Ex-Twitter Security Chief Peiter ‘Mudge’ Zatko Files Blockbuster Whistleblower Report Over the Platform’s Security
Donie O’Sullivan, Clare Duffy and Brian Fung, reporting for CNN Business yesterday:
The disclosure, sent last month to Congress and federal agencies,
paints a picture of a chaotic and reckless environment at a
mismanaged company that allows too many of its staff access to the
platform’s central controls and most sensitive information without
adequate oversight. It also alleges that some of the company’s
senior-most executives have been trying to cover up Twitter’s
serious vulnerabilities, and that one or more current employees
may be working for a foreign intelligence service.The whistleblower, who has agreed to be publicly identified, is
Peiter “Mudge” Zatko, who was previously the company’s head of
security, reporting directly to the CEO. Zatko further alleges
that Twitter’s leadership has misled its own board and government
regulators about its security vulnerabilities, including some that
could allegedly open the door to foreign spying or manipulation,
hacking and disinformation campaigns. The whistleblower also
alleges Twitter does not reliably delete users’ data after they
cancel their accounts, in some cases because the company has lost
track of the information, and that it has misled regulators about
whether it deletes the data as it is required to do. The
whistleblower also says Twitter executives don’t have the
resources to fully understand the true number of bots on the
platform, and were not motivated to. Bots have recently become
central to Elon Musk’s attempts to back out of a $44 billion deal
to buy the company (although Twitter denies Musk’s claims). […]John Tye, founder of Whistleblower Aid and Zatko’s lawyer, told
CNN that Zatko has not been in contact with Musk, and said Zatko
began the whistleblower process before there was any indication of
Musk’s involvement with Twitter.
Zatko was fired from Twitter in January this year “for ineffective leadership and poor performance”, in the words of a Twitter spokesperson. CNN’s report is very long, and worth reading in full. If even partially true, what Zatko is alleging is extremely alarming.
One point seems clear: even if Zatko has not been contact with Elon Musk — and I don’t see any reason to doubt Zatko’s lawyer’s clear statement that he has not — that doesn’t mean Musk hasn’t been made aware of Zatko’s whistleblower report. Anyone inside Twitter aware of Zatko’s concerns could have leaked them to Musk. Jack Dorsey, for example, personally hired Zatko and was CEO until just a few weeks before Zatko’s firing. Musk’s allegations about Twitter misreporting bot activity might be fully legitimate, not an empty pretext for backing out of his acquisition.
