Twitter has much bigger problems than bots, according to its former head of security, who just dropped a bomb in claims to the federal government that the site’s security is so lax it’s a risk to national security, and the company allegedly has foreign intelligence agents on the payroll…
That former head of security submitted disclosures to those agencies, as well as Congress, detailing what CNN calls “reckless and negligent cybersecurity policies,” including that thousands of Twitter employees have access to central controls with no oversight, that executives have been knowingly lying to investors and regulators for years, and that that company likely has foreign spies on the payroll. (The story was simultaneously given to the Washington Post.)Joe Kukura, “Twitter’s Ex Head of Security Blows Whistle On ‘Egregious’ Security Flaws, Possible Spies on Company Payroll” at SFist (August 23, 2022)
#BREAK A former Twitter executive, its head of security, has turned whistleblower.
He alleges grave security problems at the company that he says are a risk to national security and democracy.
— Donie O’Sullivan (@donie) August 23, 2022
Readers may recall that Musk’s original reason for backing out of the deal was the sheer number of bots (= non-human non-customers) on the platform. That claim will be heard in a Delaware court in October.
As part of a wide-ranging, nearly 200-page disclosure sent last month to US lawmakers and regulators, which was exclusively reported by CNN and the Washington Post Tuesday, Zatko alleges that Twitter (TWTR) has neither the incentive nor the resources to properly measure the full scope of bots on its platform. He also alleges that Twitter (TWTR) suffers from a range of other security vulnerabilities that it has for years failed to fix. (Twitter (TWTR) has broadly defended itself and criticized Zatko’s allegations as “riddled with inconsistencies and inaccuracies.”) …
“For years, across many public statements and [SEC] filings, Twitter has made material misrepresentations and omissions … regarding security, privacy and integrity,” Zatko’s disclosure states. “Twitter’s misrepresentations are especially impactful, given that they are directly at issue in Elon Musk’s contemplated takeover of the company.”Clare Duffy, “What the Twitter whistleblower could mean for Elon Musk’s takeover deal” at CNN Business (August 23, 2022)
So who is Zatko?
Zatko, better known as “Mudge,” is a prominent ethical hacker-turned-cybersecurity executive whose career also included stops at Google and the Department of Defense. He was hired as Twitter’s security lead following a major hack at the company in 2020 and fired in January of this year, a move he claims came after he tried to blow the whistle internally about security deficiencies and alleged possible fraud by the company’s senior leaders.Clare Duffy, “What the Twitter whistleblower could mean for Elon Musk’s takeover deal” at CNN Business (August 23, 2022)
The story has become so complex. Much of the tech world was strongly opposed to Musk’s acquisition of Twitter — because he proposed to eliminate the progressive censorship for which the social medium has become known — but many hoped that the courts would force him to buy it at the original price anyway. A typical viewpoint:
Whatever excuses Musk can come up with, he signed an agreement to buy the company at a given price and waived any due diligence. Twitter could have thousands of bodies buried underneath its headquarters in San Francisco and that still wouldn’t change the fact that Musk decided to only have substantive questions after he signed on the dotted line. He said he’d buy Twitter, as-is and without refunds.Matt Novak, “Twitter Obliterates Elon Musk’s Excuses for Trying to Kill $44 Billion Deal in Blistering Court Filing” at Gizmodo (
Well, maybe it’s not so simple any more. The court may choose to take into account the question of whether due diligence would turn up these revelations apart from the unforeseeable sudden appearance of a whistleblower…
And Musk? He’s playing Inscrutable for now:
The Tesla boss tweeted a photo of the Disney character Jiminy Cricket making a whistling gesture. “Give a little whistle,” reads the cartoon.Ariel Zilber, “Elon Musk posts cryptic Disney tweet after ex-hacker blows whistle on Twitter” at New York Post (August 24, 2022)
So spam prevalence *was* shared with the board, but the board chose not disclose that to the public … pic.twitter.com/lXk48TFZL1
— Elon Musk (@elonmusk) August 23, 2022
Musk’s legal team has noticed this development and has, of course, subpoena’d Zatko to appear at the trial. His testimony may tell us a good deal about our social media overlords that they had been able to keep private in the past.
Broadly, the situation speaks to how much many people have come to depend on systems governed, it turns out, by no one in particular — if not bots and hostile powers. Stay tuned.
Update: “Sen. Dick Durbin (D-Ill.), chair of the Senate Judiciary Committee, said in a statement that he is looking into Zatko’s allegations.” Twitter claims it’s a “false narrative.” – Epoch Times, August 26, 2022)
You may also wish to read: Twitter vs. Musk: The many different ways the story could end. Twitter, which didn’t really want Musk, is now suing to make him its boss. They all hate each other. Can this work? The Big Tech world is a strange place. A hall of mirrors where lifeless bots may be hidden influencers — and advertisers’ cash may suddenly go up in flames.