Twitter’s whistleblower has pitched up at a very inconvenient moment | John Naughton
“EExposed by x-Twitter executives, alleging reckless and negligent cybersecurity policies,” CNN headlines. My initial reaction? Yawn…so what’s new: a social media company playing fast and loose with its user data? Who is this whistleblower anyway? A man named Peiter Zatko. Never heard of him. Possibly another tech bro who found his conscience…
But what is this? He has a nickname – “Mudge”. (Cue the audio to drop pennies.) The mainstream media called him a “hacker,” their customary way of undermining talented software experts. This Mudge sure is.In fact, in that industry, he has blue chip status. He is the most high-profile member of the famous hacker think tank L0pht (pronounced “loft”), and a member of the famous cooperative organization Dead Cow Cult.In this sense, he is “Hacktivism” He has spent most of his life trying to educate the world about cybersecurity, and has a long list of discovered vulnerabilities to credit.
During the Clinton administration, he apparently was involved at times National Security Council Briefing President’s. In 2010, he was recruited by the Pentagon’s tech think tank, Darpa, to oversee cybersecurity research funded by the agency. After that, he worked at Google’s Advanced Technology and Projects department and then at Stripe, a leading payment processing company. In 2020, he was hired by Twitter founder Jack Dorsey as the company’s head of security. The incoming Biden administration is said to have tried to hire Zatko as the country’s cybersecurity chief, but he decided to go to Twitter.
In July, he filed a lawsuit with the U.S. Securities and Exchange Commission, alleging Twitter violated a 2011 agreement with the Federal Trade Commission (FTC) Maintain safe security practices. Somehow, Washington post get it copy in hand and available on the web. It’s 84 pages long, heavily scrutinized, but an engaging read.
This is basically a devastating critique of Twitter’s management and security practices. In 2011, the FTC discovered that its employees had complete and easy access to all of its systems, and that this poor security had been exploited by hackers, including those who tweeted from then-President Obama’s account. A decade later, Zatko said thousands of employees still have extensive and poorly tracked internal access to the company’s core systems. He also claimed that half of the company’s servers were running outdated and vulnerable software, and that senior executives hid information from the board about the number of security breaches and the lack of protection of user data.
These executives have been prioritizing user growth over data security, he said. “Senior management has no interest in properly measuring the prevalence of bots [automated] The accounts were made because…they feared that if accurate measurements were made public, it would damage the company’s image and valuation. He also described how, on various occasions in 2021, he has “witnessed senior executives engage in deceptive and/or misleading communications” affecting board members, users and shareholders. Finally, tensions between him and the chief executive turned Sharply, he was fired on January 19. “Mr. Zatko was fired by Twitter more than six months ago for poor performance and leadership,” said Rebecca Hahn, Twitter’s vice president of global communications. Rebecca Hahn said recently. “And he now appears to be opportunistically seeking to cause harm to Twitter, its customers and shareholders. “
It’s all music to the ears of Elon Musk’s lawyers, as they struggle to find a way for their clients to get out of his expensive and misleading bid to buy Twitter. His pretext for changing his mind to buy was that he had been misled by Twitter executives about the prevalence of spam bots on the platform, a claim that Zatko’s filing with the SEC appears to support, although a Delaware court no doubt may Hearing arguments from both sides concluded that the $44 billion takeover bid should not have been made without doing its own due diligence.
Whatever happens in Delaware, Zatko’s submission could be a big nuisance for whoever eventually owns Twitter. FTC violation settlements are rarely a good career development. In 2011, for example, Facebook also had friction with the committee after the Cambridge Analytica scandal. The company signed a consent decree pledging to make the necessary reforms.It did not, and in 2019 came back to the committee for failing to comply, and fined $5 billion. So, wouldn’t it be interesting if Elon Musk ended up having to pay the promised $44 billion for Twitter, only to find himself in front of the FTC with a $5 billion fine for violations by the former owner.
what i’ve been reading
The coming tsunami of addictive AI-created content will overwhelm us Thought-provoking Substack Posts Charles Arthur on the pros and cons of text-to-graphics engines like Dall-E.
eyes in the sky
How Capitalism – Lots of Bad Actors – Destroyed the Internet One insightful article By Matthew Klein in Boston Review On the rise of surveillance capitalism.
Half a billion bitcoins, thrown in the garbage dump is awesome account inside New Yorker How Bitcoin Caches Ended Up in Landfills.