Twitter 'chose to mislead' on security flaws: Whistleblower

Peiter Zatko, who was Twitter's top security official before he was fired in January, testified that the FBI had notified the company during his tenure that "there was at least one agent" of China's Ministry of State Security "on the payroll inside Twitter"

By David McCabe and Kate Conger

Published: Sep 14, 2022

Peiter “Mudge” Zatko, former head of security at Twitter, leaves after testifying before the Senate Judiciary Committee on data security at Twitter, on Capitol Hill, September 13, 2022 in Washington, DC. Zatko claims that Twitter's widespread security failures pose a security risk to user's privacy and information and could potentially endanger national security. Image: Kevin Dietsch/Getty Images via AFP

WASHINGTON — Twitter’s former top security official told lawmakers at a hearing Tuesday that executives had so heavily prioritized the company’s business that they disregarded concerns about foreign governments infiltrating its operations and misled regulators about its privacy practices.

Peiter Zatko, who was Twitter’s top security official before he was fired in January, testified that the FBI had notified the company during his tenure that “there was at least one agent” of China’s Ministry of State Security “on the payroll inside Twitter.” In another conversation about a possible foreign agent inside Twitter, Zatko recounted, an executive said that because “we already have one, what does it matter if we have more.”

Members of the Senate Judiciary Committee, which convened the hearing, expressed concerns about Zatko’s accusations, which he first made in a whistleblower complaint that became public last month. Sen. Chuck Grassley of Iowa, the top Republican on the committee, said he did not see how Twitter’s CEO, Parag Agrawal, could keep his job if the allegations were true.

Zatko’s testimony added to the turmoil engulfing Twitter as the social media service faces questions about its survival. The company, which is based in San Francisco, has been embroiled in a battle with Elon Musk, Tesla’s CEO, who agreed to buy Twitter for $44 billion in April before trying to back out of the deal. The company has insisted the purchase go forward and has sued Musk, with a trial over the case set for next month.

Twitter’s shareholders voted Tuesday to approve the deal with Musk, even as it remains uncertain whether the acquisition will be completed.

Twitter denied Zatko’s accusations, saying in a statement, “Today’s hearing only confirms that Mr. Zatko’s allegations are riddled with inconsistencies and inaccuracies.”

Musk’s lawyers have seized on Zatko’s statements to back their argument that Twitter misled the billionaire about the volume of spam accounts on the service.

Also read: Musk subpoenas Twitter's former head of security-turned-whistleblower in buyout battle

Zatko, who reached a $7 million settlement with the company after he left, described Twitter executives as unconcerned about possible holes in security.

Prosecutors charged two former Twitter employees in 2019 with acting as agents of the government of Saudi Arabia, saying they had used their positions to gain access to information about critics of the Saudi government. A California jury convicted one of them on some of the charges last month; the other man left the country before authorities could arrest him.