He is one of the world’s most famous hackers and leading cybersecurity experts.
Now Peiter “Mudge” Zatko has become a whistleblower and submitted a string of allegations of repeated security violations by his former employer: Twitter.
Mr Zatko, 51, was the company’s head of security from November 2020 to January 2022. He was allegedly fired by CEO Parag Agrawal after he flagged the issues and began cooperating in a formal investigation with Twitter’s compliance officer.
Now he has given his findings to US regulatory agencies, which in turn have been shared with members of the US Congress.
In the document, Mr Zatko makes a string of allegations against Twitter, accusing the company’s top executives of violations of the Federal Trade Commission Act and Securities and Exchange Commission regulations.
He claims that the company has not been honest about privacy issues and data security and has been subject to major breaches by foreign governments.
It comes just weeks before Elon Musk’s legal showdown with Twitter as he tries to extricate himself from a $44bn deal to buy the company.
The entrepreneur has alleged that Twitter has not been honest about the number of fake or bot accounts on the platform.
Mr Zatko says in his documentation that the company has been “lying about bots” to Mr Musk and that an accurate account of those accounts would negatively impact the bonuses paid to senior executives.
Mr Zatko’s allegations were sent to the US Securities and Exchange Commission, the Bureau of Consumer Protection at the Federal Trade Commission, and the civil and antitrust divisions of the Justice Department, according to CNN.
In a statement to The Independent, a Twitter spokesperson said that Mr Zatko had been fired by the company for “ineffective leadership and poor performance.”
“What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context,” the statement says.
“Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be. “
These are the most serious allegations made against Twitter.
Mr Zatko claims that Twitter’s security issues were a matter of national security and that they hired two people he believes were agents of India’s government.
He alleges that the employees had “direct unsupervised access” to the company’s internal information.
In the documents, he says that the US government told the company in 2022 that at least one of their employees was working for a foreign intelligence agency.
He also says that before he became CEO, Mr Agrawal had supported Twitter’s expansion in Russia, despite the censorship and surveillance in the country.
This is one of the main issues in Mr Musk’s decision to walk away from his $44bn deal to buy the platform.
Twitter has claimed that just five per cent of its accounts are fake or bots, something that Mr Musk has claimed is inaccurate.
Mr Zatko claims that Twitter has been “lying” to the Tesla CEO about bots and that the real number is far higher than they have acknowledged.
He claims that the number comes from a sampling of a subset of accounts, known as “monetizable daily active users,” or mDAUs.
Twitter uses this data to let advertisers know how many people are looking at their ads, and it is designed to exclude bots.
He claims that top executives’ bonuses are linked to mDAUs and the real number of bots becoming public would “hurt the image and valuation of the company”.
Mr Zatko alleges that the company is “decades” behind companies like Google and Facebook in security protocols, and that while he was at the company it suffered a major security breach every single week.
He claims that too many Twitter employees have unnecessary access to internal systems and the company is vulnerable to phishing schemes by hackers.
In 2020, a teenager posed as a member of the company’s IT team and got access to credentials that allowed him to hack into the accounts of Barack Obama and Joe Biden to scale more than $100,000 in Bitcoin from users.
He also says that during the January 6 riots, he tried to limit access for employees to internal systems but was told that too many employees had irrevocable access and it could not be done.
Mr Zatko claims that former CEO Jack Dorsey suffered a “drastic loss of focus” in 2021, was only sporadically in meetings and was rumored to remain silent for “days or weeks”.
Mr Dorsey has said he has practiced Vipassana meditation, an ancient Buddhist meditation technique that can involve 10 days of silence.
He says in the disclosure that while in the job he received “little to no actual support for his task of fundamentally changing the risky behaviors of over 8,000 employees and the entire corporate culture.”
He also claims he was asked to downplay the extent of Twitter’s issues to the company’s board.
Mr Zatko says that he had a difficult relationship with Mr Agrawal, who previously oversaw security at the company.
He alleges that at Mr Agrawal’s first board meeting as CEO in 2021, Mr Zatko was concerned that Mr Agrawal would downplay the company’s issues and wrote to him that his presentation contained “numerous and some significant, misrepresentations.”
The following month, Mr Zatko says he emailed Mr Agrawal and told him that his presentation documents to the Risk Committee had been “at worst fraudulent.”
Mr Agrawal wrote back to him to say that the company had launched an investigation into his claim, and asked him to write a report to support his allegation.
