August 23 (Reuters) – Twitter Inc. (TWTR.N) misled federal regulators about its defenses against hackers and spam accounts, the social media company’s former chief security officer, Peiter Zatko, said in a whistleblower complaint.
In an 84-page complaint, Zatko, a notorious hacker widely known as “Mudge,” alleged that Twitter falsely claimed it had a strong security plan, according to documents released by congressional investigators. Twitter shares fell 7.3% to close at $39.86.
The document alleges that Twitter prioritized user growth over reducing spam, with executives eligible to earn individual bonuses of up to $10 million tied to increases in daily users, and nothing explicit about reducing spam.
Sign up now for FREE unlimited access to Reuters.com
Twitter called the complaint a “false narrative.” The social media company has been battling Elon Musk in court after the world’s richest person tried to back out of a $44 billion deal to buy Twitter. Musk said that he did not provide details on the prevalence of bots and spam accounts.
tesla inc. (TSLA.O) Chief Executive Musk had offered to buy Twitter for $54.20 a share, saying he believed it could be a global platform for free speech.
Twitter and Musk have sued each other, with Twitter asking a Delaware Chancery Court judge to order Musk to close the deal. A trial is scheduled for October. 17
Zatko filed the complaint last month with the US Securities and Exchange Commission and the Department of Justice, as well as the Federal Trade Commission (FTC). The complaint was also sent to congressional commissions.
“We are reviewing the redacted claims that have been posted, but what we have seen so far is a false narrative that is riddled with inconsistencies and inaccuracies,” Twitter CEO Parag Agrawal told employees in a memo.
The top Republican on the Senate Judiciary Committee, Chuck Grassley, said the complaint raises serious national security concerns and privacy issues and should be investigated.
“Take a technology platform that collects massive amounts of user data, combine it with what appears to be an incredibly weak security infrastructure, and infuse it with foreign state actors with an agenda, and you have a recipe for disaster,” he said. .
The FTC declined to comment. A member of the Senate Intelligence Committee said that he had received the complaint and was organizing a meeting to discuss the indictment.
The Twitter logo is seen outside the company’s headquarters in San Francisco, California, U.S., April 25, 2022. REUTERS/Carlos Barria/File photo
Twitter’s real regulatory risk lies in whether the documentary evidence shows “knowing or reckless deception” by investors or regulators, said Howard Fischer, a partner at Moses & Singer and a former SEC attorney.
‘GIVE HIM A LITTLE WHISTLE’
Musk could not be reached for comment, but he did react on Twitter with memes and robot emoji. Musk’s legal team subpoenaed Zatko, CNN reported after the whistleblower revelation was made public.
American hackers have admired Zatko since the 1990s, when he was credited with inventing a password cracking tool. He later used his hacking skills to become a sought-after security consultant and, with other rogue techies of the day, transitioned into top government and boardroom positions.
The complainant’s document says after January 1. 6 riots, the incoming Biden administration offered him “an appointed position from day one as chief information security officer for the United States,” which he turned down.
Cybersecurity leaders expressed broad support for Zatko, with many deploring Twitter’s reaction to his revelations.
Robert Lee, founder of industrial cybersecurity firm Dragos, said it was “one of the rare times, depending on who you are, I don’t even need to know a detail to form an opinion,” he said on Twitter. “If Mudge is making these kinds of claims, he deserves the investigation.”
January, Twitter said Zatko was no longer his head of security, two years after his appointment to the position.
On Tuesday, a Twitter spokesperson said Zatko was fired for “ineffective leadership and poor performance,” adding that his accusations seemed designed to attract attention and inflict harm on Twitter, its customers and shareholders.
Debra Katz and Alexis Ronikher, attorneys for Zatko, said in a statement that throughout his tenure at Twitter, he repeatedly raised concerns about the inadequacy of information security systems to Zatko’s executive committee, chief executive officer and board of directors. the company. Twitter did not respond to a request for comment on that statement.
(This story corrects the closing price and removes the weird percentage symbol in paragraph two)
Sign up now for FREE unlimited access to Reuters.com
Reporting from Chavi Mehta, Ankur Banerjee, and Tiyashi Datta in Bengaluru, Peter Henderson in Oakland, and Raphael Satter in Washington; Additional reporting by Rick Cowan in Washington; Written by Ankur Banerjee; Edited by Kenneth Li, Saumyadeb Chakrabarty, Sriraj Kalluvila, and David Gregorio
Our standards: The Thomson Reuters Trust Principles.
