Twitter whistleblower raises security flows before US Congress

The former security chief at Twitter has told the United States Congress that the social media platform is plagued by weak cyber-defences that make it vulnerable to exploitation by “teenagers, thieves and spies” and put the privacy of its users at risk.

“I am here today because Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors,” Peiter “Mudge” Zatko, a respected cybersecurity expert, said before the Senate Judiciary Committee on Tuesday.

His testimony comes as US lawmakers attempt to crack down on disinformation campaigns that risk skewing elections and public health campaigns.

The 51-year-old first gained prominence in the 1990s as a pioneer in the ethical hacking movement and later worked in senior positions at an elite Department of Defense research unit and at Google. He joined Twitter in late 2020 at the urging of then-CEO Jack Dorsey.

He filed a whistleblower complaint in July with Congress, the US Department of Justice, the Federal Trade Commission (FTC) and the Securities and Exchange Commission.Among his most serious accusations is that Twitter violated the terms of a 2011 FTC settlement by falsely claiming that it had put stronger measures in place to protect the security and privacy of its users.US Senator Dick Durbin, an Illinois Democrat who heads the Judiciary Committee, said Zatko has detailed flaws “that may pose a direct threat to Twitter’s hundreds of millions of users as well as to American democracy”.

Many of Zatko’s claims are uncorroborated and appear to have little documentary support.Twitter has called Zatko’s description of events “a false narrative riddled with inconsistencies and inaccuracies” and lacking important context.

The Delaware judge overseeing the case ruled last week that Musk can include new evidence related to Zatko’s allegations in the high-stakes trial, which is set to start on October 17.