https://sputnikglobe.com/20220823/twitter-whistleblower-accuses-social-media-giant-of-covering-up-extreme-security-deficiencies-1099907425.html
Twitter Whistleblower Accuses Social Media Giant of Covering Up ‘Extreme’ Security Deficiencies
Twitter Whistleblower Accuses Social Media Giant of Covering Up ‘Extreme’ Security Deficiencies
Sputnik International
The popular American social media platform is already facing legal pressure, with Tesla and SpaceX CEO Elon Musk subpoenaing the company’s founder Jack Dorsey... 23.08.2022, Sputnik International
2022-08-23T14:19+0000
2022-08-23T14:19+0000
2023-04-14T12:57+0000
science & tech
whistleblower
security
social media
x (formerly twitter)
https://cdn1.img.sputnikglobe.com/img/107795/98/1077959866_0:180:1920:1260_1920x0_80_0_0_371b6fe5a80ea8c3ce806f8280ed6d4a.jpg
Peiter Zatko, the high-profile ex-hacker hired by Twitter to lead the company’s security operations in late 2020, has filed a massive whistleblower disclosure accusing the company of overlooking “extreme, egregious deficiencies” in its anti-hacking defenses, a virtually non-existent battle against spam, systematic double-dealing and rapacious corporate greed.Zatko, 51, known in the industry as ‘Mudge’, was fired by Twitter in January, with the company initially providing no information as to why he was let go, and then saying he was ousted due to “poor performance and leadership.”In his redacted complaint, sent to Congress and federal agencies in July and uploaded in PDF form by the Washington Post on Tuesday, the programmer accused company officials of utterly and recklessly mismanaging the platform.The whistleblower alleges that the company as a whole, CEO Parag Agrawal and other senior executives and members of the board of directors have spent more than a decade engaging in “extensive, repeated, uninterrupted violations of the Federal Trade Commission Act by making false and misleading statements to users and the FTC about, inter alia, the Twitter platform’s security, privacy, and integrity.”Additionally, Zatko accuses Twitter of violating federal corporate watchdog rules on auditing requirements, “fraudulent and material misrepresentations in communications with the Board of Directors and investors, constituting securities law violations,” and “negligence and even complicity with respect to efforts by foreign governments to infiltrate, control, exploit, surveil and/or censor the company’s platform, staff and operations.”According to the complaint, Zatko prepared a comprehensive report on the company’s security, privacy and integrity problems for the board of directors in early 2021, but was instructed not to send it. Later the same year, he reportedly “witnessed senior executives engaging in deceitful and/or misleading communications affecting Board members, users and shareholders.”Zatko accused Agrawal of instructing him to provide security-related documents which “both of them knew to be false and misleading,” and charged the CEO with lying about the security officer’s efforts to rectify fraud before his termination.The disclosure included what Zatko’s lawyers characterized as a “recent example of misrepresentation by Twitter” related to Elon Musk’s attempted takeover of the company. After a query by Musk regarding the company’s anti-spam policy, and its claim that less than five percent of users were spam bots, Agrawal assured the businessman that the company considers spam bots harmful and is “strongly incentivized to detect and remove as much spam as we possibly can, every single day.”Zatko characterized Musk’s suspicions as being “on target,” alleging that “senior executives earn bonuses not for cutting spam, but for growing MDAU [Monetizable Daily Active Users]. In fact, Twitter created the MDAU metric precisely to avoid having to honestly answer the very questions Mr. Musk raised.”The complaint also characterized Twitter as a leaky sieve of a company constantly suffering security incidents. “In 2020 alone, Twitter had more than 40 security incidents, 70% of which were access control-related. These included 20 incidents defined as breaches; all but two of which were access control related,” the document said.Zatko also provided an extensive series of other problems, from a bungling board and a CEO disengaged from security matters, to a lack of support, perverse bonus payout schemes, failures to block hateful terms and slurs from ad targeting, lack of computer backup systems, deficient moderation, unlicensed machine learning materials in core algorithms, misleading regulators in some countries, and suspected “penetration by foreign intelligence and threats to democracy.”The latter included allegations by the whistleblower that the Indian government had made demands for the company to hire government agents, as well as claims of dependence on revenues coming from Chinese entities, and complaints about the company’s consent to Russian information laws.Twitter has long been accused of systemic bias against pro-Trump conservatives, free speech activists and certain foreign governments. The social media giant censored a story on incriminating materials contained on Hunter Biden’s laptop during the 2020 election, and banned the former president from the platform following the January 6, 2021 Capitol riots. Russian, Venezuelan, and Iranian government and media accounts have been targeted for deletion and censorship, with many slapped with notices about their “state-affiliated” status, and their posts moderated with occasional “Know the Facts” and “violation of Twitter rules” notices related to supposed “misinformation.”
