Friday, 29 Nov 2024

Twitter’s whistleblower has pitched up at a very inconvenient moment | John Naughton

Twitter’s whistleblower has pitched up at a very inconvenient moment | John Naughton


Twitter’s whistleblower has pitched up at a very inconvenient moment | John Naughton
1.0 k views

But what's this? He has a nickname - "Mudge". (Cue audio of pennies dropping.) The mainstream media calls him a "hacker", which is their usual way of undermining a gifted software expert. Which this Mudge certainly is. In fact, in that line of business, he has blue-chip status. He was the highest-profile member of a famous hacker thinktank, the L0pht (pronounced "loft") and a member of the well-known cooperative Cult of the Dead Cow. In that sense, he was a pioneer of "hacktivism" who has spent much of his life trying to educate the world on cybersecurity and has a long list of discovered vulnerabilities to his credit.

During the Clinton administration, he was apparently sometimes involved in national security council briefings of the president. In 2010, he was recruited by Darpa, the Pentagon's tech thinktank, where he oversaw cybersecurity research funded by the agency. After that, he worked at Google in its advanced technology and projects division and then for Stripe, a leading payment processing company. In 2020, he was hired by Twitter's founder, Jack Dorsey, as the company's head of security. It is said that the incoming Biden administration tried to hire Zatko as the country's cybersecurity chief, but he decided to go to Twitter.

In July, he filed a complaint with the US Securities and Exchange Commission accusing Twitter of violating its 2011 agreement with the Federal Trade Commission (FTC) to maintain safe security practices. Somehow, the Washington Post got its hands on a copy and has made it available on the web. It's 84 pages long, and heavily censored, but it makes for riveting reading.

It's basically a devastating critique of Twitter's management and security practices. In 2011, the FTC found that it was trivially easy for its employees to gain total access to all of its systems and that this poor security had been exploited by hackers, including those who had sent tweets from then President Obama's account. Ten years on, Zatko says that thousands of employees still have wide-ranging and poorly tracked internal access to core company systems. He also claims that half of the company's servers are running out-of-date and vulnerable software and that senior executives had withheld from the board of directors information about the number of security breaches and lack of protection of user data.

All this is doubtless music to the ears of Elon Musk's lawyers as they struggle to find a way for their client to escape from his expensively misguided bid to buy Twitter. His excuse for changing his mind on the purchase is that he was misled by Twitter's executives about the prevalence of spam bots on the platform and Zatko's submission to the SEC seems to support that proposition, though doubtless the Delaware court hearing the arguments on both sides may conclude that one shouldn't make $44bn takeover bids without doing your own due diligence.

Whatever happens in Delaware, Zatko's submission is likely to be a big headache for whoever winds up owning Twitter. Violating an FTC settlement is rarely a good career move. In 2011, for example, Facebook also had a brush with the commission after the Cambridge Analytica scandal. The company signed a consent decree promising to make the necessary reforms. It didn't and in 2019 it was back before the commission for failing to comply and was fined $5bn. So wouldn't it be entertaining if Elon Musk were eventually obliged to shell out the promised $44bn for Twitter and then find himself up before the FTC to receive a $5bn fine for the previous owners' non-compliance.

Picture thisThe Approaching Tsunami of Addictive AI-created Content Will Overwhelm Us is a sobering Substack post by Charles Arthur on the upsides and downsides of text-to-graphics engines such as Dall-E.

Eye in the skyHow Capitalism - Not a Few Bad Actors - Destroyed the Internet is a perceptive essay by Matthew Crain in the Boston Review about the rise of surveillance capitalism.

Loose changeHalf a Billion in Bitcoin, Lost in the Dump is a terrific account in the New Yorker of how a cache of bitcoins wound up in landfill.

you may also like

Mom's message in a bottle found by her own daughter 26 years later
  • by foxnews
  • descember 09, 2016
Mom's message in a bottle found by her own daughter 26 years later

A fourth grader went on a school trip when someone found a message in a bottle containing a letter that was written by her mom 26 years ago. The message was tossed into the Great Lakes.

read more