Twitter Concealed Known Security Flaws

Uploaded on 2022-08-29 in TECHNOLOGY-Key Areas-Social Media, FREE TO VIEW

US social media giant Twitter has been accused of hiding major security flaws. A whistleblower has spken out to accuse Twitter of consistently lying to customers and government  officials about its attempts to repair its users data security.

While caught up in a legal battle against Elon Musk, Twitter’s former security chief until January of this year has blown the whistle on how the social media platform handles cyber security. 

Former Chief Security Officer, Peiter Zatko, has accused Twitter of severe cyber security mismanagement in a complaint filed to the US Securities and Exchange Commission (SEC) filed on July 6.  Zatko alleges that the company has been hiding the spam and bots problem which began to emerge in the dispute between the social media giant and Elon Musk.

Twitter does not know how many fake, bots or spam automated accounts it has, according to allegations by its former head of security.

Peiter Zatko's is one of the world’s most famous hackers and leading cyber security experts and has now become a whistleblower and submitted a string of allegations of repeated security violations by his former employer Twitter.
Peiter Zatko's revelations, have been seized upon by lawyers for Elon Musk, who is trying to end his bid to buy Twitter, disputing its information on the number of fake accounts it has.

Twitter says Zatko's allegations contain many inaccuracies and inconsistencies and that he was sacked in January for ineffective leadership and poor performance.

Twitter has been in a dispute with Musk since the Tesla and SpaceX CEO’s decided to abandon a deal to purchase the site for $44 billion earlier this year. Musk said he no longer wished to purchase the company, as he could not verify how many humans were on the platform, while Twitter says it estimates that fewer than 5% of its daily active users are bot accounts.

Musk has said the social media company is heavily undercounting the number of spam and bot accounts on its platform as a primary reason he’s backing out. 

According to Zatko, Twitter's management have little incentive to accurately identify or report total spam bots on the platform. In a redacted copy of the SEC filing seen by CBS news, Zatko criticises Twitter's methodology for calculating the number of spam-bots. He claims he was unable to obtain from Twitter an "upper bound" for the number of bots, accusing senior management of having "no appetite to properly measure the prevalence of bots".

  • According to the Washington Post, the complaint "provides little hard evidence" to back up his assertions about bots and spam, although these allegations may be useful to Musk in his legal argument to withdraw from buying Twitter.
  • According to Mr Zatko's lawyer, he started the whistleblowing process before Musk began his  attempts to buy the platform became public, and has made no contact with Musk.
  • Alex Spiro, an attorney for Musk, told CNN it had issued a subpoena for Mr Zatko to be a potential witness. 

Twitter's server infrastructure is another equally serious vulnerability, the SEC filing claims. About half of the company's 500,000 servers run on outdated software that does not support basic security features such as encryption for stored data or regular security updates by vendors.

Washington Post:   BBC:     CNN:    Oodaloop:     FT:   Independent:   Yahoo:    PressTV

You Might Also Read: 

Twitter, Free Speech & Disinformation:

 

« Detect Spoofing Before Your Organisation Suffers Fraud
Healthcare Ransomware Attacks Have Almost Doubled »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CERT-PA

CERT-PA

CERT-PA is the national Computer Emergency Response Team for Italian government institutions.

Sangfor Technologies

Sangfor Technologies

Sangfor is a global leader of IT infrastructure, security solutions, and cloud computing.

Liquid Technology

Liquid Technology

Liquid Technology provide DOD- and NIST-compliant data destruction and EPA-compliant e-waste disposal and recycling services throughout North America, Europe and Asia.

Hacken

Hacken

Hacken provide a range of cybersecurity services including security assessments, blockchain security audits, and secure software development.

AnChain.AI

AnChain.AI

AnChain.AI's analytics platform proactively protects crypto assets by providing proprietary artificial intelligence, knowledge graphs, and threat intelligence on blockchain transactions.

Estio Training

Estio Training

Estio Training is a specialist digital and IT apprenticeships provider, dedicated to introducing new skills and developing existing talent in businesses across the UK.

Intrinium

Intrinium

Intrinium is an Information Technology and Security Solutions company, providing comprehensive consulting and managed services to businesses of all sizes.

NanoVMs

NanoVMs

NanoVMs is the industry's only unikernel platform available today. NanoVMs runs your applications as secure, isolated virtual machines faster than bare metal installs.

Robert Walters

Robert Walters

Robert Walters is one of the world's leading global specialist professional recruitment and recruitment process outsourcing consultancies.

Ekco

Ekco

Ekco is one of Europe’s leading managed cloud providers. With a network of infrastructure and security specialists across Europe, we’ve perfected our approach to supporting digital transformation.

Hackurity.io

Hackurity.io

Hackurity.io is a high energy IT security start-up founded in 2021 out of the frustration that IT Security is highly fragmented and reactive.

Kubus Hitam

Kubus Hitam

Kubus Hitam are a research-based company focused on cyber security. we strongly believe that innovation and safety are the two keywords for the future business market.

Global Resilience Federation (GRF)

Global Resilience Federation (GRF)

GRF builds, develops and connects security information sharing communities for mutual defense.

CloudDefense.AI

CloudDefense.AI

CloudDefense.AI is an industry-leading multi-layered Cloud Native Application and Protection Platform (CNAPP) that safeguards your cloud infrastructure and cloud-native apps,

Appranix

Appranix

Appranix delivers Cloud App Resilience with app-centric entire cloud resources backup, restore, and cross-region disaster recovery.

Infodot Technologies

Infodot Technologies

Infodot Technologies specialize in a co-managed IT support and services approach, where businesses share their IT responsibilities with a skilled Managed IT Services Provider (MSP).