Twitter whistleblower Peiter “Mudge” Zatko on Tuesday alleged that the microblogging platform knowingly allowed India to add agents to the company’s roster potentially providing the country with access to sensitive data about users on the platform, while “at least one agent” from China’s intelligence service was employed by the company. In his testimony before the US Senate Committee, Zatko claimed that Twitter is putting the privacy of its users at risk, adding that the company’s leadership ignored its engineers, while their executive incentives led them to prioritise profit over security. Twitter responded to these claims saying its hiring process is “independent of any foreign influence” and access to data is managed through a host of measures.
As per a report by the Associated Press, in his testimony, Twitter’s former security chief Peiter Zatko said that the company knowingly allowed the Indian and Chinese governments to place its agents on the company’s payroll. According to Zatko, the agents may have accessed the company’s systems and user data. The Twitter whistleblower said that weak cyber defences made the social platform vulnerable to exploitation by “teenagers, thieves and spies”, risking users’ privacy.
Zatko, while appearing before the Senate Judiciary Committee alleged that the company ignored its engineers because their “executive incentives led them to prioritise profit over security.” Zatko said Twitter’s security systems are outdated and that it runs vulnerable software on more than half of its data centre servers.
He outlined Twitter’s negligence in dealing with governments that sought to place spies in the microblogging service. He added that Twitter’s inability to track how employees accessed user accounts made it difficult for the platform to detect the potential misuse of data access on the service.
According to the report, Zatko, who was the head of security for Twitter until he was fired early this year said he spoke with “high confidence” about a foreign agent that the government of India placed on Twitter to “understand the negotiations” between India’s ruling party and Twitter about new social media restrictions and how well those negotiations were going.
The whistleblower also revealed that he was told about a week before his firing that “at least one agent” from the Chinese Ministry of State Security (MSS) was “on the payroll” on Twitter.
Meanwhile, Zatko has accused his former employer of cybersecurity negligence saying it did not address “basic systemic failures” recommended by engineers. Zatko also accused Twitter CEO Parag Agrawal and other senior executives and board members of numerous violations, including making “false and misleading statements to users and the FTC about Twitter’s safety.
Twitter reportedly denied Zatko’s claims, calling his description of events “a false narrative … riddled with inconsistencies and inaccuracies” and lacking important context. In a statement to the Associated Press, the microblogging platform said its hiring process is “independent of any foreign influence” and access to data is managed through a host of measures, including background checks, access controls, and monitoring and detection systems and processes.