Twitter whistleblower claims serious security flaws and claims the business deceived the public.

According to a whistleblower complaint submitted to the federal authorities last month, Twitter’s former head of cybersecurity has accused the firm of a number of serious security vulnerabilities and oversights.

The case, which was originally made public by The Washington Post and CNN, makes a number of devastating assertions about Twitter, including that the company’s board of directors members misled the general public and governmental organizations about Twitter’s security. In the case, the former security chief claimed that he was instructed to write false security documents and to withhold a significant security report from Twitter’s board.

In July, the Securities and Exchange Commission, the Federal Trade Commission, and the Justice Department received a complaint from Peiter Mudge Zatko, a seasoned cybersecurity specialist who is well-respected in the field. The charges’ veracity was confirmed by Whistleblower Aid, a nonprofit organization that offers attorneys to those who come forward with information.

In a departmental reorganization in January, Twitter CEO Parag Agrawal fired Zatko and another key security officer participated.

An official from Twitter responded to the complaint by claiming that Zatko’s account was bogus and that he was fired due to his poor performance and weak leadership. It also stated that the lawsuit lacks crucial context and that his claims on Twitter’s security were replete with contradictions and errors.

One of the accusations’ notable allegations is that
About every per week, Twitter experienced security breaches serious enough to merit reporting to a federal agency; in 2020 alone, there were 20 such breaches.
CEO Parag Agrawal has previously described of Twitter does not give eliminating spam or bot accounts the same priority.
An agreement the business struck with the FTC in 2011 to secure customers’ personal information has never been followed by the business.

Twitter hardly ever keeps an eye out for so-called insider threats, such as employees or contractors who utilize their connections to the business to steal information.

For Twitter, who is battling in court to ensure that Tesla CEO Elon Musk follows through on an agreement to acquire it for more than $44 billion, the complaint comes at a particularly delicate time. Musk is attempting to back out of the agreement. According to Musk’s legal defense, Twitter misled investors about its services, especially how effectively it combats bogus accounts.

Musk’s comments regarding spam on Twitter seem to be supported by Zatkos’ assertions. According to the lawsuit, Agrawal is aware that Twitter executives are not motivated to identify or report all spam bots on the network.

In that matter, Quinn Emanuel, which is representing Musk, has already sent Zatko with a subpoena for information about Twitter’s spam policies, according to Alex Spiro, an attorney there.

Musk seems to be aware of the whistleblower’s Twitter appearance.

Every significant business is concerned about insider threats, and Twitter recently experienced one of the most high-profile episodes in recent memory. Ahmad Abouammo, the former director of Middle Eastern media relations, was found guilty by a federal jury last month of improperly representing Saudi Arabia as a foreign agent. The Saudi royal family and Saudi officials received access to some users’ sensitive information, according to the jury’s verdict.

In November 2020, Jack Dorsey, the co-founder and former CEO of Twitter, hired Zatko after the business experienced the most egregiously embarrassing hack in modern social media history. Invading a number of well-known accounts, including those of Bill Gates, Elon Musk, and Joe Biden, the hackers tweeted requests for bitcoin from their followers. At the time, Twitter stated that a social engineering effort most likely targeted employees with access to its internal system. Dorsey expressed his regret over the incident at the time.

Later, the Justice Department filed charges in connection with the incident against a 22-year-old Florida resident, a 19-year-old British man, and a minor.

Zatko has a long and illustrious career in cybersecurity, with a focus on spotting potential vulnerabilities that nefarious hackers may try to exploit. In the past, he oversaw security research teams at Google and the Defense Department.

The cybersecurity community, which has long viewed Zatko as an industry star, expressed outrage over Twitter’s statement about him.

In a text message, CEO of the cybersecurity and compliance firm Red Queen Dynamics Tarah Wheeler stated that Zatko is well-liked in the information security community for his technical prowess.

Wheeler stated, “I trust him, and the online roars of I stand with Mudge are unlike anything I’ve seen previously for a whistleblower, and fully warranted.

Zatko is a unique figure in the sector, according to Rob Lee, a co-founder and CEO of Dragos, a top cybersecurity provider for industrial systems.

No one else, in my mind, has achieved the same degree of respect and importance in the hacker, government security, and information security sectors, Lee added.

The intelligence committee has a copy of the complaint, according to Sen. Marco Rubio, R-Fla., the committee’s ranking member, who spoke to NBC News.
We are treating the matter seriously and are interested in learning more, according to Rubio.

The chair of the Judiciary Committee, Sen. Dick Durbin, D-Ill., said in a statement that, if true, the allegations could pose serious privacy and security dangers to Twitter users all around the world.

He added, “As Chair of the Senate Judiciary Committee, I will continue to investigate this matter and take any actions as necessary to ascertain the truth regarding these concerning accusations.

While CNBC contacted the Justice Department and the FTC and NBC News contacted Zatko for comment, none of them received a response right away. The SEC chose not to respond.

More from the post


Recent Posts