clearn.png
Monday November 28th, 2022 8:16PM

Twitter whistleblower raises security flaws before Congress

By The Associated Press

WASHINGTON (AP) — The former security chief at Twitter told Congress that the social media platform is plagued by weak cyber defenses that make it vulnerable to exploitation by “teenagers, thieves and spies” and put the privacy of its users at risk. Peiter “Mudge” Zatko, a respected cybersecurity expert, appeared before the Senate Judiciary Committee to lay out his allegations Tuesday.

“I am here today because Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors," Zatko said as he began his sworn testimony.

He told senators he was “risking my career and my reputation” to warn of poor security practices in which too many Twitter employees had unsupervised access to sensitive information, and a corporate culture of only reporting good news up the chain.

Zatko said “Twitter leadership ignored its engineers,” in part because “their executive incentives led them to prioritize profit over security.”

His message echoed one brought to Congress against another social media giant last year, but unlike that Facebook whistleblower, Frances Haugen, Zatko hasn't brought troves of internal documents to back up his claims.

Zatko was the head of security for the influential platform until he was fired early this year. He filed a whistleblower complaint in July with Congress, the Justice Department, the Federal Trade Commission and the Securities and Exchange Commission. Among his most serious accusations is that Twitter violated the terms of a 2011 FTC settlement by falsely claiming that it had put stronger measures in place to protect the security and privacy of its users.

Sen. Dick Durbin, an Illinois Democrat who heads the Judiciary Committee, said Zatko has detailed flaws “that may pose a direct threat to Twitter’s hundreds of millions of users as well as to American democracy.”

“Twitter is an immensely powerful platform and can’t afford gaping vulnerabilities,” he said.

Unknown to Twitter users, there’s far more personal information disclosed than they —or sometimes even Twitter itself — realize, Zatko testified. He said “basic systemic failures” that were brought forward by company engineers were not addressed.

The FTC has been “a little over its head”, and far behind European counterparts, in policing the sort of privacy violations that have occurred at Twitter, Zatko said.

Many of Zatko’s claims are uncorroborated and appear to have little documentary support. Twitter has called Zatko’s description of events “a false narrative ... riddled with inconsistencies and inaccuracies” and lacking important context.

Among the assertions from Zatko that drew attention from lawmakers Tuesday was that Twitter knowingly allowed the government of India to place its agents on the company payroll, where they had access to highly sensitive data on users. Twitter’s lack of ability to log how employees accessed user accounts made it hard for the company to detect when employees were abusing their access, Zatko said.

The senators appeared less interested in Zatko's claims about how Twitter counted “spam bots" on the platform and presented that information to advertisers and regulators.

An allegation that Twitter underreports its spam count is at the core of billionaire tycoon Elon Musk’s attempt to back out of his $44 billion deal to buy Twitter. Musk and Twitter are locked in a bitter legal battle, with Twitter having sued Musk to force him to complete the deal. The Delaware judge overseeing the case ruled last week that Musk can include new evidence related to Zatko's allegations in the high-stakes trial, which is set to start Oct. 17.

Sen. Charles Grassley, the committee's ranking Republican, said Tuesday that Twitter CEO Parag Agrawal declined to testify at the hearing, citing the ongoing legal proceedings with Musk. But the hearing is “more important that Twitter’s civil litigation in Delaware," Grassley said. Twitter declined to comment on Grassley's remarks.

In his complaint, Zatko accused Agrawal as well as other senior executives and board members of numerous violations, including making “false and misleading statements to users and the FTC about the Twitter platform’s security, privacy and integrity.”

Zatko, 51, first gained prominence in the 1990s as a pioneer in the ethical hacking movement and later worked in senior positions at an elite Defense Department research unit and at Google. He joined Twitter in late 2020 at the urging of then-CEO Jack Dorsey.

