Twitter's former head of security alleged that the company misled regulators about its poor cybersecurity defenses and its negligence in attempting to root out fake accounts that spread disinformation, according to a whistleblower complaint filed with
The revelation could create serious legal and financial problems for the social media platform, which is currently attempting to force
“This was a last resort for him,” said
Among Zatko's most serious accusations is that Twitter violated the terms of a 2011
Shares of
Better known by his hacker handle “Mudge,” Zatko is a highly respected cybersecurity expert who first gained prominence in the 1990s and later worked in senior positions at the Pentagon’s
He joined Twitter at the urging of then-CEO
Twitter said in a prepared statement Tuesday that Zatko was fired for “ineffective leadership and poor performance” and said the “allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders.” The company called his complaint “a false narrative” that is “riddled with inconsistencies and inaccuracies and lacks important context.”
Zatko's attorneys,
The 84-page complaint describes a broken corporate culture at Twitter that lacked effective leadership and where Zatko said top executives practiced “deliberate ignorance” of pressing problems. His description of Dorsey’s leadership style is particularly scathing; he described the Twitter founder as “extremely disengaged” during the last months of his tenure as CEO to the point where he would not even speak during meetings on complex issues facing the company.
Zatko said he heard from colleagues that Dorsey would remain silent for “days or weeks.” Dorsey announced he was stepping down as Twitter CEO in
The disclosure says Twitter offered no monetary incentives for improving security and platform integrity, although the company did offer
Among Zatko’s accusations of cybersecurity malpractice: Software and security updates were disabled on more than a third of employees’ computers -- unduly exposing them to malware -- and it was common for people to install “whatever software they wanted on their work systems.” Such lapses are typically considered cardinal sins in cybersecurity.
Whistleblower Aid said it is legally precluded from sharing Zatko's statement. The same group worked with former
“I wouldn’t say he’s happy about having to become a whistleblower, but he’s resolute in his decision,” Tye said. “And committed to getting to the bottom of this.”
A spokesperson for the
Sen.
Among the most alarming complaints is Zatko’s allegation that Twitter knowingly allowed the Indian government to place its agents on the company payroll where they had “direct unsupervised access to the company’s systems and user data.”
A 2011
The complaint said Twitter was also heavily reliant on funding by Chinese entities and that there were concerns within Twitter that the company was providing information to those entities that would enable them to learn the identify and sensitive information of Chinese users who secretly use Twitter, which is officially banned in
Zatko also describes willful ignorance by Twitter executives on counting the millions of accounts that are automated “spam bots" or otherwise have no value to advertisers because there is no person behind them. Zatko cited a “damning” 2021 outside report that found Twitter’s tools for tackling bots were neither sufficiently automated or sophisticated and instead relied on humans “not adequately staffed or resourced, to address the misinformation and disinformation problem.”
Tye said “he’s never met
——
AP writers
Copyright 2022 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission., source