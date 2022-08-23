The hacker's revelations could get Twitter in trouble in the takeover dispute with Elon Musk and cost a lot of money. The former security chief of Twitter, Peiter "Mudge" Zatko, accuses the short message service of "extreme, monstrous deficits" in protection against hacker attacks. According to the Washington Post, this is the result of a complaint that Zatko is said to have filed with the US Securities and Exchange Commission. In it, he portrayed Twitter as a chaotic and leaderless company beset by internal strife and unable to protect its 238 million daily users. In a statement, Twitter accused Zatko of wanting to harm the company.

Peiter Zatko accuses Twitter of serious security problems. Image By Reuters/Creative Commons

After several well-known Twitter accounts were hacked in July 2020, the company hired hacker Zatko, known as Mudge, as Head of Security in November 2020. This should also be able to implement unusual measures.

But in January 2022, Zatko was fired by new Twitter boss Parag Agrawal. According to The Verge, Zatko sees the sacking as revenge for his refusal to hide Twitter's security issues.

In its article, the Washington Post publishes an 84-page abridged and partially redacted version of the complaint, which is intended for the US Congress. In it, Zatko accuses Agrawal of lying in the discussion with Tesla boss Elon Musk about the proportion of bots among Twitter users. Contrary to what Agrawal claims, there is no incentive for Twitter managers to accurately identify spam accounts and report them to the platform. Musk had suspended the planned Twitter takeover in May 2022 because he initially wanted to wait for calculations that less than five percent of all Twitter accounts are actually used for sending spam messages.

FTC Agreement Violated?

The most serious allegations in Zatko's complaint are that Twitter is said to have failed to fulfill agreements with the US trade authority FTC from 2011. Accordingly, the short message service should establish a software development process in order to avoid serious errors in the code as far as possible. Zatko claims to have found that this process was only used in every tenth project, and then only as an option. However, employees have told the board of directors and the FTC that the implementation of the program in the Twitter systems is making progress.

In addition, Zatko claims to have warned his colleagues that half of the servers are running outdated and vulnerable software. In addition, executives withheld startling facts about the number of security breaches and the lack of protection of user data. Thousands of employees also continue to have extensive and poorly documented access to the central company software, which has led to embarrassing hacks in recent years. According to the report, violating the FTC agreement could result in a fine of hundreds of millions of dollars.

In an interview with the Washington Post, Zatko said he hopes he can improve the company from the outside by bringing new scrutiny and accountability. "I still think this is a great platform, with great value and great risk, and looking back, I hope the world has become a better place, partly because of that."

Twitter itself rejected the allegations in a statement. "Mr. Zatko was fired from his senior role at Twitter more than six months ago due to poor performance and ineffective leadership. While we have not had access to the specific allegations referred to, what we have seen so far is a representation of our Privacy and data security practices riddled with inconsistencies and inaccuracies, and missing important coherence." Zatko's allegations and his opportunistic timing seemed designed to attract attention and harm Twitter, its customers, and its shareholders."Security and privacy have long been company-wide priorities at Twitter, and we still have a lot of work to do," it said.