A former Twitter security chief has alleged that the company misled regulators about its cybersecurity defenses, privacy protections and its ability to detect and remove fake accounts, according to a complaint filed with US officials.
The revelation could create serious legal and financial problems for the social media platform, which is currently trying to force Tesla CEO Elon Musk to consummate his $44 billion offer to buy the company.
Peiter Zatko, Twitter’s chief security officer until he was fired earlier this year, filed complaints last month with the US Securities and Exchange Commission, the Federal Trade Commission and the Justice Department. The nonprofit legal organization Whistleblower Aid, which is working with Zatko, confirmed the authenticity of a redacted copy of the complaint published online by the Washington Post.
Among Zatko’s most serious allegations is that Twitter violated the terms of a 2011 FTC settlement by falsely claiming that it had strong security measures in place to protect the safety and privacy of its users. Zatko also accuses the company of deception related to handling “spam” or fake accounts, an accusation that is at the heart of Musk’s attempt to back out of the Twitter acquisition.
Shares of Twitter Inc. fell 5.4 percent on Tuesday. Zatko did not immediately respond to a request for comment Tuesday. But he told the Post that he “felt ethically obligated” to come forward.
Better known by his hacker name “Mudge,” Zatko is a highly respected cybersecurity expert who first rose to prominence in the 1990s and later worked in high-level positions at the Pentagon’s Defense Advanced Research Agency and in Google.
He joined Twitter at the urging of then-CEO Jack Dorsey in late 2020, the same year the company suffered an embarrassing security breach involving hackers breaking into the Twitter accounts of world leaders, celebrities and tech moguls. , including Musk, in an attempt to scam his followers out of bitcoin.
Twitter said in a prepared statement Tuesday that Zatko was fired for “ineffective leadership and poor performance” and said the “accusations and opportunistic timing appear designed to grab attention and inflict harm on Twitter, its customers and shareholders.” The company called its complaint “a false narrative” that is “riddled with inconsistencies and inaccuracies and lacks significant context.”
Zatko’s attorneys, Debra Katz and Alexis Ronickher, said Twitter’s claim about its poor performance is false and that it repeatedly raised concerns about “grossly inadequate information security systems” with Twitter’s senior executives and board of directors. The lawyers said that in late 2021, after the board received “whitewashed” information about those security issues, Zatko escalated his concerns, “clashed” with CEO Parag Agrawal and board member Omid Kordestani and was fired two weeks later.
The 84-page complaint outlines a broken corporate culture at Twitter that lacked effective leadership and where Zatko said top executives practiced “deliberate ignorance” of pressing issues. His description of Dorsey’s leadership style is particularly scathing, saying the Twitter founder was “extremely out of touch” during the final months of his tenure as CEO to the point that he wouldn’t even speak during meetings about complex issues facing the company. business.
Zatko said he heard from colleagues that Dorsey would remain silent for “days or weeks.” Dorsey announced that he would step down as CEO of Twitter in November 2021.
NEW: Twitter CEO for the first time @paraga weighs on the complainant’s story.
Sending this message to staff this morning. pic.twitter.com/WY4TCqbA5q
The disclosure says Twitter offered no monetary incentives to improve the platform’s security and integrity, though the company did offer $10 million bonuses last year for top executives who could generate short-term user growth.
Among Zatko’s damning accusations of poor cybersecurity practices: software and security updates were disabled on more than a third of employee computers, unduly exposing them to malware, and it was common for people to install “any software that would like in their work systems”. These lapses are often considered deadly sins in cybersecurity.
Whistleblower Aid said it is legally barred from sharing Zatko’s statement. The same group worked with former Facebook employee Frances Haugen, who testified before Congress last year after leaking internal documents and accusing the social media giant of choosing profit over security.
A spokeswoman for the US Senate intelligence committee, Rachel Cohen, said the committee received Zatko’s complaint and “is in the process of setting up a meeting to discuss the allegations in more detail. We take this matter seriously.” .
Senator Dick Durbin, D-Illinois, said in a prepared statement that if the claims are accurate, they “may show dangerous security and data privacy risks to Twitter users around the world.”
Among the most alarming complaints is Zatko’s allegation that Twitter knowingly allowed the Indian government to place its agents on the company’s payroll where they had “direct, unsupervised access to company systems and user data.” .
‘Highly sensitive data’
A 2011 FTC complaint noted that Twitter’s systems were filled with highly sensitive data that could allow a hostile government to find precise location data for specific users and target them for violence or arrest. Earlier this month, a former Twitter employee was found guilty after a trial in California of passing sensitive Twitter user data to members of the royal family in Saudi Arabia in exchange for bribes.
The complaint said that Twitter also relied heavily on funding from Chinese entities and that there were concerns within Twitter that the company was providing information to those entities that would allow them to learn the identity and sensitive information of Chinese users using Twitter. in secret, which is officially prohibited in China.
Zatko also describes the “deliberate ignorance” of Twitter executives in counting the millions of accounts that are either automated “spam bots” or have no value to advertisers because there is no person behind them.
Alex Spiro, a legal representative for Musk, told CBC News that Musk’s team issued a subpoena for Zatko, saying, “We found his departure and the departure of other key employees curious in light of what we’ve been finding.”
#Twitter #executive #denounces #problems #fake #accounts #cybersecurity #defenses #CBC #News