Twitter ex-security chief tells US Congress of security concerns

Twitter ex-security chief tells US Congress of security concerns

Peiter “Mudge” Zatko, former head of security at Twitter, says executives at the company ignored alarms he raised about the safety of user data
Peiter “Mudge” Zatko, former head of security at Twitter, says executives at the company ignored alarms he raised about the safety of user data. Photo: Kevin Dietsch / GETTY IMAGES NORTH AMERICA/Getty Images via AFP
Source: AFP

New feature: Check out news exactly for YOU ➡️ find “Recommended for you” block and enjoy!

Twitter whistleblower Peiter Zatko told the US Congress on Tuesday that the platform ignored his security concerns, as its shareholders decide whether to approve a $44 billion takeover deal that Elon Musk is trying to exit.

"I'm here today because Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors," Zatko, a hacker widely known as "Mudge" who was Twitter's former security chief, told the hearing.

He said that, during his time as head of security for the platform from late 2020 until his dismissal in January this year, he tried to alert management to grave vulnerabilities to hacking or data theft, to no avail.

"They don't know what data they have, where it lives, or where it came from. And so, unsurprisingly, they can't protect it," Zatko said during his opening remarks to the Judiciary Committee.

Read also

'Not my king': anti-monarchist arrests spark criticism in Britain

"Employees then have to have too much access (...) it doesn't matter who has the keys if you don't have any locks on the doors."

Zatko testified that he brought concrete evidence of problems to the executive team and "repeatedly sounded the alarm".

PAY ATTENTION: Follow us on Instagram - get the most important news directly in your favourite app!

"To put it bluntly, Twitter leadership ignored its engineers because key parts of leadership lacked competency to understand the scope of the problem," he said.

"But more importantly, their executive incentives led them to prioritize profits over security."

Twitter has dismissed 51-year-old Zatko's complaint as being without merit.

But revelations of his whistleblower report in the US press in August were perfectly timed for Tesla chief Elon Musk, who has used it as part of his justification for abandoning his unsolicited $44 billion bid to buy Twitter.

Read also

Peiter 'Mudge' Zatko: The wild card in Musk's clash with Twitter

In his report, Zatko directly refers to questions asked by Musk about bot accounts on Twitter, saying the company's tools and teams for finding such accounts are insufficient.

Musk has listed bot accounts as among the reasons to justify his walking away from the deal. Twitter is suing to force him to complete the buyout, with a trial set to go ahead on October 17.

If the court focuses on the fact that the world's richest man declined to do fact gathering typically associated with big-money mergers, Zatko's allegations could wind up being moot.

"Once both parties step into court it's a high risk/high reward scenario for both parties with the major X variable now being the Zatko whistleblower claims," Wedbush analyst Dan Ives said in a note to investors.

"We continue to view the Zatko situation as a Pandora's Box scenario for Twitter."

If Twitter prevails at trial, the judge could order the Tesla chief to pay billions of dollars to the company, or even complete the purchase.

Read also

Ex-Google CEO says Ukraine proves value of IT in war

Twitter shareholders are expected to endorse the buyout deal in a special vote Tuesday.

Twitter CEO Parag Agrawal declined to testify at Tuesday's hearing, citing the Musk litigation, Senator Chuck Grassley said.

Zatko insisted he had not made his revelations "out of spite or to harm Twitter."

"Far from that, I continue to believe in the mission of the company," he told Tuesday's hearing.

New feature: Check out news exactly for YOU ➡️ find "Recommended for you" block and enjoy!

Source: AFP

Authors:
AFP avatar

AFP AFP text, photo, graphic, audio or video material shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium. AFP news material may not be stored in whole or in part in a computer or otherwise except for personal and non-commercial use. AFP will not be held liable for any delays, inaccuracies, errors or omissions in any AFP news material or in transmission or delivery of all or any part thereof or for any damages whatsoever. As a newswire service, AFP does not obtain releases from subjects, individuals, groups or entities contained in its photographs, videos, graphics or quoted in its texts. Further, no clearance is obtained from the owners of any trademarks or copyrighted materials whose marks and materials are included in AFP material. Therefore you will be solely responsible for obtaining any and all necessary releases from whatever individuals and/or entities necessary for any uses of AFP material.