Friday, December 2, 2022
Home TECH Twitter Whistleblower Testifies About Security Flaws

Twitter Whistleblower Testifies About Security Flaws

meIn his first public appearance since making a series of explosive accusations against Twitter in a whistleblower complaint last month, Peiter “Mudge” Zatko, the company’s former chief security officer, told lawmakers Tuesday that the social media platform it was endangering both users and national security. by prioritizing growth over fixing “egregious” security flaws.

“What I discovered when I joined Twitter was that this hugely influential company was more than a decade behind industry security standards,” Zatko, a known hacker with three decades of cybersecurity experience, told the Judiciary Committee on the Judiciary. Senate. “It doesn’t matter who has the keys if you don’t have locks on the doors…the company’s cybersecurity flaws make it vulnerable to exploitation, causing real harm to real people.”

His somber appearance in a formal gray suit and goatee was a far cry from the long, flowing hair Zatko sported when he first appeared before the Senate 24 years ago. But this time he issued a warning similar to the one he did then, when he alarmed lawmakers by claiming that he and his fellow hackers could take down the Internet in 30 minutes. “It’s not unreasonable to say that an employee within the company could take over the accounts of every senator in this room,” he said.

Zatko characterized Twitter’s shortcomings as a dire threat to national and global security. “When an influential media platform can be compromised by teenagers, thieves and spies, and the company repeatedly creates security issues of its own, this is a huge problem for all of us.”

In 84 pages of disclosures sent to US regulatory agencies in July, Zatko, who invoked federal whistleblower protections, accused top executives of the $32 billion company of violating the Federal Tax Commission Act. Trade and Securities and Exchange Commission regulations by misleading its users, board members, and investors. about critical security flaws. These gaps left the platform open to security breaches, infiltration by foreign governments, and exploitation by a variety of bad actors, Zatko said.

“I think they would like to wave a magic wand and fix all these things,” he told lawmakers on Tuesday. “But they’re not willing to bite the bullet … and say ‘hey, we’re going to have to spend some time and money to put these basic things in place.'”

Read more: ‘Egregious shortcomings’, bots and foreign agents: Twitter whistleblower’s biggest accusations

“Twitter is an immensely powerful platform that cannot afford huge security vulnerabilities,” said Senator Richard Durbin, chairman of the Senate Judiciary Committee. “Imagine if it was a malicious hacker or a hostile foreign government breaking into the presidents Twitter account, sending false information and claiming there was a terrorist attack against one of our citizens? We could see widespread panic.”

These are the key points from Zatko’s testimony on Tuesday.


Independent security consultant and Twitter whistleblower Peiter “Mudge” Zatko testifies before the US Senate Judiciary Committee on Capitol Hill in Washington, DC on September 13, 2022.

Brendan Smialowski—AFP/Getty Images

“One crisis at a time”: Zatko described the internal chaos on Twitter

Zatko described a company that was unwilling to commit resources to patch even basic vulnerabilities and internal frustration over what he described as leadership failures. “Engineers and employees want this change,” he said of proposed solutions to security and privacy issues plaguing the platform. “[But] it is a culture where they can only focus on one crisis at a time. And that crisis is not complete, it is simply replaced by another crisis.”

Zatko’s claims ended amid a heated legal dispute over Twitter’s deal to sell the company to Elon Musk, turning his credibility into a multimillion-dollar problem. Last month, a judge ruled that Musk could amend his lawsuit against the company to include the allegations made by Zatko, who was subpoenaed by Musk’s legal team.

After Zatko’s whistleblower complaint became public, it was revealed that two months earlier, the company had agreed to pay him more than $7 million in a settlement related to lost compensation. This included a confidentiality agreement that prohibited him from disparaging the company, according to the Wall Street Journal.

Musk appeared to indicate that he was watching the hearings on Tuesday. tweeting the popcorn emoji. Less than an hour after the hearings ended, Twitter shareholders voted to approve Musk’s original deal. “There’s been a buildup on Twitter, between Musk’s actions and now the Mudge accusations, that has eroded the stock value a lot,” says Natasha Lamb, managing partner at Arjuna Capital, which owns Twitter stock. “Investors see buying Musk as potentially the only way out for them to get value back.”

Twitter and Musk are set to go to trial over the dispute on October 17.

Read more: Twitter whistleblower needs you to trust him

Complaints about Twitter’s ties to foreign governments

Zatko spoke at length about one of the most alarming sections of his disclosure: that Twitter had allowed an Indian government agent to be hired at its newly created Indian office, giving that agent access to inside information. For the past several years, Twitter has been embroiled in a standoff with the Indian government over the latter’s desire to censor posts in the country. Zatko says he believes the agent’s goal within the company was “to understand Twitter’s negotiations with the court and the ministry.”

The whistleblower said Tuesday that once he found out about the agent, he created a small team “just to track down that person,” but that it was “extremely difficult” to follow the agent’s actions or contain his activities, due to the inadequacy of Twitter. . internal tools.

