Security of Twitter affects your security
A whistleblower disclosure warning has been made about Twitter’s security by the man who was brought in to improve it.
Peiter Zatko, a hacking legend and early cybersecurity advocate, was recruited by Twitter’s co-founder and then-CEO Jack Dorsey in 2020 after a major hack compromised high-profile accounts.
According to Zatko, Twitter’s negligence poses a danger to users and the country’s security, and he filed a whistleblower disclosure with the government.
Call him ‘Mudge’
In the 1990s, Zatko testified before Congress about cybersecurity as “Mudge,” as if he were a central casting computer hacker. In 2000, he made his first appearance on CNN.
In an interview with CNN analyst Garrett Graff, who appeared on “New Day” on Tuesday to compare Zatko and the heroic test pilot Chuck Yeager, Graff said, “This is a warning from Chuck Yeager.”
A critical task at Twitter
Despite being fired by Twitter in January, months after Dorsey stepped down, Zatko says he’s trying to help Twitter.
As Donie O’Sullivan reported, Zatko was invited by Jack Dorsey to perform a critical task for Twitter. “I agreed to do that and I believe that mission is still being performed today,” Zatko said.
As a result of Zatko’s disclosure, he could also be reimbursed for a portion of the penalties.
What are the implications for national security?
The vast majority of tweets come from a small group of users (23%) in a survey conducted in 2021. From useful to offensive and flat-out incorrect, the content can be all over the place.
Due to Twitter’s ability to spread misinformation so rapidly, Graff argues Twitter’s security is crucial to national security.
Luckily, Zatko’s hiring at Twitter was not the result of an attack by foreign intelligence services or hackers seeking nuclear war, Graff said. The information could spread faster in an attack on Twitter than anyone could react to it, in many ways.” “Twitter, in many ways, is where wars can start these days.
Twitter and foreign agents
When governments target dissidents in the past, the security implications are more pronounced.
This month, Ahmad Abouammo, a former Twitter manager, was convicted for spying for Saudi Arabia, according to O’Sullivan’s report.
In addition to Alzabarah, another Saudi Arabian employee was accused of accessing Twitter accounts.
There were no defendants accused of recruiting Abouammo, including Bader Al-Asaker, Saudi Arabia’s crown prince, and Twitter.
Also, according to the whistleblower’s disclosure, Twitter was informed that a few days before Zatko was fired, one of its employees, perhaps more, was working for another country’s intelligence service. The tip is unclear whether Twitter acted on it.
Twitter’s controls are too accessible to too many people
The whistleblower claim alleges Twitter’s central controls are too accessible to too many employees, which makes it vulnerable to hacking.
From CNN’s report:
According to Zatko, he was concerned that Twitter’s platform might be manipulated by someone sympathizing with the insurrectionists after the January 6 insurrection. Twitter engineers have internal access to the “production environment,” which allows them to make changes to the platform.
It is noted in the disclosure that Zatko soon realized that he was unable to protect the production environment because all engineers were able to enter. No logs of who entered or did what was kept. All engineers had critical access to the production environment, and no one knew where the data lived or whether it was critical.”
Several Twitter engineers and product team members have access to the company’s production environment, CNN reports.
Hiding the problem
Approximately 200 pages of the report contain much more. The company’s board of directors has been accused of trying to hide security problems and of getting Zatko to fabricate data to create the impression of progress.
In addition, Twitter is alleged to have misled regulators about whether it deletes users’ data as it is required to do.
Elon Musk’s ongoing attempt to back out of the Twitter purchase will also feature how many bots are on the platform, something the company is unable to determine from the disclosure.
Why this is important
In his response to O’Sullivan’s question about Zatko’s nervousness, Zatko said, “I think it’s pretty scary,” because what you see, read, and consume online makes up your entire view of the world.
He replied, “Yes, I am.”. I wasn’t certain this was my career path. I just want to make the world a better, safer place through information, security, and privacy.”
How does Twitter respond?
CNN reports that Twitter fired Mr. Zatko due to ineffective leadership and poor performance in January 2022.
Twitter and its privacy and data security practices have been misrepresented so far in an unconvincing manner that lacks important context and is riddled with inconsistencies and inaccuracies. The allegations and opportunistic timing of Mr. Zatko seem to be aimed at grabbing attention and harming Twitter, its customers, and its shareholders. At Twitter, privacy and security have been top priorities for years and will remain so.”
The whistleblower disclosure: how did CNN view it?
In July, the SEC, FTC, and DOJ received a disclosure from the Securities and Exchange Commission (SEC). Disclosures have also been provided to lawmakers.
edited and proofread by nikita sharma