Twitter’s Former Head of Security Turns Whistleblower

Twitter’s Former Head of Security Turns Whistleblower

Twitter regularly loses track of users’ information after they’ve deleted their accounts, allows virtually unfettered staff access to its internal controls, and fails to address the increasing population of bots using the site, according to a 200-page disclosure obtained by CNN and The Washington Post. Zatko originally sent the disclosure to Congress and a handful of enforcement agencies last month in an attempt to bring federal attention to Twitter’s wrongdoings, which he alleges impact user safety and even threaten national security.

Zatko was originally recruited by ex-CEO Jack Dorsey for his experience at Stripe, Google, and the Department of Defense, as well as his “ethical hacking” skills. Upon joining the company, however, he discovered an atmosphere riddled with “egregious deficiencies, negligence, willful ignorance, and threats to national security and democracy.” Thousands of Twitter employees had unnecessary access to the site’s most sensitive controls. There was no log of who entered the site’s “production environment” (the internal access point in which one can change the public platform), when they entered, or what changes they made. Less than half of Twitter’s workforce used computers that met basic cybersecurity standards, and half of its 500,000 servers ran on outdated software that couldn’t support encryption or vendor security updates.

This was only the beginning. When Dorsey stepped down and Parag Agrawal filled in, Agrawal supposedly discouraged Zatko from escalating the aforementioned security vulnerabilities to Twitter’s board of directors. According to Zatko, executives eventually ordered him to share these vulnerabilities orally instead of by written means, and to “cherry-pick” and “misrepresent” data that would make it appear as though the company had made strides to improve its site’s security. Afterward, executives covertly covered up a third-party consulting firm’s report that confirmed many of Zatko’s original suspicions.

Twitter’s Former Head of Security Turns Whistleblower

Before being terminated for what Twitter claims was underperformance in January 2022, Zatko reviewed evidence from the US government that at least one Twitter employee was working for a foreign intelligence service. (Sure enough, this month a Twitter employee was convicted of having spied for Saudi Arabia for financial gain.) Concerns regarding international tensions rose when Agrawal—Twitter’s chief technology officer at the time—told Zatko the platform should comply with Russian censorship and surveillance demands. This suggestion was ultimately tossed to the wayside.

Agrawal responded to the disclosure in a memo to employees on Tuesday. “We are reviewing the redacted claims that have been published, but what we’ve seen so far is a false narrative that is riddled with inconsistencies and inaccuracies, and presented without important context,” he wrote. Agrawal went on to imply that Zatko’s disclosure was the product of retaliation, saying “Mudge was accountable for many aspects of this work that he is now inaccurately portraying more than six months after his termination.”

Spokesperson Rachel Cohen told CNN the Senate Intelligence Committee is taking the disclosure seriously and planning to meet to discuss the allegations soon. The Senate Judiciary Committee and House Energy and Commerce Committee are also investigating or planning to investigate Zatko’s disclosure. The document was additionally sent to the U.S. Securities and Exchange Commission, the Bureau of Consumer Protection at the Federal Trade Commission, and the Justice Department.

“If these problems are not corrected, regulators, media, and users of the platform will be shocked when they inevitably learn about Twitter’s severe lack of security basics,” Zatko wrote in a separate document cited within the disclosure.

Continue reading

Intel Launches AMD Radeon-Powered CPUs
Intel Launches AMD Radeon-Powered CPUs

Intel's new Radeon+Kaby Lake hybrid CPUs are headed for store shelves. Here's how the SKUs break down and what you need to know.

Scientists Confirm the Presence of Water on the Moon
Scientists Confirm the Presence of Water on the Moon

Scientists have confirmed the discovery of molecular water on the moon. Is there any of it in a form we can use? That's less clear.

Review: The Oculus Quest 2 Could Be the Tipping Point for VR Mass Adoption
Review: The Oculus Quest 2 Could Be the Tipping Point for VR Mass Adoption

The Oculus Quest 2 is now available, and it's an improvement over the original in every way that matters. And yet, it's $100 less expensive than the last release. Having spent some time with the Quest 2, I believe we might look back on it as the headset that finally made VR accessible to mainstream consumers.

SpaceX Launches ‘Better Than Nothing’ Starlink Beta
SpaceX Launches ‘Better Than Nothing’ Starlink Beta

Those lucky few who have gotten invitations to try the service will have to pay a hefty up-front cost, and the speeds aren't amazing. Still, it's a new generation of satellite internet.