Twitter is exceptionally vulnerable to exploitation by foreign governments in ways that threaten US national security, and may even have foreign spies currently active on its payroll, according to Peiter “Mudge” Zatko, the whistleblower at the centre of a massive public disclosure effort reported Tuesday by CNN and The Washington Post.
A combination of weak cybersecurity controls and poor judgment has repeatedly exposed Twitter to numerous foreign intelligence risks, according to Zatko, who was Twitter’s head of security from November 2020 until he was fired in January.
From taking money from untrusted Chinese sources to proposing the company give into Russian censorship and surveillance demands, Twitter execs including now-CEO Parag Agrawal have knowingly put Twitter users and employees at risk in the pursuit of short-term growth, Zatko alleges.
CNN sought comment from Twitter on more than 50 distinct questions in response to the overall disclosure, along with specific questions on the allegations outlined in this story.
Twitter did not respond to CNN’s questions on foreign intelligence risks, but a company spokesperson has said Zatko’s allegations overall are “riddled with inconsistencies and inaccuracies, and lacks important context.”
The national security allegations are part of an explosive, nearly 200-page disclosure to Congress, the Justice Department and federal regulators that accuses Twitter’s leadership of covering up critical company vulnerabilities and defrauding the public.
Zatko, a longtime cybersecurity expert who has held senior roles at Google, Stripe and the Defense Department, submitted his disclosure to authorities last month after what he described as months of trying unsuccessfully to sound the alarm inside Twitter about the dangers it faced.
While the disclosure to Congress is edited to omit sensitive details pertaining to the national security claims, a more comprehensive version with supporting documents has been delivered to the Senate Intelligence Committee and to DOJ’s national security division, according to the disclosure.
Among its accusations, the whistleblower disclosure claims the US government provided specific evidence to Twitter shortly before Zatko’s firing that at least one of its employees, perhaps more, were working for another government’s intelligence service.
The disclosure does not say whether Twitter acted on the US government tip or whether the tip was credible.
The whistleblower disclosure could further inflame bipartisan concerns in Washington about foreign adversaries and the cybersecurity threat they pose to Americans.
In recent years, policymakers have worried about authoritarian governments siphoning US citizens’ data from hacked or pliable companies; leveraging tech platforms to subtly influence or sow disinformation among US voters; or exploiting unauthorized access to gather intel on human rights critics and other perceived threats to non-democratic regimes.
Twitter’s alleged flaws could potentially open the door to all three possibilities.
In response to the disclosure, the Senate Intelligence Committee’s top Republican, Marco Rubio, vowed to look further into the allegations.
“Twitter has a long track record of making really bad decisions on everything from censorship to security practices. That’s a huge concern given the company’s ability to influence the national discourse and global events,” Rubio said.
“We’re treating the complaint with the seriousness it deserves and looks forward to learning more.”
In the months before Russia invaded Ukraine, Agrawal — then Twitter’s chief technology officer — seemed prepared to make significant concessions to the Kremlin, according to Zatko’s disclosure.
Agrawal proposed to Zatko that Twitter comply with Russian demands that could result in broad-based censorship or surveillance, Zatko alleges, recalling an interaction he had with Agrawal at the time.
The disclosure does not provide details about exactly what Agrawal suggested. But last summer Russia passed a law pressuring tech platforms to open local offices in the country or face potential advertising bans, a move western security experts have said could give Russia greater leverage over US tech companies.
Written by Adekunle Biodun
Got a Question?
Find us on Socials or Contact us and we’ll get back to you as soon as possible.