Whistleblower Tells Senators of Twitter Security Flaws

U.S. senators expressed empathy with Twitter’s former security chief during a hearing on Tuesday as he outlined serious concerns about the influential social media platform.

“It doesn’t matter who has keys if you don’t have any locks on the doors. And this kind of vulnerability is not in the abstract. It’s not far-fetched to say an employee in the company could take over the accounts of all of the senators in this room,” said Peiter “Mudge” Zatko in testimony before the Senate’s Judiciary Committee.

“Given the real harm to users and national security, I determined it was necessary to take on the personal and professional risk to myself and to my family of becoming a whistleblower.”

Zatko, appearing under subpoena, added he was not making the disclosures “out of spite or to harm Twitter.”

Zatko, who made a number of revelations previously in an 84-page complaint to the Securities and Exchange Commission and other U.S. government regulatory agencies, said that executive incentives compel Twitter executives to prioritize profits over security.

“There was a culture of not reporting bad results up, only reporting good results up,” Zatko told the senators.

Judiciary Committee Chairman Senator Dick Durbin, a Democrat, noted that according to Zatko, “the door to that vault is wide open and that vault contains a lot more information about you than you can imagine.”

Several senators, from both the Democratic and Republican parties, expressed concern that Twitter’s vulnerabilities could constitute a national security threat.

“This data is a gold mine of information that could be used against America’s interest. Twitter has a responsibility to ensure that the data is protected and doesn’t fall into the hands of foreign powers,” said Chuck Grassley, the ranking Republican senator on the committee.

“Your testimony today has legitimized what most of us feel is a process out of control, that the regulatory environment is insufficient to the task,” said Senator Lindsey Graham a Republican. “It’s time to up our game in this country.”

Graham said he is working with Senator Elizabeth Warren, a Democrat, to create a regulatory system that would have “teeth,” similar to what has been enacted in Europe.

“I’m not reaching any conclusions, but clearly what we’re doing right now is not working,” said Richard Blumenthal, a Democrat on the committee, who raised the possibility of creating a new government agency to regulate tech companies and protect consumers.

One senator, Mazie Hirono, a Democrat, appeared exasperated that Twitter has not been held to account even though it has paid a $150 million fine for violating a consent decree with the Federal Trade Commission on protecting users’ data.

“Do people need to go to prison?” she asked Zatko.

“I think holding people accountable is a good start,” he replied.

Zatko, a former high-profile computer hacker who became head of cybersecurity research at a Defense Department research and development agency known as DARPA and subsequently worked at Google before joining Twitter in 2020, also testified there were suspected foreign agents working inside Twitter — from China, India and Nigeria — and that there was no way to track their access to company databases, including those containing users’ personal information.

Zatko said when he raised his concern with another Twitter executive about a particular suspected foreign agent inside the company that person replied: “Well, since we already have one, what does it matter if we have more?”

Twitter’s hiring process is independent of any foreign influence and access to data is managed through measures including background checks, access controls, and monitoring and detection systems and processes, according to a Twitter company spokesman.

“Today’s hearing only confirms that Mr. Zatko’s allegations are riddled with inconsistencies and inaccuracies,” a Twitter company spokesperson, who declined to be publicly identified, responded to VOA and did not elaborate.

Twitter Chief Executive Officer Parag Agrawal declined to voluntarily appear before the committee on Tuesday. Durbin and Grassley told reporters they will discuss issuing a subpoena to compel the executive to appear.

Zatko “continues to believe that through this public disclosure process, real world harm for Twitter users may be avoided and our country’s national security better protected,” said his attorney, Alexis Ronickher, in a statement following the hearing.

Following Zatko’s testimony, Twitter announced that its shareholders have approved a $44 billion takeover offer from Tesla Chief Executive Officer Elon Musk. But since making the bid, the billionaire has terminated the agreement, accusing Twitter of misrepresenting the number of authentic users. Twitter has countersued, and the matter is scheduled to be heard in Delaware’s chancery court next month.

A judge in the state of Delaware ruled last week that Zatko’s claims can be included in Musk’s case against Twitter.




leave a reply: