A whistleblower testified in Congress that ``There are Chinese operatives in Twitter's security team'' and ``Management emphasizes profit over safety''
Former Twitter security officer and
Meeting | Hearings | United States Senate Committee on the Judiciary
https://www.judiciary.senate.gov/meetings/data-security-at-risk-testimony-from-a-twitter-whistleblower
Twitter whistleblower: Security holes cause 'real harm to real people' - The Washington Post
https://www.washingtonpost.com/technology/2022/09/13/twitter-whistleblower-peiter-zatko-testifies/
Twitter whistleblower Peiter 'Mudge' Zatko testifies to Congress : NPR
https://www.npr.org/2022/09/13/1122671582/twitter-whistleblower-mudge-senate-hearing
Public hearing
Mr. Zatko answering a question
◆ About operatives
According to Mr. Zatko's testimony, Twitter was very vulnerable to abuse by foreign intelligence agencies, it was difficult to eradicate abuse, and he had no intention of eradicating it as a company. In addition, at least one of the security teams was an operative from China's National Public Security and Security Department, and it seems that operatives were also sent from India.
The information that there is a Chinese agent was said to have been given to Twitter's security team by the FBI a week before Mr. Zatko was fired. Before this information came to us, Zatko once told company executives, 'I'm sure there are operatives in the company,' but said, 'We have one, so there's no point in having more.' I recall that my reaction was, 'I'm deaf.'
◆ Management team
Zatko blames Twitter's vulnerability for management's pursuit of profit over safety, stating that 'Twitter is not a company that manages risk and crisis, it is a company that is managed by risk and crisis.' said. According to Zatko, Twitter had an internal culture of 'reporting only good results'.
In addition, CEO Parag Agrawal was also called to this hearing, but he refused to participate due to a legal battle with Mr. Earon Mask.
Rep. Charles Grassley said, 'This Commission's work and protecting Americans from foreign influence are more important than the Twitter civil lawsuit in Delaware. I don't think I can maintain my position in , 'I blame Agrawal.
◆ Twitter data handling
According to Zatko, Twitter can't properly control the data it collects, and Twitter's access to users' phone numbers, IP addresses, email addresses, device information, GPS information, and other identifying information. About half of the employees were in a state of being able to access. Mr. Zatko expresses this state as 'If the door is not locked, it doesn't matter who has the key.'
In 2010, Twitter was sued by the Federal Trade Commission for not taking reasonable steps to protect users, and in 2011 agreed on measures to prevent access to non-public information. In May, he was ordered to pay a fine of 19 billion yen for illegally using personal information contrary to the agreement. However, according to Mr. Zatko, who joined the company in 2020, there is a suspicion that Twitter did not keep the content agreed in 2011 in the first place.
``Twitter is a very powerful platform and cannot tolerate security vulnerabilities,'' said Dick Durbin. ``I am concerned that the Federal Trade Commission has not known or taken sufficient steps for 10 years to see if Twitter is keeping its agreement,'' Grassley said.
Rep. Richard Blumenthal called for a new federal agency to protect user privacy and security.
Senator Amy Klobuchar also said Congress needed to face its own shortcomings, arguing that the Senate had not responded to concerns about the impact of tech companies from bipartisan groups. gave an opinion.
Parag Agrawal did not respond to the hearing, but Earon Mask, who has an acquisition problem with Twitter, tweeted a popcorn emoji. From the subsequent tweets, this seems to be an appeal to see the hearing.
????
— Naughtius Maximus (@elonmusk) September 13, 2022
After the whistleblowing by Mr. Zatko, at least six research companies contacted the members of Stripe, Google, and DARPA where Mr. Zatko worked before Twitter. I don't mind at all,' it is reported that he was willing to pay $ 1000 per hour (about 140,000 yen). According to Niels Probos, one of the people contacted, former Stripe executive, the research firm was 'incredibly dubious' seeking information that would discredit Zatko. So, Stripe's former chief security officer, Jonathan Kultwasser, immediately sent Zatko a warning.
The Search for Dirt on the Twitter Whistle-Blower |
https://www.newyorker.com/news/news-desk/the-search-for-dirt-on-the-twitter-whistle-blower
Related Posts:
in Note, Web Service, Video, Posted by logc_nt