This is the letter Parag Agrawal wrote to Twitter staff after whistleblower’s revelations; extra particulars right here

The 12 months 2022 is getting extra chaotic for Twitter Inc. The corporate, which is already preventing over to get Tesla CEO Elon Musk to finish his $44-billion buy deal, was hit by recent allegations made by its former head of safety Peiter “Mudge” Zatko, who highlighted that there are severe and widespread safety vulnerabilities on the firm. Lashing out at his claims, Twitter CEO Parag Agrawal has now mentioned that Zatko’s claims are baseless and are “riddled with inconsistencies and inaccuracies, and introduced with out vital context”.

A current article in The Washington Submit and CNN reported that Zatko, in a whistleblower disclosure, claimed that whereas working he uncovered “excessive, egregious deficiencies” by Twitter surrounding customers’ privateness, safety, and content material moderation. Zatko was fired in January this 12 months for “poor efficiency”.   

The timing of the whistleblower letter is essential as it might give Musk sufficient causes to give up the deal to purchase Twitter for $44 billion. Musk has already raised considerations over the problem of spam-bot accounts on the social media platform. Twitter in reply has challenged the Tesla CEO in courtroom and the matter shall be heard on the Delaware Chancery Court docket on October 17.   

The whistleblower letter  

In line with the information report, Zatko had despatched the disclosure to Congress and federal businesses, together with the Securities and Change Fee (SEC), the Federal Commerce Fee, and the Division of Justice, final month stating that the microblogging web site has main safety points which can be a severe risk to customers’ private info, corporations’ secrets and techniques, shareholders, nationwide safety and the democracy.   

The letter additional acknowledged that the corporate has allowed too a lot of its employees to entry its central controls, which exposes delicate details about the customers, and there’s no verify on the entry.   

Zatko has additional alleged that the highest management and senior executives within the firm are attempting to push these discrepancies beneath the wraps, and likewise that somebody or extra staff may very well be working for the “overseas intelligence service”.  

He has additional alleged that the present management was deceptive its personal board and authorities regulators about its safety lapses inside the system, which may result in “overseas spying or manipulation, hacking and disinformation campaigns”.  

Zatko has additionally mentioned when he highlighted the lapses he acquired “stiff pushback” from Agrawal, who initially was the Chief Know-how Officer earlier than he was promoted to the CEO’s publish.

He has added that Twitter has violated an 11-year-old settlement with the FTC by inappropriately claiming that it has a complete safety program in place.   

In his disclosure be aware, which is round 200 pages, Zatko has added that his findings had been worse than what former CEO Dorsey feared at his time, as the issues have worsened beneath Agrawal. He added that the corporate had by no means complied with the FTC order and wasn’t on monitor to take action.  

He additionally added that the corporate has stored Musk in darkish in regards to the variety of spam bots in use on its platform and has misled the FTC about totally deleting the info of customers who go away the service.   

He additionally famous that Twitter’s server infrastructure is a significant issue as it’s liable to severe vulnerability. The corporate’s 500,000 servers have outdated software program, which doesn’t have up to date fundamental security measures, corresponding to encryption for saved knowledge or common safety updates by distributors.  

Agrawal’s reply  

In his reply, which was printed on Twitter by CNN reporter Donie O’Sullivan, Agrawal mentioned Zatko was himself fired in January 2022 for “ineffective management and poor efficiency.”   

He added Zatko’s narrative in regards to the firm is fake and “is riddled with inconsistencies and inaccuracies, and introduced with out vital context.”  

He highlighted that Mudge as the top of safety at Twitter was liable for the lapses he’s highlighting now, and blowing them out of proportion greater than six months after his termination.”  

“I do know that is irritating and complicated to learn, given Mudge was accountable for a lot of elements of this work that he’s now inaccurately portraying greater than six months after his termination. However none of this takes away from the vital work you could have achieved and proceed to do to safeguard the privateness and safety of our prospects and their knowledge,” he wrote to his staff.

CNN had reported that Agrawal has vowed to problem the whistleblower disclosure, and warned his employees to anticipate extra such tales to seem.

Cybersecurity champion?  

It’s to be famous right here that Zatko was a longtime safety skilled and has labored with DARPA (US Division of Protection) and Google earlier than becoming a member of Twitter in 2020. He was appointed by former CEO Jack Dorsey after a couple of youngsters hacked high-profile Twitter accounts of celebrities corresponding to Tesla CEO Musk, Kim Kardashian, former President Barack Obama, and Joe Biden, who at the moment was working for the US president publish.  His first main look was in 1998 when he participated within the first congressional hearings on cybersecurity.