Althouse: "Twitter executives deceived federal regulators and the company’s own board of directors about 'extreme, egregious deficiencies' in its defenses against hackers..."

August 23, 2022

"Twitter executives deceived federal regulators and the company’s own board of directors about 'extreme, egregious deficiencies' in its defenses against hackers..."

"... as well as its meager efforts to fight spam, according to an explosive whistleblower complaint from its former security chief. The complaint from former head of security Peiter Zatko, a widely admired hacker known as 'Mudge,' depicts Twitter as a chaotic and rudderless company beset by infighting, unable to properly protect its 238 million daily users including government agencies, heads of state and other influential public figures. Among the most serious accusations in the complaint, a copy of which was obtained by The Washington Post, is that Twitter violated the terms of an 11-year-old settlement with the Federal Trade Commission by falsely claiming that it had a solid security plan."

WaPo reports.

27 comments:

RideSpaceMountain said...: Sorry, all of those lies are covered under section 230 of title 47 as "opinions expressed by private entities".

Please tune in next week when we count the number of angels on a pinhead and act momentarily like a publisher so you can play again.; 8/23/22, 7:47 AM
Leland said...: The former Head of Security is claiming poor security? You had one job.; 8/23/22, 7:49 AM
tim maguire said...: I stopped using Facebook years ago and haven't missed it a bit. I, almost by accident, stopped using Twitter in June and if it weren't for blogs reposting tweets or otherwise linking to it, I'd have completely forgotten it exists.

Musk must be laughing.; 8/23/22, 7:52 AM
gilbar said...: elon's running away makes much more sense now, doesn't it?; 8/23/22, 7:54 AM
rhhardin said...: Anything a hacker can break through is egregious but rather often is beyond the control of the company. They're as surprised by say buggy Microsoft/Apple software as anybody except hackers.

It is a great gotcha lever for government looking for a favor.; 8/23/22, 8:06 AM
Enigma said...: Now cross out "Twitter" and write in any random name of a federal agency. FBI? Sure. CDC? They wrote the book. The dozens of officials who said Hunter Biden's laptop was Russian disinformation? Absolutely. Kamala Harris's revolving door staff? Sure. Hillary Clinton's mail server? Yep. Donald Trump, as a major Twitter fan? Yes.

We are in an era of maximum chaos, maximum corruption. No one can be eliminated or fired because everyone is in a web of need and self-protection. China...can't act on genocide because that's where Apple products come from. Russia...can't act on invasions because of oil, coal, natural gas. Saudi Arabia...can't act on assassinations because of oil...

Welcome to the "hold your nose and accept it" era.; 8/23/22, 8:09 AM
Rad4Cap said...: This should help to prove Musk's argument against them immeasurably.; 8/23/22, 8:14 AM
Dave Begley said...: Musk is paying Mudge. In crypto.; 8/23/22, 8:15 AM
Sebastian said...: "unable to properly protect its 238 million daily users"

Well, they're protected from Trump and other wrongthinkers, so what more do they need?; 8/23/22, 8:23 AM
Parallel said...: “The former Head of Security is claiming poor security? You had one job.”

First, if he was doing his job, he was the person best placed to make that assessment.

Second, a common mental trap for security professionals is to forget the purpose of the enterprise and focus solely on keeping bad things from happening. If the Secret Service’s only job was keeping the US President safe from assassins then they would put the President under a mountain somewhere for the entire 4-year term. But no, the Secret Service’s job is to keep the president safe while doing the job of the president—which includes public speaking events and meeting with a wide variety of people.

So he may be accurately reporting what he perceived, while still missing the overall picture and business strategy of the people whose job it is to balance risk versus budget versus business objectives.; 8/23/22, 8:46 AM
tommyesq said...: "unable to properly protect its 238 million alleged daily users"

FIFY; 8/23/22, 8:53 AM
Howard said...: Another victory for our checks and balances system.; 8/23/22, 9:16 AM
cassandra lite said...: So Twitter numbers are about as reliable as most polls...but most journalists (who care more about Twitter than anyone else) will continue to treat both as indicators...when the numbers are favorable to what they're purveying.

We're divided between those who live in the sun and those who chain themselves to the wall of Plato's cave.; 8/23/22, 9:20 AM
typingtalker said...: "Among the most serious accusations in the complaint ... is that Twitter violated the terms of an 11-year-old settlement with the Federal Trade Commission by falsely claiming that it had a solid security plan."

And Elon peeked under the sheets and found out about it ... and Elon being Elon, he didn't publicise it because it was dangerous to the company he wanted to buy and fix ... rather, he complained about too many false accounts to lower the price.

Or not.

It's all fun for us. More popcorn please.; 8/23/22, 9:34 AM
Leland said...: Parallel, you make a good point that I agree with as my comment was sarcasm. I could have also wrote, "Former employee disgruntled about losing the job he did poorly."

So he may be accurately reporting what he perceived

Do you think he accurately is reporting that Twitter made false claims of adherence to a FTC settlement? Is he being accurate now or when the claims were being made, as wouldn't he be part of the internal certification of adherence?; 8/23/22, 9:54 AM
Michael K said...: Musk is smiling now. So much for the Twitter board suing him.; 8/23/22, 10:20 AM
Charlie Martin said...: “ Is he being accurate now or when the claims were being made, as wouldn't he be part of the internal certification of adherence?”

