Twitter Concealed Known Security Flaws

US social media giant Twitter has been accused of hiding major security flaws. A whistleblower has spken out to accuse Twitter of consistently lying to customers and government  officials about its attempts to repair its users data security.

While caught up in a legal battle against Elon Musk, Twitter’s former security chief until January of this year has blown the whistle on how the social media platform handles cyber security. 

Former Chief Security Officer, Peiter Zatko, has accused Twitter of severe cyber security mismanagement in a complaint filed to the US Securities and Exchange Commission (SEC) filed on July 6.  Zatko alleges that the company has been hiding the spam and bots problem which began to emerge in the dispute between the social media giant and Elon Musk.

Twitter does not know how many fake, bots or spam automated accounts it has, according to allegations by its former head of security.

Peiter Zatko's is one of the world’s most famous hackers and leading cyber security experts and has now become a whistleblower and submitted a string of allegations of repeated security violations by his former employer Twitter.
Peiter Zatko's revelations, have been seized upon by lawyers for Elon Musk, who is trying to end his bid to buy Twitter, disputing its information on the number of fake accounts it has.

Twitter says Zatko's allegations contain many inaccuracies and inconsistencies and that he was sacked in January for ineffective leadership and poor performance.

Twitter has been in a dispute with Musk since the Tesla and SpaceX CEO’s decided to abandon a deal to purchase the site for $44 billion earlier this year. Musk said he no longer wished to purchase the company, as he could not verify how many humans were on the platform, while Twitter says it estimates that fewer than 5% of its daily active users are bot accounts.

Musk has said the social media company is heavily undercounting the number of spam and bot accounts on its platform as a primary reason he’s backing out. 

According to Zatko, Twitter's management have little incentive to accurately identify or report total spam bots on the platform. In a redacted copy of the SEC filing seen by CBS news, Zatko criticises Twitter's methodology for calculating the number of spam-bots. He claims he was unable to obtain from Twitter an "upper bound" for the number of bots, accusing senior management of having "no appetite to properly measure the prevalence of bots".

  • According to the Washington Post, the complaint "provides little hard evidence" to back up his assertions about bots and spam, although these allegations may be useful to Musk in his legal argument to withdraw from buying Twitter.
  • According to Mr Zatko's lawyer, he started the whistleblowing process before Musk began his  attempts to buy the platform became public, and has made no contact with Musk.
  • Alex Spiro, an attorney for Musk, told CNN it had issued a subpoena for Mr Zatko to be a potential witness. 

Twitter's server infrastructure is another equally serious vulnerability, the SEC filing claims. About half of the company's 500,000 servers run on outdated software that does not support basic security features such as encryption for stored data or regular security updates by vendors.

Washington Post:   BBC:     CNN:    Oodaloop:     FT:   Independent:   Yahoo:    PressTV

You Might Also Read: 

Twitter, Free Speech & Disinformation:

 

« Detect Spoofing Before Your Organisation Suffers Fraud
Healthcare Ransomware Attacks Have Almost Doubled »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Splunk

Splunk

Splunk provide real-time Security Information & Event Management solutions for Enterprise Networks, Cloud and small-scale IT environments

National Cyber League (NCL)

National Cyber League (NCL)

The NCL provides a virtual training ground for participants to develop, practice, and validate their cybersecurity knowledge and skills.

BTWorks

BTWorks

BTWorks provides identity management and anti-phishing / smishing solutions for web and mobile apps.

NuData Security

NuData Security

NuData Security, A Mastercard Company, is an award winning behavioral biometrics company.

Learn How To Become

Learn How To Become

At LearnHowToBecome.org, our mission is to help any job-seeker understand what it takes to build and develop a career. We cover many specialist areas including cybersecurity.

SECURITI.ai

SECURITI.ai

SECURITI.ai's PrivacyOps platform is a full-stack solution that operationalizes and simplifies privacy compliance using robotic automation and a natural language interface.

Griffeshield

Griffeshield

Griffeshield is a company specialised in new information technologies used to protect Intellectual Property.

Clario Tech

Clario Tech

Clario is a simple, comprehensive, personalized protection app. It comes with a full suite of intelligent security software and intelligent people to help you live a better, safer digital life.

CYBRScore

CYBRScore

CYBRScore is a premium, performance-based cyber skills training and assessment provider that quantifies a user’s ability to defend a network.

CENSUS

CENSUS

CENSUS is a Cybersecurity services provider offering services to multiple industries worldwide such as Security Testing, Code Auditing, Secure SDLC, Vulnerability Research and Consulting Services.

AVANTEC

AVANTEC

AVANTEC is the leading Swiss provider of IT security solutions in the areas of cloud, content, network and endpoint security.

Pelta Cyber Security

Pelta Cyber Security

Pelta Cyber Security is the cyber security consulting and solutions division of Softworld Inc. We provide staffing and recruitment services as well as consulting and solutions for outsourced projects.

PNGCERT

PNGCERT

PNGCERT is the national Computer Emergency Response Team (CERT) for Papua New Guinea.

Electrosoft Services

Electrosoft Services

Electrosoft provide mature, innovative technology-based services and solutions to power critical IT programs and keep our nation safe from cybersecurity attacks.

Network Perception

Network Perception

Network Perception proactively and continuously assures the security of critical OT assets with intuitive network segmentation verification and visualization.

ASMGi

ASMGi

ASMGi is a managed services, security and GRC solutions, and software development provider.