___

Follow Marcy Gordon at https://twitter.com/mgordonap

  • Associated Categories: Associated Press (AP), AP National News, AP Online National News, AP Online Headlines - Washington, AP Online Congress News, AP Business, AP Business - Corporate News, AP Technology News
© Copyright 2022 AccessWDUN.com
All rights reserved. This material may not be published, broadcast, rewritten, or redistributed without permission.
Tennessee staff fret as contentious charter school denied
Tennessee state staffers watched intently this summer while local school officials voted down a contentious Hillsdale College-linked charter school
1:05PM ( 9 minutes ago )
Queen's coffin leaves her beloved Scotland for London
A military transport plane carrying the coffin of Queen Elizabeth II has left her beloved Scotland for the final time to return to London, where she will lie in state
12:54PM ( 20 minutes ago )
Eiffel Tower to go dark earlier as Paris saves energy
Paris will start turning off lights on the Eiffel Tower and other iconic monuments to save energy
12:47PM ( 26 minutes ago )
Associated Press (AP)
R. Kelly lawyer: Prosecution case relies on ‘perjurers’
R. Kelly’s lead attorney has told jurors that federal prosecutors’ case accusing the singer of producing child pornography, enticing minors for sex and rigging his 2008 child porn trial largely rests on the testimony of perjurers and blackmailers
12:25PM ( 49 minutes ago )
Ukraine piles pressure on retreating Russian troops
Ukrainian troops are piling pressure on retreating Russian forces, pressing a counteroffensive that has produced major gains and a stunning blow to Moscow’s military prestige
12:18PM ( 56 minutes ago )
Queen's coffin leaves Edinburgh cathedral for London
The coffin of Queen Elizabeth II has left St. Giles’ Cathedral in Edinburgh to begin her final journey through Scotland to a Royal Air Force plane that will carry her back to London
12:13PM ( 1 hour ago )
AP National News
Panel: Archives still not certain it has all Trump records
A congressional oversight committee has requested an assessment from the National Archives on whether presidential records removed by former President Donald Trump remain unaccounted for and potentially in his possession
11:03AM ( 2 hours ago )
King cheered in Belfast, queen's coffin to return to London
Cheering crowds have greeted King Charles III in Northern Ireland on his tour of the four parts of the United Kingdom
10:56AM ( 2 hours ago )
Midterm primaries wrap up with fresh test of GOP's future
A staunchly conservative, retired Army general is favored to win New Hampshire’s Republican Senate nomination and face potentially vulnerable Democratic Sen. Maggie Hassan
10:42AM ( 2 hours ago )
AP Online National News
'A seat at the table': Peltola to be sworn in to Congress
Mary Peltola will be making history when she's sworn in as the first Alaska Native to serve in Congress
10:59AM ( 2 hours ago )
RI governor faces tough primary in bid for 1st full term
Rhode Island Gov. Dan McKee is facing a tough challenge from Secretary of State Nellie Gorbea in Tuesday’s Democratic primary
10:14AM ( 3 hours ago )
Census meddling is targeted in bill, recommendations
Democratic lawmakers are intent on making sure that unprecedented efforts by the Trump administration to politicize the 2020 census never happen again
9:26AM ( 3 hours ago )
AP Online Headlines - Washington
Lawmakers in Australian state pledge allegiance to king
Lawmakers in an Australian state have pledged their allegiance to King Charles III with some using the occasion to call for an Australian republic
3:07AM ( 10 hours ago )
Seoul says N. Korea will self-destruct if it uses nukes
South Korea has warned North Korea's government that using its nuclear weapons would put it on a “path of self-destruction.”
2:23AM ( 10 hours ago )
Queen hailed in Scotland as a 'constant in all our lives'
As Queen Elizabeth II’s four children walked silently behind, a hearse carried her flag-draped coffin along a crowd-lined street in the Scottish capital to St. Giles' Cathedral
1:47AM ( 11 hours ago )
AP Online Congress News
Stocks tumble on dashed inflation hopes; S&P 500 loses 3%
Stocks are tumbling and disappointment is hitting markets worldwide, following Wall Street’s sudden realization that inflation isn’t slowing as much as hoped
12:03PM ( 1 hour ago )
France to open debate on legalizing assisted suicide
French President Emmanuel Macron has announced a national debate meant to broaden end-of-life options
11:58AM ( 1 hour ago )
Stocks tumble after inflation stays hotter than expected
Stocks are tumbling and disappointment is hitting markets worldwide, following Wall Street’s sudden realization that inflation isn’t slowing as much as hoped
10:43AM ( 2 hours ago )
AP Business
In parts of Mideast, power generators spew toxic fumes 24/7
They literally run the country
9:35PM ( 15 hours ago )
Work at Stellantis plant to resume after deal with UAW
United Auto Workers union members who went on strike Saturday at a Stellantis casting plant in Indiana are returning to work after ratifying a deal with the company
8:20PM ( 16 hours ago )
Twitter whistleblower bringing security warnings to Congress
Peiter “Mudge" Zatko, the Twitter whistleblower who is warning of security flaws, privacy threats and lax controls at the social platform, will take his case to Congress on Tuesday
7:38PM ( 17 hours ago )
AP Business - Corporate News
Official: Idaho computer chip plant makes US more resilient
Energy Secretary Jennifer Granholm says a $15 billion investment in a new semiconductor plant by Boise, Idaho-based chipmaker Micron in its hometown is a step in protecting the United States from the vulnerabilities of a globalized market made clear by the COVID-19 pandemic and the war in Ukraine
5:53PM ( 19 hours ago )
Montenegro wrestles with massive cyberattack, Russia blamed
At the government headquarters in NATO-member Montenegro, the computers are unplugged, the internet is switched off and the state’s main websites are down
3:49AM ( 1 day ago )
North Carolina wins Wolfspeed semiconductor materials plant
A North Carolina-based semiconductor company says it will build a $5 billion manufacturing plant in its home state to produce silicon carbide wafers
3:28PM ( 3 days ago )
AP Technology News
Tennessee staff fret as contentious charter school denied
Tennessee state staffers watched intently this summer while local school officials voted down a contentious Hillsdale College-linked charter school
1:05PM ( 9 minutes ago )
Queen's coffin leaves her beloved Scotland for London
A military transport plane carrying the coffin of Queen Elizabeth II has left her beloved Scotland for the final time to return to London, where she will lie in state
12:54PM ( 20 minutes ago )
Eiffel Tower to go dark earlier as Paris saves energy
Paris will start turning off lights on the Eiffel Tower and other iconic monuments to save energy
12:47PM ( 27 minutes ago )
Hearing reset for official jailed in Vegas reporter slaying
A judge has postponed the arraignment of an elected official accused in the stabbing death of a Las Vegas investigative reporter who was attacked outside his home
12:38PM ( 35 minutes ago )
Suns owner Sarver suspended 1 year, fined $10M after probe
The NBA has suspended Phoenix Suns and Phoenix Mercury owner Robert Sarver for one year, plus fined him $10 million, after in investigation found that he had engaged in what the league called “workplace misconduct and organizational deficiencies.”
12:28PM ( 46 minutes ago )