The former head of security twitter.com told Congress that the social media platform is plagued by weak cyber defenses that leave it vulnerable to exploitation by “teenagers, thieves and spies” and put the privacy of its users at risk. Peter “Mudge” Zatkoa respected cybersecurity expert, appeared before the Senate Judiciary Committee on Tuesday to lay out his allegations.
“I’m here today because Twitter’s management is misleading the public, lawmakers, regulators, and even its own board of directors,” Zatko said as he began his sworn testimony.
“They don’t know what data they have, where it is and where it comes from and so, unsurprisingly, they can’t protect it,” Zatko said. “It doesn’t matter who has the keys if there are no locks.”
Zatko said that “Twitter’s management ignored its engineers”, in part because “their management incentives caused them to prioritize profit over safety”.
His message echoed one brought to Congress against another social media giant last year, but unlike that Facebook whistleblower, Frances Haugen, Zatko did not provide treasure troves of internal documents to back up his claims.
Zatko was the influential platform’s chief security officer until he was fired earlier this year. He filed a whistleblower complaint in July with Congress, the Justice Department, the Federal Trade Commission and the Securities and Exchange Commission. Among its most serious charges, Twitter violated the terms of a 2011 FTC settlement by falsely claiming that it had stricter measures in place to protect the security and privacy of its users.
Tweet this: Twitter whistleblower heads to Congress to warn of global security threats
Senator Dick Durbin, an Illinois Democrat who heads the Judiciary Committee, said Zatko has detailed flaws “that can pose a direct threat to the hundreds of millions of Twitter users as well as to American democracy”.
“Twitter is an extremely powerful platform and cannot afford gaping vulnerabilities,” he said.
Unbeknownst to Twitter users, there is a lot more personal information leaked than they – or sometimes even Twitter itself – realize, Zatko testified. He said the “basic system failures” reported by the company’s engineers had not been resolved.
The FTC has been “a bit above its head”, and far behind its European counterparts, in monitoring the type of privacy breaches that have occurred on Twitter, Zatko said.
At Zatko claims could also affect billionaire Tesla Elon Musk’s attempt to walk away from his $44 billion deal to acquire the social platform. Musk says Twitter has long underestimated spambots on its platform and cites that as a reason to roll back the deal he made in April.
A large number of At Zatko the claims are unsubstantiated and appear to have little documentary evidence. Twitter called At Zatko description of the events “a false account … riddled with inconsistencies and inaccuracies” and devoid of significant context.
Among the statements of Zatko What caught lawmakers’ attention on Tuesday was that Twitter knowingly allowed the Indian government to place its agents on the company’s payroll, where they had access to highly sensitive user data. Twitter’s inability to log how employees accessed user accounts made it difficult for the company to detect when employees were abusing their access. Zatko said.
Zatko also accuses the company of deception in its handling of automated “spam bots” or fake accounts. This allegation is at the heart of the billionaire tycoon Elon Musk’s attempt to renege on his $44 billion deal to buy Twitter. Musk and Twitter are locked in a bitter legal battle, with Twitter suing Musk to force him into the deal. The Delaware judge overseeing the case ruled last week that Musk could include new evidence related to At Zatko allegations in the high-stakes trial, which is due to begin Oct. 17.
Senator Charles Grassleythe committee’s Republican rankings, said Tuesday that the CEO of Twitter Parag Agrawal declined to testify at the hearing, citing ongoing legal proceedings with Musk. But the hearing is “bigger than Twitter’s civil litigation in Delaware,” Grassley said. Twitter declined to comment. Grassley’s Remarks.
In his complaint, Zatko accused Agrawal and other senior executives and board members of numerous violations, including “false and misleading statements to users and the FTC regarding the security, privacy, and integrity of the Twitter platform” .
Zatko, 51, first rose to prominence in the 1990s as a pioneer of the ethical hacking movement and later held senior positions at an elite Defense Department research unit and at Google. He joined Twitter in late 2020 at the request of then-CEO Jack Dorsey.