A former Twitter security chief has claimed that the company misled US authorities and its users about security flaws in its services.
In a statement to Congress and other organizations that has been revealed by the American news network CNN and the newspaper “The Washington Post”, the informer, identified as Peiter Zatko, affirmed that the firm underestimated the number of false accounts and spam that there is on your platform.
The accusations could affect Twitter’s legal battle with billionaire Elon Musk after the latter announced his intention to cancel the $44 billion deal to buy the company.
After assuring that Zatko’s accusations are “inaccurate and inconsistent”, Twitter revealed that the informer was fired in January for his poor performance.
negligent attitude
Zatko accused Twitter of failing to maintain strict security practices and “lying about bots to Elon Musk” in the complaint he also brought to the Securities and Exchange Commission last July. The BBC has seen a copy of the document, which was shared by the American news network CBS News.
In the text, the informer criticizes the way in which Twitter has been handling sensitive information and, above all, how it has faced the attacks on its platform.
Twitter has faced a series of high-profile hacks. Former president Barack Obama and the current president, Joe Biden, as well as the singer Kanye West have been some of the targets of these attacks.
The confidant maintains that the social network has suffered a high rate of security incidents. “About one every week serious enough that Twitter had to report it to regulators,” he said.
He also denounced the company’s failure to take steps to deal with so-called insider threats – security risks posed by people with malicious intent from within the company. These he asserted were “practically unmonitored.”
Out of control
The former head of security, in his complaint, describes Twitter as a chaotic company where many employees have access to sensitive systems that contain users’ personal data.
Zakto claimed that he warned that the company lacked a viable disaster recovery plan and that, in the past, it did not properly delete the data of people who canceled their accounts.
As for fake and spam accounts, he said “deliberate ignorance was the norm,” and accused management of showing little interest in accurately identifying how many are actually on his platform.
In the opinion of the newspaper “The Washington Post”, the confidant “provided little solid evidence” to support these claims.
Ammo for Musk
Elon Musk’s lawyers have been quick to react to Zatko’s revelations. The founder of Tesla is in the middle of a legal battle with Twitter, after he announced his intention to break the billionaire agreement to acquire the social network, arguing that the company has no way of verifying how many of its 229 million users daily assets are really people.
Following the release of the whistleblower’s remarks, Musk tweeted screenshots of the story published by the US newspaper.
Zatko’s lawyer told CNN that his client filed his complaint before the businessman made public his offer to acquire the technology firm, and that he had not contacted him.
However, one of Musk’s lawyers, Alex Spiro, told the same network that Zatko had been called as a possible witness in the process that Twitter initiated against his client.
deep throat 2.0
The informer is a former hacker and a well-known figure in computer security circles.
Nicknamed “Mudge,” he was a member of the computer security think tank L0pht (pronounced “loft”), and participated in the Congressional hearings on cybersecurity in 1998.
He has also held senior positions at Google and the US government’s research and development agency, DARPA.
“What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks significant context,” a Twitter spokesperson said.
“Zatko’s accusations and timing seem designed to grab attention and inflict damage on Twitter, its customers and its shareholders. Security and privacy have long been Twitter priorities and will continue to be,” he added.
For his part, John Tye of the organization Whistleblower Aid, which is advising Zatko, described him as a “hero” and called on authorities to investigate his allegations.