AP

5 takeaways from Twitter whistleblower Peiter Zatko

Aug 23, 2022, 9:14 PM | Updated: Aug 28, 2022, 11:22 am

SAN FRANCISCO (AP) — Startling new revelations from Twitter’s former head of security, Peiter Zatko, have raised serious questions about the security of the platform’s service, its ability to identify and remove fake accounts, and the truthfulness of its statements to users, shareholders and federal regulators.

Zatko — better known by his hacker handle “Mudge” — is a respected cybersecurity expert who first gained prominence in the 1990s and later worked in senior positions at the Pentagon’s Defense Advanced Research Agency and Google. Twitter fired him from the security job early this year for what the company called “ineffective leadership and poor performance.” Zatko’s attorneys say that claim is false.

In a whistleblower complaint made public Tuesday, Zatko documented what he described as his uphill 14-month effort to bolster Twitter security, boost the reliability of its service, repel intrusions by agents of foreign governments and both measure and take action against fake “bot” accounts that spammed the platform.

Many of Zatko’s claims have not been corroborated and the complaint did not provide documentary support for his charges. In a statement, Twitter called Zatko’s description of events “a false narrative.”

Here are five takeaways from that whistleblower complaint.

TWITTER’S SECURITY AND PRIVACY SYSTEMS WERE GROSSLY INADEQUATE

In 2011, Twitter settled a Federal Trade Commission investigation into its privacy practices by agreeing to put stronger data security protections in place. Zatko’s complaint charges that Twitter’s problems grew worse over time instead.

For instance, the complaint states, Twitter’s internal systems allowed far too many employees access to personal user data they didn’t need for their jobs — a situation ripe for abuse. For years, Twitter also continued to mine user data such as phone numbers and email addresses — intended only for security purposes — for ad targeting and marketing campaigns, according to the complaint.

TWITTER’S ENTIRE SERVICE COULD HAVE COLLAPSED IRREPARABLY UNDER STRESS

One of the most striking revelations in Zatko’s complaint is the claim that Twitter’s internal data systems were so ramshackle — and the company’s contingency plans so insufficient — that any widespread crash or unplanned shutdown could have tanked the entire platform.

The concern was that a “cascading” data-center failure could quickly spread across Twitter’s fragile information systems. As the complaint put it: “That meant that if all the centers went offline simultaneously, even briefly, Twitter was unsure if they could bring the service back up. Downtime estimates ranged from weeks of round-the-clock work, to permanent irreparable failure.”

TWITTER MISLED REGULATORS, INVESTORS AND MUSK ABOUT FAKE “SPAM” BOTS

In essence, Zatko’s complaint states that Tesla CEO Elon Musk — whose $44 billion bid to acquire Twitter is headed for October trial in a Delaware court — is correct when he charges that Twitter executives have little incentive to accurately measure the prevalence of fake accounts on the system.

The complaint charges that the company’s executive leadership practiced “deliberate ignorance” on the subject of these so-called spam bots. “Senior management had no appetite to properly measure the prevalence of bot accounts,” the complaint states, adding that executives were concerned that accurate bot measurements would harm Twitter’s “image and valuation.”

ON JAN. 6, 2021, TWITTER COULD HAVE BEEN AT THE MERCY OF DISGRUNTLED EMPLOYEES

Zatko’s complaint states that as a mob assembled in front of the U.S. Capitol on Jan. 6, 2021, eventually storming the building, he began to worry that employees sympathetic to the rioters might try to sabotage Twitter. That concern spiked when he learned it was “impossible” to protect the platform’s core systems from a hypothetical rogue or disgruntled engineer aiming to wreak havoc.

“There were no logs, nobody knew where data lived or whether it was critical, and all engineers had some form of critical access” to Twitter’s core functions, the complaint states.

A PLAYGROUND FOR FOREIGN GOVERNMENTS

The Zatko complaint also highlights Twitter’s difficulty in identifying — much less resisting — the presence of foreign agents on its service. In one instance, the complaint alleges, the Indian government required Twitter to hire specific individuals alleged to be spies, and who would have had significant access to sensitive data thanks to Twitter’s own lax security controls. The complaint also alleges a murkier situation involving taking money from unidentified “Chinese entities” that then could access data that might endanger Twitter users in China.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

A woman pauses while shopping at a Kohl's store in Clifton, N.J., Jan. 26, 2024. On Thursday, Feb. ...

Associated Press

Federal Reserve’s preferred inflation gauge picked up last month in sign of still-elevated prices

An inflation gauge favored by the Federal Reserve increased in January, the latest sign that the slowdown in U.S. consumer price increases is occurring unevenly from month to month.

18 hours ago

This undated image provided by Mikel Desmond shows his brother Marcus Tessier, who turned up in Dem...

Associated Press

Missing teen with autism found in New Mexico, about 200 miles away from his Arizona home

A missing teen with autism has been found in New Mexico — about 200 miles away from his home in southern Arizona.

19 hours ago

A newly released report on last year’s fatal crash involving a pickup truck and a group of bicycl...

Associated Press

Report suggests steering of vehicle that caused fatal Goodyear bicycle crash worked fine

A new report on last year’s fatal Goodyear bicycle crash has cast doubts about the driver’s claim the vehicle’s steering locked up.

2 days ago

Israeli Embassy...

Associated Press

US airman dies after setting himself ablaze outside Israeli Embassy in Israel-Hamas war protest

An active-duty member of the U.S. Air Force has died after he set himself ablaze outside the Israeli Embassy in Washington, D.C.

4 days ago

Biden and Trump to visit Mexico border Thursday immigration...

Associated Press

Biden and Trump both plan trips to the Mexico border Thursday, dueling for advantage on immigration

President Joe Biden and former President Donald Trump will make dueling trips to the U.S-Mexico border on Thursday.

4 days ago

Arizona and New York attorneys feud over extraditing suspect...

Associated Press

Why Alvin Bragg and Rachel Mitchell are fighting over extraditing suspect in New York hotel killing

Maricopa County Attorney Rachel Mitchell says she isn't into extraditing a suspect due to her lack of faith in Manhattan’s top prosecutor.

8 days ago

Sponsored Articles

...

Midwestern University

Midwestern University Clinics: transforming health care in the valley

Midwestern University, long a fixture of comprehensive health care education in the West Valley, is also a recognized leader in community health care.

...

Sanderson Ford

The best ways to honor our heroes on Veterans Day and give back to the community

Veterans Day is fast approaching and there's no better way to support our veterans than to donate to the Military Assistance Mission.

...

Canvas Annuity

Interest rates may have peaked. Should you buy a CD, high-yield savings account, or a fixed annuity?

Interest rates are the highest they’ve been in decades, and it looks like the Fed has paused hikes. This may be the best time to lock in rates for long-term, low-risk financial products like fixed annuities.

5 takeaways from Twitter whistleblower Peiter Zatko