Thursday Mar 28, 2024
Thursday Mar 28, 2024

Whistleblower accuses Twitter of cybersecurity negligence


Nepalnews
AP
2022 Aug 24, 10:06,
The Twitter application is seen on a digital device, Monday, April 25, 2022, in San Diego. (AP Photo)

The revelation could create serious legal and financial problems for the social media platform, which is currently attempting to force Tesla CEO Elon Musk to consummate his $44 billion offer to buy the company. Several members of Congress on Tuesday called on regulators to investigate the claims.

Peiter Zatko, who served as Twitter’s security chief until he was fired early this year, filed the complaints last month with the U.S. Securities and Exchange Commission, the Federal Trade Commission and the Department of Justice. The legal nonprofit Whistleblower Aid, which is working with Zatko, confirmed the authenticity of a redacted copy of the complaint posted online by the Washington Post.

“This was a last resort for him,” said John Tye, the group’s co-founder and chief disclosure officer, in an interview Tuesday. He said Zatko exhausted all attempts to get his concerns resolved inside the company before his firing in January.

Among Zatko’s most serious accusations is that Twitter violated the terms of a 2011 FTC settlement by falsely claiming that it had put stronger measures in place to protect the security and privacy of its users. Zatko also accuses the company of deceptions involving its handling of “spam” or fake accounts, an allegation that is at the core of Musk’s attempt to back out of the Twitter takeover.

Shares of Twitter Inc. closed down more than 7% Tuesday.

Better known by his hacker handle “Mudge,” Zatko is a highly respected cybersecurity expert who first gained prominence in the 1990s and later worked in senior positions at the Pentagon’s Defense Advanced Research Agency and Google.

He joined Twitter at the urging of then-CEO Jack Dorsey in late 2020, the same year the company suffered an embarrassing security breach involving hackers who broke into the Twitter accounts of world leaders, celebrities and tech moguls, including Musk, in an attempt to scam their followers out of bitcoin.

Twitter said in a prepared statement Tuesday that Zatko was fired for “ineffective leadership and poor performance” and said the “allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders.” The company called his complaint “a false narrative” that is “riddled with inconsistencies and inaccuracies and lacks important context.”

This image provided by Peiter Zatko shows Zatko, Twitter’s former security chief. (via AP)
This image provided by Peiter Zatko shows Zatko, Twitter’s former security chief. (via AP)

The 84-page complaint describes a broken corporate culture at Twitter that lacked effective leadership and where Zatko said top executives practiced “deliberate ignorance” of pressing problems. His description of Dorsey’s leadership style is particularly scathing; he described the Twitter founder as “extremely disengaged” during the last months of his tenure as CEO to the point where he would not even speak during meetings on complex issues facing the company.

Whistleblower Aid said it is legally precluded from sharing Zatko’s statement. The same group worked with former Facebook employee Frances Haugen, who testified to Congress last year after leaking internal documents and accusing the social media giant of choosing profit over safety.

Among the most alarming complaints is Zatko’s allegation that Twitter knowingly allowed the Indian government to place its agents on the company payroll where they had “direct unsupervised access to the company’s systems and user data.”

A 2011 FTC complaint noted that Twitter’s systems were full of highly sensitive data that could allow a hostile government to find precise location data for specific users and target them for violence or arrest. Earlier this month, a former Twitter employee was found guilty after a trial in California of passing along sensitive Twitter user data to royal family members in Saudi Arabia in exchange for bribes.

The complaint said Twitter was also heavily reliant on funding by Chinese entities and that there were concerns within Twitter that the company was providing information to those entities that would enable them to learn the identify and sensitive information of Chinese users who secretly use Twitter, which is officially banned in China.

Tye said “he’s never met Elon Musk. Doesn’t know Elon Musk. They know people in common.” Asked if mutual friends could have shared information about Twitter’s bot problems with Musk, Tye said Zatko “has not communicated with any other party about his disclosures” since filing the complaints in July.

READ ALSO:

Twitter Whistleblower accuses cybersecurity negligence former head of security poor cybersecurity defenses fake accounts Federal Trade Commission 84-page complaint
Nepal's First Online News Portal
Published by Nepalnews Pvt Ltd
Editor: Raju Silwal
Information Department Registration No. 1505 / 076-77

Contact

KMC-02, UttarDhoka,
Lazimpat, Nepal

Newsroom
+977–01–4445751 / 4445754

E-mail
[email protected] [email protected]

Terms of Use Disclaimer
© NepalNews. 2021 All rights reserved. | Nepal's First News Portal