Twitter misled U.S. regulators on hackers, spam, whistleblower says

August 23 (Reuters) – Twitter Inc. (TWTR.N) misled federal regulators about its defenses against hackers and spam accounts, the social media company’s former security chief Peiter Zatko said in a whistleblower complaint.

In an 84-page complaint, Zatko, a famous hacker widely known as “Mudge”, alleged that Twitter falsely claimed it had a strong security plan, according to documents relayed by congressional investigators. Shares of Twitter fell 7.3% to close at $39.86.

The document alleges that Twitter has prioritized user growth over spam reduction, with executives eligible to earn individual bonuses of up to $10 million tied to user growth. dailies, and nothing explicitly to reduce spam.

Join now for FREE unlimited access to Reuters.com

Twitter called the complaint a “false story”. The social media company has fought Elon Musk in court after the world’s richest person tried to pull out of a $44 billion deal to buy Twitter. Musk said he did not provide details on the prevalence of bot and spam accounts.

Tesla Inc. (TSLA.O) Chief Executive Musk had offered to buy Twitter for $54.20 a share, saying he thought it could be a global platform for free speech.

Twitter and Musk have sued, with Twitter asking a Delaware Court of Chancery judge to order Musk to make the deal. A trial is scheduled for October 17.

Zatko filed the complaint last month with the United States Securities and Exchange Commission and the Department of Justice, as well as the Federal Trade Commission (FTC). The complaint was also sent to congressional committees.

“We are reviewing the redacted claims that have been posted, but what we have seen so far is a false narrative riddled with inconsistencies and inaccuracies,” Twitter chief executive Parag Agrawal told employees in a statement. memo.

Senate Judiciary Committee Republican leader Chuck Grassley said the complaint raised serious national security and privacy concerns and should be investigated.

“Take a technology platform that collects massive amounts of user data, combine it with what appears to be incredibly weak security infrastructure, and infuse it with foreign state actors with an agenda, and you have recipe for disaster,” he said. .

The FTC declined to comment. A spokesperson for the Senate Intelligence Committee said it received the complaint and set up a meeting to discuss the allegation.

Twitter’s real regulatory risk lies in whether documentary evidence shows “knowing or recklessly misleading” investors or regulators, said Howard Fischer, a partner at Moses & Singer and a former SEC attorney.

‘GIVE A LITTLE WHISTLE’

Musk could not be reached for comment but reacted on Twitter with memes and emoji of a robot. Musk’s legal team has subpoenaed Zatko, CNN reported after the whistleblower’s disclosure became public.

American hackers have admired Zatko since the 1990s, when he was credited with inventing a tool to crack passwords. Later, he used his hacking abilities to become a sought-after security consultant, and along with other rebel techs of the time, he moved into high-level government and board positions. .

The whistleblower’s document says that after the Jan. 6 riots, the new Biden administration offered him “a day-one appointment as Chief Information Security Officer for the United States,” which he refused.

Cybersecurity officials expressed broad support for Zatko, and many lamented Twitter’s reaction to his revelations.

Robert Lee, founder of industrial cybersecurity company Dragos, said it was “one of the very few times, depending on who it is, I don’t even have to know a detail to form an opinion.” , he said on Twitter. “If Mudge makes this type of claim, it deserves an investigation.”

In January, Twitter said Zatko was no longer its chief security officer, two years after he was appointed to the role.

On Tuesday, a Twitter spokesperson said Zatko was fired for “ineffective leadership and poor performance,” adding that his allegations appeared designed to attract attention and harm Twitter, its customers and its shareholders.

Debra Katz and Alexis Ronickher, attorneys for Zatko, said in a statement that throughout his tenure at Twitter, he repeatedly raised concerns about inadequate information security systems with the executive committee, CEO and the company’s board of directors. Twitter did not respond to a request for comment on this statement.

(This story corrects closing price and removes superfluous percentage symbol in paragraph two)

Join now for FREE unlimited access to Reuters.com

Reporting by Chavi Mehta, Ankur Banerjee and Tiyashi Datta in Bengaluru, Peter Henderson in Oakland and Raphael Satter in Washington; Additional reporting by Rick Cowan in Washington; Written by Ankur Banerjee; Editing by Kenneth Li, Saumyadeb Chakrabarty, Sriraj Kalluvila and David Gregorio

Our standards: The Thomson Reuters Trust Principles.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top