In the US, exposure of weaknesses in Twitter’s defenses could be very damaging to the social network. The former security chief accuses the company of hiding loopholes from US regulators and lying about its fight against fake accounts.
In a complaint filed last month with the Department of Justice and various oversight bodies, former head of security for Twitter, Peter Zatko, paints a picture of a poorly run company with little regard for cybersecurity concerns. In particular, he mentions the serious failures associated with hacking computers. Twitter also lied about its fight against fake accounts, according to revelations aired by CNN and the Washington Post.
Outdated servers, vulnerable software: the social network would hide the weaknesses of its protection system from US regulators. He would have voluntarily covered up many of the cyberattacks he was the target of. In addition, thousands of employees will have access to critical central servers and the most sensitive information without proper controls.
Peter Zatko. [U.S. federal government/Reuters]In the 84-page document that compiles the allegations against his former employer, Peter Zatko also points out that the network is especially vulnerable to attacks from governments hostile to the United States. He even suggests that one or more of the current employees of the company may be on the staff of foreign intelligence.
This poses a clear threat to US national security and democracy, according to a former Twitter employee who was fired in January 2022 and now considers himself a whistleblower.
He also accuses Twitter of failing to securely erase the data of users who delete their accounts. In some cases, the company even lost certain information.
Hired to save the ship
When it comes to hacking computers, Peter Zatko doesn’t come out of nowhere, and he knows what he’s talking about: Before roaming the television as one of cybersecurity’s greatest experts, he acted as a hacker under the pseudonym “Madge.” In particular, he was one of the leaders of one of the oldest groups of American “ethical hackers” Cult of the Dead Cow (cDc).
He was hired by Twitter in November 2020, when the social network was under pressure and accused of numerous security breaches. His task then was to uncover structural security issues in a company that had just undergone a massive hack that exposed figures like Joe Biden, Barack Obama, Kim Kardashian or Elon Musk.
The perfect time for Elon Musk
These revelations are also at the heart of a legal dispute between the social network and Elon Musk. In July, the billionaire backed out of a $44 billion takeover of Twitter, blaming it for not really cracking down on fake accounts. The accusation is also present in the complaint by Pater Zatko, who accuses Twitter of not having the resources or the will to realistically estimate the number of robots on its platform, which the Tesla boss has been quick to point out… on Twitter.
>> “Thus, the board was informed about the prevalence of fake accounts, but the board decided not to disclose anything…”
For its part, Twitter denies all these accusations and condemns “false stories.” In a statementshe believes the allegations come at an “opportunistic” moment and appear to be “intended to draw attention and damage the image of Twitter, its customers and investors.”
>> Read about it:
After these revelations, the company’s shares lost 7% on Tuesday evening.
Radio Theme: Olivier Schordere
Webtext: Pierrick Jordan