<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>whistleblower Archives - The Hemet &amp; San Jacinto Chronicle</title>
	<atom:link href="https://hsjchronicle.com/tag/whistleblower/feed/" rel="self" type="application/rss+xml" />
	<link>https://hsjchronicle.com/tag/whistleblower/</link>
	<description>The Hemet &#38; San Jacinto Chronicle</description>
	<lastBuildDate>Fri, 16 Sep 2022 03:43:23 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>

<image>
	<url>https://hsjchronicle.com/wp-content/uploads/2019/06/HSJC_favicon_49px.jpg</url>
	<title>whistleblower Archives - The Hemet &amp; San Jacinto Chronicle</title>
	<link>https://hsjchronicle.com/tag/whistleblower/</link>
	<width>32</width>
	<height>32</height>
</image> 
<site xmlns="com-wordpress:feed-additions:1">254957898</site>	<item>
		<title>Twitter whistleblower bringing security warnings to Congress</title>
		<link>https://hsjchronicle.com/twitter-whistleblower-bringing-security-warnings-to-congress-2/</link>
					<comments>https://hsjchronicle.com/twitter-whistleblower-bringing-security-warnings-to-congress-2/#respond</comments>
		
		<dc:creator><![CDATA[Contributed]]></dc:creator>
		<pubDate>Sat, 17 Sep 2022 19:00:00 +0000</pubDate>
				<category><![CDATA[Politics]]></category>
		<category><![CDATA[security warnings]]></category>
		<category><![CDATA[Twitter]]></category>
		<category><![CDATA[whistleblower]]></category>
		<guid isPermaLink="false">https://hsjchronicle.com/?p=50432</guid>

					<description><![CDATA[<p>Peiter “Mudge” Zatko, the Twitter whistleblower who is warning of security flaws, privacy threats and lax controls at the social platform, will take his case to Congress on Tuesday. Senators who will hear Zatko’s testimony before the Senate Judiciary Committee are alarmed by his Twitter allegations at a time of heightened concern over the safety of powerful tech platforms.</p>
<p>The post <a href="https://hsjchronicle.com/twitter-whistleblower-bringing-security-warnings-to-congress-2/">Twitter whistleblower bringing security warnings to Congress</a> appeared first on <a href="https://hsjchronicle.com">The Hemet &amp; San Jacinto Chronicle</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph">MARCY GORDON | Contributed</p>



<p class="wp-block-paragraph">Peiter “Mudge” Zatko, the Twitter whistleblower who is warning of security flaws, privacy threats and lax controls at the social platform, will take his case to Congress on Tuesday. Senators who will hear Zatko’s testimony before the Senate Judiciary Committee are alarmed by his Twitter allegations at a time of heightened concern over the safety of powerful tech platforms. It’s Zatko’s second Capitol Hill appearance, and in some ways a 21st-century echo of his first. </p>



<p class="wp-block-paragraph">In 1998, he testified before a Senate panel along with fellow members of a hacker collective who warned about the security dangers of the then-emerging internet age. Zatko, a respected cybersecurity expert, was Twitter’s head of security until he was fired early this year. He has brought the stunning allegations to Congress and federal regulators, asserting that the influential social platform misled regulators about its cyber defenses and efforts to control millions of “spam” or fake accounts. Sen. Dick Durbin, the Illinois Democrat who chairs the panel, called Zatko’s allegations “serious business.” “If it’s anywhere along the lines that (he) suggested, I think it’s a matter of grave personal-privacy concern,” Durbin told reporters Monday. “The question is whether information gathered by Twitter has been used for purposes which we’re not aware of.” </p>



<p class="wp-block-paragraph">Zatko’s accusations are also playing into billionaire tycoon Elon Musk’s battle with Twitter. The Tesla CEO is trying to get out of his $44 billion bid to buy the company; Twitter has sued to force him to complete the deal. The Delaware judge overseeing that case ruled last week that Musk can include new evidence related to Zatko’s allegations in the high-stakes trial set to start Oct. 17. The allegation that Twitter engaged in deception in its handling of automated “spam bot” accounts is at the core of Musk’s attempt to back out of the Twitter deal. At the same time, many of Zatko’s claims are uncorroborated and appear to have little documentary support. In a statement, Twitter has called Zatko’s description of events “a false narrative.” Also on Tuesday, Twitter’s shareholders are scheduled to vote on the company’s pending buyout by Musk. The vote is something of a formality given that the deal is on hold while the court case plays out. But if the measure passes as expected, it would also pave the way for a Musk takeover should Twitter prevail in court. </p>



<p class="wp-block-paragraph">Zatko also filed complaints with the Justice Department, <a href="https://www.ftc.gov/">the Federal Trade Commission and the Securities and Exchange Commission</a>. Among his most serious accusations is that Twitter violated the terms of a 2011 FTC settlement by falsely claiming that it had put stronger measures in place to protect the security and privacy of its users. The SEC is questioning Twitter about how it counts fake accounts on its platform. Twitter uses counts of its presumably real users to attract advertisers, whose payments make up about 90% of its revenue. The “spam bots” have no value to advertisers because there’s no person behind them. San Francisco-based Twitter has an estimated 238 million daily active users worldwide. </p>



