Twitter co-founder and then-CEO Jack Dorsey hired hacking legend and early cybersecurity evangelist Pyter Zatko after a large-scale breach of a high-profile account in 2020. After the hack.
Zatko, who said he views the platform as essential to democracy, has submitted disclosures to the government from whistleblowers who claim Twitter’s negligence endangers user safety and national security.
Zatko uses the nickname “Madge,” which he used while testifying before Congress on cybersecurity in the 1990s. A computer hacker from Central Casting. He first appeared on CNN in 2000.
“This is a warning from Chuck Yeager says, ‘I’m worried about the dangers of that plane,'” Garrett Graff, a CNN analyst and WIRED contributing editor, said on Tuesday’s “New Day” with Zatko. He spoke while comparing the heroic test pilot Jaeger. .
“Twitter’s important work”
Zatko was fired by Twitter in January, months after Dorsey resigned, but Zatko said he was looking out for the company by filing whistleblower disclosures.
In an interview with CNN’s Donnie O’Sullivan, Zatko said, “Jack Dorsey contacted me and asked me to do some important work on Twitter. I signed on to it. I still have that mission.” I believe it is done.
Zatko may also pay a portion of any penalties incurred as a result of his disclosure.
How does this affect national security?
But Graf argued that Twitter’s security is vital to national security, as disinformation can spread rapidly on the platform.
“We were all really lucky that that attack was a cryptocurrency scam and not a foreign intelligence agency or a hacker trying to start a nuclear war,” Graf wrote on Zatco’s Twitter account in 2020. He said that it led to the hiring of the company. “Twitter, in many ways, is where war could start at this very moment. Information can move there faster than anyone can keep up.”
Twitter and overseas agents
Security implications are more pronounced for governments with a track record of targeting dissidents.
Another employee accused of accessing Twitter accounts on behalf of Saudi Arabia, Ali Alzabara, left the United States before being charged.
Bader al-Asker, who says prosecutors have recruited Abuanmo, the Saudi crown prince, Twitter, not among the defendants.
Separately, whistleblower Shortly before Zatko’s dismissal, the U.S. government provided Twitter with concrete evidence that at least one of its employees, and possibly more, worked for another government’s intelligence agency, according to the disclosure. suggests that it has been provided. It is not clear whether Twitter acted on this information.
Too many people have access to Twitter controls
The main problem with the whistleblower filing is the allegation that Twitter gave too many staff members access to the platform’s central controls, making it vulnerable to hacks.
From CNN’s report:
After the Jan. 6 riots, Zatko was concerned that someone within Twitter who sympathized with the rebels could try to manipulate the company’s platform. They tried to crack down on internal access that allowed them to make changes to known platforms.
However, according to the disclosure, Zatko quickly stated, “It was impossible to secure the production environment. All engineers had access. We cannot record who entered the environment and what they did.” No one knew where the data was or where it was.It was critical and every engineer had some form of critical access to production.”
Twitter told CNN that members of the company’s engineering and product teams are granted access to production environments for specific business justifications.
hide the problem
The nearly 200-page report contains even more information. Among the main allegations are that Twitter executives tried to hide security issues even from the company’s board of directors, and that Zatko was pressured to misrepresent data, creating a perception of progress. is mentioned.
Another allegation is that Twitter misled regulators about whether or not to delete user data when necessary.
why this matters
“Yes, yes,” he said. “This wasn’t my first choice. But yeah, I just want to make the world a better place, a safer place. I have to do it through security, information and privacy. ”
what does twitter say?
A Twitter spokesperson told CNN, “Zatko was terminated from senior management at Twitter in January 2022 due to leadership inefficiency and poor performance.”
“What we have seen so far is a misrepresentation of Twitter and our privacy and data security practices, riddled with contradictions and inaccuracies, and lacking important context.” Zatko ‘s claims and opportunistic timing seem designed to grab attention and harm Twitter., its customers, and its shareholders.Security and privacy have long been company-wide priorities at Twitter. It is, and will continue to be, a matter.”
How did CNN view the whistleblower’s disclosure?
The disclosure was sent in July to government watchdogs the Securities and Exchange Commission (SEC), the Federal Trade Commission (FTC) and the Department of Justice (DOJ). Lawmakers have also been exposed.
A Democratic aide to the Capitol raised bipartisan concerns, but provided disclosure to CNN.
problems of the past
In a CNN report on whistleblower disclosures, Twitter pointed to third-party audits that verify its compliance with the FTC.
Source: www.cnn.com
