Skip to main content

Breaking down the Twitter whistleblower allegations and how it affects the Musk takeover

On Tuesday, The Washington Post published an extensive report about a Twitter whistleblower who alleges that the social media company’s executives have misled, well, just about everyone (but especially federal regulators and Twitter’s own board of directors), about its own security issues. The whistleblower complaint details quite a few alleged serious problems at Twitter, including security issues and a lack of resources to fully address disinformation. Notably, the complaint also mentions Twitter’s spam and bot issues. If you’ve been following along with the Elon Musk Twitter takeover saga, you know that ascertaining the true number of bots on the bird app has been a particular roadblock for Twitter’s acquisition.

In July, the complaint was filed with two agencies (the Securities and Exchange Commission (SEC) and the Federal Trade Commission (FTC), as well as the Department of Justice. And the complaint wasn’t filed by just anybody. The whistleblower was none other than Twitter’s former head of security, Peiter Zatko. Zatko is also a well-respected hacker himself, also known as “Mudge.”

Zatko’s complaint doesn’t just accuse Twitter of misrepresenting its level of security and of being in breach of its settlement with the FTC. The complaint contains lots of alleged security issues and problems at Twitter. Let’s take a look at some of them.

Here are some of the serious security issues alleged in the complaint as reported by The Washington Post:

  • Employee access to core company software resulted in account hacks: Many employees (thousands) “had wide-ranging and poorly tracked internal access to core company software” which led to account hacks. Such account hacks included the Twitter accounts of two former presidents of the United States and Elon Musk.
  •  Twitter was reportedly “forced” to hire an Indian government agent and that agent was given “access to user data at a time of intense protests in the country.”
  • Company laptops with security issues: The complaint claims that around 30% of company laptops had automatic software updates blocked and those updates included security fixes. There were also thousands of laptops that contained full copies of Twitter’s source code. This latter issue is particularly concerning because according to interviews conducted by The Washington Post with “current and former employees,” if a hacker had been able to access one of those laptops it would have been possible for them to “sabotage the product with relative ease because the engineers pushed out changes without being forced to test them first in a simulated environment …”
  • The complaint also contained a claim that approximately half of Twitter’s full-time employees had access to its internal software. Such access was described in the Post’s article as “not closely monitored” and apparently included “the ability to tap into sensitive data and alter how the service worked.” That means around half of about 7,000 employees had such access.

And here are some other non-security, yet-still-concerning issues the complaint brought up about Twitter:

  • Feeble response to disinformation: Twitter, like other platforms struggles with disinformation. But in an effort to address it, Zatko had ordered that an outside report be done which apparently assessed Twitter’s response to disinformation and that report revealed a lack of resources dedicated to fighting the issue. That report found: a disinformation team with unfilled positions, “yawning language deficiencies, and a lack of technical tools or the engineers to craft them.” One quote from The Washington Post report seemed particularly damning: “The authors said Twitter had no effective means of dealing with consistent spreaders of falsehoods.”
  • Data center issues that could have shut down the service: Zatko alerted Twitter’s board that the service itself was at risk of being down for months or losing all of its data due to “overlapping outages in the company’s data centers” which could have caused an inability to restart its servers properly.

You’re probably wondering if, among the laundry list of allegations against Twitter, if there’s anything in Zatko’s whistleblower complaint that could affect Twitter’s current legal fight to force Tesla CEO Elon Musk to honor their prior agreement for Musk to purchase the bird app. The complaint does mention a bit about Twitter’s spam and bot issues (which Musk was famously loudly concerned about), but we don’t know for certain yet how that will shake out in the actual legal proceedings. Here’s what we do know:

These revelations could hurt Twitter’s case against Musk, if proven to be true.

The complaint itself does allege that Zatko tried to find out exactly how common bots and spam were on Twitter as a whole but was ultimately unable to obtain a clear answer. According to The Washington Post, Zatko indicates that (according to a “sensitive source”) “Twitter was afraid to determine that number because it ‘would harm the image and valuation of the company.'”

The complaint is also quoted in the article as saying the following about Twitter and its CEO’s responses to earlier allegations about the bird app’s reported bot percentage estimates:

“’Agrawal’s Tweets and Twitter’s previous blog posts misleadingly imply that Twitter employs proactive, sophisticated systems to measure and block spam bots,” the complaint says. “The reality: mostly outdated, unmonitored, simple scripts plus overworked, inefficient, understaffed, and reactive human teams.’”

If true, the above revelations about the true number of bots on Twitter (and how they’re counted and blocked) could hurt Twitter’s case against Musk, as Musk cited concerns about the validity of Twitter’s bot percentage estimates among the reasons why he no longer wanted to purchase the company. And if Twitter’s reported bot estimate percentages prove to be inaccurate, that’s a violation of the acquisition deal Musk and Twitter struck, which could mean Musk may not have to go through with the deal after all.

NEW: Musk lawyer Alex Spiro said they want to talk to Twitter whistleblower.

“We have already issued a subpoena for Mr. Zatko, and we found his exit and that of other key employees curious in light of what we have been finding.”

— Donie O'Sullivan (@donie) August 23, 2022

And it looks like Musk’s legal team is already interested in Zatko’s allegations. According to a tweet posted by CNN correspondent Donie O’Sullivan, a lawyer for Elon Musk named Alex Spiro said the following:

“We have already issued a subpoena for Mr. Zatko, and we found his exit and that of other key employees curious in light of what we have been finding.”

Editors' Recommendations