrum (@spectrumaots) February 9, 2019

And there are more: Abd al Aziz al Harthi/Sheyna Steiner

David is not the only person this has happened to. Today I found out through @AlMinJaf that Sheyna Steiner, an American financial analyst who has appeared on Fox Business (among other things), had her account hijacked by another pro-Mohammed bin Salman account. The new account, going by the name Abd al Aziz al Harthi, is incredibly active. Below on the right you will see @sheynasteiner’s hijacked account, and on the left, the person who presumably bought the account

Nicole Jade Parks

Then there is the former Sochi Winter Olympian Nicole Jade Parks, of the Mogul Skiing Academy (AUSMSA). Her account appears fairly inactive, and although it says she has tweeted 11 times, no tweets appear on her timeline. It is also followed by plenty of pro-Saudi accounts. See below.

How widespread is this?

There is a market and demand for verified accounts. This thread on the hacking site BlackHatWorld highlights that. The fact all the examples in this blog are from Saudi is not necessarily a coincidence. When I searched through my complete list of Twitter verified users, I looked at arabic accounts that had the ‘default’ profile image link . There were only 9 of them. The ones below in red are those ones featured in this article – those in blue are either legitimate or were appropriated by an entity that doesn’t appear to have any connection with Saudi (or any other country – except possibly Oman)….I also don’t know why Chris Fedun from Nashville had his account listed in Arabic)

https://twitter.com/handwalla

https://twitter.com/thaqafh

https://twitter.com/Nicolejadeparks

https://twitter.com/SheynaSteiner

https://twitter.com/twcdaveschwartz

https://twitter.com/meesgreg

https://twitter.com/chrisfedun

https://twitter.com/emmawillmann

While going through the complete list of verified users to find hacked accounts would take some time, the ones above are those hacked by entities somehow linked or desiring to promote Saudi/MBS. Although we don’t know what entity this was, or how the accounts were procured, it is probable that someone purchased these hacked accounts. (I should note I also flagged another – N20, as suspicious).

Given the ever-expanding amount of evidence highlighting Saudi’s manipulation of Twitter, whether through moles in Twitter’s San Francisco HQ, or through massive troll armies, it is not improbable to wager that these accounts may have been obtained by some nefarious entity for some sinister purpose. We know, after all, that the now infamous Saud Al Qahtani has dedicated much time to procuring sim cards for fake Twitter accounts (among many other things).

Regardless of the reasons, it is quite alarming that Twitter have not done anything to de-activate these accounts. It is indicative of an apathy or reluctance towards dealing with similar issues in the Middle East. It is certainly not helping Twitter’s credibility in a region plagued by Twitter bots and online misinformation. What’s more, we do not know the full extent of this problem.. Not yet anyway….