Former Twitter security chief files whistleblower complaints

Peiter Zatko, Twitter's security chief until he was fired early this year, filed the complaints last month

August 23, 2022 07:58 pm | Updated 07:58 pm IST - WASHINGTON

Peiter Zatko accuses the company of deceptions involving its handling of “spam” or fake accounts. File.

Peiter Zatko accuses the company of deceptions involving its handling of “spam” or fake accounts. File. | Photo Credit: Reuters

A former head of security at Twitter has filed whistleblower complaints with U.S. officials, alleging that the company misled regulators about its cybersecurity defenses and its problems with fake accounts, according to reports by The Washington Post and CNN.

Peiter Zatko, Twitter's security chief until he was fired early this year, filed the complaints last month with the U.S. Securities and Exchange Commission, the Federal Trade Commission and the Department of Justice.

The Post, which obtained the complaint, reported that among the most serious accusations is that Twitter violated the terms of an FTC settlement by falsely claiming that it had a strong security plan.

Mr. Zatko also accuses the company of deceptions involving its handling of “spam" or fake accounts, an allegation that is at the core of the attempted withdrawal of a $44 billion takeover bid for Twitter by billionaire Elon Musk.

Mr. Zatko didn't immediately respond to a request for comment Tuesday but told the Post he “felt ethically bound” to come forward.

Mr. Zatko, better known as Mudge, is a highly respected cybersecurity expert who first gained prominence in the 1990s and later worked in senior positions at the Pentagon’s Defense Advanced Research Agency and Google. He joined Twitter at the urging of then-CEO Jack Dorsey in late 2020.

Twitter said in a prepared statement Tuesday that Mr. Zatko was fired for “ineffective leadership and poor performance” and that the “allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders.”

“What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context,” the company said.

A spokesperson for the U.S. Senate's intelligence committee, Rachel Cohen, said the committee has received the complaint and "is in the process of setting up a meeting to discuss the allegations in further detail. We take this matter seriously.”

Among the most alarming complaints is Mr. Zatko’s allegation that Twitter knowingly allowed the Indian government to place its agents on the company payroll where they had “direct unsupervised access to the company’s systems and user data.”

A 2011 FTC complaint noted that Twitter’s systems were full of highly sensitive data that could allow a hostile government to find precise geo-location data for a specific user or group and target them for violence or arrest. Earlier this month, a former Twitter employee was found guilty after a trial in California of passing along sensitive Twitter user data to royal family members in Saudi Arabia in exchange for bribes.

The complaint said Twitter was also heavily reliant on funding by Chinese entities and that there were concerns within Twitter that the company was providing information to those entities that would enable them to learn the identify and sensitive information of Chinese users who secretly use Twitter, which is officially banned in China.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.