Twitter whistleblower raises alarm about security threats and deceitful executives

0
6

A former security chief at Twitter, who released a whistleblower report on the company, told lawmakers on Tuesday that the platform has serious security and privacy flaws that the leadership has refused to fix.

Peiter “Mudge” Zatko, a cybersecurity expert who served as Twitter executive from November 2020 until his resignation in January 2022, testified before the Senate Judiciary Committee about the whistleblower complaint he filed with Congress, the Department of Justice, the Federal Trade Commission. and the Securities and Exchange Commission

“In addition, I believe that Twitter’s willingness to intentionally mislead regulators violates Twitter’s legal obligations and cannot be ethically tolerated.”

The cybersecurity expert said he found that Twitter cannot protect its data because the company doesn’t know “what data it has, where it lives and where it comes from”. Employees – especially engineers, who make up half of the full-time workforce – have too much access to data. This means that every employee has access to a lot of sensitive information about a Twitter user, including their geolocation and data needed to access their device directly.

Peiter “Mudge” Zatko, former chief of security at Twitter, testifies before the Senate Data Security Committee on Twitter, on Capitol Hill, Sept. 13.

Kevin Dietsch via Getty Images

Twitter founder Jack Dorsey recruited Zatko to the company after the platform was infamously hacked by teenagers who took over several high-profile accounts as part of an effort to scam Twitter users from Bitcoin. After joining, Zatko said he discovered that Twitter had a decade of overdue security vulnerabilities and as a result repeatedly disclosed the flaws “to the highest levels of” the company. When his warnings were ignored, he then took the revelations to government agencies and regulators.

The cybersecurity expert’s testimony was similar to that of Facebook whistleblower Frances Haugen, who spoke to lawmakers last year about concerns about the platform favoring profit over security. While Haugen has supported her claims with internal documents, Zatko has not yet provided documentary support.

Twitter called the former director’s allegations “a false story” that is “riddled with inconsistencies and inaccuracies and lacks important context”. sen. Chuck Grassley (R-Iowa), the ranking committee member, said on Tuesday that Twitter CEO Parag Agrawal declined to testify at the hearing, citing pending legal proceedings with Tesla billionaire Elon Musk.

Twitter sued Musk after he tried to pull out of his $44 billion deal to acquire the platform. Grassley said the Senate hearing is “more important than Twitter’s civil lawsuits in Delaware.”