Connect with us

News desk

Twitter ex-security chief tells US Congress of security concerns

Published

on

Peiter “Mudge” Zatko, former head of security at Twitter, says executives at the company ignored alarms he raised about the safety of user data
Share this:

Twitter whistleblower Peiter Zatko told the US Congress on Tuesday that the platform ignored his security concerns, as its shareholders decide whether to approve a $44 billion takeover deal that Elon Musk is trying to exit.

“I’m here today because Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors,” Zatko, a hacker widely known as “Mudge” who was Twitter’s former security chief, told the hearing.

He said that, during his time as head of security for the platform from late 2020 until his dismissal in January this year, he tried to alert management to grave vulnerabilities to hacking or data theft, to no avail.

“They don’t know what data they have, where it lives, or where it came from. And so, unsurprisingly, they can’t protect it,” Zatko said during his opening remarks to the Judiciary Committee.

“Employees then have to have too much access (…) it doesn’t matter who has the keys if you don’t have any locks on the doors.”

Zatko testified that he brought concrete evidence of problems to the executive team and “repeatedly sounded the alarm”.

“To put it bluntly, Twitter leadership ignored its engineers because key parts of leadership lacked competency to understand the scope of the problem,” he said.

“But more importantly, their executive incentives led them to prioritize profits over security.”

Twitter has dismissed 51-year-old Zatko’s complaint as being without merit.

But revelations of his whistleblower report in the US press in August were perfectly timed for Tesla chief Elon Musk, who has used it as part of his justification for abandoning his unsolicited $44 billion bid to buy Twitter.

In his report, Zatko directly refers to questions asked by Musk about bot accounts on Twitter, saying the company’s tools and teams for finding such accounts are insufficient.

Musk has listed bot accounts as among the reasons to justify his walking away from the deal. Twitter is suing to force him to complete the buyout, with a trial set to go ahead on October 17.

If the court focuses on the fact that the world’s richest man declined to do fact gathering typically associated with big-money mergers, Zatko’s allegations could wind up being moot.

“Once both parties step into court it’s a high risk/high reward scenario for both parties with the major X variable now being the Zatko whistleblower claims,” Wedbush analyst Dan Ives said in a note to investors.

“We continue to view the Zatko situation as a Pandora’s Box scenario for Twitter.”

If Twitter prevails at trial, the judge could order the Tesla chief to pay billions of dollars to the company, or even complete the purchase.

Twitter shareholders are expected to endorse the buyout deal in a special vote Tuesday.

Twitter CEO Parag Agrawal declined to testify at Tuesday’s hearing, citing the Musk litigation, Senator Chuck Grassley said.

Zatko insisted he had not made his revelations “out of spite or to harm Twitter.”

“Far from that, I continue to believe in the mission of the company,” he told Tuesday’s hearing.

Share this:

News desk

Apple wins 728-mn-euro cut to France antitrust fine

Published

on

By

Apple plans to appeal the ruling to quash the entire 1.1-billion-euro fine
Share this:

A French court on Thursday slashed more than 700 million euros from a record 1.1-billion-euro fine imposed on US tech giant Apple in 2020, sources close to the case told AFP.

France’s competition authority levied the fine — its biggest ever — after concluding that the firm squeezed independent sellers of Apple products as it tried to push buyers towards its own stores and preferred retailers.

But the Paris appeal court revised the decision and knocked 728 million from the fine, meaning Apple still faces having to pay 370 million euros.

Apple says the fine is unfair and told AFP the whole complaint should be quashed. 

“We consider that the decision should have been annulled in its entirety and plan to appeal to the French supreme court,” the firm told AFP in a statement. 

“The decision concerns practices that go back more than 10 years and that even the French competition authority has recognised as no longer being in force.”

The initial case was made up of three linked complaints — one was dismissed by the appeals court and two were upheld.

Sources close to the case, who did not want to be named because of the sensitivity of the issue, confirmed the amounts and the details of the decision.

