Samuel Case, FISM News
Twitter’s former top security official is coming forward as a whistleblower, alleging the company’s executives frequently misled federal regulators about its security systems and lied to Elon Musk about the number of spam accounts on the site.
Peter “Mudge” Zatko is described by TIME Magazine as “a famous hacker and one of the nation’s top cybersecurity experts.” He led Twitter’s security team from November 2020 to January 2022, before being fired for documenting the company’s alleged security risks.
In July, Zatko issued a complaint to the Securities and Exchange Commission, the Department of Justice, and the Federal Trade Commission.
“For years, across many public statements and [SEC] filings, Twitter has made material misrepresentations and omissions … regarding security, privacy, and integrity,” Zatko’s disclosure reads as reported by CNN.
Zatko’s claims include that Twitter knowingly undercounts spam bots, has a “severe lack of security basics” that is “decades behind” its competitors, has misled both investors and federal regulators about its security, and allows foreign government agents to access its data, among other allegations, according to Time.
A Twitter spokesperson responded to Zatko’s allegations, saying in a statement to TIME.
Mr. Zatko was fired from his senior executive role at Twitter for poor performance and ineffective leadership over six months ago. While we haven’t had access to the specific allegations being referenced, what we’ve seen so far is a narrative about our privacy and data security practices that is riddled with inconsistencies and inaccuracies, and lacks important context.
“Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers, and its shareholders,” the spokesperson added.
This comes as Elon Musk is embroiled in legal battles over his $44 billion deal to purchase Twitter, which Musk walked away from, alleging the company did not provide adequate information concerning the number of fake and spam accounts on the site. Twitter sued Musk last month to force the completion of the deal.
Musk has subpoenaed former Twitter CEO Jack Dorsey – who has previously voiced his support for Musk’s buyout – over “the impact or effect of false or spam accounts on Twitter’s business and operations, Twitter’s use of mDAU (monetizable daily active users) as a Key Metric.”
Twitter estimates that bots make up less than 5% of active users. However, Musk believes that number may be anywhere between 20% and 90% of daily active users.
Zatko asserts Twitter has been “lying about bots to Elon Musk,” claiming the number of bots is much higher than the company has let on, although Zatko has been unable to determine how many spam bots there are.
“In early 2021, as a new executive, Mudge asked the head of Site Integrity (responsible for addressing platform manipulation including spam and botnets) what the underlying spam bot numbers were,” Zatko’s disclosure reads. “Their response was ‘we don’t really know.’”
Zatko says Twitter executives “have little or no personal incentive to accurately ‘detect’ or measure the prevalence of spam bots,” alleging executive bonuses are “tied” to increasing the number of mDAUs, even if that number includes bots.
“Senior management had no appetite to properly measure the prevalence of bot accounts … they were concerned that if accurate measurements ever became public, it would harm the image and valuation of the company.”
An attorney for Musk told the New York Post that his legal team has “issued a subpoena for Mr. Zatko.”
In addition, the Post reports “Musk will push for more access to internal Twitter data at a court hearing this week” following Zatko’s complaint, according to a source familiar with the matter.