Twitter lacked ability to detect foreign intelligence agents working at company, congressional whistleblower says
Twitter is vulnerable to the possibility of foreign intelligence agents working in the company and accessing user data due to a lack of internal security controls, said the company’s former chief security officer, Peter “Mudge” Zatko.
“We just didn’t have the ability to hunt down the foreign intelligence agents and kick them out on our own,” Zatko said Tuesday in testimony before the Senate Judiciary Committee on the data security practices of the United States. Twitter.
The US Senate committee has raised questions about claims by former Twitter security chief that the microblogging platform was facing multiple threats, including from the Indian government to employ its intelligence operatives within the company.
One of the “troubling things”, according to Mr. Zatko, was Twitter’s “lack of ability” to identify inappropriate access within its own systems.
“What I noticed when we knew someone inside was acting on behalf of foreign interests as an unregistered agent, it was extremely difficult to track people,” he said.
“There was a lack of logging and an ability to see what they were doing, what information was being accessed, or contain their activities, or contain their activities, let alone set steps for repair and building up any damage,” the former said Twitter’s security chief.
Mr Zatko claimed that Twitter “definitely lacks” the ability to hunt foreign intelligence agents working at the company and expose them on their own.
He alleged, based on his experience at the company, that due to a lack of access logging in Twitter’s internal systems, it would be nearly impossible to find what data had been viewed by employees. specific, adding that “thousands” of unauthorized data access attempts have been made. every week.
Foreign agents can have several corporate purposes, Zatko said, including finding out about Twitter’s plans for other countries’ governments, including whether it would give in to a government censorship request or its expansion goals in a particular environment.
“Due to these disclosures, we have learned that Twitter user data is potentially exposed to foreign intelligence agencies. For example, his disclosure indicates that India may have placed at least two suspicious foreign assets on Twitter. Soldiers also note that the FBI has notified Twitter of at least one Chinese agent at the company,” Sen. Chuck Grassley said.
“In the hands of a foreign agent embedded in Twitter, a foreign adversary could use the technology to suppress pro-democracy dissidents in their country, but also spy on Americans,” Grassley noted.
Citing one example, he said that in 2019, two Twitter employees indicted by the FBI used their positions at the company to access private user data “and then passed it on to Saudi Arabia.”
“These foreign agents were able to access and provide personal information on more than 6,000 people of interest to the Saudi government,” Grassley added.
Responding to Mr. Zatko’s allegations, a Twitter spokesperson said The Independent that the company’s hiring process is independent of any outside influence, adding that access to data is managed through measures including background checks, access controls and monitoring, and systems and processes of detection.
“The hearing only confirms that Mr. Zatko’s allegations are riddled with inconsistencies and inaccuracies,” the spokesperson said.