Mr Zatko says that he was fired less than two weeks later before he had a chance to file the report. The CEO publicly stated that the decision to remove him was based on “an assessment of how the organization was being led and the impact on top priority work.”
(Reuters) -Twitter Inc is combining teams that work on reducing toxic content and spam bots, according to a staff memo on Tuesday seen by Reuters, amid accusations from a former executive that the company failed to do either job well. The social media company will combine its health experience team, which works on reducing misinformation and harmful content, with the Twitter service team, which is responsible for reviewing profiles that users report and taking down spam accounts. The new group will be called "Health Products and Services (HPS)," according to the email to employees.
Dorsey attended meetings "sporadically" and was "extremely disengaged" when he did, a complaint filed by whistleblower Peiter Zatko says.
Lori McClintock, the wife of U.S. Rep. Tom McClintock, died last year after ingesting white mulberry leaf, a plant that is generally considered safe.
Trump-tapped Immigration and Customs Enforcement officials are the latest federal aides found to have deleted official government data.
The disclosure seems to support Elon Musk's claims about Twitter bots
The federal government is canceling $10 billion in student loan debt for public service workers as President Biden weighs wider forgiveness.
More than 600,000 unauthorized immigrants who arrived in the U.S. as children are able work and live in the U.S. without fear of deportation under the Obama-era DACA policy.
Americans age 12 and older could begin getting omicron-specific COVID-19 boosters soon after Labor Day, according to a new report.
Louisiana SNAP benefits are administered by the Louisiana Department of Children and Family Services, which provides food-purchasing assistance for low-income households. Benefits are distributed once…
Micanopy is one of 10 communities to receive a part of the more than $22 million distributed through the Community Development Block Grant program.
The U.S. Internal Revenue Service is reviewing safety and security measures in response to an "abundance" of threats and misinformation on social media about the agency and its employees, IRS Commissioner Charles Rettig said in a staff memo released on Tuesday. Rettig said the steps include new risk assessments, monitoring perimeter security at facilities, designating restricted areas and reassessing exterior lighting and entrance security. The actions follow "an abundance of misinformation and false social media postings, some of them with threats directed at the IRS and its employees," he said.
Officials in the Trump White House tried to pressure U.S. health experts into reauthorizing a discredited COVID-19 treatment, according to a congressional investigation that provides new evidence of that administration’s efforts to override Food and Drug Administration decisions early in the pandemic. The report Wednesday by the Democratic-led House Select Subcommittee on the Coronavirus Crisis also sheds new light on the role that television personalities played in bringing hydroxychloroquine to the attention of top White House officials. Investigators highlighted an email from Fox News’ Laura Ingraham and others from Dr. Mehmet Oz, the celebrity heart surgeon who had a daytime TV show and is now the Republican Senate nominee in Pennsylvania.
A baby formula manufacturer in Sturgis that made headlines in 2022 is planning to expand.
Top Trump administration officials pressured the Food and Drug Administration (FDA) to reauthorize the discredited COVID-19 treatment hydroxychloroquine, and to speed up the release of the first COVID-19 vaccines, according to a new report Democrats on the House select coronavirus subcommittee released Wednesday. Emails, text messages and testimony obtained by the committee show the Trump…
It’s been said that admitting you have a problem is the first step to recovery.
Elon Musk has been trying everything to weasel out of his $44 billion deal to buy Twitter. Though he still faces long odds of getting out of the binding merger agreement, a new whistleblower report from Twitter’s former security chief could help bolster Musk’s arguments in court.
A whistleblower's claims that Twitter Inc. had lax security practices have added enough complexity to the social-media company's Elon Musk takeover saga that an analyst is caving on his once-bullish stance.
A public health alert has been issued for Perdue's frozen ready-to-eat chicken breast tenders labeled "gluten-free" over concerns of small pieces of plastic and blue dye, the U.S. Department of Agriculture announced Tuesday.
The Internal Revenue Service said it is conducting a comprehensive review of its security systems amid recent threats against IRS employees. "This includes conducting risk assessments based on data-driven decisions given the current environment and monitoring perimeter security, designations of restricted areas, exterior lighting, security around entrances to our facilities and other various protections," IRS Commissioner Charles Rettig wrote to employees and obtained by ABC News.
The uptick in approved claims comes after criticism from several Kentucky politicians and increased scrutiny on the federal agency.
He is one of the world’s most famous hackers and leading cybersecurity experts.