https://sputnikglobe.com/20220820/let-freedom-ring-florida-gop-candidate-banned-from-twitter-after-calling-to-legalize-hunting-feds-1099786136.html
https://sputnikglobe.com/20220822/elon-musk-subpoenas-twitter-founder-jack-dorsey-for-october-trial-over-botched-buyout-1099876828.html
https://sputnikglobe.com/20220811/twitter-says-activating-policy-to-tackle-misinformation-ahead-of-2022-us-midterm-elections-1099493842.html
Sputnik International
feedback@sputniknews.com
+74956456601
MIA „Rossiya Segodnya“
2022
News
en_EN
Sputnik International
feedback@sputniknews.com
+74956456601
MIA „Rossiya Segodnya“
https://cdn1.img.sputnikglobe.com/img/107795/98/1077959866_0:0:1920:1440_1920x0_80_0_0_591cdc4dbb0fab6660aed23fd832f3dd.jpgSputnik International
feedback@sputniknews.com
+74956456601
MIA „Rossiya Segodnya“
science & tech, whistleblower, security, social media, x (formerly twitter)
science & tech, whistleblower, security, social media, x (formerly twitter)
Twitter Whistleblower Accuses Social Media Giant of Covering Up ‘Extreme’ Security Deficiencies
14:19 GMT 23.08.2022 (Updated: 12:57 GMT 14.04.2023) The popular American social media platform is already facing legal pressure, with Tesla and SpaceX CEO Elon Musk subpoenaing the company’s founder Jack Dorsey over a botched buyout deal in the spring which failed to materialize.
Peiter Zatko, the high-profile ex-hacker hired by Twitter to lead the company’s security operations in late 2020, has filed a massive whistleblower disclosure accusing the company of overlooking “extreme, egregious deficiencies” in its anti-hacking defenses, a virtually non-existent battle against spam, systematic double-dealing and rapacious corporate greed.
Zatko, 51, known in the industry as ‘Mudge’, was
fired by Twitter in January, with the company initially providing no information as to why he was let go, and then saying he was ousted due to “poor performance and leadership.”
In his redacted complaint, sent to Congress and federal agencies in July and
uploaded in PDF form by the Washington Post on Tuesday, the programmer accused company officials of utterly and recklessly mismanaging the platform.
“During Mudge’s employment, he uncovered extreme, egregious deficiencies by Twitter in every area of his mandate including…user privacy, digital and physical security, and platform integrity/content moderation” constituting “extensive legal violations,” the complaint said.
The whistleblower alleges that the company as a whole, CEO Parag Agrawal and other senior executives and members of the board of directors have spent more than a decade engaging in “extensive, repeated, uninterrupted violations of the Federal Trade Commission Act by making false and misleading statements to users and the FTC about, inter alia, the Twitter platform’s security, privacy, and integrity.”
20 August 2022, 01:30 GMT
Additionally, Zatko accuses Twitter of violating federal corporate watchdog rules on auditing requirements, “fraudulent and material misrepresentations in communications with the Board of Directors and investors, constituting securities law violations,” and “negligence and even complicity with respect to efforts by foreign governments to infiltrate, control, exploit, surveil and/or censor the company’s platform, staff and operations.”
According to the complaint, Zatko prepared a comprehensive report on the company’s security, privacy and integrity problems for the board of directors in early 2021, but was instructed not to send it. Later the same year, he reportedly “witnessed senior executives engaging in deceitful and/or misleading communications affecting Board members, users and shareholders.”
Zatko accused Agrawal of instructing him to provide security-related documents which “both of them knew to be false and misleading,” and charged the CEO with lying about the security officer’s efforts to rectify fraud before his termination.
The disclosure included what Zatko’s lawyers characterized as a “recent example of misrepresentation by Twitter” related to Elon Musk’s attempted takeover of the company. After a query by Musk regarding the company’s anti-spam policy, and its claim that less than five percent of users were spam bots, Agrawal assured the businessman that the company considers spam bots harmful and is “strongly incentivized to detect and remove as much spam as we possibly can, every single day.”
“Agrawal’s tweet was a lie. In fact, Agrawal knows very well that Twitter executives are not incentivized to accurately ‘detect’ or report total spam bots on the platform,” the complaint noted, providing a technical explanation for why this was not the case.
Zatko characterized Musk’s suspicions as being “on target,” alleging that “senior executives earn bonuses not for cutting spam, but for growing MDAU [Monetizable Daily Active Users]. In fact, Twitter created the MDAU metric precisely to avoid having to honestly answer the very questions Mr. Musk raised.”
22 August 2022, 22:15 GMT
The complaint also characterized Twitter as a leaky sieve of a company constantly suffering security incidents. “In 2020 alone, Twitter had more than 40 security incidents, 70% of which were access control-related. These included 20 incidents defined as breaches; all but two of which were access control related,” the document said.
Zatko also provided an extensive series of other problems, from a bungling board and a CEO disengaged from security matters, to a lack of support, perverse bonus payout schemes, failures to block hateful terms and slurs from ad targeting, lack of computer backup systems, deficient moderation, unlicensed machine learning materials in core algorithms, misleading regulators in some countries, and suspected “penetration by foreign intelligence and threats to democracy.”
The latter included allegations by the whistleblower that the Indian government had made demands for the company to hire government agents, as well as claims of dependence on revenues coming from Chinese entities, and complaints about the company’s consent to Russian information laws.
Furthermore, the complaint cited “specific information from a US government source that one or more particular company employees were working on behalf of another particular foreign intelligence agency.”
Twitter has long been accused of
systemic bias against pro-Trump conservatives, free speech activists and certain foreign governments. The social media giant
censored a story on incriminating materials contained on Hunter Biden’s laptop during the 2020 election, and banned the former president from the platform following the January 6, 2021 Capitol riots. Russian, Venezuelan, and Iranian government and media accounts
have been targeted for deletion and censorship, with many slapped with notices about their “state-affiliated” status, and their posts moderated with occasional “Know the Facts” and “violation of Twitter rules” notices related to supposed “misinformation.”
11 August 2022, 20:46 GMT