Twitter misled US regulators on hackers, spam, whistleblowers say

Aug 23 (Reuters) – Twitter Inc ( TWTR.N ) misled federal regulators about its defenses against hackers and spam accounts, the social media company’s former security chief Peiter Zatko said in a whistleblower complaint.

In an 84-page complaint, Zatko, a well-known hacker widely known as “Mudge,”[ads1]; alleged that Twitter falsely claimed it had a solid security plan, according to documents forwarded by congressional investigators. Twitter shares fell 7.3% to close at $39.86.

The document claims that Twitter prioritized user growth over reducing spam, with executives eligible to win individual bonuses of as much as $10 million tied to increases in daily users, and nothing explicit about cutting spam.

Register now for FREE unlimited access to

Twitter branded the complaint a “false narrative”. The social media company has been battling Elon Musk in court after the world’s richest man tried to back out of a $44 billion deal to buy Twitter. Musk said it was unable to provide details on the prevalence of bot and spam accounts.

Tesla Inc ( TSLA.O ) Chief Executive Musk had offered to buy Twitter for $54.20 a share, saying he believed it could be a global platform for free speech.

Twitter and Musk have sued each other, and Twitter is asking a Delaware Court of Chancery judge to order Musk to end the deal. A trial is scheduled for October 17.

Zatko filed the complaint last month with the US Securities and Exchange Commission and the Department of Justice, as well as the Federal Trade Commission (FTC). The complaint was also sent to congressional committees.

“We are reviewing the redacted claims that have been published, but what we have seen so far is a false narrative that is full of inconsistencies and inaccuracies,” Twitter CEO Parag Agrawal told employees in a memo.

The Senate Judiciary Committee’s top Republican, Chuck Grassley, said the complaint raised serious national security and privacy concerns and needed to be investigated.

“Take a technology platform that collects massive amounts of user data, combine it with what appears to be an incredibly weak security infrastructure, and fill it with foreign state actors with an agenda, and you have a recipe for disaster,” he said.

The FTC declined to comment. A spokesman for the Senate Intelligence Committee said it had received the complaint and set up a meeting to discuss the allegation.

Twitter’s real regulatory risk lies in whether the documentary evidence shows “knowingly or recklessly misleading” investors or regulators, said Howard Fischer, a partner at Moses & Singer and a former SEC attorney.


Musk could not be reached for comment, but responded on Twitter with memes and emojis of a robot. Musk’s legal team has subpoenaed Zatko, CNN reported after the whistleblower’s disclosure was made public.

American hackers have admired Zatko since the 1990s, when he was credited with inventing a password-cracking tool. He later used his hacking chops to become a sought-after security consultant and, along with other rebellious technologists of the era, moved into top government and board positions.

The whistleblower document says that after the Jan. 6 riots, the incoming Biden administration offered him “a day one appointed position as Chief Information Security Officer for the United States,” which he declined.

Cybersecurity leaders expressed broad support for Zatko, and many lamented Twitter’s reaction to his revelations.

Robert Lee, founder of industrial cybersecurity company Dragos, said it was “one of those very rare times based on who it is, I don’t even need to know a detail to form an opinion,” he said on Twitter. “If Mudge is making these kinds of allegations, it deserves the investigation.”

In January, Twitter said Zatko was no longer the chief security officer, two years after he was appointed to the role.

On Tuesday, a Twitter spokesperson said Zatko was fired for “ineffective leadership and poor performance,” adding that his allegations appeared to attract attention and harm Twitter, its customers and its shareholders.

Debra Katz and Alexis Ronickher, attorneys for Zatko, said in a statement that throughout his tenure at Twitter, he repeatedly raised concerns about inadequate information security systems with the company’s executive committee, CEO and board of directors. Twitter did not respond to a request for comment on the statement.

(This story corrects closing price and removes extraneous percentage symbol in paragraph two)

Register now for FREE unlimited access to

Reporting by Chavi Mehta, Ankur Banerjee and Tiyashi Datta in Bengaluru, Peter Henderson in Oakland and Raphael Satter in Washington; Additional reporting by Rick Cowan in Washington; Author Ankur Banerjee; Editing by Kenneth Li, Saumyadeb Chakrabarty, Sriraj Kalluvila and David Gregorio

Our standards: Thomson Reuters Trust Principles.

Source link

Back to top button