Twitter Ex-Security Chief Tells US Congress of Security Concerns

Twitter whistleblower Peiter Zatko told the US Congress on Tuesday that the platform ignored his security concerns, as its shareholders decide whether to approve a $44 billion takeover deal that Elon Musk is trying to exit.

“I’m here today because Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors,” Zatko, a hacker widely known as “Mudge” who was Twitter’s former security chief, told the hearing.

He said that, during his time as head of security for the platform from late 2020 until his dismissal in January this year, he tried to alert management to grave vulnerabilities to hacking or data theft, to no avail.

“They don’t know what data they have, where it lives, or where it came from. And so, unsurprisingly, they can’t protect it,” Zatko said during his opening remarks to the Judiciary Committee.

“Employees then have to have too much access (…) it doesn’t matter who has the keys if you don’t have any locks on the doors.”

Zatko testified that he brought concrete evidence of problems to the executive team and “repeatedly sounded the alarm”.

“To put it bluntly, Twitter leadership ignored its engineers because key parts of leadership lacked competency to understand the scope of the problem,” he said.

“But more importantly, their executive incentives led them to prioritize profits over security.”

Twitter has dismissed 51-year-old Zatko’s complaint as being without merit.

But revelations of his whistleblower report in the US press in August were perfectly timed for Tesla chief Elon Musk, who has used it as part of his justification for abandoning his unsolicited $44 billion bid to buy Twitter.

In his report, Zatko directly refers to questions asked by Musk about bot accounts on Twitter, saying the company’s tools and teams for finding such accounts are insufficient.

Musk has listed bot accounts as among the reasons to justify his walking away from the deal. Twitter is suing to force him to complete the buyout, with a trial set to go ahead on October 17.

If the court focuses on the fact that the world’s richest man declined to do fact gathering typically associated with big-money mergers, Zatko’s allegations could wind up being moot.

“Once both parties step into court it’s a high risk/high reward scenario for both parties with the major X variable now being the Zatko whistleblower claims,” Wedbush analyst Dan Ives said in a note to investors.

“We continue to view the Zatko situation as a Pandora’s Box scenario for Twitter.”

If Twitter prevails at trial, the judge could order the Tesla chief to pay billions of dollars to the company, or even complete the purchase.

Twitter shareholders are expected to endorse the buyout deal in a special vote Tuesday. Twitter CEO Parag Agrawal declined to testify at Tuesday’s hearing, citing the Musk litigation, Senator Chuck Grassley said.

Zatko insisted he had not made his revelations “out of spite or to harm Twitter.” “Far from that, I continue to believe in the mission of the company,” he told Tuesday’s hearing.

Related: Can Elon Musk Spur Cybersecurity Innovation at Twitter?

Related: Twitter Says it Removes 1 Million Spam Accounts a Day

Related: Twitter to Pay $150M Penalty Over Privacy of Users’ Data