Ex-security chief exposes Twitter’s cybersecurity misrepresentation

Twitter Inc misled US federal regulators about its defences against hackers and spam accounts, the social media company’s former security chief Peiter Zatko says in a whistleblower complaint.

In an 84-page complaint, Zatko, a famed hacker more widely known as “Mudge,” alleged Twitter falsely claimed it had a solid security plan, according to documents relayed by congressional investigators.

The accusations come as the social media company battles Elon Musk in court after the world’s richest person attempted to pull out of $US44 billion ($A64 billion) deal to buy the company, citing Twitter’s failure to provide details about the prevalence of bot and spam accounts.

Tesla Inc Chief Executive Musk had offered to buy Twitter for $US54.20 per share, saying he believed it could be a global platform for free speech.

Twitter’s shares fell 5 per cent to $US40.79 on Tuesday afternoon.

Twitter and Musk have sued each other, with Twitter asking a judge on the Delaware Court of Chancery to order Musk to close the deal.  A trial is scheduled for October 17.

The complaint by Zatko was filed last month with the US Securities and Exchange Commission and the Department of Justice as well as the Federal Trade Commission (FTC).

The complaint, which was first published by the Washington Post and CNN, was also sent to congressional committees.

Learn about the latest trends in social media in relation to government communications by joining us in:

“We are reviewing the redacted claims that have been published but what we have seen so far is a false narrative that is riddled with inconsistencies and inaccuracies,” Twitter Chief Executive Parag Agrawal told employees in a memo.

The Senate Judiciary Committee’s top Republican, Chuck Grassley, said the complaint raised serious national security concerns and privacy issues and needed to be investigated.

“Take a tech platform that collects massive amounts of user data, combine it with what appears to be an incredibly weak security infrastructure and infuse it with foreign state actors with an agenda, and you’ve got a recipe for disaster,” he said.

The FTC declined to comment.

A spokesperson for the Senate Intelligence Committee said it had received the complaint and was in the process of setting up a meeting to discuss the allegation.

The whistleblower document alleges Twitter prioritised user growth over reducing spam, with executives eligible to win individual bonuses of as much as $US10 million tied to increases in daily users, and nothing explicitly for cutting spam.

You may also want to read: Elon Musk subpoenas Twitter’s former boss for docs (commsroom.co)

Twitter’s real regulatory risk lies in whether or not the documentary evidence shows “knowing or reckless misleading” of investors or regulators, said Howard Fischer, a partner at Moses & Singer and a former SEC attorney.

Musk could not be reached for comment but reacted on Twitter with memes and emoji of a robot.

Musk’s legal team has subpoenaed Zatko, CNN reported after the whistleblower disclosure was made public.

Zatko, whose colourful career began in the 1990 s, has long been held in high esteem by US hackers – even as he and others began graduating from their rebellious youth into top boardroom positions.

Cybersecurity leaders expressed widespread support for Mudge on Tuesday, with many deploring Twitter’s reaction to his revelations.

Robert Lee, the founder of industrial cybersecurity company Dragos, said it was “one of the very rare times based on who it is I don’t even need to know a detail to form an opinion,” he said on Twitter.

“If Mudge is making this type of claim, it deserves the investigation.”

In January, Twitter said Zatko was no longer its head of security, two years after being appointed to the role.

A Twitter spokesperson said on Zatko was fired from his role at Twitter for “ineffective leadership and poor performance,” adding that his allegations appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders.

Zatko repeatedly raised concerns about Twitter’s inadequate information security systems to the company’s executive committee, CEO Parag Agrawal and the board throughout his tenure, Debra Katz and Alexis Ronickher, lawyers for Zatko, said in a statement.

With AAP. (Content has been tweaked for length and style.)

Share
Jaw de Guzman
Jaw de Guzman
Jaw de Guzman is the content producer for Comms Room, a knowledge platform and website aimed at assisting the communications industry and its professionals.