Note: This was originally published as the daily newsletter for the Columbia Journalism Review, where I am the chief digital writer
On Tuesday, the Washington Post and CNN simultaneously published stories alleging that Parag Agrawal, the CEO of Twitter, and other senior executives deliberately misled federal regulators about how secure the company’s operations were, and also that these executives gave foreign agents access to the Twitter data of individual users. The allegations came from Peiter Zatko, the former head of security at Twitter, in a lengthy document that was shared with both the Post and CNN. The document was also sent to several members of Congress, the Federal Trade Commission, the Securities and Exchange Commission, the Justice Department, and the Senate Intelligence Committee. The Post says the complaint “depicts Twitter as a chaotic and rudderless company beset by infighting, unable to properly protect its 238 million daily users, including government agencies, heads of state, and other influential public figures.”
Rebecca Hahn, a Twitter spokesperson, told the Post that Zatko was fired after 15 months, for “poor performance and leadership,” and that his allegations were “riddled with inaccuracies.” She added that Twitter has tightened up its security processes since 2020, and that it also has rules about who can access company systems and data. Hahn said that Twitter removes more than a million spam accounts every day, and that the company “fully stands by” its SEC filings. According to the Post‘s report, “a person familiar with Zatko’s tenure said the company investigated Zatko’s security claims during his time there and concluded they were sensationalistic and without merit.” Zatko is being represented by Whistleblower Aid, the same nonprofit legal organization that represented Frances Haugen, the former Facebook staffer turned whistleblower. In an interview with the Post, Zatko said he “felt ethically bound” to blow the whistle on Twitter because of the potential security implications of the company’s behavior.
According to CNN’s report, Zatko, 51, is a well-respected hacker and security expert who “led an influential cybersecurity grantmaking program at the Pentagon, worked at a Google division for developing cutting-edge technology, helped build the cybersecurity team at fintech firm Stripe, and advised US lawmakers and officials on how to plug security holes in the internet” before he joined Twitter. The Post says that by the time he was 30, Zatko had “written one of the most powerful tools for cracking passwords, testified to Congress under his hacker handle about the susceptibility of the internet to drastic hacks, and co-founded one of the first hacking consultancies backed by venture capital.” Jack Dorsey, the co-founder and former CEO of Twitter, hired Zatko in late 2020 after a hacker gained access to the Twitter accounts of famous users such as Barack Obama.
Continue reading “Whistleblower’s allegations could mean trouble for Twitter”