According to a whistleblower, Twitter has a security problem. So much so that the platform itself is a national security risk.

The complaint from former head of security Peiter Zatko, a widely admired hacker known as “Mudge,” depicts Twitter as a chaotic and rudderless company beset by infighting, unable to properly protect its 238 million daily users including government agencies, heads of state and other influential public figures.

Among the most serious accusations in the complaint, a copy of which was obtained by The Washington Post, is that Twitter violated the terms of an 11-year-old settlement with the Federal Trade Commission by falsely claiming that it had a solid security plan. Zatko’s complaint alleges he had warned colleagues that half the company’s servers were running out-of-date and vulnerable software and that executives withheld dire facts about the number of breaches and lack of protection for user data, instead presenting directors with rosy charts measuring unimportant changes.

There’s much much more to this and Peiter Zatko brought a significant amount of documentation with him when he filed the whistleblower complaint. You can read the documents here, here, and here. 

The third item linked is Zatko’s security report presented to Twitter executives in February 2022. As is noted in the reports, once Zatko started running system diagnostics, he found a multitude of highly concerning issues. 

“In 2020 alone, Twitter had more than 40 security incidents, 70% of which were access control-related. These included 20 incidents defined as breaches; all but two of which were access control related,” the complaint claims.

In addition, Zatko “became aware of multiple episodes suggesting that Twitter had been penetrated by foreign intelligence agencies and/or was complicit in threats to democratic governance.” This included how Twitter allegedly hired a suspected Indian government agent as an employee, who then had access to the platform’s internal data.

Interesting given that Twitter CEO Parag Agrawal insisted quite loudly in May, after Elon Musk decided to buy Twitter, that the platform is utterly secure and is working hard to stay spam and bot-free.

We suspend over half a million spam accounts every day, usually before any of you even see them on Twitter. We also lock millions of accounts each week that we suspect may be spam – if they can’t pass human verification challenges (captchas, phone verification, etc).

— Parag Agrawal (@paraga) May 16, 2022

Needless to say, Elon Musk’s response to those assertions was both comical and on-point. That said, I worked with IT systems and data communications for law enforcement for nearly 10 years. Even I know that a report provided in February doesn’t lead to a system being magically fixed two months later. It. Just. Doesn’t. Happen. 

Furthermore, this whistleblower complaint comes just as Elon is facing a lawsuit from Twitter trying to force him to purchase the company, and it’s made public right at the time Musk decides to subpoena Jack Dorsey. 

Twitter has serious problems. Much of which has been widely known for years. However, the extent of the platform’s problems is becoming even clearer since Musk threw his financial hat into the ring. 

It’s quite easy to understand that Twitter is a national security risk, given how the platform operates. It’s even more clear how much of a security risk it can be of the alleged whistleblower complaints are true asserting that Twitter lets employees roam freely around the platform with no checks or balances. A recent criminal case certainly highlights those national security issues. 

A former Twitter employee has been convicted of failing to register as an agent for Saudi Arabia and other charges after accessing private data on users critical of the kingdom’s government in a spy case that spanned from Silicon Valley to the Middle East.

Ahmad Abouammo, a U.S. citizen and former media partnership manager for Twitter’s Middle East region, was charged in 2019 with acting as an agent of Saudi Arabia without registering with the U.S. government. A jury found him guilty on six counts, including conspiracy to commit wire fraud and money laundering. The jury acquitted him on another five charges involving wire fraud.

Elon Musk said there was a spam and bot problem. Twitter emphatically stated otherwise. Now we also find out that at least ONE employee had been accessing private data on behalf of another country, and that there are major allegations stating that the security of the platform is essentially a sieve. 

Would Elon Musk still want to purchase Twitter after these allegations and criminal cases have come to light? Possibly. Twitter might want to drop its lawsuit against Musk, discount the price and walk away permanently. I doubt that would happen, but would be pleasantly surprised if Twitter makes that move. 

That said, the allegations and documentation provided by Peiter Zatko in his whistleblower complaint concerning the national security concerns and issues within Twitter should be a major red flag to our intelligence communities. Twitter is a problem, HAS a problem (and it isn’t those pesky conservatives they don’t like), and they need to fix the dumpster fire they built. 

Feature Photo Credit: Twitter smartphone world via Pixabay, cropped and modified