Twitter whistleblower bringing security warnings to Congress

Sep 11, 2022, 11:58 PM | Updated: Sep 12, 2022, 6:20 pm

FILE - The Twitter application is seen on a digital device, April 25, 2022, in San Diego. Peiter “Mudge" Zatko, the Twitter whistleblower who is warning of security flaws, privacy threats and lax controls at the social platform, will take his case to Congress on Tuesday, Sept. 13, 2022. Senators who will hear Zatko's testimony are alarmed by his allegations at a time of heightened concern over the safety of powerful tech platforms. (AP Photo/Gregory Bull, File)

(AP Photo/Gregory Bull, File)

WASHINGTON (AP) — Peiter “Mudge” Zatko, the Twitter whistleblower who is warning of security flaws, privacy threats and lax controls at the social platform, will take his case to Congress on Tuesday.

Senators who will hear Zatko’s testimony before the Senate Judiciary Committee are alarmed by his Twitter allegations at a time of heightened concern over the safety of powerful tech platforms.

It’s Zatko’s second Capitol Hill appearance, and in some ways a 21st-century echo of his first. In 1998, he testified before a Senate panel along with fellow members of a hacker collective who warned about the security dangers of the then-emerging internet age.

Zatko, a respected cybersecurity expert, was Twitter’s head of security until he was fired early this year. He has brought the stunning allegations to Congress and federal regulators, asserting that the influential social platform misled regulators about its cyber defenses and efforts to control millions of “spam” or fake accounts.

Sen. Dick Durbin, the Illinois Democrat who chairs the panel, called Zatko’s allegations “serious business.”

“If it’s anywhere along the lines that (he) suggested, I think it’s a matter of grave personal-privacy concern,” Durbin told reporters Monday. “The question is whether information gathered by Twitter has been used for purposes which we’re not aware of.”

Zatko’s accusations are also playing into billionaire tycoon Elon Musk’s battle with Twitter. The Tesla CEO is trying to get out of his $44 billion bid to buy the company; Twitter has sued to force him to complete the deal. The Delaware judge overseeing that case ruled last week that Musk can include new evidence related to Zatko’s allegations in the high-stakes trial set to start Oct. 17.

The allegation that Twitter engaged in deception in its handling of automated “spam bot” accounts is at the core of Musk’s attempt to back out of the Twitter deal.

At the same time, many of Zatko’s claims are uncorroborated and appear to have little documentary support. In a statement, Twitter has called Zatko’s description of events “a false narrative.”

Also on Tuesday, Twitter’s shareholders are scheduled to vote on the company’s pending buyout by Musk. The vote is something of a formality given that the deal is on hold while the court case plays out. But if the measure passes as expected, it would also pave the way for a Musk takeover should Twitter prevail in court.

Zatko also filed complaints with the Justice Department, the Federal Trade Commission and the Securities and Exchange Commission. Among his most serious accusations is that Twitter violated the terms of a 2011 FTC settlement by falsely claiming that it had put stronger measures in place to protect the security and privacy of its users.

The SEC is questioning Twitter about how it counts fake accounts on its platform. Twitter uses counts of its presumably real users to attract advertisers, whose payments make up about 90% of its revenue. The “spam bots” have no value to advertisers because there’s no person behind them.

San Francisco-based Twitter has an estimated 238 million daily active users worldwide. The company says it removes 1 million spam accounts daily.

Zatko’s 84-page complaint alleges that he found “extreme, egregious deficiencies” on the platform, including issues with “user privacy, digital and physical security, and platform integrity/content moderation.”

It accuses CEO Parag Agrawal and other senior executives and board members of making “false and misleading statements to users and the FTC” about these issues. Twitter denies those claims and said that Zatko was fired in January for “ineffective leadership and poor performance.” Zatko’s attorneys say the performance claim is false.

Twitter also hinted that Zatko’s complaint might be designed to bolster Musk’s legal fight with the company. Twitter called Zatko’s complaint “a false narrative” that is “riddled with inconsistencies and inaccuracies, and lacks important context.”

News of Zatko’s complaint surfaced on Aug. 23, almost two months before the Twitter-Musk trial is scheduled to begin. One of Zatko’s attorneys has said “he’s never met Elon Musk. Doesn’t know Elon Musk. They know people in common.”

The company also says it has significantly tightened security since 2020.

Among Zatko’s specific allegations:

— The company had such poor cybersecurity that it easily could have been exposed to outside attacks or attempts to siphon off its internal data.

–The company lacked effective leadership, with its top executives practicing “deliberate ignorance” of pressing problems. Zatko described former CEO Jack Dorsey as “extremely disengaged” during the last months of his tenure, to the point where he wouldn’t even speak during meetings on complex issues. Dorsey stepped down in November 2021.

–That Twitter knowingly allowed the government of India to place its agents on the company payroll, where they had “direct unsupervised access” to highly sensitive data on users. It makes a parallel but less detailed accusation that Twitter took funding from unidentified Chinese entities who may have been enabled to access the identities and sensitive data of Chinese users who secretly use Twitter, which is officially banned in China.

The 51-year-old Zatko, better known by his hacker handle “Mudge,” first gained prominence in the 1990s. He was the best-known member of the Boston-based collective L0pht, which pioneered ethical hacking, embarrassing companies including Microsoft for poor security. His work raised awareness in the computing world that forced such major companies to take security seriously. He co-founded the consultancy @Stake, which was later acquired by Symantec.

