The revelation could create serious legal and financial trouble for the social networking platform, which is currently trying to force Tesla CEO Elon Musk to complete his $44 billion bid to buy the company. Peiter Zatko, Twitter’s chief security officer until he was fired earlier this year, filed complaints last month with the US Securities and Exchange Commission, the Federal Trade Commission and the Justice Department. The legal nonprofit Whistleblower Aid, which works with Zatko, confirmed the authenticity of a redacted copy of the complaint published online by the Washington Post. Among Zatko’s most serious charges is that Twitter violated the terms of a 2011 FTC settlement by falsely claiming it had strong security measures in place to protect the safety and privacy of its users. Zatko also accuses the company of fraud involving the handling of “spam” or fake accounts, a charge that is at the heart of Musk’s bid to withdraw from the Twitter acquisition. Shares of Twitter Inc. they fell 5.4 percent on Tuesday. Zatko did not immediately respond to a request for comment Tuesday. But he told the Post he “felt morally obligated” to come forward. Better known by his hacker handle “Mudge,” Zatko is a well-respected cybersecurity expert who first rose to prominence in the 1990s and later served in senior positions at the Pentagon’s Defense Advanced Research Projects Agency. and on Google. He joined Twitter at the urging of then-CEO Jack Dorsey in late 2020, the same year the company suffered an embarrassing security breach involving hackers breaking into the Twitter accounts of world leaders, celebrities and tech moguls, including Musk, in an attempt they cheated their followers out of bitcoin. Twitter said in a prepared statement Tuesday that Zatko was fired for “ineffective leadership and poor performance” and said “the allegations and opportunistic timing appear designed to attract attention and damage Twitter, its customers and its shareholders”. The company called his complaint a “false narrative” that is “filled with inconsistencies and inaccuracies and lacks meaningful context.” Zatko’s lawyers, Debra Katz and Alexis Ronickher, said Twitter’s claim of poor performance is false and that he has repeatedly raised concerns about “grossly inadequate information security systems” with top executives and Twitter’s board of directors. Lawyers said that in late 2021, after the board was given “whitewashed” information about those security problems, Zatko escalated his concerns, “clashed” with CEO Parag Agrawal and board member Omid Kordestani and he was fired two weeks later. The 84-page complaint describes a broken corporate culture at Twitter that lacked effective leadership and where Zatko said top executives practiced “willful ignorance” of pressing problems. His description of Dorsey’s leadership style is particularly scathing, saying the Twitter founder was “extremely disengaged” during his final months as CEO to the point where he wouldn’t even speak during meetings about complex issues facing the company. company. Zatko said he heard from colleagues that Dorsey would remain silent for “days or weeks.” Dorsey announced that he is stepping down as CEO of Twitter in November 2021. NEW: First time CEO of Twitter Sending this message to staff this morning. pic.twitter.com/WY4TCqbA5q —@donie The disclosure says Twitter did not offer monetary incentives to improve the platform’s security and integrity, although the company offered $10 million in bonuses last year for top executives who could generate short-term user growth. Among Zatko’s damning allegations of cyber malpractice: Software and security updates were disabled on more than a third of employees’ computers — unnecessarily exposing them to malware — and it was common for people to install “whatever software they wanted in their work systems”. Such loopholes are commonly considered cardinal sins in cyber security. Whistleblower Aid said it was legally barred from releasing Zatko’s statement. The same group worked with former Facebook employee Frances Haugen, who testified to Congress last year after leaking internal documents and accused the social media giant of choosing profit over security. A spokeswoman for the US Senate Intelligence Committee, Rachel Cohen, said the committee had received Zatko’s complaint and “is in the process of setting up a meeting to discuss the allegations in more detail. We take this matter seriously.” Sen. Dick Durbin, D-Illinois, said in a prepared statement that if the allegations are accurate, they “may point to dangerous data privacy and security risks for Twitter users around the world.” Among the most troubling allegations is Zatko’s claim that Twitter knowingly allowed the Indian government to place its agents on the company’s payroll where they had “direct, unsupervised access to the company’s systems and user data.”

“Highly sensitive data”

An FTC complaint in 2011 noted that Twitter’s systems were filled with highly sensitive data that could allow a hostile government to find precise location data on specific users and target them for violence or arrest. Earlier this month, a former Twitter employee was found guilty at trial in California of passing on sensitive Twitter user data to members of the royal family in Saudi Arabia in exchange for bribes. The complaint said that Twitter also depended heavily on funding from Chinese entities and that there were concerns at Twitter that the company was providing information to those entities that would allow them to learn the identity and sensitive information of Chinese users secretly using the platform. Twitter. officially banned in China. Zatko also describes Twitter executives’ “willful ignorance” of counting the millions of accounts that are automated “spam bots,” or otherwise worthless to advertisers because there’s no human behind them. Alex Spiro, Musk’s legal representative, told CBC News that Musk’s team has issued a subpoena for Zatko, saying, “We found his departure and that of other key employees surprising in light of what we’ve found.”