Informant says Twitter misled US regulators about hackers and spam

August 23 (Reuters) – Twitter Inc. (TWTR.N) The social media company’s former security chief, Peter Zatko, said in a whistleblower complaint that it misled federal regulators about its defenses against hackers and spam accounts.

In an 84-page complaint, Zatko, a hacker widely known as “Mudge,” claimed Twitter erroneously claimed to have a robust security plan, according to documents relayed by congressional investigators. Twitter shares fell 7.3% to close at $39.86.

The document claims that Twitter prioritized user growth over reducing spam, with executives entitled to win individual bonuses of up to $10 million linked to increases in daily users, and nothing explicit to cut spam.

Twitter described the complaint as a “false narrative”. Social media company Elon Musk is battling in court after the world’s richest person tried to pull out of a $44 billion deal to buy Twitter. Musk said he failed to provide details about the prevalence of bot accounts and spam.

Tesla Corporation (TSLA.O) CEO Musk has offered to buy Twitter for $54.20 a share, saying he believes it can be a global platform for free speech.

Twitter and Musk sued each other, with Twitter asking a Delaware Chancery District Judge to order Musk to close the deal. A trial is scheduled for October 17.

Zatko filed the complaint last month with the US Securities and Exchange Commission and the Department of Justice, as well as the Federal Trade Commission (FTC). The complaint has also been sent to congressional committees.

“We are reviewing the revised claims that have been posted, but what we have seen so far is a misrepresentation full of contradictions and inaccuracies,” Twitter CEO Parag Agrawal told Staff in a note.

Chuck Grassley, the top Republican on the Senate Judiciary Committee, said the complaint raises serious national security and privacy concerns and needs investigation.

“Take a technology platform that collects massive amounts of user data, combine it with what appears to be an incredibly weak security infrastructure, and combine it with foreign state actors with an agenda, and you get a recipe for disaster,” he said. .

The Federal Trade Commission declined to comment. A spokesman for the Senate Intelligence Committee said it had received the complaint and was organizing a meeting to discuss the allegation.

Howard Fisher, a partner at Moses & Singer and a former attorney with the Securities and Exchange Commission, said the real regulatory risk on Twitter lies in whether documentary evidence shows “reckless knowledge or misinformation” to investors or regulators.

‘Give a little whistle’

Musk could not be reached for comment, but he responded on Twitter with memes and emojis of a bot. CNN reported that Musk’s legal team summoned Zatko, after announcing the disclosure of irregularities.

American hackers have admired Zatko since the 1990s, when he was credited with inventing a password-cracking tool. He later used his hacking techniques to become a sought-after security consultant and with other rebel technologists of the era, he moved to senior government positions and boards of directors.

The whistleblower document says that after the January 6 riots, the new Biden administration offered him “a position that had been appointed on the first day as head of information security in the United States,” which he declined.

Cybersecurity leaders have expressed widespread support for Zatko, and many have deplored Twitter’s reaction to his revelations.

Robert Lee, founder of industrial cybersecurity firm Dragos, said this was “one of the very rare times that based on who I am, I don’t even need to know the details to form an opinion,” he said on Twitter. “If Mudge is making this kind of claim, it’s worth investigating.”

In January, Twitter said Zatko was no longer head of security, two years after he was appointed to the position.

On Tuesday, a Twitter spokesperson said Zatko was fired for “ineffective leadership and poor performance,” adding that his allegations appeared aimed at attracting attention and harming Twitter, its customers and shareholders.

Debra Katz and Alexis Ronecker, Zatko’s attorneys, said in a statement that throughout his tenure at Twitter, he repeatedly raised concerns about inadequate information security systems to the company’s executive committee, CEO and board of directors. Twitter did not respond to a request for comment on this statement.

(This story corrects the closing price and removes the excess percentage symbol in the second paragraph)

Additional reporting by Shafi Mehta, Ankur Banerjee and Tayashi Datta in Bengaluru, Peter Henderson in Auckland and Raphael Satter in Washington; Additional reporting by Rick Cowan in Washington. Written by Ankur Banerjee; Editing by Kenneth Lee, Sumyadb Chakrabarti, Sriraj Kalovila and David Gregorio

Our criteria: Thomson Reuters Trust Principles.