Peiter "Mudge" Zatko, the Twitter whistleblower and former security exec there who surfaced three weeks ago to tell the world that all is not well within Twitter's security systems — curiously amidst Elon Musk's legal battle over his aborted takeover bid — had his day testifying before Congress on Tuesday.
There was nothing absolutely revelatory about Zatko's testimony today before the Senate Judiciary Committee, at least in terms of his claims — which he already made three weeks ago — that he felt the company remained overly vulnerable to foreign operatives and bad actors infiltrating its backend. As CNN reports, Zatko claimed in testimony to have tried to alert a Twitter executive that he was fairly certain a foreign operative was now a Twitter employee at a foreign office — but the executive brushed it off, allegedly saying, "Well, since we already have one, what is the problem if we have more? Let's keep growing the office."
We already know that in recent years the FBI was on to two men, one of them a foreign national and one of them a U.S. citizen, who were doing the bidding of the Saudi government from within Twitter — and the U.S. citizen was convicted last month. But that case went back to 2014 and 2015, and Zatko's employment at Twitter only began last year, so the parade of foreign operatives infiltrating Twitter may be ongoing.
Zatko previously claimed in media interviews that Twitter executives don't understand where user data on the platform — which includes IP addresses and the locations from which users tweet — goes when it gets deleted, or if it gets deleted at all.
And, per CNN, Zatko testified today that Twitter collects and retains all kinds of data that it doesn't properly keep track of — and that executives don't seem to have a clue what data exists, where it is, or how it's stored.
Zatko also made a remark that was surely designed to alarm the senators in the chamber, saying, "It's not far fetched to say a Twitter employee could take over the accounts of all of the senators in this room."
It should be obvious by now that anything Senator Josh Hawley is super concerned about is not necessarily anything we should all be concerned about, as he is an opportunist Republican who did this and did this on January 6th. But it was Hawley today who called Zatko's testimony "really significant." Hawley said he was most concerned with Twitter's alleged placating of the Russian and Chinese governments in their data requests.
Twitter responded to Zatko's testimony saying, "Today’s hearing only confirms that Mr. Zatko’s allegations are riddled with inconsistencies and inaccuracies." A company spokesperson further told CNN that "internal company data is managed through measures such as background checks, access controls and monitoring systems" and that all hiring is done independent of any foreign influence.
Meanwhile, Ronan Farrow published a piece in the New Yorker today alleging that "secret clients" have hired some sort of investigative firm to dig up dirt on Zatko via paid interviews with former colleagues of his. This consultant is apparently seeking information on Zatko's "personality professionally and socially,” his “strengths and weaknesses,” "motives for his whistle-blower complaint and any similar past complaints," his "need for attention," a source told Farrow.
Twitter denied having any role in contracting with these consultants, and the firms say that such research is just being done to guide stock trades for the clients.
Zatko issued a statement to the New Yorker saying, "My family and I are disturbed by what appears to be a campaign to approach our friends and former colleagues under apparently false pretenses with offers of money in exchange for information about us. These tactics should be beneath whoever is behind them."
Meanwhile, Twitter's shareholders voted Tuesday to approve Elon Musk's takeover bid valued at $44 billion, even though he is either trying to back out of it or trying to drive the price down via the Delaware Chancery Court, where the case is being heard by a judge on October 17.
And even though it could damage his case to be doing so, Elon Musk couldn't help himself today.
Anyone know who the secret clients are? Let’s out them on Twitter rn haha. https://t.co/g8D1mQZLRv
— Naughtius Maximus (@elonmusk) September 13, 2022
My tweets are being suppressed!
— Naughtius Maximus (@elonmusk) September 13, 2022
Previously: Twitter’s Ex Head of Security Blows Whistle On ‘Egregious’ Security Flaws, Possible Spies on Company Payroll
Top image: Peiter “Mudge” Zatko, former head of security at Twitter, testifies before the Senate Judiciary Committee on data security at Twitter, on Capitol Hill, September 13, 2022 in Washington, DC. Zatko claims that Twitter's widespread security failures pose a security risk to user's privacy and information and could potentially endanger national security. (Photo by Kevin Dietsch/Getty Images)