Oliver Bugarin 9 0 0 5 min to read

Ex-security head of Twitter reveals shocking whistleblower complaint

Peiter Zatko, the former head of security at Twitter, filed a shocking whistleblower lawsuit against his former company, charging incompetence and poor management in the area of cybersecurity.

Zatko claimed to have seen “egregious inadequacies, negligence, intentional ignorance, and risks to national security and democracy” in his complaint with the US Securities and Exchange Commission (SEC), Federal Trade Commission (FTC), and US Justice Department (DOJ) on July 6.

Zatko claimed he tried to alert Twitter management to the security flaws, but the board of directors disregarded him.

In the complaint received by The Washington Post and CNN, he said that Twitter alone experienced more than 40 security incidents in 2020, of which access control-related issues accounted for 70% of them. These comprised 20 events that were classified as breaches, and all but two of them had to do with access control.

Additionally, Zatko said that Twitter lacked fundamental security measures, pointing to thousands of employee laptops that contained full copies of Twitter’s source code and approximately one-third of them that either stopped routine security updates or had system firewalls off.

According to Zatko, 5,000 full-time employees of Twitter had unrestricted access to the platform’s internal software, allowing them to access private information and change how the site operated.

Employees were often discovered placing spyware on their work computers on purpose at the urging of other organizations, according to Zatko.

Senator Charles Grassley said in a statement that the allegations he has received from a Twitter whistleblower “raise serious national security concerns as well as privacy ones, and they must be explored further.” Zatko apparently spoke with Grassley’s staff about the security allegations.

“You’ve got a recipe for disaster,” he added, “if you take a software platform that collects vast amounts of user data, pair it with what appears to be an extraordinarily inadequate security infrastructure, then mix it with foreign state actors with an agenda.”

The hiring of renowned hacker Zatko by Twitter in late 2020, months after a highly publicized security breach that saw hackers take control of some of the most famous people’s Twitter accounts, including US President Joe Biden and Tesla CEO Elon Musk, makes the whistleblower complaint all the more important.

According to Musk, Twitter misrepresented user data and the number of spam bots on the platform is considerably larger than the business revealed. Musk is now suing Twitter to attempt and get out of a USD44 billion contract to buy the social media platform.

Musk’s accusations appear to be supported by Zatko’s complaint, which argues that Twitter officials lack the capacity to properly comprehend the true number of bots using the platform.

According to Twitter spokesperson Madeline Broas, “Mr. Zatko’s charges and opportunistic timing appear geared to attract attention and inflict harm on Twitter, its consumers, and its stockholders.” Mr. Zatko was let go from his senior executive position at Twitter in January 2022 due to poor performance and weak leadership.

As of now, “what we’ve seen is a false narrative about Twitter and our privacy and data security standards that is plagued with inconsistencies and falsehoods and lack critical context,” the spokesperson said. Security and privacy have always been and will remain top considerations at Twitter.


***
We appreciate your reading. You may also consider sharing it with others.
Please comment below if you found this post interesting.
Be one of our DONOR / SPONSOR to support NextGenDay news website.
***
Please follow and like us:
error2
fb-share-icon
Tweet 2k
fb-share-icon20
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
error

Enjoy this blog? Please spread the word :)

0
Would love your thoughts, please comment.x
()
x