economy and politics

A Twitter whistleblower says the company misled regulators on security

A Twitter whistleblower says the company misled regulators on security

First modification:

Twitter Inc. misled federal regulators about its defenses against hackers and spam accounts, the social media company’s former head of security, Peiter Zatko, said in a complaint.

In an 84-page lawsuit, Zatko, a notorious hacker widely known as “Mudge,” alleged that Twitter falsely claimed it had a strong security plan, according to documents released by congressional investigators.

The document alleges that Twitter prioritized user growth over reducing spam, with executives standing to earn individual bonuses of up to $10 million tied to increasing daily users, and nothing explicitly for reducing spam.

Twitter called the complaint a “false story.” The company is fighting Elon Musk in court after the world’s richest person tried to back out of a $44 billion deal to buy Twitter. Musk said the company did not provide him with details about the prevalence of bot and spam accounts, a condition he had set for the transaction.

Tesla Inc. CEO Musk had offered to buy Twitter for $54.20 a share, saying he believed it could be a global platform for free speech.

Twitter and Musk have sued each other, and Twitter has asked a Delaware Chancery Court judge to order Musk to close the deal. The trial is scheduled for October 17.

Zatko filed the complaint last month with the US Securities and Exchange Commission and the Department of Justice, as well as the Federal Trade Commission (FTC). The complaint was also sent to congressional committees.

“We are reviewing the redacted claims that have been posted, but what we have seen so far is a false narrative that is riddled with inconsistencies and inaccuracies,” Twitter CEO Parag Agrawal told employees in a memo.

The top Republican on the Senate Judiciary Committee, Chuck Grassley, said the complaint raised serious national security and privacy concerns and should be investigated.

“Take a technology platform that collects massive amounts of user data, combine it with what appears to be an incredibly weak security infrastructure, and infuse it with foreign state actors with an agenda, and you have a recipe for disaster,” he said.

The FTC declined to comment. A spokesman for the Senate Intelligence Committee said that he had received the complaint and that he was preparing a meeting to discuss the allegation.

Twitter’s real regulatory risk lies in whether the documentary evidence demonstrates “knowing or reckless misleading” of investors or regulators, said Howard Fischer, a partner at Moses & Singer and a former attorney for the SEC, the Securities and Exchange Commission. Values.

Twitter shares fell 7.3% to close at $39,865.

‘give a little whistle’

Musk could not be reached for comment, but he did react on Twitter with memes and robot emoji. Musk’s legal team has subpoenaed Zatko, reported after the whistleblower’s revelation was made public.

American hackers have admired Zatko since the 1990s, when he was credited with inventing a password cracking tool. Later, he used his hacking skills to become a sought-after security consultant and, along with other tech mavericks of the time, went on to hold high positions in government and on boards of directors.

The complaint document says that, following the January 6 riots following the storming of the Capitol, the incoming Biden Administration offered him “a top-tier position as Chief Information Security Officer of the United States” which he turned down.

Cybersecurity leaders expressed broad support for Zatko, with many deploring Twitter’s reaction to his revelations.

Robert Lee, founder of industrial cybersecurity company ‘Dragos’, said it was “one of the very rare times that, based on who he is, I don’t even need to know a detail to form an opinion,” he said on Twitter. “If Mudge is making these kinds of claims, he deserves the investigation.”

In January, Twitter said that Zatko was no longer its security chief, two years after his appointment to the role.

On Tuesday, a Twitter spokesman said Zatko had been fired for “ineffective leadership and poor performance,” adding that his accusations seemed designed to attract attention and inflict harm on Twitter, its customers and its shareholders.

Debra Katz and Alexis Ronickher, Zatko’s attorneys, said in a statement that throughout his tenure at Twitter, he repeatedly raised concerns about inadequate security systems with the company’s executive committee, CEO and board of directors. of the information. Twitter did not respond to a request for comment on that statement.

*With Reuters; adapted from its English version

Source link