sunny.png
Saturday January 28th, 2023 12:49PM

Twitter whistleblower bringing security warnings to Congress

By The Associated Press
Related Articles
  Contact Editor

WASHINGTON (AP) — Peiter “Mudge” Zatko, the Twitter whistleblower who is warning of security flaws, privacy threats and lax controls at the social platform, will take his case to Congress on Tuesday.

Senators who will hear Zatko’s testimony before the Senate Judiciary Committee are alarmed by his Twitter allegations at a time of heightened concern over the safety of powerful tech platforms.

It’s Zatko’s second Capitol Hill appearance, and in some ways a 21st-century echo of his first. In 1998, he testified before a Senate panel along with fellow members of a hacker collective who warned about the security dangers of the then-emerging internet age.

Zatko, a respected cybersecurity expert, was Twitter’s head of security until he was fired early this year. He has brought the stunning allegations to Congress and federal regulators, asserting that the influential social platform misled regulators about its cyber defenses and efforts to control millions of “spam” or fake accounts.

Sen. Dick Durbin, the Illinois Democrat who chairs the panel, called Zatko's allegations “serious business."

“If it's anywhere along the lines that (he) suggested, I think it's a matter of grave personal-privacy concern," Durbin told reporters Monday. “The question is whether information gathered by Twitter has been used for purposes which we're not aware of."

Zatko's accusations are also playing into billionaire tycoon Elon Musk's battle with Twitter. The Tesla CEO is trying to get out of his $44 billion bid to buy the company; Twitter has sued to force him to complete the deal. The Delaware judge overseeing that case ruled last week that Musk can include new evidence related to Zatko’s allegations in the high-stakes trial set to start Oct. 17.

The allegation that Twitter engaged in deception in its handling of automated “spam bot” accounts is at the core of Musk’s attempt to back out of the Twitter deal.

At the same time, many of Zatko’s claims are uncorroborated and appear to have little documentary support. In a statement, Twitter has called Zatko’s description of events “a false narrative.”

Also on Tuesday, Twitter’s shareholders are scheduled to vote on the company’s pending buyout by Musk. The vote is something of a formality given that the deal is on hold while the court case plays out. But if the measure passes as expected, it would also pave the way for a Musk takeover should Twitter prevail in court.

Zatko also filed complaints with the Justice Department, the Federal Trade Commission and the Securities and Exchange Commission. Among his most serious accusations is that Twitter violated the terms of a 2011 FTC settlement by falsely claiming that it had put stronger measures in place to protect the security and privacy of its users.

The SEC is questioning Twitter about how it counts fake accounts on its platform. Twitter uses counts of its presumably real users to attract advertisers, whose payments make up about 90% of its revenue. The “spam bots” have no value to advertisers because there’s no person behind them.

San Francisco-based Twitter has an estimated 238 million daily active users worldwide. The company says it removes 1 million spam accounts daily.

Zatko’s 84-page complaint alleges that he found “extreme, egregious deficiencies" on the platform, including issues with "user privacy, digital and physical security, and platform integrity/content moderation.”

It accuses CEO Parag Agrawal and other senior executives and board members of making “false and misleading statements to users and the FTC" about these issues. Twitter denies those claims and said that Zatko was fired in January for “ineffective leadership and poor performance.” Zatko’s attorneys say the performance claim is false.

Twitter also hinted that Zatko's complaint might be designed to bolster Musk's legal fight with the company. Twitter called Zatko’s complaint “a false narrative” that is “riddled with inconsistencies and inaccuracies, and lacks important context."

News of Zatko’s complaint surfaced on Aug. 23, almost two months before the Twitter-Musk trial is scheduled to begin. One of Zatko’s attorneys has said “he’s never met Elon Musk. Doesn’t know Elon Musk. They know people in common.”

The company also says it has significantly tightened security since 2020.

Among Zatko's specific allegations:

— The company had such poor cybersecurity that it easily could have been exposed to outside attacks or attempts to siphon off its internal data.

—The company lacked effective leadership, with its top executives practicing “deliberate ignorance” of pressing problems. Zatko described former CEO Jack Dorsey as “extremely disengaged” during the last months of his tenure, to the point where he wouldn’t even speak during meetings on complex issues. Dorsey stepped down in November 2021.

—That Twitter knowingly allowed the government of India to place its agents on the company payroll, where they had “direct unsupervised access” to highly sensitive data on users. It makes a parallel but less detailed accusation that Twitter took funding from unidentified Chinese entities who may have been enabled to access the identities and sensitive data of Chinese users who secretly use Twitter, which is officially banned in China.

The 51-year-old Zatko, better known by his hacker handle “Mudge,” first gained prominence in the 1990s. He was the best-known member of the Boston-based collective L0pht, which pioneered ethical hacking, embarrassing companies including Microsoft for poor security. His work raised awareness in the computing world that forced such major companies to take security seriously. He co-founded the consultancy @Stake, which was later acquired by Symantec.

Zatko later worked in senior positions at the Pentagon’s Defense Advanced Research Projects Agency and Google. He joined Twitter at Dorsey’s urging in late 2020, the same year the company suffered an embarrassing security breach involving hackers who broke into the Twitter accounts of world leaders, celebrities and tech moguls, including Musk, in an attempt to scam their followers out of bitcoin.

