According to a whistleblower complaint submitted to U.S. officials, a former head of security at Twitter said that the firm deceived regulators about its inadequate cybersecurity defenses and its incompetence in trying to weed out phony accounts that propagate misinformation. The disclosure might cause the social media platform, which is presently trying to pressure Tesla CEO Elon Musk to complete his $44 billion offer to buy the business, major legal and financial issues. On Tuesday, a number of Congressmen urged regulators to look into the allegations.
The charges were sent last month to the U.S. Securities and Exchange Commission, the Federal Trade Commission, and the Department of Justice by Peiter Zatko, who served as Twitter’s security chief until his dismissal at the beginning of this year. A redacted version of the complaint published online by the Washington Post was authenticated by the legal group Whistleblower Aid, which is collaborating with Zatko. John Tye, the group’s co-founder and chief disclosure officer, said in an interview on Tuesday that “this was a final resort for him.
” He said that prior to his termination in January, Zatko made all possible efforts to get his issues addressed within the organization. One of Zatko’s most severe allegations is that Twitter broke the terms of a 2011 FTC settlement by misrepresenting the extent of its security and privacy protections for its users. The claim at the center of Musk’s attempt to withdraw from the Twitter takeover is made by Zatko, who also accuses the firm of misleading customers about how it handles “spam” or phony accounts.
At one point on Tuesday, shares of Twitter Inc. had decreased by more than 6%. a hacker better known by his handle Cybersecurity expert “Mudge” Zatko rose to fame in the 1990s and later held important positions at Google and the Pentagon’s Defense Advanced Research Agency. He joined Twitter at Jack Dorsey’s request in late 2020, the same year the business experienced a humiliating security breach involving hackers who tried to steal bitcoin from followers by hacking into the Twitter accounts of world leaders, celebrities, and tech titans, including Musk.
The claims and the opportunistic timing “appears aimed to attract attention and inflict harm on Twitter, its customers, and its shareholders,” Twitter said in a prepared statement on Tuesday, adding that Zatko was fired for “ineffective leadership and poor performance.” His complaint was labeled “a bogus story” by the company, “riddled with errors and distortions, and without crucial context.”
Debra Katz and Alexis Ronickher, Zatko’s attorneys, asserted that Twitter’s claims regarding his subpar performance are untrue and that he consistently voiced his concerns about “grossly insufficient information security protocols” to senior managers and the board of directors of Twitter. The lawyers said that Zatko raised his concerns, “clashed” with CEO Parag Agrawal and board member Omid Kordestani and was fired two weeks later in late 2021 after the board was provided “whitewashed” information regarding those security issues.
The 84-page complaint paints a picture of Twitter’s dysfunctional company culture, ineffective leadership, and “deliberate ignorance” of critical issues by top executives, according to Zatko. His assessment of Dorsey’s management style is particularly damning; he called the founder of Twitter “very disengaged” in the latter months of his role as CEO, to the extent that he would not even speak up during meetings on difficult difficulties the firm was experiencing.
Zatko claimed that he had heard from coworkers that Dorsey would keep quiet for “days or weeks.” In November 2021, Dorsey announced he will leave his position as CEO of Twitter. According to the statement, Twitter does not provide financial rewards for enhancing platform security and integrity, but the firm did provide $10 million bonuses to senior executives last year who could drive rapid user growth.
The following are some of Zatko’s allegations of cybersecurity malpractice: People frequently installed “any software they wanted on their work systems,” and software and security upgrades were disallowed on more than a third of employee PCs, exposing them to infection. Such errors are frequently viewed as cybersecurity sins.