A former Twitter executive just blew the whistle against the Big Tech platform for allegedly ignoring serious cybersecurity problems and apparently misleading prospective owner Elon Musk on spam bots.
Both CNN and The Washington Post released stories documenting explosive allegations by former Twitter head of security Peiter “Mudge” Zatko.
Zatko’s whistleblower complaint, which both outlets reported was sent to Congress and other federal agencies, warned about “‘extreme, egregious deficiencies’ in its defenses against hackers, as well as its meager efforts to fight spam,” The Post summarized.
The complaint itself alleges that Twitter was “Lying about Bots to Elon Musk.” The Tesla CEO has been in a back-and-forth legal battle with Twitter over his announced intent to abandon his $44 billion acquisition bid after claiming the platform misled him about the amount of spam bots on the platform.
The Post published another story headlined: “New whistleblower allegations could factor into Twitter vs. Musk trial.”
Zatko slammed Twitter CEO Parag Agrawal for his May 16 tweet regarding Musk’s bot concerns. Agrawal tweeted that his company was “strongly incentivized to detect and remove as much spam as we possibly can, every single day. Anyone who suggests otherwise is just wrong.” According to Zatko’s complaint, “Agrawal’s tweet was a lie. In fact, Agrawal knows very well that Twitter executives are not incentivized to accurately ‘detect’ or report total spam bots on the platform.”
The Post stated in its Musk-Twitter piece that “any new allegations that Twitter misled shareholders and regulators could bolster Musk’s case in Delaware Chancery Court in October.”
— Elon Musk (@elonmusk) August 23, 2022
Zatko hurled further allegations that Twitter didn’t only mislead the public and Musk, but also misled its board in addition to the federal government. Zatko argued that Twitter's leadership “misled its own board and government regulators about its security vulnerabilities, including some that could allegedly open the door to foreign spying or manipulation, hacking and disinformation campaigns,” according to CNN’s summarization.
Some of the “deficiencies” documented in the complaint included, “Ignorance and misuse of vast internal data sets,” “Mishandling Personally Identifiable Information,” and “Misrepresentations to the [Federal Trade Commission] on these matters.”
CNN reported that “In 2010, the FTC filed a complaint against Twitter for its mishandling of users' private information and the issue of too many employees having access to Twitter's central controls.”
The complaint led to an FTC “consent order finalized the following year in which Twitter vowed to clean up its act, including by creating and maintaining ‘a comprehensive information security program.’" But as CNN stated, “Zatko alleges that despite the company's claims to the contrary, it had ‘never been in compliance’ with what the FTC demanded more than 10 years ago.”
The whistleblower documentation’s summary of the original 2011 FTC complaint was disturbing. The documents noted that too many people exercised a high level of control over the platform’s security, which left users’ personal data more susceptible to attack. The documentation stated:
The complaint alleged that, from 2006 to 2009, far too many Twitter employees exercised administrative (“God mode”) control within Twitter’s internal systems and user data, thereby allowing any attacker with access to an employee account to easily compromise Twitter systems.
CNN reported that “Agrawal and his lieutenants repeatedly discouraged Zatko from providing a full accounting of Twitter's security problems to the company's board of directors.”
A Twitter spokesperson lashed back at Zatko in comments to CNN, in an apparent attempt to cover the company by painting him as an incompetent employee. “‘Mr. Zatko was fired from his senior executive role at Twitter for poor performance and ineffective leadership over six months ago,” the spokesperson said.
The company also added Zatko’s complaint was part of a “‘false narrative’” and was “‘riddled with inconsistencies and inaccuracies, and lacks important context.’”
Twitter did not respond to MRC Free Speech America’s request for comment.
Conservatives are under attack. Contact your representatives and demand that Big Tech be held to account to mirror the First Amendment while providing transparency, clarity on “hate speech” and equal footing for conservatives. If you have been censored, contact us at the CensorTrack contact form, and help us hold Big Tech accountable.