5 takeaways from Twitter whistleblower Peiter Zatko

Aug 23, 2022, 9:14 AM | Updated: Aug 24, 2022, 1:18 pm
FILE - The logo for Twitter appears above a trading post on the floor of the New York Stock Exchang...

FILE - The logo for Twitter appears above a trading post on the floor of the New York Stock Exchange, Nov. 29, 2021. Startling new revelations from Twitter's former head of security, Peiter Zatko, have raised serious new questions about the security of the platform's service, its ability to identify and remove fake accounts, and the truthfulness of its statements to users, shareholders and federal regulators. (AP Photo/Richard Drew, File)

(AP Photo/Richard Drew, File)

SAN FRANCISCO (AP) — Startling new revelations from Twitter’s former head of security, Peiter Zatko, have raised serious questions about the security of the platform’s service, its ability to identify and remove fake accounts, and the truthfulness of its statements to users, shareholders and federal regulators.

Zatko — better known by his hacker handle “Mudge” — is a respected cybersecurity expert who first gained prominence in the 1990s and later worked in senior positions at the Pentagon’s Defense Advanced Research Agency and Google. Twitter fired him from the security job early this year for what the company called “ineffective leadership and poor performance.” Zatko’s attorneys say that claim is false.

In a whistleblower complaint made public Tuesday, Zatko documented what he described as his uphill 14-month effort to bolster Twitter security, boost the reliability of its service, repel intrusions by agents of foreign governments and both measure and take action against fake “bot” accounts that spammed the platform.

Many of Zatko’s claims have not been corroborated and the complaint did not provide documentary support for his charges. In a statement, Twitter called Zatko’s description of events “a false narrative.”

Here are five takeaways from that whistleblower complaint.

TWITTER’S SECURITY AND PRIVACY SYSTEMS WERE GROSSLY INADEQUATE

In 2011, Twitter settled a Federal Trade Commission investigation into its privacy practices by agreeing to put stronger data security protections in place. Zatko’s complaint charges that Twitter’s problems grew worse over time instead.

For instance, the complaint states, Twitter’s internal systems allowed far too many employees access to personal user data they didn’t need for their jobs — a situation ripe for abuse. For years, Twitter also continued to mine user data such as phone numbers and email addresses — intended only for security purposes — for ad targeting and marketing campaigns, according to the complaint.

TWITTER’S ENTIRE SERVICE COULD HAVE COLLAPSED IRREPARABLY UNDER STRESS

One of the most striking revelations in Zatko’s complaint is the claim that Twitter’s internal data systems were so ramshackle — and the company’s contingency plans so insufficient — that any widespread crash or unplanned shutdown could have tanked the entire platform.

The concern was that a “cascading” data-center failure could quickly spread across Twitter’s fragile information systems. As the complaint put it: “That meant that if all the centers went offline simultaneously, even briefly, Twitter was unsure if they could bring the service back up. Downtime estimates ranged from weeks of round-the-clock work, to permanent irreparable failure.”

TWITTER MISLED REGULATORS, INVESTORS AND MUSK ABOUT FAKE “SPAM” BOTS

In essence, Zatko’s complaint states that Tesla CEO Elon Musk — whose $44 billion bid to acquire Twitter is headed for October trial in a Delaware court — is correct when he charges that Twitter executives have little incentive to accurately measure the prevalence of fake accounts on the system.

The complaint charges that the company’s executive leadership practiced “deliberate ignorance” on the subject of these so-called spam bots. “Senior management had no appetite to properly measure the prevalence of bot accounts,” the complaint states, adding that executives were concerned that accurate bot measurements would harm Twitter’s “image and valuation.”

ON JAN. 6, 2021, TWITTER COULD HAVE BEEN AT THE MERCY OF DISGRUNTLED EMPLOYEES

Zatko’s complaint states that as a mob assembled in front of the U.S. Capitol on Jan. 6, 2021, eventually storming the building, he began to worry that employees sympathetic to the rioters might try to sabotage Twitter. That concern spiked when he learned it was “impossible” to protect the platform’s core systems from a hypothetical rogue or disgruntled engineer aiming to wreak havoc.

“There were no logs, nobody knew where data lived or whether it was critical, and all engineers had some form of critical access” to Twitter’s core functions, the complaint states.

