Twitter whistleblower Peiter “Mudge” Zatko delivered devastating testimony to the Senate on Tuesday alleging dire cybersecurity issues at the social media company.
Zatko, a highly respected hacker and legendary figure in the cybersecurity community, relayed his concerns to Congress and numerous federal agencies after being fired as head of security for Twitter in January.
In his official whistleblower complaint, Zatko accused Twitter of not only posing a danger to its users but to national security and democracy as well.
While answering questions from lawmakers on the Senate Judiciary Committee during his testimony on Tuesday, Zatko made numerous shocking allegations and argued that the company seemed “unwilling to put the effort in” to root out a suspected foreign agent on its payroll.
After Zatko shared his concerns about the suspected foreign agent with a Twitter executive, the whistleblower says he was told: “Well, since we already have one, what is the problem if we have more? Let’s keep growing the office.”
“It was extremely difficult to track the people, there was a lack of logging and ability to see what they were doing and what information was being accessed … let alone to set steps for remediation,” Zatko told lawmakers. “They lacked the fundamental ability to hunt for foreign agents and expel them on their own.”
In response, Sen. Chuck Grassley (R-Iowa) revealed publicly for the first time that the FBI had previously warned Twitter that it had hired “at least one Chinese agent.”
“We’ve learned that personal data from Twitter users was potentially exposed to foreign intelligence agencies,” Grassley said. “For example, his [Zatko’s] disclosures indicate that India was able to place at least two suspected foreign assets within Twitter. His disclosures also note that the FBI notified Twitter of at least one Chinese agent in the company.”
Zatko also warned that too many employees had access to sensitive data, arguing that it’s “not far fetched to say an employee inside the company could take over the accounts of all the senators in this room.”
Even worse, Zatko alleged that Twitter was unable to remove data from accounts that users had deleted because it didn’t even know where such data was stored.
Twitter has yet to respond to the newest allegations by Zatko, but previously painted the whistleblower as a disgruntled ex-employee who was fired for poor leadership and performance.
During his testimony, Zatko denied the characterization and said his decision “to take on the personal and professional risk to myself and to my family of becoming a whistleblower” was rooted in Twitter’s potential risk to national security.
“I did not make my whistleblower disclosures out of spite or to harm Twitter; far from that,” Zatko said. “I continue to believe in the mission of the company and root for its success. But that success can only happen if the privacy and security of Twitter’s users and the public are protected.”