Whistleblower Says China, India Had Agents Working For Twitter, Shareholders Vote To Sell To Musk

Twitter’s former security chief has told the US Congress that there was “at least one agent” of China’s intelligence service on Twitter’s payroll.

Key Points:

  • Peiter Zatko said Twitter was vulnerable to exploitation by “teenagers, thieves and spies”.
  • Zatko was Twitter’s head of security until he was fired earlier this year
  • Separately, Twitter shareholders voted in favor of a takeover that Elon Musk now wants to back out of.

Peiter “Mudge” Zatko also said Twitter knowingly allowed India to add agents to the company’s list, which could give both nations access to sensitive data about users.

The comments from the respected cybersecurity expert and Twitter whistleblower came as he appeared before the Senate Judiciary Committee to lay out his allegations against the company.

Zatko told Congress that the social media platform was plagued with weak cyber defenses, making it vulnerable to exploitation by “teenagers, thieves and spies” and putting its users’ privacy at risk.

“I’m here today because Twitter’s leadership is misleading the public, lawmakers, regulators and even its own board of directors,” he said as he began his sworn testimony.

“They don’t know what data they have, where it lives and where it comes from, and so, not surprisingly, they can’t protect it.

“It doesn’t matter who has keys if there are no locks.

“Twitter’s leadership ignored its engineers,” he said, in part because “their executive incentives led them to prioritize profit over security.”

Zatko said that the week before he was fired from Twitter, he learned that the FBI told the company that an agent of China’s Ministry of State Security, or MSS, the country’s top spy agency , was on the payroll on Twitter.

It was not immediately clear whether the alleged Chinese agent still worked for the company.

Zatko also said he spoke in “high confidence” about a foreign agent the Indian government put on Twitter to “understand the negotiations” between India’s ruling party and Twitter over new restrictions on the networks social and the proper functioning of these negotiations.

A Twitter spokesperson said the hearing “only confirms that Mr. Zatko’s allegations are full of inconsistencies and inaccuracies.”

The spokesperson said Twitter’s hiring process was independent of foreign influence and access to data was managed through background checks and tracking and detection systems.

Shareholders vote to sell to Musk

One issue that did not come up at the hearing was whether Twitter is accurately counting its active users, an important metric for its advertisers.

Tesla CEO Elon Musk, who is trying to get out of a $44 billion deal to buy Twitter, has argued without evidence that many of Twitter’s approximately 238 million daily users are fake or malicious accounts, also known as ” spam bots”.

The Delaware judge overseeing the case ruled last week that Mr. Musk may include new evidence related to Mr. Zatko in the high-stakes trial, which will begin on October 17.

Musk is trying to get out of a $44 billion deal to buy Twitter.

During the hearing, Mr Musk tweeted a popcorn emoji, which is often used to suggest one is sitting back and waiting for drama.

Separately on Tuesday, Twitter said its shareholders voted overwhelmingly to approve the deal.

The vote was largely a formality, especially given the efforts of Mr. Musk to scuttle the deal, though it clears a legal hurdle to closing the sale.

“Basic Systemic Failures”

Zatko was Twitter’s head of security until he was fired earlier this year.

His message echoed a congressional suit against another social media giant last year. But unlike Facebook whistleblower Frances Haugen, Mr Zatko brought no trove of internal documents to back up his claims.

He filed a whistleblower complaint in July with Congress, the Department of Justice, the Federal Trade Commission (FTC) and the Securities and Exchange Commission.

Among its most serious allegations is that Twitter violated the terms of a 2011 FTC settlement by falsely claiming it had put in place stronger measures to protect the security and privacy of its users.

Senator Dick Durbin, who heads the Judiciary Committee, said Zatko had detailed flaws “that may pose a direct threat to the hundreds of millions of Twitter users as well as American democracy.”

“Twitter is an immensely powerful platform and cannot afford huge vulnerabilities,” he said.

Peiter “Mudge” Zatko, a respected cybersecurity expert, appeared before the Senate Judiciary Committee. (AP: Jacquelyn Martin)

Sen. Lindsey Graham said one positive outcome that could come out of Zatko’s testimony would be bipartisan legislation to establish a stricter system of regulating technology platforms.

“We have to up our game in this country,” he said.

Many of the statements of Mr. Zatko are not corroborated and seem to have little documentary support.

Twitter has called its description of the events “a false narrative … full of inconsistencies and inaccuracies” and lacking important context.

Still, Zatko came across as a compelling whistleblower who has “a lot of credibility in this space,” said Ari Lightman, a professor of digital media and marketing at Carnegie Mellon University. But he said many of the issues he raised were likely common to many other digital platforms.

“They bypass security protocols in the sense of innovating and operating very quickly,” Professor Lightman said.

“We gave digital platforms a lot of autonomy at the beginning to grow and develop. Now we’re at a point where we’re [saying] wait a minute…this is out of hand.”

Zatko also told Congress he was “surprised and shocked” by an exchange with current Twitter CEO Parag Agrawal about Russia.

He said Mr Agrawal, who was chief technology officer at the time, asked if it would be possible to “point” content moderation and monitoring to the Russian government because Twitter really “didn’t have the ability and the tools to do things properly “.

“And since they have elections, doesn’t that make them a democracy?” Zatko recalled Mr. Agrawal saying.

Sen. Charles Grassley, the committee’s ranking Republican, said Agrawal declined to testify at the hearing, citing ongoing legal proceedings with Musk.

Space for play or pause, M for mute, left and right arrows for search, up and down arrows for volume.

But the hearing was “more important than Twitter’s civil litigation in Delaware,” Grassley said.

Twitter declined to comment on Mr. Grassley.

Zatko, 51, first rose to prominence in the 1990s as a pioneer in the ethical hacking movement and later held senior positions in an elite Defense Department research unit and at Google. He joined Twitter in late 2020 at the behest of then-CEO Jack Dorsey.


Leave a Comment

Your email address will not be published. Required fields are marked *