Twitter’s former head of security, Peiter “Mudge” Zatko gave damning testimony regarding Twitter’s alleged lack of cybersecurity measures to the Senate Judiciary Committee last Tuesday. Of course, it remains to be seen if lawmakers will do more than grumble about such inexcusable vulnerabilities.
Among the two hours of testimony, Zatko describes a disturbing unwillingness on the part of Twitter’s execs to secure the data of its 400 million users in a meaningful way.
After the embarrassing social engineering hack back in 2020 which led to the takeover of several high-profile accounts, Twitter hired Zatko to oversee security operations. He was brought on to control what he describes as a “ticking time bomb of security vulnerabilities” created by “10 years of overdue critical security issues, [without] making meaningful progress on them.”
The allegations made by Zatko would paint a comical picture if the implications weren’t so dire. Beyond the lax cybersecurity measures, we learn that Twitter possibly had a Chinese agent from the Ministry of State Security on the payroll. After notifying an executive about the possibility of foreign agents in the ranks, Zatko recounts that the executive responded with “Well, since we already have one, what does it matter if we have more?”
We also learn from the hearing that the cause of this debacle, in Zatko’s opinion, is Twitter’s utter lack of understanding in regard to the data it collects. “It doesn’t matter who has keys if you don’t have any locks on the doors,” he said.
In response to Zatko’s testimony, Twitter spokesperson Rebecca Hahn said that it “only confirms that Mr. Zatko’s allegations are riddled with inconsistencies and inaccuracies.”
Twitter’s response is interesting given the swathe of inquiries into Zatko’s background reported by Ronan Farrow in an article for the New Yorker. Purportedly, a number of research-and-advisory companies have approached former colleagues and individuals in the far reaches of Zatko’s professional sphere looking for information to discredit him.
The whistleblower testimony along with Twitter’s subsequent actions point to much more than simple ignorance of cybersecurity best practices. There appears to be a criminal disregard among Twitter’s execs for the data security of the platform’s users in favor of profit and the status quo. Those implicated should be held accountable beyond corporate fines that amount to little more than a scolding.
At least things are looking good for billionaire Musk’s attempt to renege on his agreement to acquire Twitter.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.
