A Twitter whistleblower who was the security chief at the company before he was fired in January, testified before the Senate Judiciary Committee on Tuesday.
Peiter Zatko, a famed hacker-turned-security-chief, filed a whistleblower complaint that accused his former company of having failed to abide by agreements with the U.S. government to shore up its security. These alleged failures include persistent vulnerability with personal user data, which could be accessed by any “engineer” (approximately “half the company”), and repeated targeting and infiltration by foreign agents.
Before a Senate panel loaded with high-ranking senators, Zatko depicted the company as one that is ripe for exploitation by foreign agents.
“When you become an engineer, which is half of the company are engineers, you are by default given some access to this live production environment, you are doing your testing,” Zatko said. “You are doing your work on live systems and live data, irrespective of where you are in the world as an engineer. So, if you are a foreign agent and you are hired and you are an engineer, you’ve got access to all of that data that we talked about — the 80% that Twitter doesn’t know what’s in, yet, yet the engineers studied and, and realized is personally identifying information, other sensitive information where there’s a lack of access controls, because they have too much data and they just didn’t know where everything is. So they have to give everybody access and the systems can access the information.”
“But also recall that foreign agents can have multiple goals,” Zatko continued. “And sometimes it’s not just the engineers or the technical access that they want, but it might be information about the plans of Twitter, what plans Twitter has to potentially censor information in a government or concede to a government’s request or what plans they have for expansion in a particular environment.”
“And in those cases, that’s where I saw with high confidence, a foreign agent placed from India to understand the negotiations and how well they were going for or against India’s party who was having difficulties with Twitter in India,” he added.
“In your disclosure, you mentioned that the FBI notified Twitter, that one of their employees was suspected of being a Chinese foreign asset,” ranking member Sen. Chuck Grassley (R-IA) said. “Were you and others at Twitter at all surprised by that?”
“This was made aware to me maybe a week before I was surprised and summarily dismissed,” Zatko replied. “I had been told because the corporate security physical security team had been contacted and told that there was at least one agent of the MSS, which is one of China’s intelligence services, on the payroll inside Twitter. While it was disturbing to hear, I, and many others had, recognizing the state of the environment at Twitter, were really thinking if you are not placing foreign agents inside Twitter, because it’s very difficult to detect them, it is very valuable to a foreign agent to be inside there as a foreign intelligence company — you’re most likely not doing your job.”
Twitter responded to the whistleblower complaint by insisting that Zatko was fired “for poor performance and ineffective leadership.”
On Tuesday, on the same day Zatko testified, Twitter shareholders voted to approve Elon Musk’s $44 billion bid to take over the social media platform.
— Naughtius Maximus (@elonmusk) September 13, 2022
“The judge in the case recently allowed Musk’s camp to revise his counterclaim against Twitter to include allegations made by a former Twitter security chief who recently filed a whistleblower complaint claiming egregious securities failings by the company,” CNBC reported on the court battle.
The shareholder vote comes as tech billionaire Elon Musk is contesting the deal in court, due to credible reports that Twitter is misreporting the number of fake accounts or “bots” on the digital platform. Twitter continues to insist that only 5% of daily active users are ‘spam’ or ‘bots,’ a figure that has been contradicted by independent investigations that put the true number much higher.
Twitter subsequently sued Musk for alleged breach of agreement in the Delaware Court of Chancery. A court trial to resolve the dispute is expected to start in mid-October.
"*" indicates required fields
OPINION: This article contains commentary which reflects the author's opinion.