Foreign spies on the payroll? So what? Twitter executives shrugged. The platform’s former IT Security chief turned whistleblower sang like a canary in Congress Tuesday morning. Peiter Zatko didn’t have any plane to his fishing hole to catch, so testified for a full two hours. He could have talked for another two about all his concerns.
Twitter extremely vulnerable
The way Peiter Zatko describes Twitter security is like a nubile and naive young woman, in a barely there bikini. “Extremely vulnerable to being penetrated and exploited by agents of foreign governments.”
The thing that blew his mind was when he walked into the C-Suite and “raised concerns with an executive that he was confident a foreign operative was on the payroll at a foreign office.” The reply he got would astound anyone. “Well, since we already have one, what is the problem if we have more? Let’s keep growing the office.” If he feels that way about cockroaches, don’t ever accept a dinner invitation at his house.
Twitter, Zatko testified, “was not afraid of the U.S. Federal Trade Commission as much as it feared actions by foreign regulators.” The suits were scared of CNIL in France. That watchdog has teeth. American regulators “impose only one-time fines or penalties in response to any legal violations by the company.”
That’s not even a mosquito bite. “Those fines were ‘priced in’ to its business.” In France and similar nations, they hit you with fines every month until the infraction is cured.
Zatko touched on “some of the personal information Twitter collects.” Nobody was surprised that they track “phone numbers and emails, IP addresses and the locations from which users access the platform.”
The scary part is that they hold on to certain subsets of their data and there isn’t a single person who can “fully understand all of the user data it collects, why it is collected and where it is stored.” They horde data like bag ladies collect string.
Hijack a senator’s account
If one of those foreign spies, or anyone else in the company disgruntled enough, wanted to hijack the platform account of Joe Biden or any of the Senator’s in the room, they could do it without anyone trying to stop them.
“It’s not far fetched to say a Twitter employee could take over the accounts of all of the senators in this room.” He hasn’t seen it yet but he wouldn’t be surprised if accounts have been compromised already and nobody noticed.
“I have seen numerous situations where Twitter engineers had to patch a problem and I said, ‘what was the problem?‘ and they said, ‘oh, engineers could tweet as anybody, the data was exposed in this part…‘” Zatko explained to congress.
— Elon Musk (@elonmusk) September 13, 2022
“It was always reactionary in finding these wounds left and right and putting bandaids on them because the systemic underlying problems were not addressed.”
Because any Twitter engineer with the company “could then access and inject, or put forward, information as any of the senators sitting here today. I am concerned” that it may have happened previously.”
Lindsay Graham had to ask him an Elon Musk related question. Would you buy Twitter, given what you know, if you had the money?” Chuckling, Zatko responded, I guess that depended on the price.” Right about then, Elon tweeted a popcorn emoji.