Slot Gacor Gampang Menang Situs Slot Gacor

The whistleblower says Twitter is vulnerable to Russian and Chinese influence

A combination of lax cybersecurity controls and poor judgment has repeatedly exposed Twitter to a range of foreign intelligence risks, according to Zatko, who was Twitter’s chief security officer from November 2020 until he was fired in January.

From taking money from unreliable Chinese sources to suggesting the company give in to Russian censorship and surveillance demands, Twitter executives including now-CEO Parag Agrawal have knowingly put Twitter users and employees at risk in pursuit of short-term growth, Zatko alleges.

CNN sought comment from Twitter on more than 50 different questions in response to the general disclosure, along with specific questions about the allegations outlined in this story. Twitter did not respond to CNN̵[ads1]7;s questions about foreign intelligence risks, but a spokesperson for the company has said that overall Zatko’s claims are “riddled with inconsistencies and inaccuracies, and lack important context.”

The national security allegations are part of an explosive, nearly 200-page disclosure to Congress, the Justice Department and federal regulators that accuse Twitter’s management of covering up critical vulnerabilities in the companies and deceiving the public. Zatko, a longtime cybersecurity expert who has held senior roles at Google, Stripe and the Department of Defense, submitted his disclosure to authorities last month after what he described as months of unsuccessful attempts to raise the alarm at Twitter about the dangers it faced. While the disclosure to Congress has been redacted to omit sensitive details related to the national security requirements, a more comprehensive version with supporting documents has been provided to the Senate Intelligence Committee and to the DOJ’s National Security Division, according to the disclosure.

Among the allegations, the whistleblower’s disclosure alleges that the US government provided specific evidence to Twitter shortly before Zatko’s firing that at least one of its employees, perhaps more, was working for another government’s intelligence agency. The disclosure does not say whether Twitter acted on the US government’s tip or whether the tip was credible.

The disclosure of the whistleblower could further stoke bipartisan concerns in Washington about foreign adversaries and the cybersecurity threat they pose to Americans. In recent years, policymakers have worried about authoritarian governments siphoning American citizens’ data from hacked or bent companies; exploiting technological platforms to subtly influence or sow disinformation among American voters; or exploit unauthorized access to gather information about human rights critics and other perceived threats to non-democratic regimes.

Twitter’s alleged failure could potentially open the door to all three possibilities.

In response to the revelation, the Senate Intelligence Committee’s top Republican, Marco Rubio, promised to look into the allegations.

“Twitter has a long history of making really bad decisions about everything from censorship to security practices. That’s a big concern given the company’s ability to influence the national discourse and global events,” Rubio said. “We are treating the complaint with the seriousness it deserves and look forward to learning more.”

In the months before Russia invaded Ukraine, Agrawal — then Twitter’s chief technology officer — appeared prepared to make significant concessions to the Kremlin, according to Zatko’s disclosure.
Agrawal suggested to Zatko that Twitter comply with Russian demands that could result in broad censorship or surveillance, Zatko claims, recalling an interaction he had with Agrawal at the time. The disclosure does not provide details on exactly what Agrawal proposed. But last summer, Russia passed a law that pressures tech platforms to open local offices in the country or face potential advertising bans, a move Western security experts have said could give Russia greater influence over US tech companies.
Parag Agrawal, CEO of Twitter, at the Allen & Company Sun Valley Conference on July 7 in Sun Valley, Idaho.
Agrawal’s proposal was designed as a way to increase users in Russia, the disclosure says, and while the idea was ultimately scrapped, Zatko still saw it as an alarming sign of how far Twitter was willing to go in pursuit of growth, according to the disclosure.

“The fact that Twitter’s current CEO even suggested that Twitter became complicit with the Putin regime is cause for concern about Twitter’s effects on US national security,” Zatko’s disclosure said.

Twitter is also in a compromised position in China, the disclosure to Congress claims. The company has reportedly accepted funding from unnamed “Chinese entities” that now have access to information that could eventually expose people in China illegally circumventing government censorship to view and use Twitter.

“Twitter executives knew that accepting Chinese money risked putting users in China at risk,” the disclosure said. “Mr. Zatko was told that Twitter was too dependent on the revenue stream at this point to do anything other than try to grow it.”

Zatko’s 80-page disclosure detailing his claims, along with nearly two dozen additional supporting documents, is becoming public just two weeks after a former Twitter executive was convicted of spying for Saudi Arabia. The former employee allegedly abused his access to Twitter data to gather information about suspected Saudi dissidents, including their phone numbers and email addresses, and allegedly provided that information to the Saudi government.

