13.8 C
London
Thursday, October 6, 2022

What Twitter whistleblower Mudge told Congress • londonbusinessblog.com

Must read

More than half of Bitcoin volume on crypto exchanges fake: report

More than 51 percent of the total Bitcoin trading volume on various cryptocurrency exchanges this year is fake. According to data from niche...

From Managing The Harvard Alpha Fund To Starting A $1 Billion Hedge Fund — Divya Nettimi’s Journey

Mentioned in the Forbes listNettimi was also on Forbes' list of '30 Under 30' in finance in 2016, while she was an investment analyst...

Upcoming electric cars in India in 2022 – see the expected price and range here

Upcoming electric cars in India in 2022 - see the expected price and range here

Kevin Spacey’s trial begins nearly five years after Anthony Rapp accused him of sexual abuse

The jurors were sworn in Thursday morning in the civil trial of Kevin Spacey, the Oscar-winning star accused by fellow actor Anthony Rapp of...
Shreya Christinahttps://londonbusinessblog.com
Shreya has been with londonbusinessblog.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider londonbusinessblog.com team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

A ticking bomb of security issues. Hide security flaws. Duping regulators and misleading legislators.

These are just some of the allegations made when ex-Twitter security chief Peiter Zatko turned whistleblower, testifying before the Senate Judiciary Committee on Tuesday, less than a month after the release of his explosive whistleblower complaint filed with federal regulators. Zatko, better known as Mudge, made his first comments since the public publication of his complaint.

Twitter did not respond to a request for comment.

Here are the key conclusions from Mudge’s testimony to lawmakers and what we learned from Tuesday’s hearing.

FBI warned Twitter it had a Chinese spy on staff

Senator Chuck Grassley, the chief member of the Senate Judiciary Committee, said in his opening remarks that the FBI warned Twitter that a Chinese spy may be on its payroll.

An edited version of Mudge’s whistleblower complaint released last month said Twitter received specific information from the US government that “one or more certain company employees were working on behalf of another specific foreign intelligence agency.” The nationalities of the foreign intelligence agents were not disclosed at the time.

But Mudge told the panel that the spy was an agent of China’s Ministry of State Security, or MSS, the country’s main intelligence agency. He added that because Twitter engineers — about 4,000 employees — have broad access to company data, a foreign agent hired as an engineer would have access to personal user information and potentially other sensitive company information, such as Twitter’s plans to enter information into censor a particular region or give in to demands of a government request. But because Twitter didn’t closely monitor or record employee access, Mudge said, according to his complaint, that it was “very difficult” to identify what specific data was taken by Twitter employees as foreign agents.

The Chinese spy wasn’t the only foreign government agent on Twitter’s payroll. Mudge said in his complaint that the Indian government “has succeeded in placing agents on the company’s payroll” who were given “direct, unsupervised access to the company’s systems and user data”. In August, a former Twitter employee was found guilty of spying for the Saudi government and handing over user data of suspected dissidents.

Thousands of attempts to hack Twitter every week

A common theme in Mudge’s complaint is that Twitter didn’t have the visibility to know what data engineers had access to, or what user data or company information they had access to. But a system that tracked logins for Twitter engineers found it logged “thousands” of failed attempts to log into Twitter’s systems each week, Mudge told members of Congress.

Mudge said in his complaint that the company saw as many as 3,000 failed attempts every day, describing it as a “huge red flag”. Mudge said then-Twitter chief technology officer Parag Agrawal – now chief executive – has not assigned anyone to diagnose or fix the problem, the complaint added.

“This fundamental lack of logging within Twitter is a holdover from being so far behind in infrastructure, engineering and engineers not being given the ability to put things in place to modernize,” Mudge testified.

What Twitter knows about its users and why spies want it

Given the focus of Twitter’s seemingly lax access controls to user information, lawmakers asked Mudge what kind of data Twitter collects from its users. Mudge said Twitter doesn’t fully understand the extent of the data it collects.

He said Twitter collects the following data, among other things: a user’s phone number, current and past IP addresses the user connects to, current and past email addresses, the person’s approximate location based on IP addresses, and information about the person’s device or browser. they have access to Twitter, such as the make and model, and the language of the user.

Mudge said it was possible for engineers to have access to this information and it would be an attractive target for foreign intelligence agencies. One of the reasons he cited was that it would be helpful for governments to target certain groups and monitor what Twitter knows about their agents or information activities.

Mudge also warned that Twitter user information can be used to harass or target individuals as part of real-world influence operations, such as a family member or co-worker, and can be used as leverage to influence people close to them. without them knowing. “It can be used with other data sets,” Mudge told lawmakers, citing past breaches, including mass thefts of US government health data and personnel records, such as the 2012 breach of 22 million US Office of Personnel Management records. Mudge told lawmakers his own OPM file was stolen in the breach from when he worked for the federal government.

US government agencies let companies ‘assess their own homework’

Mudge’s complaint and subsequent testimony come just months after Twitter paid $150 million in a settlement with the Federal Trade Commission for violating its 2011 privacy agreement after the company used email and phone records to protect their accounts. secure, but then used that same information for targeted advertising.

Mudge told lawmakers that while government agencies have a responsibility to enforce the law and that they have the right intent, he accused the FTC of being “a little over the top” by allowing companies to “assess their own homework.” . In response to a question from Senator Richard Blumenthal, Mudge referred to the 2011 privacy agreement and asked, “How? [has Twitter] endure this?”

Speaking of the regulators and their enforcement powers, Mudge told lawmakers, “What I’ve seen the tools in the tool belt don’t work.”

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

More than half of Bitcoin volume on crypto exchanges fake: report

More than 51 percent of the total Bitcoin trading volume on various cryptocurrency exchanges this year is fake. According to data from niche...

From Managing The Harvard Alpha Fund To Starting A $1 Billion Hedge Fund — Divya Nettimi’s Journey

Mentioned in the Forbes listNettimi was also on Forbes' list of '30 Under 30' in finance in 2016, while she was an investment analyst...

Upcoming electric cars in India in 2022 – see the expected price and range here

Upcoming electric cars in India in 2022 - see the expected price and range here

Kevin Spacey’s trial begins nearly five years after Anthony Rapp accused him of sexual abuse

The jurors were sworn in Thursday morning in the civil trial of Kevin Spacey, the Oscar-winning star accused by fellow actor Anthony Rapp of...

The software is the thing • londonbusinessblog.com

As with the Pixel Watch, we'll be bringing more in-depth thoughts with a full review in the near future. However, now seems like...