Whistle Blower Claims Twitter is a National Security Risk
Whistle Blower-Hacker-Security Chief claims that Twitter is unable to protect its 238 million daily active users, who include governmental institutions, state leaders, and other notable persons.
CNN and The Washington Post made shocking claims this morning that Twitter's former head of security filed a whistleblower complaint with the SEC and other groups, saying that the company's efforts to fight spam and hackers were dangerous and ineffective. The case could help Elon Musk get out of his deal to buy Twitter for $44 billion.
The former head of Twitter's security made the claims after Elon Musk sued the company to find out how it counts the number of users.
The case might have ramifications for Twitter's legal dispute with Musk, who is attempting to back out of a $44 billion deal to buy the social media network. Twitter has agreed to ensure the accuracy of its shareholder filings as part of the agreement. However, Musk claims that Twitter grossly miscalculated the amount of bots on its site, a violation that should allow him to walk away unpunished. The case will be heard in Delaware Chancery Court in October.
According to an explosive complaint from Twitter's former security chief, management lied to federal regulators and the company's board of directors about "severe, egregious inadequacies" in its defenses against hackers and its small attempts to fight spam.
The complaint filed by Peiter Zatko, the former head of security and a well-known hacker who goes by the name "Mudge," says that Twitter is a chaotic company with no clear direction and much fighting among its employees. It cannot protect its 238 million daily users, including government agencies, heads of state, and other influential people.
Software developer Peiter "Mudge" Zatko, who became famous in the hacker world after establishing the "Cult of the Dead Cow" in the 1990s, has filed a complaint with the Securities and Exchange Commission, alleging widespread dysfunction at Twitter.
After two years of embarrassing difficulties, including the theft of high-profile accounts belonging to Barack Obama, Elon Musk, Joe Biden, Warren Buffett, Jeff Bezos, Kim Kardashian, Kanye West, and Mike Bloomberg, Twitter chose Zatko as its head of security.
But Zatko argues that Twitter broke an agreement with the Federal Trade Commission to fix the cybersecurity holes that allowed the hacks to occur, according to a lawsuit with the federal government that was obtained first by The Washington Post and CNN.
According to Zatko, Twitter has not replaced its server architecture despite the majority of its servers being obsolete, which leaves the platform vulnerable to catastrophic breaches.
Additionally, he stated that the failure of Twitter to protect the data of its 238 million users, which includes government entities, chiefs of state, and individuals from the defense sector, poses a threat to the nation's security.
The Washington Post was provided with a copy of the lawsuit, which asserts that Twitter violated the terms of a settlement agreement with the Federal Trade Commission that had been in place for the past 11 years by making a misleading representation that it had a robust security plan. According to Zatko's complaint, he allegedly warned his coworkers that fifty percent of the company's servers were using out-of-date and vulnerable software and that executives withheld crucial information about the number of data breaches and the lack of user data protection, instead presenting directors with rosy charts measuring insignificant changes. Zatko's complaint also alleges that executives hid information about the number of breaches and the lack of user data protection.
According to the complaint, which was filed last month with the Securities and Exchange Commission, the Department of Justice, and the FTC, thousands of employees still had broad and poorly tracked internal access to core company software, resulting in embarrassing hacks, including the commandeering of accounts held by Elon Musk and former presidents Barack Obama and Donald Trump.
In addition, the whistleblower dossier asserts that the company prioritized the increase of its user base over the decrease of spam, even though the presence of undesirable content negatively impacted the user experience. According to the complaint, executives had the potential to receive individual bonuses of up to ten million dollars if there was an increase in the number of daily users; yet, there was allegedly nothing specifically for the decrease of spam.
According to the complaint, CEO Parag Agrawal "lied" when he tweeted in May that the company was "highly incentivized to detect and delete as much spam as we possibly can."
In an interview with The Washington Post, Zatko highlighted his decision to go public as an offshoot of his prior work exposing weaknesses in specific pieces of software as well as larger systemic failings in cybersecurity. This decision came as a result of Zatko's earlier work. Late in the year 2020, following a significant breach of the organization's computer systems, the previous CEO of Twitter, Jack Dorsey, recruited him to work there.
The 84-page file was redacted and sent to congressional committees. The information was acquired by The Washington Post from a top Democratic official on Capitol Hill. Whistleblower Aid, a non-profit law company, is representing Zatko. According to two persons familiar with the early investigation, the FTC is evaluating the allegations
Twitter spokeswoman Rebecca Hahn stated, "Security and privacy have long been top companywide concerns at Twitter." She claimed that Zatko's charges were "riddled with misinformation" and that Zatko "now looks to be opportunistically aiming to harm Twitter, its consumers, and its stockholders." Twitter fired Zatko after 15 months "for poor performance and leadership," according to Hahn.
Hahn went on to say that Twitter has significantly increased security since 2020, its security measures are in line with industry norms, and its strict limits on who can access business networks.
In response to the charges of spam and bots, Hahn stated that Twitter removes more than a million spam accounts daily, totaling more than 300 million each year. According to Twitter's proxy statements, increasing daily users is the lowest of three considerations for receiving cash bonuses, along with growing revenue and another financial aim.
According to Hahn, Twitter "completely stands by" its SEC filings and spam-fighting strategy.
Overall, Zatko said in a February report for the business that was filed to the SEC complaint as an exhibit, "Twitter is woefully inadequate in several areas of information security. If these issues are not addressed, regulators, the media, and platform users will be startled to discover about Twitter's poor lack of security basics."