__

AP technology writers Frank Bajak in Boston and Matt O’Brien in Providence, Rhode Island, contributed to this report.

__

Follow Marcy Gordon at https://twitter.com/mgordonap

  • Associated Categories: Associated Press (AP), AP National News, Top General short headlines, AP Online Headlines - Washington, AP Online Congress News, AP Business, AP Business - Corporate News, AP Technology News
© Copyright 2023 AccessWDUN.com
All rights reserved. This material may not be published, broadcast, rewritten, or redistributed without permission.
Trump team takes aim at records probe; calls it 'misguided'
Former President Donald Trump’s lawyers are dismissing his retention of top-secret documents at his Florida home as a “storage dispute.”
3:09PM ( 6 minutes ago )
Biden's midterm self-edit: Less talk about inflation woes
In recent speeches, President Joe Biden has stopped talking so much about inflation worries
2:54PM ( 22 minutes ago )
Teacher shortages are real, but not for the reason you heard
Everywhere, it seems, the return to school has been shadowed by worries of a teacher shortage
2:38PM ( 37 minutes ago )
Associated Press (AP)
Queen hailed in Scotland as a 'constant in all our lives'
As Queen Elizabeth II’s four children walked silently behind, a hearse carried her flag-draped coffin along a crowd-lined street in the Scottish capital to St. Giles' Cathedral
2:15PM ( 1 hour ago )
Spanish sex club owners, workers protest prostitution bill
Protesters including brothel owners and sex workers have demonstrated in front of the Spanish Parliament over a bill that would penalize prostitution customers and sex club owners or pimps with sentences up to 4 years in prison
1:13PM ( 2 hours ago )
Queen hailed in service as a 'constant in all our lives'
King Charles III and his three siblings marched behind their mother’s flag-draped coffin in a solemn procession in the historic heart of the Scottish capital of Edinburgh
1:03PM ( 2 hours ago )
AP Online Headlines - Washington
Charles III and the 'weight of history' of Westminster Hall
In his first visit to Britain’s Parliament as monarch, King Charles III spoke of feeling the “weight of history which surrounds us” and referenced his “medieval predecessors” as he pledged to follow in his late mother Queen Elizabeth II’s footsteps and uphold the principles of constitutional monarchy
10:10AM ( 5 hours ago )
Live updates: King Charles, siblings escort mother's coffin
The children of Queen Elizabeth II are accompanying their mother’s coffin on a procession through the Scottish capital
9:47AM ( 5 hours ago )
Charles III arrives in Edinburgh for queen coffin procession
King Charles III has pledged to follow his late mother's example of “selfless duty" in an address to lawmakers in Parliament
8:23AM ( 6 hours ago )
AP Online Congress News
Bezos rocket fails during liftoff, only experiments aboard
Jeff Bezos' rocket company has suffered its first launch failure
1:12PM ( 2 hours ago )
Greece gets first 2 upgraded F-16s out of a total 83
Greece’s air force has taken delivery of a first pair of upgraded F-16 military jets under a $1.5 billion program to fully modernize its fighter fleet amid increasing tensions with neighboring Turkey
1:00PM ( 2 hours ago )
As Ukraine pursues counteroffensive, Russia strikes Kharkiv
Fear forms the backdrop of life among the boarded-up windows and blast-scarred buildings of Ukraine’s second-largest city
12:46PM ( 2 hours ago )
AP Business
EXPLAINER: Ukraine's nuclear power plant shutdown cuts risks
The shutdown of Ukraine’s Zaporizhzhia nuclear power plant cuts the risk of a radiation disaster that has haunted the world
3:28AM ( 11 hours ago )
In parts of Mideast, power generators spew toxic fumes 24/7
They literally run the country
2:07AM ( 13 hours ago )
Australian PM defends ban on Parliament due to royal's death
Australia’s prime minister has defended an obscure and longstanding protocol that bars the nation’s parliament from sitting for 15 days following a British monarch’s death
1:33AM ( 13 hours ago )
AP Business - Corporate News
Trump team takes aim at records probe; calls it 'misguided'
Former President Donald Trump’s lawyers are dismissing his retention of top-secret documents at his Florida home as a “storage dispute.”
3:09PM ( 6 minutes ago )
Biden's midterm self-edit: Less talk about inflation woes
In recent speeches, President Joe Biden has stopped talking so much about inflation worries
2:54PM ( 22 minutes ago )
Teacher shortages are real, but not for the reason you heard
Everywhere, it seems, the return to school has been shadowed by worries of a teacher shortage
2:38PM ( 38 minutes ago )
California weather helps firefighters but unleashes floods
Calmer weather in Northern California helped firefighters battling a wildfire threatening thousands of mountain homes
2:32PM ( 44 minutes ago )
Notre Dame QB Buchner expected to miss season with injury
Notre Dame quarterback Tyler Buchner is expected to miss the rest of the regular season with an injury to his nonthrowing shoulder that will need surgery
2:28PM ( 48 minutes ago )