By MARCY GORDON
WASHINGTON (AP) — The former safety chief at Twitter instructed Congress that the social media platform is suffering from weak cyber defenses that make it weak to exploitation by “teenagers, thieves and spies” and put the privateness of its customers in danger. Peiter “Mudge” Zatko, a revered cybersecurity professional, appeared earlier than the Senate Judiciary Committee to put out his allegations Tuesday.
“I am here today because Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors,” Zatko mentioned as he started his sworn testimony.
“They don’t know what data they have, where it lives and where it came from and so, unsurprisingly, they can’t protect it,” Zatko mentioned. “It doesn’t matter who has keys if there are no locks.”
Zatko mentioned “Twitter leadership ignored its engineers,” partially as a result of “their executive incentives led them to prioritize profit over security.”
His message echoed one delivered to Congress towards one other social media big final yr, however not like that Facebook whistleblower, Frances Haugen, Zatko hasn’t introduced troves of inside paperwork to again up his claims.
Zatko was the top of safety for the influential platform till he was fired early this yr. He filed a whistleblower criticism in July with Congress, the Justice Department, the Federal Trade Commission and the Securities and Exchange Commission. Among his most critical accusations is that Twitter violated the phrases of a 2011 FTC settlement by falsely claiming that it had put stronger measures in place to guard the safety and privateness of its customers.
Sen. Dick Durbin, an Illinois Democrat who heads the Judiciary Committee, mentioned Zatko has detailed flaws “that may pose a direct threat to Twitter’s hundreds of millions of users as well as to American democracy.”
“Twitter is an immensely powerful platform and can’t afford gaping vulnerabilities,” he mentioned.
Unknown to Twitter customers, there’s much more private info disclosed than they —or generally even Twitter itself — understand, Zatko testified. He mentioned “basic systemic failures” that had been introduced ahead by firm engineers weren’t addressed.
The FTC has been “a little over its head”, and much behind European counterparts, in policing the kind of privateness violations which have occurred at Twitter, Zatko mentioned.
Zatko’s claims might additionally have an effect on Tesla billionaire Elon Musk’s try and again out of his $44 billion deal to amass the social platform. Musk claims that Twitter has lengthy underreported spam bots on its platform and cites that as a cause to nix the deal he struck in April.
Many of Zatko’s claims are uncorroborated and seem to have little documentary assist. Twitter has known as Zatko’s description of occasions “a false narrative … riddled with inconsistencies and inaccuracies” and missing vital context.
Among the assertions from Zatko that drew consideration from lawmakers Tuesday was that Twitter knowingly allowed the federal government of India to position its brokers on the corporate payroll, the place they’d entry to extremely delicate information on customers. Twitter’s lack of potential to log how staff accessed consumer accounts made it arduous for the corporate to detect when staff had been abusing their entry, Zatko mentioned.
Zatko additionally accuses the corporate of deception in its dealing with of automated “spam bots,” or faux accounts. That allegation is on the core of billionaire tycoon Elon Musk’s try and again out of his $44 billion deal to purchase Twitter. Musk and Twitter are locked in a bitter authorized battle, with Twitter having sued Musk to power him to finish the deal. The Delaware decide overseeing the case dominated final week that Musk can embrace new proof associated to Zatko’s allegations within the high-stakes trial, which is ready to start out Oct. 17.
Sen. Charles Grassley, the committee’s rating Republican, mentioned Tuesday that Twitter CEO Parag Agrawal declined to testify on the listening to, citing the continuing authorized proceedings with Musk. But the listening to is “more important that Twitter’s civil litigation in Delaware,” Grassley mentioned. Twitter declined to touch upon Grassley’s remarks.
In his criticism, Zatko accused Agrawal in addition to different senior executives and board members of quite a few violations, together with making “false and misleading statements to users and the FTC about the Twitter platform’s security, privacy and integrity.”
Zatko, 51, first gained prominence within the Nineteen Nineties as a pioneer within the moral hacking motion and later labored in senior positions at an elite Defense Department analysis unit and at Google. He joined Twitter in late 2020 on the urging of then-CEO Jack Dorsey.
___
Follow Marcy Gordon at https://twitter.com/mgordonap
Source: www.bostonherald.com”