Twitter misled users and federal regulators about glaring weaknesses in its ability to protect personal data, the platform’s former security chief claimed in whistleblower testimony likely to impact the company’s bitter legal battle over Elon Musk’s takeover bid.
In a complaint filed with the US Securities and Exchange Commission and published in part Tuesday by The Washington Post and CNN, Peiter Zatko also accused Twitter of significantly underestimating the number of automated bots on the platform — a key element in Musk’s argument for withdrawing his $44 billion buyout deal.
CNN quotes the disclosure by Zatko as accusing Twitter of “negligence, willful ignorance, and threats to national security and democracy.”
Zatko, who Twitter says it fired earlier this year for poor performance, warns of obsolete servers, software vulnerable to computer attacks and executives seeking to hide the number of hacking attempts, both to US authorities and to the company’s board of directors.
The hacker-turned-executive, who goes by the nickname “Mudge,” also claims that Twitter prioritizes growing its user base over fighting spam and bots, according to the reports.
In particular, according to The Washington Post, he accuses the platform’s boss Parag Agrawal of “lying” in a tweet in May.
In the tweet, Agrawal says Twitter is “strongly incentivized to detect and remove as much spam as we possibly can.”
Twitter has dismissed the allegations.
A company spokesperson told AFP Tuesday that Zatko was fired in January this year for “ineffective leadership and poor performance.”
“What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context,” the spokesperson said in a statement.
The “opportunistic timing” of the allegations appears “designed to capture attention and inflict harm on Twitter, its customers and its shareholders,” the statement continued.
“Security and privacy have long been company-wide priorities at Twitter and will continue to be.”
– Subpoena by Musk –
The issue of fake accounts is at the heart of the legal battle between Twitter and Tesla chief Musk.
The billionaire has repeatedly accused the company of minimizing the number of fake accounts and spam on its platform.
Musk is relying on the argument to justify abandoning his plan to buy Twitter for $44 billion and avoid paying severance.
CNN said Zatko had not been in contact with Musk, and that he had begun the whistleblower process before there was any sign of the billionaire’s involvement in Twitter.
“We have already issued a subpoena for Mr. Zatko, and we found his exit and that of other key employees curious in light of what we have been finding,” Musk’s lawyer Alex Spiro told AFP on Tuesday.
The Washington Post and CNN both reported that the US Senate Intelligence Committee wants to meet with Zatko to discuss his accusations.
Zatko was hired in late 2020 by the founder and former boss of Twitter, Jack Dorsey, after a massive hack which saw the accounts of major users including Joe Biden, Barack Obama, reality star Kim Kardashian and Musk himself compromised.
Apple wins 728-mn-euro cut to France antitrust fine
A French court on Thursday slashed more than 700 million euros from a record 1.1-billion-euro fine imposed on US tech giant Apple in 2020, sources close to the case told AFP.
France’s competition authority levied the fine — its biggest ever — after concluding that the firm squeezed independent sellers of Apple products as it tried to push buyers towards its own stores and preferred retailers.
But the Paris appeal court revised the decision and knocked 728 million from the fine, meaning Apple still faces having to pay 370 million euros.
Apple says the fine is unfair and told AFP the whole complaint should be quashed.
“We consider that the decision should have been annulled in its entirety and plan to appeal to the French supreme court,” the firm told AFP in a statement.
“The decision concerns practices that go back more than 10 years and that even the French competition authority has recognised as no longer being in force.”
The initial case was made up of three linked complaints — one was dismissed by the appeals court and two were upheld.
Sources close to the case, who did not want to be named because of the sensitivity of the issue, confirmed the amounts and the details of the decision.
The Paris appeals court told AFP the ruling would be made public on Friday.
Former Uber security chief convicted in hack cover-up: reports
A jury on Wednesday found Uber’s former security chief guilty of federal crimes for covering up a massive hack that compromised personal information of users and drivers, according to US media reports.
Joseph Sullivan was found guilty of obstructing the work of the Federal Trade Commission and of failing to let authorities know about a crime when he hid a 2016 hack instead of reporting it, according to news outlets.
Sullivan could be sentenced to prison time.
Sullivan sought to pay off the hackers by funneling money through a “bug bounty” program that rewards developers for revealing security vulnerabilities without doing any harm, according to the criminal complaint.
Uber paid the hackers $100,000 in bitcoin cryptocurrency in December 2016, and Sullivan wanted them to sign non-disclosure agreements promising to keep mum about the affair, prosecutors said.
Sullivan was Uber chief security officer from April 2015 to November 2017.
The criminal complaint maintains that Sullivan deceived Uber’s new chief executive Dara Khosrowshahi, appointed in mid-2017 to replace Travis Kalanick, about the breach.
“Silicon Valley is not the Wild West,” US Attorney David Anderson for the Northern District of California said in a statement when the charges were filed.
“We will not tolerate corporate cover-ups. We will not tolerate illegal hush money payments.”
Two members of the Uber information security team who “led the response” that included not alerting users about the data breach were let go from the San Francisco-based company, according to Khosrowshahi.
The Uber chief said he had learned that outsiders broke into a cloud-based server used by the company for data and downloaded a significant amount of information.
Stolen files included names, email addresses and mobile phone numbers for millions of riders, and the names and driver license information of some 600,000 drivers, according to Uber.
Co-founder and ousted chief Kalanick was advised of the breach shortly after it was discovered, but it was not made public until Khosrowshahi learned of the incident, according to an AFP source.
Uber did not respond to a request for comment on the verdict.
Casey Ellis, founder and CTO at Bugcrowd, a San Francisco-based leader in crowd-sourced cybersecurity, said, “It’s a significant precedent that has already sent shockwaves through the CISO (chief information security officer) community.”
“It highlights the personal liability involved in being a CISO in a dynamic policy, legal, and attacker environment.”
Musk says Twitter has refused to suspend litigation on buyout
Elon Musk asked a US judge Thursday to suspend Twitter’s lawsuit over their troubled takeover negotiations after the embattled social media company balked at the Tesla’s chief’s demand to freeze the litigation.
Musk’s request comes two days after he revived his takeover plan. The unpredictable billionaire’s July withdrawal from the $44-billion transaction prompted Twitter to sue Musk over breach of contract in a Delaware court.
A trial is scheduled to start on October 17.
“There is no need for an expedited trial to order Defendants to do what they are already doing and this action is now moot,” said a filing prepared by Musk attorneys that alluded to his latest offer.
“Yet, Twitter will not take yes for an answer. Astonishingly they have insisted on proceeding with this litigation, recklessly putting the deal at risk and gambling with their stockholders interests.”
Musk on Tuesday sent a letter to Twitter reviving the $54.20-per-share offer under the condition that the Delaware court halt action in the lawsuit against him.
Twitter said Tuesday it expects to close the buyout deal at the $54.20 price in a statement that did not address Musk’s demands over freezing the litigation.
On Wednesday, Delaware Judge Kathaleen McCormick said she still planned to go ahead with the trial, noting that neither party had asked for a suspension.
Business4 months ago
Shanghai eases Covid curbs in step towards ending lockdown
Business4 months ago
Shanghai euphoria tempered by deep wound to China’s economy
Business1 month ago
From research foundation to the award-winning WeaveSphere tech conference
Business4 months ago
Shanghai lockdown sees quarter of US firms cut investment plans: poll
Business2 months ago
IBM and Evoke announce 2022 WeaveSphere tech conference