The Paris appeals court told AFP the ruling would be made public on Friday.

Share this:
Continue Reading

News desk

Former Uber security chief convicted in hack cover-up: reports

Published

on

By

The prosecution of a former head of security at Uber for his handling of a massive hack has others in the industry worried about being held personally accountable for decisions made on the job.
Share this:

A jury on Wednesday found Uber’s former security chief guilty of federal crimes for covering up a massive hack that compromised personal information of users and drivers, according to US media reports.

Joseph Sullivan was found guilty of obstructing the work of the Federal Trade Commission and of failing to let authorities know about a crime when he hid a 2016 hack instead of reporting it, according to news outlets.

Sullivan could be sentenced to prison time.

Sullivan sought to pay off the hackers by funneling money through a “bug bounty” program that rewards developers for revealing security vulnerabilities without doing any harm, according to the criminal complaint.

Uber paid the hackers $100,000 in bitcoin cryptocurrency in December 2016, and Sullivan wanted them to sign non-disclosure agreements promising to keep mum about the affair, prosecutors said.

Sullivan was Uber chief security officer from April 2015 to November 2017.

The criminal complaint maintains that Sullivan deceived Uber’s new chief executive Dara Khosrowshahi, appointed in mid-2017 to replace Travis Kalanick, about the breach.

“Silicon Valley is not the Wild West,” US Attorney David Anderson for the Northern District of California said in a statement when the charges were filed.

“We will not tolerate corporate cover-ups. We will not tolerate illegal hush money payments.”

Two members of the Uber information security team who “led the response” that included not alerting users about the data breach were let go from the San Francisco-based company, according to Khosrowshahi.

The Uber chief said he had learned that outsiders broke into a cloud-based server used by the company for data and downloaded a significant amount of information.

Stolen files included names, email addresses and mobile phone numbers for millions of riders, and the names and driver license information of some 600,000 drivers, according to Uber.

Co-founder and ousted chief Kalanick was advised of the breach shortly after it was discovered, but it was not made public until Khosrowshahi learned of the incident, according to an AFP source.

Uber did not respond to a request for comment on the verdict.

Casey Ellis, founder and CTO at Bugcrowd, a San Francisco-based leader in crowd-sourced cybersecurity, said, “It’s a significant precedent that has already sent shockwaves through the CISO (chief information security officer) community.”

“It highlights the personal liability involved in being a CISO in a dynamic policy, legal, and attacker environment.”

Share this:
Continue Reading

News desk

Musk says Twitter has refused to suspend litigation on buyout

Published

on

By

Elon Musk asked a Delaware judge to halt Twitter's lawsuit against him over their troubled takeover negotiations
Share this:

Elon Musk asked a US judge Thursday to suspend Twitter’s lawsuit over their troubled takeover negotiations after the embattled social media company balked at the Tesla’s chief’s demand to freeze the litigation.

Musk’s request comes two days after he revived his takeover plan. The unpredictable billionaire’s July withdrawal from the $44-billion transaction prompted Twitter to sue Musk over breach of contract in a Delaware court. 

A trial is scheduled to start on October 17.

“There is no need for an expedited trial to order Defendants to do what they are already doing and this action is now moot,” said a filing prepared by Musk attorneys that alluded to his latest offer.

“Yet, Twitter will not take yes for an answer. Astonishingly they have insisted on proceeding with this litigation, recklessly putting the deal at risk and gambling with their stockholders interests.”

Musk on Tuesday sent a letter to Twitter reviving the $54.20-per-share offer under the condition that the Delaware court halt action in the lawsuit against him.

Twitter said Tuesday it expects to close the buyout deal at the $54.20 price in a statement that did not address Musk’s demands over freezing the litigation.

On Wednesday, Delaware Judge Kathaleen McCormick said she still planned to go ahead with the trial, noting that neither party had asked for a suspension.

Share this:
Continue Reading

Featured