Zatko accused superiors of turning a blind eye to the situation, saying that when he told an executive about the alleged agent, he was told, “Since we already have one, what does it matter if we have more? Let’s keep growing the office.” .

During his time on Twitter, Zatko also claims that some company employees raised concerns that the Chinese government might collect data on the platform’s users, and described internal tensions with executives who wanted to maximize Chinese ad revenue.

“The executive in charge of sales soon after I joined said, ‘This is a big internal dilemma, because we’re making too much money off of these sales, we’re not going to stop,'” he said.

Zatko also revealed more information than his revelations had hinted at. While in the redacted version of his whistleblower complaint made public, he said he had warned Twitter that “one or more” of his employees were “working on behalf of another particular foreign intelligence.” agency,” he elaborated on Tuesday. The week before the company fired him, Zatko said, he learned that an agent from China’s Ministry of State Security was on Twitter’s payroll.

The role of Twitter in geopolitical crises

Zatko called the company’s lack of moderators for content in other languages ​​”impressive.” He suggested that this deficiency contributed to the genocide of Rohingya Muslims in Myanmar, in which hate speech and propaganda against the minority group was encouraged on social media platforms such as Facebook and Twitter. “When something happened in Myanmar, you couldn’t wait until after it happened and then say, ‘Where are the Burmese speakers?’ Twitter has to understand that 80% of its users are outside of the US You can’t create a healthy environment or serve the public conversation if all you can do is say ‘Google Translate’ is doing the right job to me,'” he said. he said he.

Lawmakers also noted that Twitter’s prioritization of its growth over security and privacy measures had serious consequences for users living under authoritarian regimes.

“Earlier this year, a federal jury convicted a Saudi citizen working for Twitter of stealing personal data from dissidents critical of the Saudi regime and turning the data over to the Saudi government,” Durbin said. “This is a matter of life and death as we know for these dissidents.”

How the FTC has been overtaken by Big Tech

One of the reasons Twitter was able to stay a “decade behind” its competitors on security, says Zatko, was the lack of pressure placed on the company by regulators. In particular, the whistleblower said that the FTC was “absolutely outmatched” against Big Tech; that the agency “left companies to do their own homework” and allowed them to hire their own auditors, which he said amounted to a conflict of interest.

“Clearly what we’re doing right now is not working,” said Sen. Richard Blumenthal.

Zatko told lawmakers that Twitter feared other foreign regulators much more than the FTC. In particular, he said that France’s data privacy watchdog, the Commission National de l’Informatique et des Libertés (CNIL), “terrified” the company, because they asked technical and quantitative questions and exercised the ability to impose large recurring fines, rather than one-time fines. time the FTC sanctions Twitter for “pricing” its business model.

Senators of both parties asked to intensify the regulation

Zatko’s appearance, however temporarily, spurred a spirit of bipartisanship in Congress on Tuesday. Sen. Lindsay Graham has pledged to partner with Elizabeth Warren, with whom he has “different perspectives on just about everything,” to craft new legislation to regulate big tech. He said he hoped to create “a system more like Europe: a regulatory environment with teeth.”

“If Elizabeth Warren and Lindsay Graham can come together around that concept, I think we’re ready for the race,” Graham said.

Many other senators on both sides of the aisle called for more regulation and floated the idea of ​​creating a new agency. Senators Amy Kloubachar and Marsha Blackburn called for a national privacy standard to protect users online. And Senator Chris Coons used his time to advocate for the bipartisan bill he announced in December, the Law of Responsibility and Transparency of the Platform, which would require social media companies to undergo independent audits and publish much more data about how they operate.

More must-read stories from TIME


write to Vera Bergengruen at vera.bergengruen@time.com.


[ad_2]

RELATED ARTICLES

Elon Musk says Twitter will give ‘amnesty’ to suspended accounts starting next week

If Twitter looks like a garbage fire right now, just wait. CEO Elon Musk announced a blanket pardon for nearly all suspended accounts...

Officials Seek Fixes For Exploding E-Bike Batteries – NPR

Electric bicycles are becoming fashionable. But damaged or improperly charged batteries can explode and start deadly fires,...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

Georgia Supreme Court reinstates state ban on abortions after about six weeks of pregnancy

Georgia Supreme Court reinstates state ban on abortions after about six weeks of pregnancy

Adderall and amoxicillin shortages raise questions about transparency at Big Pharma

Critical shortages of the ADHD drug Adderall and the antibiotic amoxicillin have left families reeling as the medications their loved ones need become harder...

Humberside Police judged ‘outstanding’ five years after being classified as failing | politics

A police force has gone from being classified as a failure five years ago to receiving the highest ratings in the modern era from...

Readers discuss Trump devotees, Republican love of guns and healthy eating – New York Daily News

Medford, LI: On successive news days this Thanksgiving week, I read that US Attorney General Merrick Garland has appointed a special prosecutor to investigate...