WASHINGTON (AP) — Peiter “Mudge” Zatko, the Twitter whistleblower who warns of security breaches, privacy threats and lax controls on the social platform, will take his case to Congress on Tuesday.
Senators who will hear Zatko’s testimony before the Senate Judiciary Committee are alarmed by his Twitter allegations at a time of heightened concerns about the security of powerful tech platforms.
This is Zatko’s second Capitol appearance and, in some ways, a 21st-century echo of his first. In 1998, he testified before a Senate panel along with other members of a hacker collective who warned of the security dangers of the then emerging Internet age.
Zatko, a respected cybersecurity expert, was Twitter’s chief security officer until he was fired earlier this year. He took the startling allegations to Congress and federal regulators, saying the influential social platform misled regulators over its cyber defenses and efforts to control millions of “spam” or fake accounts.
Senator Dick Durbin, the Illinois Democrat who chairs the panel, said if Zatko’s claims are accurate, “they could expose dangerous data privacy and security risks for Twitter users around the world. entire”.
Zatko’s accusations also play into billionaire tycoon Elon Musk’s battle with Twitter. Tesla CEO attempts to exit $44 billion bid to buy the company; Twitter sued to force him into the deal. The Delaware judge overseeing that case ruled last week that Musk can include new evidence related to Zatko’s allegations in the high-stakes trial that was scheduled to begin Oct. 17.
The allegation that Twitter engaged in deception in its handling of automated “spam bot” accounts is at the heart of Musk’s bid to pull out of the Twitter deal.
At the same time, many of Zatko’s claims are unsubstantiated and appear to have little documentary evidence. In a statement, Twitter called Zatko’s description of the events a “false narrative.”
Also on Tuesday, Twitter shareholders are due to vote on Musk’s pending takeover of the company. The vote is somewhat of a formality given that the deal is on hold while the court case unfolds. But if the measure passes as planned, it would also pave the way for a Musk takeover if Twitter prevails in court.
Zatko has also filed complaints with the Department of Justice, the Federal Trade Commission and the Securities and Exchange Commission. Among its most serious charges, Twitter violated the terms of a 2011 FTC settlement by falsely claiming that it had stricter measures in place to protect the security and privacy of its users.
The SEC questions Twitter on how it counts fake accounts on its platform. Twitter uses counts of its presumed real users to attract advertisers, whose payments make up about 90% of its revenue. Spam bots are of no value to advertisers because there is no one behind them.
Twitter, based in San Francisco, has approximately 238 million daily active users worldwide. The company claims that it deletes 1 million spam accounts per day.
Zatko’s 84-page complaint alleges it found “extreme and glaring deficiencies” in the platform, including issues with “user privacy, digital and physical security, and platform integrity.” form/moderation of content”.
It accuses CEO Parag Agrawal and other senior executives and board members of making “false and misleading statements to users and the FTC” on these matters. Twitter denies the claims and said Zatko was fired in January for “ineffective leadership and poor performance.” Zatko’s attorneys say the performance claim is false.
Twitter also hinted that Zatko’s complaint could be designed to bolster Musk’s legal fight with the company. Twitter called Zatko’s complaint a “false narrative” that is “tricked with inconsistencies and inaccuracies, and lacks important context.”
News of Zatko’s complaint surfaced on August 23, nearly two months before the Twitter-Musk lawsuit was scheduled to begin. . One of Zatko’s lawyers said “he has never met Elon Musk. Don’t know Elon Musk. They know people in common.
The company also claims to have significantly tightened security since 2020.
Among Zatko’s specific allegations:
• The company had such weak cybersecurity that it could easily have been exposed to outside attacks or attempts to siphon off its internal data.
• The company lacked effective leadership, with its senior executives practicing “deliberate ignorance” of pressing issues. Zatko described former CEO Jack Dorsey as “extremely disengaged” in his final months in office, to the point that he didn’t even speak in meetings on complex issues. Dorsey resigned in November 2021.
• That Twitter knowingly allowed the Indian government to place its agents on the company’s payroll, where they had “unsupervised direct access” to highly sensitive user data. It makes a parallel but less detailed accusation that Twitter has taken funds from unidentified Chinese entities that may have gained access allowing them to access the identity and sensitive data of Chinese users who covertly use Twitter, which is officially banned in China.
Better known by his hacker name “Mudge”, Zatko, 51, first rose to prominence in the 1990s. He was the best-known member of the Boston-based L0pht collective, which pioneered the ethical hacking, embarrassing companies such as Microsoft for poor security. His work raised awareness in the IT world that forced these big companies to take security seriously. He co-founded the consulting firm @Stake, which was later acquired by Symantec.
Zatko went on to hold senior positions at the Pentagon’s Defense Advanced Research Projects Agency and Google. He joined Twitter at Dorsey’s request in late 2020, the same year the company suffered an embarrassing security breach involving hackers who broke into the Twitter accounts of world leaders, celebrities and tech moguls. , including Musk, in an effort to scam their followers out of bitcoin. .