Twitter’s former security chief was told by the US government earlier this year that there was at least one agent of China’s top intelligence agency, the Ministry of State Security (MSS), working as an employee at the company.
That was one of the revelations made by Peiter “Mudge” Zatko, a whistleblower who served as Twitter’s chief security officer for about 14 months before being fired earlier this year, during testimony before a Senate Judiciary Committee hearing. on September 13.
Ranking member Sen. Chuck Grassley (R-Iowa) asked Zatko: “In your disclosure, you mentioned that the FBI notified Twitter that one of their employees was suspected of being a Chinese foreign asset. Are you and others on Twitter surprised by this?”
Zatko replied that he was notified of this information about a week before he was fired.
“The corporate security physical security team was contacted and told that there was at least one agent of the MSS, which is one of China’s intelligence services, on the payroll within Twitter,” he said.
Zatko’s testimony expanded after a series of allegations of widespread security failures that could harm the platform’s users, shareholders and US national security were made in a complaint to federal regulators in July. Twitter has labeled Zatko’s claims a “false narrative.”
The whistleblower testified that when he raised his concerns about foreign agents on Twitter with an executive, they were fired.
“When I said, ‘I believe we have a foreign agent,’ [the executive’s] the answer was, ‘Well, since we already have one, what does it matter if we have more; let’s continue to grow the office,'” he recalled during the hearing.
Zatko said Twitter would be a “gold mine” for any foreign intelligence agency that was able to plant an operative inside.
“If you put someone on Twitter … as we know has happened, it would be very difficult for Twitter to find them. They’ll probably be able to stay there for a long period of time and gain important information to feed back either in targeting people or on information about Twitter decisions and discussions and … running the the company.”
Zatko is a respected former white hat hacker who previously worked for Google, payments firm Stripe and the US Department of Defense. He was hired in 2020 by then-Twitter CEO Jack Dorsey following a major hack that hijacked dozens of high-profile accounts to promote a bitcoin scam.
Chinese sales
Zatko’s complaint also alleges that Twitter was becoming dependent on sales to Chinese entities, even though the platform is blocked in China, raising the risk that such entities could then access the data of Chinese users who bypassed the firewall. of the censorship of the communist regime.
“Twitter executives knew that accepting Chinese money put users in China at risk,” the 84-page complaint said.
Over the years, the Chinese regime has arrested, harassed and imprisoned citizens for bypassing its firewall to use and post on Twitter.
“They didn’t know which people they were putting at risk. Or what information they were even giving the government, which concerned me that they hadn’t thought of the problem in the first place — that they were putting their users at risk,” Zatko said at the hearing.
He summarized the management’s response to his concerns as: “We are already in bed. It would be problematic if we lost that revenue stream. So find a way to make people comfortable with it.”
Leadership failures
Dismissing Zatko’s warnings and concerns from senior leadership became a common theme, according to the whistleblower.
Twitter’s leadership chose to ignore Zatko’s repeated warnings about “fundamental” cybersecurity problems and mislead its board, shareholders and the public about them because it was motivated to “prioritize profits over security,” Zatko said.
“What I discovered when I joined Twitter [in November 2020] was that this hugely influential company was over a decade behind industry security standards.
Twitter’s data security problems, according to Zatkos, stem from two fundamental issues: “They don’t know what data they have, where they live or where they came from. And surprisingly, they can’t defend it. And that leads to the second problem, which is that employees have to have a lot of access to a lot of data and a lot of systems.”
To illustrate the second point, Zatko said about half of Twitter employees have access to the Twitter account of Sen. Chuck Grassley (R-Iowa), the committee’s ranking member.
“The company’s cybersecurity failures leave it vulnerable to exploitation, causing real harm to real people,” Zatko said.
“When an influential media platform can be compromised by teenagers, thieves and spies, and the company constantly creates security problems of its own, that’s a big deal for all of us.”
Among his claims, Zatko said Twitter misled regulators about complying with a 2011 Federal Trade Commission order on the improper handling of user data.
Since then, Twitter has made “little meaningful progress on core security, integrity and privacy systems,” Zatko’s complaint said.
The testimony came as the San Francisco-based company is embroiled in a legal battle with tech billionaire Elon Musk after the Tesla CEO pulled out of a $44 billion deal to buy the social media platform due to a lack of transparency about the deal. with the number of bots and spam. accounts on the platform.
Twitter sued Musk for terminating the deal, while Musk countersued, accusing Twitter of fraud. The trial is set for next month in a court in Delaware.
The Epoch Times has reached out to Twitter for comment.
Follow
Cathy He is a New York-based reporter and editor focused on China-related topics in the US. She previously worked as a government lawyer in Australia. She joined Epoch Times in February 2018. Contact Cathy at [email protected].
