Peiter “Mudge” Zatko, the notorious hacker whom Twitter hired in 2020 to shore up its cybersecurity, has reportedly warned that the social media giant has reckless and negligent policies that pose risks not only to its users, but also to national security and America’s democratic system of government.
Zatko, who was fired by Twitter earlier this year, filed a whistleblower complaint with members of Congress and federal regulatory agencies, the Washington Post and CNN reported on Tuesday. The 84-page document, which was submitted last month and later leaked to the media outlets, alleged that Twitter executives have tried to cover up the company’s security vulnerabilities, including the fact that half of its servers run on out-of-date and risky software.
Too many of Twitter’s staffers are given access to the platform’s most sensitive data and central controls, and one or more current employees may be working for a foreign intelligence service, Zatko claimed. He said the security vulnerabilities could enable spying, hacking, election manipulation and disinformation campaigns.
Zatko also claimed that Twitter executives aren’t motivated to ascertain the true number of bot accounts on the platform because they have bonuses of as much as $10 million tied to the number of users and no incentives for reducing spam, according to CNN. The bot issue was central to Tesla CEO Elon Musk’s decision last month to cancel his $44 billion acquisition of Twitter. The company has sued Musk for breaking the deal, but Zatko’s allegation that the platform has potentially “many millions” of bot accounts would appear to help the Tesla chief’s case that Twitter hasn’t been transparent about spam.
The former Twitter security director alleged that he made his whistleblower complaint after trying to alert the company’s board to security lapses, technical shortcomings and non-compliance with a Federal Trade Commission privacy agreement. A Twitter representative told CNN that Zatko was fired in January for “ineffective leadership and poor performance.”
“What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context,” the company spokesperson said. “Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders.”
Senator Dick Durbin (D-Illinois), chairman of the Senate Judiciary Committee, vowed to investigate Zatko’s complaint and “take further steps as needed to get to the bottom of these alarming allegations.” Senator Chuck Grassley (R-Iowa), the top Republican on the committee, said the filing raised “serious national security concerns” and privacy issues. “Take a tech platform that collects massive amounts of user data, combine it with what appears to be an incredibly weak security infrastructure and infuse it with foreign state actors with an agenda, and you’ve got a recipe for disaster.”