Zatko later worked in senior positions at the Pentagon’s Defense Advanced Research Projects Agency and Google. He joined Twitter at Dorsey’s urging in late 2020, the same year the company suffered an embarrassing security breach involving hackers who broke into the Twitter accounts of world leaders, celebrities and tech moguls, including Musk, in an attempt to scam their followers out of bitcoin.

__

AP technology writers Frank Bajak in Boston and Matt O’Brien in Providence, Rhode Island, contributed to this report.

__

Follow Marcy Gordon at https://twitter.com/mgordonap

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

Chinese ambassador to Japan Kong Xuanyou, delivers a speech during a reception to mark the 50th ann...
Associated Press

As Japan and China mark 50-year ties, moods are mixed

TOKYO (AP) — Japan and China marked the 50th anniversary of normalization of their ties Thursday as their leaders Fumio Kishida and Xi Jinping stressed the importance of their strengthened relationship over the decades, though they still face difficulties. On Sept. 29, 1972, then-Prime Minister Kakuei Tanaka and Chinese Premier Zhou Enlai signed a communique […]
1 day ago
FILE - Morning light lights the landfall facility of the Nord Stream 1 Baltic Sea pipeline and the ...
Associated Press

Live Updates: Russia-Ukraine War

KYIV, Ukraine (AP) — STOCKHOLM — A fourth leak to the Nord Stream pipelines conveying natural gas from Russia to Germany has been reported off southern Sweden. Earlier, three leaks had been reported on the two underwater pipelines. Seismologists detected two explosions were detected before reports of the leaks which officials believe were “deliberate actions.” […]
1 day ago
A resident wades through floodwaters, Thursday, Sept. 29, 2022, in Ubon Ratchathani province, north...
Associated Press

Tropical rains flood parts of Thailand, 5,000 seek shelter

BANGKOK (AP) — Water up to waist-high flooded some riverfront neighborhoods and other areas of Thailand on Thursday after a tropical depression dumped heavy rains and knocked down trees, causing at least one death. The heaviest rainfall, about 22 centimeters (8.5 inches) in 24 hours, was recorded in the northeastern province of Ubon Ratchathani where […]
1 day ago
British Prime Minister Liz Truss visits Berkeley Modular, in Northfleet, Kent, Britain, Friday, Sep...
Associated Press

UK’s Truss defends economic plan that sent pound tumbling

LONDON (AP) — British Prime Minister Liz Truss on Thursday defended her economic plan and shrugged off the negative reaction from financial markets, saying she’s willing to make “difficult decisions” to get the economy growing. In her first public comments since the government’s announcement of billions in uncosted tax cuts roiled markets and drove the […]
1 day ago
The Right Livelihood Awards are presented by Ole von Uexkull, CEO and member of the jury, during a ...
Associated Press

Ukrainian activist among winners of ‘Alternative Nobel’

STOCKHOLM (AP) — The Right Livelihood Award — known as the “Alternative Nobel” — was awarded Thursday to community activists and organizations working on three continents, including a Ukrainian civil rights activist. Oleksandra Matviichuk and the Center for Civil Liberties that she heads were honored “for building sustainable democratic institutions in Ukraine and modeling a […]
1 day ago
Associated Press

4th leak reported on Nord Stream pipelines in Baltic Sea

STOCKHOLM (AP) — A fourth leak on the Nord Stream pipelines has been reported off southern Sweden, the Swedish news agency said Thursday. Sweden’s coast guards told news agency TT that they have a vessel on the site of the leak, off Sweden. All four detected leaks are in international waters, two near Sweden and […]
1 day ago

Sponsored Articles

Anacortes Christmas Tree...

Come one, come all! Food, Drink, and Coastal Christmas – Anacortes has it all!

Come celebrate Anacortes’ 11th annual Bier on the Pier! Bier on the Pier takes place on October 7th and 8th and features local ciders, food trucks and live music - not to mention the beautiful views of the Guemes Channel and backdrop of downtown Anacortes.
Swedish Cyberknife Treatment...

The revolutionary treatment of Swedish CyberKnife provides better quality of life for majority of patients

There are a wide variety of treatments options available for men with prostate cancer. One of the most technologically advanced treatment options in the Pacific Northwest is Stereotactic Body Radiation Therapy using the CyberKnife platform at Swedish Medical Center.
Work at Zum Services...

Seattle Public Schools announces three-year contract with Zum

Seattle Public Schools just announced a three-year contract with a brand-new company to the Pacific Northwest to assist with their student transportation: Zum.
Swedish Cyberknife 900x506...

June is Men’s Health Month: Here’s Why It’s Important To Speak About Your Health

According to the Centers for Disease Control and Prevention, men in the United States, on average, die five years earlier than women.
...

Anacortes – A Must Visit Summertime Destination

While Anacortes is certainly on the way to the San Juan Islands (SJI), it is not just a destination to get to the ferry… Anacortes is a destination in and of itself!
...

Ready for your 2022 Alaskan Adventure with Celebrity Cruises?

Celebrity Cruises SPONSORED — A round-trip Alaska cruise from Seattle is an amazing treat for you and a loved one. Not only are you able to see and explore some of the most incredible and visually appealing natural sights on the planet, but you’re also able to relax and re-energize while aboard a luxury cruise […]
Twitter whistleblower bringing security warnings to Congress