Twitter is facing major developments at a time. This is after the company’s former head of security said that he will testify against Twitter in front of the Senate committee next month. The schedule is the same day as the company’s final decision on whether or not to grant business mogul Elon Musk his takeover deal.
Last month, Zatko sent 200 pages worth of documents, including supporting exhibits, to several government agencies. The whistleblower also furnished copies of the document to the US Securities and Exchange Commission, the Department of Justice, and the Federal Trade Commission.
The hearing was pushed because many officials became concerned regarding the content of the disclosure forwarded by the whistleblower. According to Senators Dick Durbin and Chuck Grassley, “Mr. Zatko’s allegations of widespread security failures and foreign state actor interference at Twitter raise serious concerns. If these claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world.”
The Senate’s Intelligence Committee expressed the seriousness of the disclosure passed by Zatko. The meeting set by the lawmakers is a move to discuss the allegations, said Rachel Cohen, the committee spokesperson. Meanwhile, the senate subcommittee on consumer protection called on the FTC to investigate the matter and impose corresponding fines or sanctions should Twitter be found guilty of the charges.
Twitter’s answer to the allegations
While government agencies agreed to conduct the hearing for apparent probable cause, Twitter was quick to react and condemned the activities undertaken by Zatko.
In a statement released by a Twitter spokesperson, the company said, “Mr. Zatko was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance. What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context. Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”
Who is the whistleblower
Zatco is not new to revealing cybersecurity issues to the public. In fact, he took part in a congressional hearing on cybersecurity last 1998, where he appeared on national TV.
“All my life, I’ve been about finding places where I can go and make a difference. I’ve done that through the security field. That’s my main lever,” Zatko said in an interview.
Before working for Twitter, Zatko held senior positions in several tech companies like Strip and Google. He was also with the US Department of Defense. So when Twitter was hacked back in 2022, where it compromised the accounts of several key people, such as former President Barack Obama and Elon Musk, among others, Zatko decided to take on the role of a whistleblower.
He was then hired by Twitter, where he allegedly began to see some loopholes in the security measures of Twitter. According to the whistleblower, Twitter had a very poor security practice, which enabled over fifty percent of the company’s employees to access the application’s controls. Zatko said in his findings that the company’s system has “egregious deficiencies, negligence, willful ignorance, and threats to national security and democracy.”
“It was impossible to protect the production environment. All engineers had access. There was no logging of who went into the environment or what they did…. Nobody knew where data lived or whether it was critical, and all engineers had some form of critical access to the production environment,” Zatko added in his disclosure.
Former FTC chairperson, Jon Leibowitz, said, “And if there’s a violation here — and that’s a big if — then I think the FTC should very seriously consider not just fining the corporation but also putting the executives responsible under order.”