When Peiter Zatko, the notorious hacker better known as Mudge, got the job of Twitter security chief in November 2020, internet archivist Jason Scott tweeted“You have my full support for leaving after setting the place on fire.”
Zatko may have done just that, if not quite in that order. Several months after being fired by CEO Parag Agrawal, Zatko spoke out against the company, telling the Securities and Exchange Commission (SEC) that Twitter had done next to nothing to improve its terrible security — the reason for hiring Zatko in the first place – and that the company has a history of lying or misleading the government, investors and Elon Musk.
Twitter did not address Zatko’s specific allegations in a statement to Recode, but generally said they were not accurate and that Zatko was a disgruntled former employee whose timing is “opportunistic.”
“Mr. Zatko was terminated from his senior position at Twitter in January 2022 for ineffective leadership and poor performance,” a Twitter spokesperson said. “What we have seen so far is a false narrative about Twitter and our privacy and data security practices which is riddled with inconsistencies and inaccuracies and lacks important context.”
Musk’s claims may draw the most attention, given the eccentric billionaire’s notoriety and ongoing controversy over his attempt to buy (and then not buy) Twitter. They are placed relatively high in the SEC complaint that was leaked to The Washington Post and CNN on Tuesday, and some of Zatko’s claims directly address accusations Musk made to try to get out of his $44 billion deal. Musk said fake accounts, or spam bots, make up a much larger share of Twitter’s user base than the company claims, and therefore Twitter isn’t worth what it originally agreed to pay for. that. Twitter disagrees, saying Musk is trying to find a reason to back out of the deal. The company sued Musk to force him to acquire the company. This trial is due to begin on October 17.
But those claims might be the least of Twitter’s leak-related worries. Zatko describes Twitter as a company that lacks the motivation and ability to protect itself and its users from security breaches, while deceiving investors and government agencies.
Here are some of the claims Twitter should be more worried about than what Agrawal tweets about bot accounts.
The allegation that Twitter misled the Federal Trade Commission
Zatko alleges that Twitter violated a 2011 FTC consent order requiring the company to implement certain security protocols. Zatko says Twitter has never been in compliance with that order and likely never will be. He claims this has put the company (and its users’ data) at risk from security ranges like the one in 2020 that prompted Zatko’s hiring.
The FTC is reportedly looking into these claims, and things could get very costly for Twitter if they turn out to be true – just look at Facebook’s unprecedented $5 billion payout for breaching a consent order. the FTC. It would also make Twitter a repeat offender; the company recently agreed to pay $150 million to request user information for security purposes and then use it to target ads at them. The FTC won’t look kindly on this.
The claim that agents of foreign governments worked for Twitter and had access to user information – and Twitter knew it
One of Zatko’s most alarming revelations is that Twitter employed Indian government agents, meaning they would have had wide access to the data because the company failed to take basic steps to limit that access. for many employees. The complaint says Twitter executives knew too many employees had access to too many things and that Indian government agents worked for the company, but did nothing in response. It also says the US government told Twitter that at least one of its employees worked for a foreign intelligence agency, which is not named in the complaint.
If true, it wouldn’t be the first time Twitter has been infiltrated by people working for a foreign government, perhaps to gather information on dissidents or rivals. A Saudi national was recently convicted of infiltrating Twitter to spy on users critical of the Saudi government, for which he was paid by an adviser to Crown Prince Mohammed bin Salman. Another former Twitter employee accused of spying for Saudi Arabia fled the country before he could be arrested.
The accusation that Jack Dorsey checked out and was replaced by the worst CEO ever
It may come as no surprise to anyone who has watched the company founder and then-CEO’s terse appearances before Congress in recent years, but Zatko says Dorsey was mostly absent from Twitter while Zatko worked there. Dorsey “experienced a drastic loss of focus in 2021,” the complaint states, attending few meetings and barely participating in those he attended. Zatko says it made it difficult for him to do his job and he had no support in the “Herculean effort” that was fixing Twitter. Dorsey was apparently working from a private island in French Polynesia when the decision was made to ban President Trump from the platform. He resigned from Twitter at the end of 2021.
Agrawal is now the CEO of Twitter, and apparently the object of Zatko’s ire. The complaint repeatedly and frequently accuses Agrawal of failing to improve Twitter’s security and privacy, of trying to hide Twitter’s problems from investors and the board, and of not giving Zatko the support and resources that Zatko felt he needed to do the job he was hired to do. Although Dorsey was the CEO for most of Zatko’s Twitter tenure, he gets away with it easily in the report. This may not protect him from the fallout of this leak.
The allegation that Twitter failed to follow basic security practices for a long time
Throughout the complaint, Zatko claims the company has refused to implement certain basic security measures, even counting some of the most powerful and important people in the world among its users. This led, according to Zatko, to security breaches, including the one that led to his hiring: a teenager was able to access some of the platform’s most high-profile accounts and then use them to tweet scams at the bitcoin, ultimately stealing $120,000. victim’s cryptocurrency value. This hacker gained access by tricking Twitter employees into giving up their passwords, showing how apparently lax Twitter was when it came to limiting and controlling access to high-level accounts.
Unsurprisingly, this claim has so far captured the bulk of the attention of members of Congress, most if not all of whom are Twitter users themselves. According to the Washington Post, some lawmakers have already met with Zatko or plan to do so in the near future. Expect Zatko to testify before committees, much like Facebook whistleblower Frances Haugen did following her disclosures (both Zatko and Haugen have used Whistleblower Aid, a nonprofit legal aid company). not-for-profit, to facilitate their complaints and represent them). What’s unclear is what lawmakers can do beyond sending angry letters or holding committee hearings because Congress has failed to pass the laws. federal privacy laws. The SEC and FTC, on the other hand, may already be preparing their cases against Twitter for allegedly misleading shareholders and consumers.
As for Musk, he responded to the news with several tweets, including a from an illustration of Jiminy Cricket, who sings “Give a Little Whistle” in Pinocchio; a screenshot the Washington Post article that said Twitter had internal spam and bot numbers that it didn’t share with investors; and several tweets with a lonely emoji, including one monocle face and one crying and laughing face.
Musk’s attorney told The Washington Post that Zatko has already been subpoenaed for the Musk-Twitter lawsuit.
Musk’s joy could be premature. If he loses his battle and is forced to buy Twitter, he won’t just get a company that’s already worth far less than the price he agreed to pay. He’ll also get a company that, if Zatko’s claims are true, is plagued with internal and external issues that someone will need to address – and respond to.
#Twitters #whistleblower #problem #bigger #Elon #Musks #bot #complaints