Hahn added that Twitter has tightened up security extensively since 2020, that its security practices are within industry standards, and that it has specific rules about who can access company systems. She said that Zatko’s allegations appeared to be “riddled with inaccuracies” and that Zatko “now appears to be opportunistically seeking to inflict harm on Twitter, its customers, and its shareholders.” Hahn said that Twitter fired Zatko after 15 months “for poor performance and leadership.” Attorneys for Zatko confirmed he was fired but denied it was for performance or leadership.
“Security and privacy have long been top companywide priorities at Twitter,” said Twitter spokeswoman Rebecca Hahn. The Post interviewed more than a dozen current and former employees for this story, many of whom spoke on the condition of anonymity to discuss sensitive information. The FTC is reviewing the allegations, according to two people familiar with the preliminary inquiry. Zatko is represented by the nonprofit law firm Whistleblower Aid. The Post obtained a copy of the disclosure from a senior Democratic aide on Capitol Hill.
Under SEC whistleblower rules, he is entitled to legal protection against retaliation, as well as potential monetary rewards.Ī redacted version of the 84-page filing went to congressional committees. He declined to discuss what happened at Twitter, except to stand by the formal complaint.
This is not a light step to take,” said Zatko, who was fired by Agrawal in January. He was hired at Twitter by former CEO Jack Dorsey in late 2020 after a major hack of the company’s systems.
Whistle phone unable to send a message to the location software#
In an interview with The Post, Zatko described his decision to go public as an extension of his previous work exposing flaws in specific pieces of software and broader systemic failings in cybersecurity. Executives stood to win individual bonuses of as much as $10 million tied to increases in daily users, the complaint asserts, and nothing explicitly for cutting spam.Ĭhief executive Parag Agrawal was “lying” when he tweeted in May that the company was “strongly incentivized to detect and remove as much spam as we possibly can,” the complaint alleges. In addition, the whistleblower document alleges the company prioritized user growth over reducing spam, though unwanted content made the user experience worse. Peiter Zatko, known by his hacker name, Mudge, filed a complaint that says Twitter is violating its agreement to maintain solid security practices. The complaint - filed last month with the Securities and Exchange Commission and the Department of Justice, as well as the FTC - says thousands of employees still had wide-ranging and poorly tracked internal access to core company software, a situation that for years had led to embarrassing hacks, including the commandeering of accounts held by such high-profile users as Elon Musk and former presidents Barack Obama and Donald Trump. Zatko’s complaint alleges he had warned colleagues that half the company’s servers were running out-of-date and vulnerable software and that executives withheld dire facts about the number of breaches and lack of protection for user data, instead presenting directors with rosy charts measuring unimportant changes. The complaint from former head of security Peiter Zatko, a widely admired hacker known as “Mudge,” depicts Twitter as a chaotic and rudderless company beset by infighting, unable to properly protect its 238 million daily users including government agencies, heads of state and other influential public figures.Īmong the most serious accusations in the complaint, a copy of which was obtained by The Washington Post, is that Twitter violated the terms of an 11-year-old settlement with the Federal Trade Commission by falsely claiming that it had a solid security plan. Twitter executives deceived federal regulators and the company’s own board of directors about “extreme, egregious deficiencies” in its defenses against hackers, as well as its meager efforts to fight spam, according to an explosive whistleblower complaint from its former security chief.
0 kommentar(er)