<p class="wp-block-paragraph">The company says it removes 1 million spam accounts daily. Zatko’s 84-page complaint alleges that he found “extreme, egregious deficiencies” on the platform, including issues with “user privacy, digital and physical security, and platform integrity/content moderation.” It accuses CEO Parag Agrawal and other senior executives and board members of making “false and misleading statements to users and the FTC” about these issues. Twitter denies those claims and said that Zatko was fired in January for “ineffective leadership and poor performance.” Zatko’s attorneys say the performance claim is false. Twitter also hinted that Zatko’s complaint might be designed to bolster Musk’s legal fight with the company. Twitter called Zatko’s complaint “a false narrative” that is “riddled with inconsistencies and inaccuracies, and lacks important context.” </p>



<p class="wp-block-paragraph">News of Zatko’s complaint surfaced on Aug. 23, almost two months before the Twitter-Musk trial is scheduled to begin. One of Zatko’s attorneys has said “he’s never met Elon Musk. Doesn’t know Elon Musk. They know people in common.” The company also says it has significantly tightened security since 2020. Among Zatko’s specific allegations: — The company had such poor cybersecurity that it easily could have been exposed to outside attacks or attempts to siphon off its internal data. —The company lacked effective leadership, with its top executives practicing “deliberate ignorance” of pressing problems. Zatko described former CEO Jack Dorsey as “extremely disengaged” during the last months of his tenure, to the point where he wouldn’t even speak during meetings on complex issues. Dorsey stepped down in November 2021. —That Twitter knowingly allowed the government of India to place its agents on the company payroll, where they had “direct unsupervised access” to highly sensitive data on users. </p>



<p class="wp-block-paragraph">It makes a parallel but less detailed accusation that Twitter took funding from unidentified Chinese entities who may have been enabled to access the identities and sensitive data of Chinese users who secretly use Twitter, which is officially banned in China. The 51-year-old Zatko, better known by his hacker handle “Mudge,” first gained prominence in the 1990s. He was the best-known member of the Boston-based collective L0pht, which pioneered ethical hacking, embarrassing companies including Microsoft for poor security. His work raised awareness in the computing world that forced such major companies to take security seriously. He co-founded the consultancy @Stake, which was later acquired by Symantec. Zatko later worked in senior positions at the Pentagon’s Defense Advanced Research Projects Agency and Google. </p>



<p class="wp-block-paragraph">He joined Twitter at Dorsey’s urging in late 2020, the same year the company suffered an embarrassing security breach involving hackers who broke into the Twitter accounts of world leaders, celebrities and tech moguls, including Musk, in an attempt to scam their followers out of bitcoin.</p>



<p class="wp-block-paragraph">Find your latest news here at the <a href="https://hsjchronicle.com/">Hemet &amp; San Jacinto Chronicle </a></p>
<p>The post <a href="https://hsjchronicle.com/twitter-whistleblower-bringing-security-warnings-to-congress-2/">Twitter whistleblower bringing security warnings to Congress</a> appeared first on <a href="https://hsjchronicle.com">The Hemet &amp; San Jacinto Chronicle</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://hsjchronicle.com/twitter-whistleblower-bringing-security-warnings-to-congress-2/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">50432</post-id>	</item>
		<item>
		<title>5 takeaways from Twitter whistleblower Peiter Zatko</title>
		<link>https://hsjchronicle.com/5-takeaways-from-twitter-whistleblower-peiter-zatko/</link>
					<comments>https://hsjchronicle.com/5-takeaways-from-twitter-whistleblower-peiter-zatko/#respond</comments>
		
		<dc:creator><![CDATA[Associated Press]]></dc:creator>
		<pubDate>Wed, 24 Aug 2022 22:00:00 +0000</pubDate>
				<category><![CDATA[Business]]></category>
		<category><![CDATA[Peiter Zatko]]></category>
		<category><![CDATA[Twitter]]></category>
		<category><![CDATA[whistleblower]]></category>
		<guid isPermaLink="false">https://hsjchronicle.com/?p=49642</guid>

					<description><![CDATA[<p>Startling new revelations from Twitter’s former head of security, Peiter Zatko, have raised serious new questions about the security of the platform’s service, its ability to identify and remove fake accounts, and the truthfulness of its statements to users, shareholders and federal regulators.</p>
<p>The post <a href="https://hsjchronicle.com/5-takeaways-from-twitter-whistleblower-peiter-zatko/">5 takeaways from Twitter whistleblower Peiter Zatko</a> appeared first on <a href="https://hsjchronicle.com">The Hemet &amp; San Jacinto Chronicle</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph">By DAVID HAMILTON</p>



<p class="wp-block-paragraph">SAN FRANCISCO (AP) — Startling new revelations from Twitter’s former head of security, Peiter Zatko, have raised serious new questions about the security of the platform’s service, its ability to identify and remove fake accounts, and the truthfulness of its statements to users, shareholders and federal regulators.</p>