A PLAYGROUND FOR FOREIGN GOVERNMENTS

The Zatko complaint also highlights Twitter’s difficulty in identifying — much less resisting — the presence of foreign agents on its service. In one instance, the complaint alleges, the Indian government required Twitter to hire specific individuals alleged to be spies, and who would have had significant access to sensitive data thanks to Twitter’s own lax security controls. The complaint also alleges a murkier situation involving taking money from unidentified “Chinese entities” that then could access data that might endanger Twitter users in China.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

FILE - Democratic candidate for Georgia governor Stacey Abrams poses for a portrait in front of the...
Associated Press

GOP attacks Georgia’s Abrams on voting as judge rejects suit

ATLANTA (AP) — When Democrat Stacey Abrams narrowly lost the Georgia governor’s race to Republican Brian Kemp four years ago, she didn’t go quietly. She ended her campaign with a nonconcession that acknowledged she wouldn’t be governor, while spotlighting her claims that Kemp had used his post as secretary of state to improperly purge likely […]
12 hours ago
Associated Press

Governor’s office reports at least 4 N.C. storm fatalities

RALEIGH, N.C. (AP) — The remnants of Hurricane Ian downed trees and power lines across North Carolina, and at least four fatalities connected to the severe weather were reported Saturday. In Johnston County, outside of Raleigh, a woman found her husband dead early Saturday morning after he went to check on a generator running in […]
2 days ago
FILE - Brazil's Justice Minister Sergio Moro throws his hands up as he arrives to testify before a ...
Associated Press

Fortunes reverse for ex-judge and Brazil president he jailed

CURITIBA, Brazil (AP) — When federal judge Sergio Moro resigned to enter politics, many in Brazil believed the anti-corruption crusader who jailed a popular former president could someday occupy the nation’s most powerful office. But on the eve of Brazil’s general election Sunday, the once-revered magistrate was fighting what polls showed was a losing battle […]
2 days ago
FILE - This undated file photo posted on Twitter on June 18, 2020, by Venezuela's Foreign Minister ...
Associated Press

Venezuela releases 7 jailed Americans; US frees 2 prisoners

WASHINGTON (AP) — Venezuela on Saturday freed seven Americans imprisoned in the South American country in exchange for the release of two nephews of President Nicholas Maduro’s wife who had been jailed for years by the United States on drug smuggling convictions, a senior U.S. official said. The swap of the Americans, including five oil […]
2 days ago
People walk toward the border crossing between Georgia and Russia at Verkhny Lars, as they leave Ch...
Associated Press

Fewer Russians cross border to flee despite military call-up

TALLINN, Estonia (AP) — Fewer Russians have crossed into neighbouring countries in recent days, according to local authorities, despite persistent anxiety over the partial mobilization the Kremlin launched less than two weeks ago to bolster its forces fighting in Ukraine. The mass exodus of Russian men — alone or with their families or friends — […]
2 days ago
Protesters hold ''esteladas'' or Catalonia independence flag as they take part in a demonstration t...
Associated Press

Catalans commemorate 5th anniversary of failed breakaway

BARCELONA, Spain (AP) — Thousands of Catalans gathered in Barcelona on Saturday to commemorate the fifth anniversary of an independence referendum that marked the high point of their movement to break away from the rest of Spain. The 2017 vote, which was declared unconstitutional by Spain’s top courts, was marred by clashes with police who […]
2 days ago

Sponsored Articles

Anacortes Christmas Tree...

Come one, come all! Food, Drink, and Coastal Christmas – Anacortes has it all!

Come celebrate Anacortes’ 11th annual Bier on the Pier! Bier on the Pier takes place on October 7th and 8th and features local ciders, food trucks and live music - not to mention the beautiful views of the Guemes Channel and backdrop of downtown Anacortes.
Swedish Cyberknife Treatment...

The revolutionary treatment of Swedish CyberKnife provides better quality of life for majority of patients

There are a wide variety of treatments options available for men with prostate cancer. One of the most technologically advanced treatment options in the Pacific Northwest is Stereotactic Body Radiation Therapy using the CyberKnife platform at Swedish Medical Center.
Work at Zum Services...

Seattle Public Schools announces three-year contract with Zum

Seattle Public Schools just announced a three-year contract with a brand-new company to the Pacific Northwest to assist with their student transportation: Zum.
Swedish Cyberknife 900x506...

June is Men’s Health Month: Here’s Why It’s Important To Speak About Your Health

According to the Centers for Disease Control and Prevention, men in the United States, on average, die five years earlier than women.
...

Anacortes – A Must Visit Summertime Destination

While Anacortes is certainly on the way to the San Juan Islands (SJI), it is not just a destination to get to the ferry… Anacortes is a destination in and of itself!
...

Ready for your 2022 Alaskan Adventure with Celebrity Cruises?

Celebrity Cruises SPONSORED — A round-trip Alaska cruise from Seattle is an amazing treat for you and a loved one. Not only are you able to see and explore some of the most incredible and visually appealing natural sights on the planet, but you’re also able to relax and re-energize while aboard a luxury cruise […]
5 takeaways from Twitter whistleblower Peiter Zatko