When famed hacker Peiter Zatko, best known as Mudge, took the job of leading Twitter security in November 2020, internet archivist Jason Scott said: murmured“I fully support leaving after setting the place on fire.”
Zatko may have done just that, if not in that order. Months after being fired from CEO Parag Agrawal, Zatko filed a whistleblower complaint against the company, telling the Securities and Exchange Commission (SEC) that Twitter essentially did nothing to improve its security. rice field. The company has a pattern of lying and misleading governments, investors and Elon Musk.
Twitter didn’t address Zatko’s specific allegations in a statement to Recode, but in general, they weren’t accurate, Zatko was a disgruntled ex-employee, and the timing was “opportunistic.” said.
“Mr. Zatko was fired from Twitter’s senior management in January 2022.” and false statements about our privacy and data security practices.”
Musk’s claims are likely to get the most attention, given the high profile of the eccentric billionaire and the ongoing controversy surrounding his attempt to (and not) buy Twitter. I have. They were ranked relatively high in an SEC complaint leaked to The Washington Post and CNN on Tuesday, with several allegations Zatko claims Musk tried to get out of his $44 billion deal. Addressing the accusations directly, Musk says the fake accounts, or spam bots, are part of Twitter’s user base, much larger than the company claims. Twitter disagreed, saying Musk was trying to find a reason to terminate the deal. The company has sued Musk to force him to buy the company, and the trial is set to begin on his October 17th.
But these claims may be the least of Twitter’s concerns related to leaks. Zatko portrays Twitter as a company that misleads investors and government agencies while lacking the motivation and ability to protect its users and itself from security breaches.
Here are some claims Twitter should be more concerned about than Agrawal’s tweets about bot accounts.
Allegations that Twitter cheated the Federal Trade Commission
Zatko alleges that Twitter violated a 2011 FTC consent order by requiring the company to implement certain security protocols. Zatko said Twitter has never complied with the order and is unlikely to do so in the future. He claims he put the company (and its users’ data) at risk for security beaches like 2020, which was the driving force behind Zatko’s adoption.
The FTC is reportedly investigating these claims, and if they turn out to be true, it could prove very expensive for Twitter. It would also make Twitter a repeat offender. The company recently requested a user’s information for security purposes, and he agreed to pay $150 million to use it to show ads to users. The FTC won’t take it lightly.
Claims foreign government agents worked for Twitter and had access to user information — Twitter knew it
One of Zatko’s more surprising revelations was that Twitter had hired an Indian government agent. This meant that there was a high volume of access to data as the company had not taken basic steps to restrict access for many of its employees. Twitter executives knew that too many employees had access to too much information and that Indian government officials worked for the company, but did nothing, according to the complaint. said. It also said the U.S. government told Twitter that at least one employee was working on behalf of a foreign intelligence agency.
If true, this wouldn’t be the first time people working for a foreign government have infiltrated Twitter, presumably to gather information about dissidents and rivals. Convicted of breaking into Twitter to spy. He was being paid by Muhammad bin his advisor to Prince Salman. Another former Twitter employee accused of spying for Saudi Arabia fled the country before being arrested.
Jack Dorsey Checks Out, Accusations That He Was Replaced By The Worst CEO Ever
This may not come as a surprise to those who have seen the company’s founder and then-CEO brief appearances in Congress over the past few years, but Zatko said that while Zatko worked there, Dorsey He said he was mostly absent from Twitter. Dorsey “was significantly unfocused in 2021,” the complaint said, and rarely attended meetings, and few of those he attended. Zatko says this made his job harder and he didn’t get any support for his “superhuman effort” to fix Twitter. Dorsey was reportedly working on a private island in French Polynesia when the decision was made to expel President Trump from the platform. He resigned from his Twitter in late 2021.
Agrawal is now the CEO of Twitter and seems to be the target of Zatko’s ire. The complaint accuses Agrawal of failing to improve his Twitter security and privacy, attempting to hide Twitter’s issues from investors and the board, and providing the support and resources Zatko felt he needed to do the work he was hired to do. He repeatedly and frequently accuses him of not giving it to Zatko. Dorsey, who served as CEO for most of Zatko’s Twitter tenure, speaks lightheartedly in the report. That may not protect him from the repercussions of this leak.
Allegations that Twitter has long failed to follow basic security practices
Throughout the complaint, Zatko says that despite counting among its users some of the most powerful and important people in the world, the company has refused to implement some basic security measures. Zatko claims this led to security breaches, including the one that led to his hiring. A teenager accessed some of the most high-profile accounts on the platform and used them to tweet a Bitcoin scam that ultimately allowed him to steal $120,000. The value of cryptocurrencies from victims. The hacker gained access by tricking a Twitter employee into giving up his password. This shows how lax Twitter has been about limiting and controlling access to high-profile accounts.
Unsurprisingly, the claim has so far caught the attention of lawmakers, most of them Twitter users themselves. According to the Washington Post, some lawmakers have already met with Mr. Zatko or plan to meet in the near future. Expect Zatko to testify before a committee, as Facebook whistleblower Frances Haugen did following her revelation (both Zatko and Haugen are non-profit legal aid firms). A Whistleblower Aid was used to facilitate complaints and represent them). With Congress’ failure to pass federal privacy legislation, it’s not clear what legislators can do beyond sending angry letters or holding committee hearings. It may already be preparing a lawsuit against Twitter for allegedly deceiving consumers with
As for Musk, he has responded to the news with several tweets, including: 1 Illustration of Jiminy Cricket singing “Give a Little Whistle” at Pinocchio; screenshot A Washington Post article stating that Twitter has internal spam and bot numbers that it does not share with investors. Some tweets with emojis. monocle face and laughing face.
Musk’s attorney told the Washington Post that Zatko has already been subpoenaed for the Musk and Twitter trial.
Mask glee may be premature. Even if he loses the battle and is forced to buy Twitter, not only will he end up with a company worth far less than the price he agreed to pay. He also ends up with a company full of internal and external problems that someone has to fix if Zatko’s allegations are true.
