New Delhi: In his testimony to the US Senate, whistleblower Peiter ‘Mudge’ Zatko on Tuesday disclosed that the person he believed with high confidence was a ‘foreign agent’ of India was placed in Twitter to see if the company was willing to concede to the BJP government’s demands for censorship and better understand its plans.
In a damning testimony, Twitter’s former security chief said that the company ignored its engineers because their “executive incentives led them to prioritise profit over security.” Zatko said Twitter’s security systems are outdated and that it runs vulnerable software on more than half of its data centre servers. He said that the platform was breached by foreign intelligence agencies multiple times.
In an explosive complaint filed by last month, Zatko alleged that the Indian government forced Twitter to hire an individual who was a “government agent” and likely had access to sensitive user data as part of their job.
“The Indian government forced Twitter to hire specific individual(s) who were government agents, who (because of Twitter’s basic architectural flaws) would have access to vast amounts of Twitter sensitive data,” the complaint said. “By knowingly permitting an Indian government agent direct unsupervised access to the company’s systems and user data, Twitter executives violated the company’s commitments to its users”.
He expounded on these allegations before the Senate Judiciary Committee on Tuesday, revealing that Twitter was forced to hire two government agents by India. Zatko told the Senate that he believed the Indian agent tried to glean Twitter’s legal strategy as the company tried to resist the government’s order to ban several accounts, including those of dissenters, opposition party members and protesters.
Responding to questions on the information that foreign governments could access through ‘agents’, Zatko said that Twitter did not have the ability to internally identify people who were inappropriately accessing data. Only an outside agency alerting Twitter could’ve let the company know that an ‘agent existed’, Zatko said. “They simply lacked the fundamental abilities to hunt for foreign intelligence agencies and expel them on their own,” he said.
Zatko, popularly known as Mudge, said that when he approached an executive about the person he believed was an Indian agent working at the company, the executive told him “since there was already one suspected foreign agent at the company, what did it matter if there are more?”
He added that the Indian ‘agent’ was not an engineer.
Zatko said, “The company’s cybersecurity failures make it vulnerable to exploitation, causing real harm to real people.” He outlined two major problems that Twitter had: that the company does not know what data it actually has; and that employees have access to too much data.
“I am here today because Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors,” Zatko said in his opening remarks.
He said he was risking his career and reputation to warn the US government about Twitter’s poor security practices.
According to the news agency Associated Press, many of Zatko’s claims are “uncorroborated and appear to have little documentary support”. Twitter has denied Zatko’s claims, calling his description of events “a false narrative … riddled with inconsistencies and inaccuracies” and lacking important context.
His allegations that Twitter was doing little to tackle the problem of bots could have a domino effect on billionaire Elon Musk’s attempt to back out of his $44 billion deal to buy the company. Musk and Twitter are locked in a legal battle after the latter sued the Tesla owner in a bid to force him to complete the deal.
Zatko, 51, first gained prominence in the 1990s as a pioneer in the ethical hacking movement and later worked in senior positions at an elite Defense Department research unit and at Google. He joined Twitter in late 2020 and was fired earlier this year.