Twitter Former Security Chief Claims Twitter Misled Regulators

Twitter executives deceived federal regulators and the company’s own board of directors about “extreme, egregious deficiencies” in its defenses against hackers, as well as its meager efforts to fight spam, according to an explosive whistleblower complaint from its former security chief, The Washington Post reported.

According to The Washington Post, the complaint from former head of security Peiter Zatko, a widely admired hacker known as “Mudge,” depicts Twitter as a chaotic and rudderless company beset by infighting, unable to properly protect its 238 million daily users including government agencies, heads of state and other influential public figures.

The Washington Post obtained a copy of the complaint, which states that Twitter violated the terms of an 11-year-old settlement with the Federal Trade Commission by falsely claiming that it had a solid security plan. Zatko’s complaint alleges he had warned colleagues that half of the company’s servers were running out-of-date and vulnerable software and that executives withheld dire facts about the number of breaches and lack of protection for user data, instead presenting directors with rosy charts measuring unimportant changes.

The Wall Street Journal reported that the complaint from Peiter Zatko was filed to the Securities and Exchange Commission, the Federal Trade Commission and the Justice Department, which are expected to investigate. It was also sent to lawmakers on the Senate Judiciary and Intelligence committees, who pledged to conduct their own investigations.

According to The Wall Street Journal, Mr. Zatko’s decision to publicize his complaint is unusual for SEC whistleblowers, whose identities are kept secret by the SEC. Some whistleblowers choose to go public with their allegations because it can create more political and public support for an investigation.

Senator Dick Durbin (Democrat – Illinois) tweeted the following in response to a tweet from the Washington Post about their article: “The whistleblower’s allegations of widespread security failures at Twitter, willful misrepresentations by top executive to government agencies, and penetration of the company by foreign intelligence raise serious concerns.”

Senator Dick Durbin continued in a second tweet: “If these claims are accurate, they may show dangerous data privacy & security risks for Twitter users around the world. As Chair of @JudiciaryDems, I will continue investigating this issue and take further steps as needed to get to the bottom of these alarming allegations.”

Twitter has not responded to either The Washington Post nor The Wall Street Journal. However, Donie O’Sullivan – a CNN Correspondent – tweeted a copy of a letter that CEO of Twitter Parag Agrawal sent to staff.

“There are news reports outlining claims about Twitter’s privacy, security, and data protection practices that were made by Mudge Zatko, a former Twitter executive who was terminated in January 2022 for ineffective leadership and poor performance. We are reviewing the redacted claims that have been published, but what we’ve seen so far is a false narrative that is riddled with inconsistencies and inaccuracies, and presented without important context.

“…Given the spotlight on Twitter at the moment – we can assume that we will continue to see more headlines in the coming days… We will pursue all paths to defend our integrity as a company and set the record straight…”

To me, it sounds as though Twitter realizes that this situation is serious, and is trying to encourage its staff to stick around. The CEO appears to be very concerned that things are going to get rough for Twitter as more news sites report about the whistleblower’s information.

Personally, I think Twitter might actually be headed for trouble this time. It will be investigated by the SEC, the Federal Trade Commission, the Senate Judiciary Committee, and the Justice Department. There is a chance that at least one of these investigative groups might find reasons to prosecute Twitter.