The person responsible for the 11-minute deactivation of President Donald Trump’s @realdonaldtrump Twitter account in early November was a third-party contract employee who worked for Twitter’s Trust and Safety operations team in the San Francisco area, according to two people familiar with the matter. He had been on the job for about four months.
TechCrunch first confirmed the contractor's identity as Bahtiyar Duysak, and reported his role in deactivating Trump's Twitter account.
The temporary deactivation was a strong signal that Twitter, which has gone to extraordinary lengths to court politicians and world leaders to its service, has not taken similarly extraordinary measures to protect their accounts.
Duysak indicated on his LinkedIn page that he was temporarily employed at Twitter through the contracting service Pro Unlimited, which provides staffing services to dozens of Silicon Valley companies for tasks like content review.
In response to BuzzFeed News attempts to confirm his role after the deactivation, Duysak did not return multiple requests for comment sent to his Facebook page and an email address in early November. A phone number associated with him was turned off as of Nov. 3, the day after Trump's account was taken offline.
Twitter declined a request for comment in early November. A spokesperson from Pro Unlimited did not respond to multiple requests for comment at the same time.
Originally from Germany, Duysak has a master's in banking and finance from University of Birmingham in England and finished a postgraduate program at California State University, East Bay, in Hayward, Calif., according to a person close to him. Duysak was also head of the university's Turkish Student Association. A Facebook page for the contractor said he was a member of the school’s startup scene, while another related post showed him as a former volunteer security guard at a Bay Area Muslim community center.
An August update to the Facebook page for that religious center features photos of the contractor helping to deliver bikes and school supplies to underprivileged and refugee children in the community. After BuzzFeed News contacted the organization on Nov. 3, it deleted that post from its Facebook as well as a video featuring Duysak on YouTube.
BuzzFeed News confirmed Duysak was a contract employee at Twitter and had previously worked as a contractor for other tech companies, including YouTube. “He seemed like he was happy with his job,” one friend said of the employee’s position at Twitter. “He was a contractor, so I assumed he was doing something simple.”
That same person also noted that the Twitter contractor served as a research assistant at Cal State East Bay, where he was enrolled in a management school program with many “exchange students who want to come to the US and improve their English before going to work.” That person said they were surprised and ashamed of Duysak’s actions.
One friend of Duysak’s, who met him in 2014 while attending the University of Birmingham in the United Kingdom, described him as “very smart,” but not someone who seemed passionate about politics. That friend said the contractor did not have much technology experience.
“The last time I spoke with Bahtiyar six months ago over WhatsApp, he seemed like he was planning to go back to Europe,” the friend said. "I cannot believe he had access to deactivate the most important account in the world."
On the morning of Nov. 4, Duysak changed his cover photo on Facebook to a waving American flag. “Love America!!” read the caption.
In his capacity working in user services, Duysak likely had administrator access to internal Twitter tools that would allow him to suspend or delete accounts. One former senior Twitter employee told BuzzFeed News that "a lot" of employees have the ability to suspend user accounts and hundreds have a level of access that would allow them to deactivate them. This former employee described Twitter’s account administration system as a dashboard, meaning employees might not need engineering skills to suspend or deactivate an account. “It's one click if you have the rights to access the tool," the person said.
The source also noted that Twitter was aware its suspension permissions could be abused, but did not change its protocol. "There was discussion that for verified accounts or high-profile ones, there'd be special protections (i.e., 'two keys') but it was never implemented," the person told BuzzFeed News. There do appear to be some limits. Another individual with knowledge of Twitter’s permissions system dispelled the notion that contract employees with administrator access can “become the user,” which would allow the employee to read direct messages and tweet as the account holder.
On Nov. 3, Twitter said it has “implemented safeguards to prevent this from happening again.” The company declined to share details on those safeguards.
The legal ramifications, if any, of Duysak’s actions are unclear as of yet. Twitter declined to comment on the level of access the contractor had to the president’s account and personal information, and it hasn’t indicated whether it will pursue legal action now or in the future. If it were determined that he took action against Trump’s account that was well beyond the scope of their authorized access, he could be vulnerable to legal action under the controversial Computer Fraud and Abuse Act (CFAA), a federal anti-hacking statute forbidding unauthorized access to computers.
A spokesperson for the Secret Service told BuzzFeed News in early November that it is not currently investigating the account deactivation. A spokesperson for the FBI, which routinely investigates cybercrimes as well as abuses of the CFAA, did not return a request for comment.
Reached for comment on Nov. 29, a Twitter spokesperson provided this statement: "We won't have a comment on a former employee. We have taken a number of steps to keep an incident like this from happening again. In order to protect our internal security measures we don't have further details to share at this time."
Alp Ozcelik contributed to this report.