This security breach, which was first uncovered in 2019, underscores the seriousness of Zatko’s allegations, which describe Twitter as an extremely porous organization with disturbingly lax cybersecurity controls compared to its peers. In order to do their jobs, roughly half of Twitter employees have excessive permissions that grant access to live user data and the active Twitter product, according to the disclosure, a practice Zatko says is a significant departure from the standards of other large technology companies where access is tightly controlled and employees largely work in special sandboxes isolated from the consumer-facing product. “Every engineer” at the company, Zatko claims, “has a complete copy of Twitter’s proprietary source code on his laptop.”

What the Twitter whistleblower could mean for Elon Musk's takeover deal

Twitter has told CNN that its handling of the source code is not outside of industry practice, and that Twitter’s engineering and product teams are authorized to access the company’s live platform if they have a specific business reason to do so.

The company also said it uses automated controls to ensure that laptops running outdated software cannot access the production environment, and that employees can only make changes to Twitter’s live product after the code meets certain registration and review requirements.

The disclosure claims that Twitter has trouble mitigating its cybersecurity risks because it can’t control, and often doesn’t know, what employees can do on their work computers. Data Zatko reveals from Twitter’s internal cybersecurity dashboard shows that four out of 10 employee devices — representing thousands of laptops — don’t have basic protections enabled, such as firewalls and automatic software updates. Employees are also able to install third-party software on their computers with few technical limitations, the disclosure says, which on several occasions has reportedly resulted in employees installing unauthorized spyware on their devices at the behest of outside organizations.

In its responses to CNN, Twitter said employees use devices monitored by other IT and security teams with the power to prevent a device from connecting to sensitive internal systems if it runs outdated software.

Twitter has internal security tools that are tested by the company regularly, and every two years by external auditors, according to a person familiar with Zatko’s position at the company. The person added that some of Zatko’s statistics around device security lacked credibility and were derived by a small team that did not properly consider Twitter’s existing security procedures.

John Tye, founder of Whistleblower Aid and Zatko’s attorney, told CNN “we absolutely stand by the content of Mudge’s disclosure.”

A person who uses Twitter.

Unnecessary access and limited oversight of employee behavior create opportunities for insider threats like the Saudi operator, but the Saudi government wasn’t the only one seeking greater access to Twitter’s internal systems, Zatko claims.

The Indian government successfully “forced” Twitter to hire agents working on its behalf, the disclosure says, “who (due to Twitter’s fundamental architectural flaws) would have access to massive amounts of Twitter-sensitive data.” Twitter has withheld that fact from its public transparency reports, the disclosure adds.

In the past year, the Indian government has pushed to expand its control over social media within its borders, clashing with Twitter over content removal, forcing tech platforms to hire legal and law enforcement liaisons in the country and even conducting raids on Twitter’s local offices. The person familiar with Zatko’s tenure said the Indian government agents the disclosure refers to were in fact the legal and law enforcement liaisons required under Indian law.

Many tech platforms are global enterprises, and in some cases, as with Russia’s efforts to force tech companies to open local headquarters, their employees can become unwitting leverage points for governments seeking to exert pressure on the companies. Company and user data stored on or accessible to employee computers may be at risk of being accessed or seized by local authorities. The employees themselves, or their families, may be at risk of being threatened or coerced.

But Twitter’s unique cyber security vulnerability has made the local offices particularly sensitive targets, Zatko claims. India, Nigeria and Russia have all “sought, with varying success, to force Twitter to hire local [full-time employees] which can be used as leverage,” the disclosure states.

Twitter’s business practices undermine not only the interests of the United States but also the interests of all democratic nations, the disclosure claims, citing the company’s handling of a Nigerian government decision to block Twitter for several months last year over a presidential tweet that was widely interpreted as a threat to some Nigerian citizens and then removed by Twitter.

Nigeria lifted its ban on Twitter in January, after the government said the social media platform had agreed to all conditions. The conditions include compliance with Nigerian “prohibited publication” laws.

Despite Twitter’s claims to have been in negotiations with Nigeria after it suspended the company, those talks never actually took place, Zatko claims. Twitter’s alleged misrepresentations about engaging the Nigerian government not only hurt the company’s investors, the disclosure says, but also gave Nigerian officials cover to demand far greater concessions from Twitter than the company would have otherwise given.

The admissions, according to Zatko’s disclosure, have “harmed the freedom of expression and democratic accountability of Nigerian citizens.”

Source link

Back to top button