<p class="wp-block-paragraph">Zatko — better known by his hacker handle “Mudge” — is a respected cybersecurity expert who first gained prominence in the 1990s and later worked in senior positions at <a href="https://www.darpa.mil/">the Pentagon’s Defense Advanced Research Agency</a> and Google. Twitter fired him from the security job early this year for what the company called “ineffective leadership and poor performance.” Zatko’s attorneys say that claim is false.</p>



<p class="wp-block-paragraph">In a whistleblower complaint made public Tuesday, Zatko documented his uphill 14-month effort to bolster Twitter security, boost the reliability of its service, repel intrusions by agents of foreign governments and both measure and take action against fake “bot” accounts that spammed the platform. In a statement, Twitter called Zatko’s description of events “a false narrative.”</p>



<p class="wp-block-paragraph">Here are five takeaways from that whistleblower complaint.</p>



<p class="wp-block-paragraph">TWITTER’S SECURITY AND PRIVACY SYSTEMS WERE GROSSLY INADEQUATE</p>



<p class="wp-block-paragraph">In 2011, Twitter settled a Federal Trade Commission investigation into its privacy practices by agreeing to put stronger data security protections in place. Zatko’s complaint charges that Twitter’s problems grew worse over time instead.</p>



<p class="wp-block-paragraph">For instance, the complaint states, Twitter’s internal systems allowed far too many employees access to personal user data they didn’t need for their jobs — a situation ripe for abuse. For years, Twitter also continued to mine user data such as phone numbers and email addresses — intended only for security purposes — for ad targeting and marketing campaigns, according to the complaint.</p>



<p class="wp-block-paragraph">TWITTER’S ENTIRE SERVICE COULD HAVE COLLAPSED IRREPARABLY UNDER STRESS</p>



<p class="wp-block-paragraph">One of the most striking revelations in Zatko’s complaint is the claim that Twitter’s internal data systems were so ramshackle — and the company’s contingency plans so insufficient — that any widespread crash or unplanned shutdown could have tanked the entire platform.</p>



<p class="wp-block-paragraph">The concern was that a “cascading” data-center failure could quickly spread across Twitter’s fragile information systems. As the complaint put it: “That meant that if all the centers went offline simultaneously, even briefly, Twitter was unsure if they could bring the service back up. Downtime estimates ranged from weeks of round-the-clock work, to permanent irreparable failure.”</p>



<p class="wp-block-paragraph">TWITTER MISLED REGULATORS, INVESTORS AND MUSK ABOUT FAKE “SPAM” BOTS</p>



<p class="wp-block-paragraph">In essence, Zatko’s complaint states that Tesla CEO Elon Musk — whose $44 billion bid to acquire Twitter is headed for October trial in a Delaware court — is correct when he charges that Twitter executives have little incentive to accurately measure the prevalence of fake accounts on the system.</p>



<p class="wp-block-paragraph">The complaint charges that the company’s executive leadership practiced “deliberate ignorance” on the subject of these so-called spam bots. “Senior management had no appetite to properly measure the prevalence of bot accounts,” the complaint states, adding that executives were concerned that accurate bot measurements would harm Twitter’s “image and valuation.”</p>



<p class="wp-block-paragraph">ON JAN. 6, 2021, TWITTER COULD HAVE BEEN AT THE MERCY OF DISGRUNTLED EMPLOYEES</p>



<p class="wp-block-paragraph">Zatko’s complaint states that as a mob assembled in front of <a href="https://www.visitthecapitol.gov/">the U.S. Capitol </a>on Jan. 6, 2021, eventually storming the building, he began to worry that employees sympathetic to the rioters might try to sabotage Twitter. That concern spiked when he learned it was “impossible” to protect the platform’s core systems from a hypothetical rogue or disgruntled engineer aiming to wreak havoc.</p>



<p class="wp-block-paragraph">“There were no logs, nobody knew where data lived or whether it was critical, and all engineers had some form of critical access” to Twitter’s core functions, the complaint states.</p>



<p class="wp-block-paragraph">A PLAYGROUND FOR FOREIGN GOVERNMENTS</p>



<p class="wp-block-paragraph">The Zatko complaint also highlights Twitter’s difficulty in identifying — much less resisting — the presence of foreign agents on its service. In one instance, the complaint alleges, the Indian government required Twitter to hire specific individuals alleged to be spies, and who would have had significant access to sensitive data thanks to Twitter’s own lax security controls. The complaint also alleges a murkier situation involving taking money from unidentified “Chinese entities” that then could access data that might endanger Twitter users in China.</p>



<p class="wp-block-paragraph">Find your latest news here at the <a href="https://hsjchronicle.com/">Hemet &amp; San Jacinto Chronicle</a> </p>
<p>The post <a href="https://hsjchronicle.com/5-takeaways-from-twitter-whistleblower-peiter-zatko/">5 takeaways from Twitter whistleblower Peiter Zatko</a> appeared first on <a href="https://hsjchronicle.com">The Hemet &amp; San Jacinto Chronicle</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://hsjchronicle.com/5-takeaways-from-twitter-whistleblower-peiter-zatko/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">49642</post-id>	</item>
	</channel>
</rss>
