Photo Credit: Jens Gyarmaty | Redux
Major changes are currently occurring for Twitter. This is due to the company’s former security chief announcing that he would testify against Twitter in front of a Senate committee the following month. The date coincides with the company’s final decision on whether to approve business mogul Elon Musk’s takeover offer.
Peter “Mudge” Zatko, a whistleblower, will attest before the Senate Judiciary Committee and make accusations against Twitter regarding cybersecurity issues and the company’s disregard for user privacy. On September 13, the hearing will take place.
Last month, Zatko sent 200 pages of documents, along with supplementary exhibits, to various government organizations. The whistleblower gave the document to the Federal Trade Commission, the Department of Justice, and the US Securities and Exchange Commission.
The hearing is done since many officials expressed concern about the whistleblower’s disclosure content. Senators Chuck Grassley and Dick Durbin contend that “Mr. Zatko’s allegations of widespread security failures and foreign state actor interference at Twitter raise serious concerns. If these claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world.”
The Senate’s Intelligence Committee acknowledged the seriousness of the disclosure made by Zatko. According to committee spokesperson Rachel Cohen, the lawmakers’ request for a meeting is an intent to discuss the accusations. In addition, the FTC has been requested by the senate subcommittee on consumer protection to look into the situation and impose appropriate fines or sanctions should Twitter be found guilty of the allegations.
Twitter’s response to the allegations
Government agencies concurred to hold the hearing due to what appears to be probable cause, but Twitter reacted quickly to denounce Zatko’s actions.
A Twitter spokesperson released a statement and said, “Mr. Zatko was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance. What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context.
“Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”
Who is Zatko
Zatko is not a stranger to making public disclosures about cybersecurity issues. In fact, he appeared on national television in 1998 during a congressional hearing on cybersecurity.
In an interview, Zatko said, “All my life, I’ve been about finding places where I can go and make a difference. I’ve done that through the security field. That’s my main lever.”
Before joining Twitter, Zatko previously held positions at many tech firms, including Strip and Google. Additionally, he worked for the US Department of Defense. Thus, when Twitter was breached back in 2022, compromising the accounts of several important individuals, including former President Barack Obama and Elon Musk, among others, Zatko made the decision to act as a whistleblower.
After that, he was hired by Twitter, where he allegedly began to detect some weak points in the company’s security measures. Over 50% of Twitter’s employees were able to access the application’s controls, the whistleblower claimed, due to the company’s extremely lax security procedures. In his findings, Zatko stated that there are “egregious deficiencies, negligence, willful ignorance, and threats to national security and democracy” in the company’s system.
“It was impossible to protect the production environment. All engineers had access. There was no logging of who went into the environment or what they did…. Nobody knew where data lived or whether it was critical, and all engineers had some form of critical access to the production environment,” Zatko said in his disclosure.
“And if there’s a violation here — and that’s a big if — then I think the FTC should very seriously consider not just fining the corporation but also putting the executives responsible under order,” said the Former FTC chairperson, Jon Leibowitz.