Whistleblowers claim Twitter has “extraordinary flaws” that threaten national security

Twitter’s board is covering up its “extraordinary, egregious flaws” that pose a huge risk to national security and democracy, and executives have no idea how many bots are on the platform, a whistleblower has claimed.

“Ethical hacker” Peter “Madge” Zatko, the former head of security at the social media company, made an explosive disclosure to Congress and federal agencies last month.

He claimed that the tech giant was completely mismanaged with thousands of employees having access to central controls and the most sensitive information without proper controls. CNN reported.

Zatko, who reported directly to the CEO, said senior management was hiding the platform’s biggest vulnerabilities and even claimed one or more employees may be working for foreign intelligence services.

The whistleblower said bosses misled the board and regulators about security flaws that made it susceptible to hacking, manipulation and misinformation.

In claims that will bolster Elon Musk’s legal bid, Zatko also said Twitter executives don’t have the resources to know how many bots are on the site.

Mudge is pictured testifying before a Senate Government hearing on government computer security in 1998

Tesla’s CEO claimed the platform was being untruthful about the number of bots and fake accounts among its 238 million daily active users, and subsequently backed out of its $44 billion takeover deal.

Zatko, who previously worked at Google and the Department of Defense, also alleged that Twitter does not reliably delete user data after account termination, often because employees have lost track of it.

The statement described its overall findings as “gross deficiencies, negligence, willful disregard and threats to national security and democracy.”

His illustrious career began in the 1990s, when he simultaneously did classified work for a government contractor and was one of the leaders of the Cult of the Dead Cow, a hacking group infamous for releasing Windows hacking tools to push Microsoft to improve security.

He was appointed at Twitter to recommend changes in structure and practices to strengthen its security after a series of damaging compromises that left users including Barack Obama, Joe Biden and Elon Musk hacked.

At the time, he said he would study “information security, site integrity, physical security, platform integrity — which starts to touch on platform abuse and manipulation — and engineering.”

But he was fired in January for what the company said was poor performance, but what he said was retaliation.

The techie said he tried to point out the security gaps on the whiteboard before doing so publicly.

According to him, Zatko had a strained relationship with Twitter CEO Parag Agrawal, who took over from Jack Dorsey (pictured) in November

Zatko claimed Agrawal (pictured last month) and his staff kept dissuading him from giving the board a full report on security concerns

Twitter told CNN: “Mr. Zatko was fired from his senior executive position at Twitter for poor performance and ineffective leadership more than six months ago.

“While we have not had access to the specific allegations referred to, what we have seen so far is a narrative about our privacy and data security practices that is rife with inconsistencies and inaccuracies and devoid of important context.

‘Mr. Zatko’s allegations and the opportune timing seem designed to attract attention and harm Twitter, its customers and shareholders. Security and privacy have long been priorities across the Twitter business, and we have a lot of work ahead of us.”

According to him, Zatko had a strained relationship with Twitter CEO Parag Agrawal, who took over from Jack Dorsey in November.

He claimed that Agrawal and his staff kept dissuading him from giving the board a full report on the safety concerns, instead instructing him to give an oral report of his findings.

The whistleblower also said he was told to present fabricated data to give a false impression of progress, then went behind his back to scrub the consulting firm’s report and hide the extent of the problems.

Zatko claimed that Dorsey was more amenable to his guidance than Agrawal, but he became less involved in his final months at the tech giant.

The more than 200-page disclosure was sent to the Securities and Exchange Commission, the Federal Trade Commission, the Senate Intelligence Committee and the Justice Department last month.

A copy has now been seen by CNN after being passed on by a senior Democratic aide.

WHO IS THE HACKER, MUDGE?

In 1998, Mudge testified to a Senate committee about the serious vulnerabilities of the Internet at the time

Mudge is a famous hacker who told Congress nearly 20 years ago that he could hack the Internet in 30 minutes.

Peyter Zatko, known in the hacking world as Mudge, was the most prominent member of the pioneering Boston hacking group L0pht, as well as the long-standing computer hacking and culture cooperative Cult of the Dead Cow.

Most recently, he chaired the Department of Defense’s grant program for computer security projects.

During his time with L0pht, Mudge has made significant contributions to information and security vulnerability disclosure and education.

In 2010, Mudge accepted a position as a program manager at the Defense Advanced Research Projects Agency (DARPA), a government agency, where he oversaw cybersecurity research.

In 2013, Madge joined Google in their Advanced Technology & Projects department.

Born in December 1970, Mudge graduated top of his class from Berklee College of Music and is an accomplished guitar player.

Mudge was responsible for early research into a type of security vulnerability known as a buffer overflow.

Mudge was one of the first people from the hacking community to reach out and build relationships with government and industry. In demand as a public speaker, he has spoken at hacker conferences such as DEF CON and academic conferences such as USENIX.

He was one of seven L0pht members who testified before a Senate committee in 1998 about the serious vulnerabilities of the Internet at the time.

In 2000, after the first crippling Internet denial-of-service attacks, he was invited to meet with President Bill Clinton at a security summit along with cabinet members and industry executives.

In 2004, he became a research associate at government contractor BBN Technologies, where he originally worked in the 1990s, and also served on the technical advisory board of NFR Security.

In 2010, it was announced that he would lead a DARPA project focused on leading research in cybersecurity.

In 2013, he announced that he would be leaving DARPA to take a position at Google ATAP.

In 2015, Zatko announced on Twitter that he would join a project called #CyberUL, a computer security testing organization inspired by Underwriters Laboratories and sanctioned by the White House.