Twitter’s Former Head of Security Turns Whistleblower

Twitter’s Former Head of Security Turns Whistleblower

Twitter regularly loses track of users’ information after they’ve deleted their accounts, allows virtually unfettered staff access to its internal controls, and fails to address the increasing population of bots using the site, according to a 200-page disclosure obtained by CNN and The Washington Post. Zatko originally sent the disclosure to Congress and a handful of enforcement agencies last month in an attempt to bring federal attention to Twitter’s wrongdoings, which he alleges impact user safety and even threaten national security.

Zatko was originally recruited by ex-CEO Jack Dorsey for his experience at Stripe, Google, and the Department of Defense, as well as his “ethical hacking” skills. Upon joining the company, however, he discovered an atmosphere riddled with “egregious deficiencies, negligence, willful ignorance, and threats to national security and democracy.” Thousands of Twitter employees had unnecessary access to the site’s most sensitive controls. There was no log of who entered the site’s “production environment” (the internal access point in which one can change the public platform), when they entered, or what changes they made. Less than half of Twitter’s workforce used computers that met basic cybersecurity standards, and half of its 500,000 servers ran on outdated software that couldn’t support encryption or vendor security updates.

This was only the beginning. When Dorsey stepped down and Parag Agrawal filled in, Agrawal supposedly discouraged Zatko from escalating the aforementioned security vulnerabilities to Twitter’s board of directors. According to Zatko, executives eventually ordered him to share these vulnerabilities orally instead of by written means, and to “cherry-pick” and “misrepresent” data that would make it appear as though the company had made strides to improve its site’s security. Afterward, executives covertly covered up a third-party consulting firm’s report that confirmed many of Zatko’s original suspicions.

Twitter’s Former Head of Security Turns Whistleblower

Before being terminated for what Twitter claims was underperformance in January 2022, Zatko reviewed evidence from the US government that at least one Twitter employee was working for a foreign intelligence service. (Sure enough, this month a Twitter employee was convicted of having spied for Saudi Arabia for financial gain.) Concerns regarding international tensions rose when Agrawal—Twitter’s chief technology officer at the time—told Zatko the platform should comply with Russian censorship and surveillance demands. This suggestion was ultimately tossed to the wayside.

Agrawal responded to the disclosure in a memo to employees on Tuesday. “We are reviewing the redacted claims that have been published, but what we’ve seen so far is a false narrative that is riddled with inconsistencies and inaccuracies, and presented without important context,” he wrote. Agrawal went on to imply that Zatko’s disclosure was the product of retaliation, saying “Mudge was accountable for many aspects of this work that he is now inaccurately portraying more than six months after his termination.”

Spokesperson Rachel Cohen told CNN the Senate Intelligence Committee is taking the disclosure seriously and planning to meet to discuss the allegations soon. The Senate Judiciary Committee and House Energy and Commerce Committee are also investigating or planning to investigate Zatko’s disclosure. The document was additionally sent to the U.S. Securities and Exchange Commission, the Bureau of Consumer Protection at the Federal Trade Commission, and the Justice Department.

“If these problems are not corrected, regulators, media, and users of the platform will be shocked when they inevitably learn about Twitter’s severe lack of security basics,” Zatko wrote in a separate document cited within the disclosure.

Continue reading

MSI’s Nvidia RTX 3070 Gaming X Trio Review: 2080 Ti Performance, Pascal Pricing
MSI’s Nvidia RTX 3070 Gaming X Trio Review: 2080 Ti Performance, Pascal Pricing

Nvidia's new RTX 3070 is a fabulous GPU at a good price, and the MSI RTX 3070 Gaming X Trio shows it off well.

RISC-V Tiptoes Towards Mainstream With SiFive Dev Board, High-Performance CPU
RISC-V Tiptoes Towards Mainstream With SiFive Dev Board, High-Performance CPU

RISC V continues to make inroads across the market, this time with a cheaper and more fully-featured test motherboard.

Ryzen 9 5950X and 5900X Review: AMD Unleashes Zen 3 Against Intel’s Last Performance Bastions
Ryzen 9 5950X and 5900X Review: AMD Unleashes Zen 3 Against Intel’s Last Performance Bastions

AMD continues its onslaught on what was once Intel's undisputed turf.

Intel Is Spreading FUD About Supposedly Huge Ryzen 4000 Performance Drops on Battery
Intel Is Spreading FUD About Supposedly Huge Ryzen 4000 Performance Drops on Battery

Intel believes it has presented evidence that negates the value of AMD's Ryzen 4000 product stack. Intel is mistaken.