He was hired in 2020. 2020 > 2011. This should clarify the point.; 8/23/22, 11:15 AM
Yancey Ward said...: This could be self-serving testimony from a aggrieved former employee. However, it is likely that he was fired because he was trying to do his job and that was interfering with the upper management's actual priorities, which are likely non-security related.

I know I probably have told this story before, but when I went to sign up an account last year, I found one already in my name with some biographical data, something I would never have added to such an account even if I had forgotten I set it up, but I know I didn't set it up, and when I requested Twitter close it or give me access to it, they ignored me, and I am not the only one.; 8/23/22, 11:18 AM
Andy said...: rhhardin
Anything a hacker can break through is egregious but rather often is beyond the control of the company. They're as surprised by say buggy Microsoft/Apple software as anybody except hackers.

I think of it being more like builder who knowingly uses a supplier the provides substandard building materials. If a bunch of homes the builder builds collapse during a thunderstorm and people are killed or injured because of it. It isn’t to difficult for a lawyer to demonstrate to a jury that the homes were framed with rotten lumber during a law suit. That builder will get sued into bankruptcy and other builders will take note. But, when some retail outfits lax security allows some hacker to steal the credit card of thousands of customers, the difficulty lies(?) in demonstrating to a jury that the crappie underlying code is analogous to rotten lumber. That on the internet hackers are like forces of nature like rainstorms in real life and that software should be as resilient to hackers as you house is to rain. To be frank, somebody maybe Microsoft, maybe a large bank or retail outlet should have been sued into insolvency by now over this bullshit.; 8/23/22, 11:29 AM
Mike (MJB Wolf) said...: Twitter whistleblowers. FBI whistleblowers. Cool news day. Kind of puts a different spin on Musk's tweets laughing at "5%" claims Twitter made and asserting the truth would be closer to 50%. Fifty is exactly the number the WB indicates. Hope none of you rubes advertised on Twitter at those inflated (Google-like) rates.; 8/23/22, 11:53 AM
Drago said...: Howard: "Another victory for our checks and balances system."

Per usual, the exact opposite is true. As is always the case with Howard.

Our "checks and balances system" was completely hacked by the democraticals and their big tech political allies to censure opposing voices.

It was only the courage of whistleblowers who saw the corruption and lies of the democratical/Big tech/ChiCom alliance and came forward that is blowing the lid off this latest democratical farce.

Howard and gadfly, amongst others, were just full of insults and "advice" for Musk. However, these Althouse lefties don't seem to have much to say on behalf of their beloved censorious Twitterati "heroes" anymore.; 8/23/22, 12:10 PM
Fred Drinkwater said...: Were we...just subject to some actual news reporting? From WaPo!?

Since that would normally be my last-place assumption, I'm going to wait a bit to figure out what the WaPo is really up to here.; 8/23/22, 12:27 PM
YoungHegelian said...: This is a YouTube Joe Rogan interview with Jack Dorsey (then CEO of Twitter), Vijaya Gadde (General Counsel for Twitter) & Tim Pool (who's there to ask them uncomfortable questions).

Okay, so your first questions is probably "Who the hell shows up to a Joe Rogan interview with their lawyer?".

Your second is "YH, you expect us to watch a 3 & a half hour interview? You lost your friggin' mind?"

You don't have to watch it straight through to get the flavor. Does pop the cursor somewhere in the middle, listen for 5 minutes, and then move it further in once or twice to get the full flavor.

In short, both Gadde and especially Dorsey come off so badly that you end up trusting them as far as you can throw them. Dorsey seems not to have a clue as to what goes on in his company. I'm amazed that this interview didn't tank the stock.; 8/23/22, 3:04 PM
Howard said...: "Hacked" meaning Drago is a butt hurt sore loser. Fortunately for your Supreme Catholic Court, the mean cheater rethuglicans hacked the nomination process during Obozo's regime and got concealed carry and killed Roe for you people. And you still hate Cocaine Mitch even though he tee'd up the Federal Judiciary for Trump to appoint.; 8/23/22, 3:55 PM
n.n said...: Contraception... security is a process practiced in the open and in depth. Beware the darkness in back holes, black holes, black whores h/t NAACP and pathogens transmitted in WaPoo.; 8/23/22, 6:12 PM
Drago said...: Howard: ""Hacked" meaning Drago is a butt hurt sore loser. Fortunately for your Supreme Catholic Court, the mean cheater rethuglicans hacked the nomination process during Obozo's regime and got concealed carry and killed Roe for you people. And you still hate Cocaine Mitch even though he tee'd up the Federal Judiciary for Trump to appoint."

I'm going to give this latest incoherent Howard rant a "5" on the Democratical Moron Magic 8-Ball scale. That would mean it took at least 5 cobbled together random unconnected snippets from previously failed talking points to complete.; 8/23/22, 6:23 PM
Michael K said...: Blogger Howard said...

"Hacked" meaning Drago is a butt hurt sore loser. Fortunately for your Supreme Catholic Court, the mean cheater rethuglicans hacked the nomination process during Obozo's regime

So, you and Garland are an item, eh Howard? Obozo packed the DC Circuit, which has worked well for him. No Republican can get a fair trial in DC.; 8/23/22, 8:16 PM