Peiter Zatko, who was a hacker (known as Mudge) before being head of security at Twitter, made a gloomy description this Tuesday in the United States Senate about the company where he worked until a few months ago. According to his testimony, under oath, the social network misled shareholders, the board itself, legislators, regulators and users by hiding their vulnerabilities when he raised the seriousness of the situation.
"They do not know what data they have, where they are or where they come from and, as expected, they cannot protect them," he stated in the judicial commission of the upper house of Congress. He expressed the situation graphically. "It doesn't matter who has the key because there are no locks," he stressed.
“What I discovered when I joined Twitter was a platform with enormous influence, but it was a decade behind on security standards,” he remarked. “Cybersecurity flaws make the company defenseless against exploitation, causing real harm to people,” he insisted. He put the accent on the affectation of minors.
Zatko stressed that executive incentives have led the company to prioritize profit over safety. In addition to the lack of protection, he also pointed out that employees have too much access to personal data and reiterated that Twitter leaders "ignore their engineers" precisely because they seek maximum benefits.
Unlike another famous internal source such as Frances Haugen in the Facebook case, the former head of security for the micromessaging firm has not provided documents to support his complaint.
However, his confession resonates far beyond the legislative citadel and extends all the way to the Delaware courthouse. In this court, in the near future, the company's lawsuit against Elon Musk will be settled, after the founder of Tesla backtracked on the agreement to pay 44,000 million dollars to do with the company.
Twitter filed the complaint, but a few days later it emerged that Zatko had tipped off the Federal Trade Commission and the Justice Department about the company's security rampage. The security problems, from the version of the former employee, transcended the complaint that Musk used to break the pact regarding the concealment of information about false accounts or bots.
His testimony has been accepted by the Delaware court as evidence, following Musk's request, although he refused to delay the start of the trial.
The richest man in the world seemed amused by the testimony before the legislators and tweeted an emoji of a container of popcorn, as if he were in the cinema, and implying that he takes into account what Zatko denounces in the face of the legal lawsuit.
In view of his tip-off, Musk sent a third letter to Twitter last Friday to ask again to agree to the completion of the agreement reached in April. The platform responded on Monday that this movement was "invalid and erroneous."
Musk will have to fight. Despite everything, the Twitter shareholders' meeting voted in favor of the offer of 44,000 million dollars that they signed with the entrepreneur of electric cars and space rockets.
Zatko detailed in the Senate that Twitter is dedicated to collecting information from its users, such as their phone numbers, the IP addresses of their computers (current and past), emails, where those users reside or, among others, with what type of devices connect to the network. "If they want to get hold of user data, they can and some do," he said.
However, this contrasted with his concern that there was “a foreign agent” on the company payroll, but the company was reluctant to identify that individual. On the contrary, an executive told him that this was not a problem, "let's let the board grow," he said, which he responded to.
"One of the most alarming things I've seen is the lack of internal ability to identify improper access to Twitter's own systems," he said of those foreign agents. He alluded to the government of India.
