A former Twitter security chief has alleged the company misled regulators about its cybersecurity defenses, privacy protections and ability to detect and root out fake accounts, pitcher complaint claims alert filed with US officials.
The revelation could create serious legal and financial problems for the social media platform, which is currently trying to force Tesla CEO Elon Musk to complete his $44 billion bid to buy the company.
Peiter Zatko, Twitter’s chief security officer until his firing earlier this year, filed complaints last month with the US Securities and Exchange Commission, Federal Trade Commission and Justice Department. The nonprofit Whistleblower Aid, which works with Zatko, confirmed the authenticity of a redacted copy of the complaint posted online by The Washington Post.
One of Zatko’s most serious accusations is that Twitter violated the terms of a 2011 FTC settlement by falsely claiming that it had strong security measures in place to protect the safety and privacy of its users. . Zatko also accuses the company of deceptions involving its handling of “spam” or fake accounts, an allegation that is at the heart of Musk’s bid to back out of the Twitter takeover.
Shares of Twitter Inc. fell 5.4% on Tuesday. Zatko did not immediately respond to a request for comment on Tuesday. But he told the Post he “felt ethically bound” to come forward.
Better known by his hacker name “Mudge”, Zatko is a highly respected cybersecurity expert who first rose to prominence in the 1990s and later held senior positions at the Pentagon’s Defense Advanced Research Agency and to Google.
He joined Twitter at the behest of then-CEO Jack Dorsey in late 2020, the same year the company suffered an embarrassing security breach involving hackers who broke into the Twitter accounts of world leaders. , celebrities and tech moguls including Musk in an attempt to scam their followers out of bitcoin.
Twitter said in a prepared statement on Tuesday that Zatko was fired for “ineffective leadership and poor performance” and said “the allegations and opportunistic timing appear designed to draw attention to and harm Twitter, its customers and its shareholders”. The company called its complaint a “false narrative” that is “tricked with inconsistencies and inaccuracies and lacks significant context.”
Zatko’s attorneys, Debra Katz and Alexis Ronickher, said Twitter’s claim about his poor performance was false and he repeatedly raised concerns about “grossly inadequate information security systems to Twitter’s senior executives and board. The lawyers said that in late 2021, after the board received “whitewashed” information about these security issues, Zatko escalated his concerns, “clashed” with CEO Parag Agrawal and the board member Omid Kordestani and was fired two weeks later.
The 84-page complaint describes a broken corporate culture at Twitter that lacked effective leadership and where Zatko said top leaders practiced “willful ignorance” of pressing issues. His description of Dorsey’s leadership style is particularly scathing, saying the Twitter founder was “extremely disengaged” in his final months as CEO to the point that he didn’t even speak up in meetings about the complex issues facing him. the company was faced with.
Zatko said he heard colleagues say Dorsey would be silent for “days or weeks.” Dorsey announced he was stepping down as CEO of Twitter in November 2021.
NEW: CEO of Twitter for the first time @paraga weighs on the story of the whistleblower.
Sent this message to staff this morning. pic.twitter.com/WY4TCqbA5q
The disclosure says Twitter has not offered any monetary incentives to improve the security and integrity of the platform, although the company last year offered $10 million in bonuses to senior executives who could generate revenue. short-term user growth.
Among Zatko’s damning accusations of cybersecurity malpractice: software and security updates were disabled on more than a third of employee computers – unduly exposing them to malware – and it was common for people install “any software they wanted on their work systems”. Such failures are generally considered deadly sins in cybersecurity.
Whistleblower Aid said it was legally prohibited from sharing Zatko’s statement. The same group worked with former Facebook employee Frances Haugen, who testified in Congress last year after leaking internal documents and accusing the social media giant of choosing profit over safety.
A spokeswoman for the U.S. Senate Intelligence Committee, Rachel Cohen, said the committee had received Zatko’s complaint and “is in the process of arranging a meeting to discuss the allegations in more detail. We take this matter seriously. “.
Sen. Dick Durbin, a Democrat from Illinois, said in a prepared statement that if the claims are accurate, “they may show dangerous privacy and data security risks for Twitter users around the world.”
Among the most alarming complaints is Zatko’s allegation that Twitter knowingly allowed the Indian government to place its agents on the company’s payroll where they had “direct and unsupervised access to corporate systems and data.” enterprise users.
“Highly Sensitive Data”
A 2011 FTC complaint noted that Twitter’s systems were full of highly sensitive data that could allow a hostile government to find precise location data for specific users and target them for violence or arrest. Earlier this month, a former Twitter employee was found guilty after a trial in California of handing over sensitive Twitter user data to royals in Saudi Arabia in exchange for bribes. wine.
The complaint said that Twitter was also heavily dependent on funding from Chinese entities and that Twitter was concerned that the company was providing information to these entities that would allow them to learn the identities and sensitive information of Chinese users who covertly use Twitter. which is officially banned in China.
Zatko also describes Twitter executives’ “deliberate ignorance” of counting the millions of accounts that are automated “spam bots” or have no value to advertisers because there is no one behind them.
Alex Spiro, a legal representative for Musk, told CBC News that Musk’s team issued a subpoena for Zatko, saying, “We found his release and that of other key employees curious in light of this. that we found.”
#Twitter #executive #slams #issues #fake #accounts #cybersecurity #defenses #RadioCanada #News