Twitter whistleblower Peiter “Mudge” Zatko portrayed the social-media giant as a cesspool of cybersecurity and privacy risks in dramatic congressional testimony on Tuesday — and even claimed the site had at least one undercover Chinese agent on its payroll.
Zatko, a famed hacker who worked as Twitter’s head of security between November 2020 and early this year, was called to testify after he filed a dramatic whistleblower complaint in August alleging that the site poses a risk to national security. Twitter has accused him of making misleading claims.
The whistleblower claimed in his Tuesday testimony that thousands of Twitter employees — potentially including spies — have access to sensitive user data including private messages, current locations, home addresses and phone numbers.
He said that Twitter did not know the alleged Chinese agent was on its payroll until the company was contacted by the FBI.
“I had been told, because the corporate security, physical security team had been contacted and told there was at least one agent of the [Ministry of State Security], which is one of China’s intelligence services, on the payroll inside Twitter,” Zatko said.
If you are not placing foreign agents inside Twitter… you’re most likely not doing your job,” Zatko said of spying at Twitter. AFP
He also reiterated previous claims that Twitter employed at least one Indian agent — and testified that Twitter was woefully ill-equipped to deal with an array of security challenges because top executives failed to heed his concerns.
“While it was disturbing to hear [about spying at Twitter], I and many others, recognizing the state of the environment at Twitter, were really thinking, if you are not placing foreign agents inside Twitter — because it’s very difficult to detect them, it is very valuable to a foreign agent to be inside there, as a foreign intelligence company – you’re most likely not doing your job,” added Zatko.
Zatko worked as Twitter’s security chief for a little more than a year until January 2022, when Twitter has said he was fired for “poor performance and ineffective leadership.”
A Twitter spokesperson said in a statement to The Post: “Today’s hearing only confirms that Mr. Zatko’s allegations are riddled with inconsistencies and inaccuracies.”
The spokesperson added that the company’s hiring process is free of foreign influence and said that user data is protected through security measures including background checks, access controls and monitoring systems.
During his testimony, Zatko also recalled a conversation with an unnamed Twitter executive, who he claimed shrugged off concerns about the risks of spies compromising the company.
“I’m reminded of one conversation with an executive when I said, ‘I am confident that we have a foreign agent,’ and their response was, ‘Well, since we already have one, what does it matter if we have more? Let’s keep growing the office,” Zatko said.
Zatko made the comments during a two-and-a-half hour hearing with the Senate Judiciary Committee that concluded just 30 minutes before Twitter shareholders formally approved a $44 billion buyout offer from Elon Musk that the mogul is now seeking to withdraw.
Twitter shares were up more than 0.5% at $41.70 early Tuesday afternoon.
During the hearing politicians from both political parties blasted Twitter for its alleged indifference to privacy and security problems.
The top Republican on the Committee, Sen. Chuck Grassley of Iowa, called on Twitter CEO Parag Agrawal to resign if Zatko’s claims prove to be true.
“If these allegations are true, I don’t see how Mr. Agrawal can maintain his position at Twitter,” Grassley fumed.
Grassley also blasted Agrawal for rejecting a call to testify in front of the committee. Agrawal rejected the request because it would “jeopardize” the company’s ongoing legal battle against Elon Musk over his takeover bid, Grassley said.
Nearly an hour into the hearing, Musk appeared entertained as he tweeted a popcorn emoji.
Twitter whistleblower Peiter “Mudge” Zatko accused Twitter of tolerating foreign spies. AFP
Musk last week got permission from a Delaware judge to use Zatko’s claims in his legal battle to get out of the deal. He also sent a letter to Twitter on Friday arguing that he should be allowed to ditch the deal, citing Zatko’s revelations.
Yet Musk’s primary argument against Twitter involves the company allegedly misleading investors about the number of spam bots — a topic that received no coverage on Tuesday.
Neither Zatko nor any lawmaker said the words “bot” or “spam” during the hearing.
Instead, they focused on privacy and security concerns.
Zatko arrives to testify before the US Senate Judiciary Committee on Capitol Hill in Washington, DC on Sept. 13, 2022. AFP
Senate Judiciary Chairman Dick Durbin (D-Ill.) likewise blasted Twitter for what he said were lax data protection policies that put users at risk.
“At Twitter, the door to that vault is wide open,” Durbin said. “And that vault contains a lot more information about you than you can imagine.”
“Twitter’s CEO is more concerned with increasing influence and profits from foreign countries than protecting user data from foreign spies or hackers,” Mike Lee (R-Utah) said.