A Twitter investigation has been announced by the Senate Judiciary Committee, following claims of “extreme” security failings at the social network. The claims were made in an 84-page report by the company’s former head of security, Peiter Zatko.
Concerns have been expressed about the national security risks of bad actors being able to fake tweets from the accounts of world leaders and major media organizations …
Background
Back in 2011, hackers were able to twice take full control of Twitter. The company made promises to the Federal Trade Commission (FTC) that it would completely revamp its security procedures so that such a breach could never happen again.
However, Zatko said that this still hasn’t happened, 11 years later. He filed a formal complaint with the FTC, as well as the Securities and Exchange Commission (SEC) and Department of Justice (DOJ), accusing Twitter of “extreme, egregious [security] deficiencies.”
Zatko said that in his time there he had highlighted the fact that half the company’s servers were running out-of-date software with security vulnerabilities, but no action was taken. He also accused the company of withholding information about security breaches.
Twitter hit back, saying that the 84-page complaint was “riddled with errors,” and stating that Zatko had been fired for “poor performance and leadership.”
Senate Twitter investigation
The Washington Post reports that the Senate has announced a hearing into the allegations, with plans for further investigatory steps as required.
Twitter whistleblower Peiter Zatko will testify before the Senate about his allegations of security failures at the social network, the Senate Judiciary Committee announced on Wednesday.
The hearing is scheduled for Sept. 13, and Zatko, Twitter’s former security chief who is also known as “Mudge,” will appear pursuant to a subpoena […]
“Mr. Zatko’s allegations of widespread security failures and foreign state actor interference at Twitter raise serious concerns. If these claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world,” said Sens. Richard J. Durbin (D-Ill.) and Charles E. Grassley (R-Iowa), the chair and top Republican on the Senate Judiciary Committee.
The lawmakers said in a statement that in addition to the hearing, they would “take further steps as needed to get to the bottom of these alarming allegations.”
Two other senators, Richard Blumenthal (D) and Edward J. Markey (D), have written to the FTC and DOJ, asking them to fully investigate the allegations.
Twitter downplayed the controversy during a town hall meeting for staff, stating that the report was untrue, but not discussing any of the specifics.
European investigations also underway
TechCrunch reports that European regulators are also investigating the claims.
Two national data protection authorities in the EU, in Ireland and France, have confirmed to TechCrunch that they are following up on the whistleblower complaint.
Ireland, which is Twitter’s lead supervisor for the bloc’s General Data Protection Regulation (GDPR) — and previously led a GDPR investigation of a separate security incident that resulted in a $550,000 fine for Twitter — said it is “engaging” with the company in the wake of the publicity around the complaint […]
France’s DPA said it [too] is investigating allegations made in the complaint.
“The CNIL is currently investigating the complaint filed in the U.S. For the moment we are not in a position to confirm or deny the accuracy of the alleged breaches,” a spokesperson for the French watchdog told us.”
Zatko’s complaint said that Twitter planned to mislead both regulators after the company learned that investigations were likely. The European investigations seem likely to focus on potential abuses of privacy legislation.
FTC: We use income earning auto affiliate links. More.
Comments