Twitter whistleblowers raise alerts for security threats and deceptive executives

A former Twitter security official, who released the company’s whistleblower report, told lawmakers on Tuesday that the platform had serious security and privacy failures that leadership had refused to fix.

Peter “Mudge” Zatko, a cybersecurity expert who served as Twitter’s CEO from November 2020 until his dismissal in January 2022, testified before the Senate Judiciary Committee about a whistleblower complaint he filed with Congress, the Department of Justice, the Federal Trade Commission, and the Securities and Exchange Commission

“[I] I’m here today because I believe Twitter’s insecure handling of its users’ data and its inability or unwillingness to honestly represent issues to its board and regulators has created a real danger to tens of millions of Americans, the American democratic process and American citizens. Zatko said in his opening statement.

“Furthermore, I believe that Twitter’s willingness to intentionally mislead regulators violates Twitter’s legal obligations and cannot be ethically condoned.”

The cybersecurity expert said he found that Twitter could not protect its data because the company did not know “what data it has, where it lives and where it came from.” Employees—particularly engineers, who make up half of the full-time workforce—have great access to data. This means that any employee can access a lot of sensitive information about a Twitter user, including their geographical location and the data needed to directly access their devices.

“It doesn’t matter who has the keys if you don’t have any locks on the doors,” he said.

Peter “Mudge” Zatko, the former head of security at Twitter, testifies before the Senate Judiciary Committee on Twitter’s data security, on Capitol Hill, Sept.

Kevin Deitch via Getty Images

Twitter founder Jack Dorsey hired Zatko at the company after the platform was badly hacked by teens who took over several high-profile accounts as part of an attempt to scam Twitter users out of Bitcoin. After joining, Zatko said he discovered Twitter had a decade of overdue security issues and as a result exposed the failures frequently to “the highest levels” of the company. When his warnings were ignored, he provided disclosures to government agencies and regulators.

“Twitter’s leadership misleads the public, legislators, regulators, and even its board of directors,” Zatko said, adding that leaders ignored the company’s engineers because their “executive incentives led them to prioritize profits over security.”

The testimony of a cybersecurity expert was similar to that of Facebook whistleblower Frances Hogan, who spoke to lawmakers last year about concerns about the platform choosing profit over safety. While Haugen has supported her claims with internal documents, Zatko has yet to provide documentary support.

Twitter described the former CEO’s claims as a “false narrative” “full of contradictions and inaccuracies and lacking important context”. Senator Chuck Grassley (R-Iowa), the ranking member of the committee, said Tuesday that Twitter CEO Parag Agrawal refused to testify at the hearing, citing ongoing legal proceedings with Tesla billionaire Elon Musk.

Twitter sued Musk after trying to back out of his $44 billion acquisition of the platform — alleging that the company was not reporting sufficiently fake accounts, something Zatko has also accused Twitter of. Grassley said the Senate hearing is “more important than civil Twitter litigation in Delaware.”

Related Posts

Leave a Reply

Your email address will not be published.