Saturday, November 23, 2024

Tech News, analysis, updates, comments, reviews

Twitter misled U.S. regulators on hackers & spam, whistleblower says

"What we've seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context"

Twitter Inc (TWTR.N) misled federal regulators about its defenses against hackers and spam accounts, the social media company’s former security chief Peiter Zatko said in a whistleblower complaint.

In an 84-page complaint, Zatko, a famed hacker widely known as “Mudge,” alleged Twitter falsely claimed it had a solid security plan, according to documents relayed by congressional investigators. Twitter’s shares fell 7.3% to close at $39.86.

The document alleges Twitter prioritized user growth over reducing spam, with executives eligible to win individual bonuses of as much as $10 million tied to increases in daily users, and nothing explicitly for cutting spam.

Twitter labeled the complaint a “false narrative.” The social media company has been battling Elon Musk in court after the world’s richest person attempted to pull out of a $44-billion deal to buy Twitter. Musk said it failed to provide details about the prevalence of bot and spam accounts.

Tesla Inc (TSLA.O) Chief Executive Musk had offered to buy Twitter for $54.20 per share, saying he believed it could be a global platform for free speech.

Twitter and Musk have sued each other, with Twitter asking a judge on the Delaware Court of Chancery to order Musk to close the deal. A trial is scheduled for Oct. 17.

Zatko filed the complaint last month with the U.S. Securities and Exchange Commission and the Department of Justice, as well as the Federal Trade Commission (FTC). The complaint was also sent to congressional committees.

“We are reviewing the redacted claims that have been published but what we have seen so far is a false narrative that is riddled with inconsistencies and inaccuracies,” Twitter Chief Executive Parag Agrawal told employees in a memo.

The Senate Judiciary Committee’s top Republican, Chuck Grassley, said the complaint raised serious national security concerns and privacy issues and needed to be investigated.

“Take a tech platform that collects massive amounts of user data, combine it with what appears to be an incredibly weak security infrastructure, and infuse it with foreign state actors with an agenda, and you’ve got a recipe for disaster,” he said.

Twitter’s real regulatory risk lies in whether the documentary evidence shows “knowing or reckless misleading” of investors or regulators, said Howard Fischer, a partner at Moses & Singer and a former SEC attorney.

‘GIVE A LITTLE WHISTLE’

Musk could not be reached for comment but reacted on Twitter with memes and emoji of a robot. Musk’s legal team has subpoenaed Zatko, CNN reported after the whistleblower disclosure was made public.

American hackers have admired Zatko since the 1990s, when he was credited with inventing a tool to crack passwords. He later used his hacking chops to become a sought-after security consultant and with other rebellious techies of the era, transitioned to top government and boardroom positions.

The whistleblower document says that after the Jan. 6 riots, the incoming Biden administration offered him “a day-one appointed position as Chief Information Security Officer for the United States,” which he turned down.

Cybersecurity leaders expressed widespread support for Zatko, and many deplored Twitter’s reaction to his revelations.

Robert Lee, founder of industrial cybersecurity company Dragos, said it was “one of the very rare times based on who it is I don’t even need to know a detail to form an opinion,” he said on Twitter. “If Mudge is making this type of claim, it deserves the investigation.”

In January, Twitter said Zatko was no longer its head of security, two years after his appointment to the role.

On Tuesday, a Twitter spokesperson said Zatko was fired for “ineffective leadership and poor performance,” adding his allegations appeared designed to capture attention and inflict harm on Twitter, its customers and its shareholders.

Debra Katz and Alexis Ronickher, attorneys for Zatko, said in a statement that throughout his tenure at Twitter, he repeatedly raised concerns about inadequate information security systems to the company’s executive committee, CEO and board. Twitter did not respond to a request for comment on that statement.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Get notified whenever we post something new!

spot_img

Migrate to the cloud

Make yourself future-proof by migrating your infrastructure and services to the cloud. Become resilient, efficient and distributed.

Continue reading

Concerns about the ICT Bill 2024 in Kenya

THis post has been updated after the attention it is gannering. The original post can be found here: https://web.archive.org/web/20240813033032/https://blog.blancorpsolutions.com/kenya/concerns-about-the-ict-bill-2024-in-kenya/ Kenya's tech industry has been a beacon of innovation and growth, thanks in part to a regulatory environment that has allowed...

What are the real intentions of tracking IMEI numbers?

Imagine if you had a magic map that could show you where all your favorite toys were at any time. Sounds pretty? Well, in Kenya, the government wants to do something similar, but with people’s phones. They plan to...

The Tor Project + Tails, A Game-Changing Merger for Privacy Advocates

In a significant development for digital privacy enthusiasts, the Tor Project and Tails have merged their operations, uniting two of the most trusted tools in the fight against online surveillance. This merger, announced this month, combines the power of...

Enjoy exclusive discounts

Use the promo code SDBR002 to get amazing discounts to our software development services.