A company hires a manager and fires him after a little more than a year, whereupon the ousted employee publicly taunts his former employer. So far, so commonplace, but this current case is spectacular: Because Twitter’s frustrated former security chief is called Peiter Zatko and is a legendary hacker who is very familiar with IT security. His accusations weigh heavily. You meet a company caught up in a fateful legal battle with the richest man in the world.
$44 billion is at stake. In April, Elon Musk committed to buying Twitter for that price. In a spectacular turn of events, however, the Tesla boss shortly thereafter began to reverse the takeover. This is where Zatko comes into play, whose allegations play into the hands of the struggling buyer. So far, Musk’s arguments have been flimsy, his chances in court slim. So for him the whistleblower dives at the best possible time.
More than 200 pages are the complaints that Zatko has filed with the US Securities and Exchange Commission, the FTC and the Department of Justice. At the same time he spoke CNN and the Washington Post. The most substantive accusation concerns allegedly insufficient Access Restrictions for Employees. “Twitter is grossly negligent in several areas of information security,” writes Zatko. All developers could have accessed sensitive systems and thus the data of millions of users, including many top politicians.
The documents paint a picture of a company that doesn’t value security: unprotected servers, uncontrolled permissions, lack of security updates and attempts to mislead the public. Like most platforms, the company has an inglorious history of glitches and hacks. In 2011, Twitter shut down a comparison with the FTC and committed to better protecting data and systems.
Zatko’s material raises doubts that the company did so. It comes from his time as Twitter’s head of security, whose then-boss Jack Dorsey personally hired him in November 2020. Previously, teenagers briefly shared the accounts of Kanye West, Elon Musk, and hijacked by other celebrities. Zatko should prevent similar disasters.
From Dorsey’s point of view, the choice was understandable: in three decades, Zatko, nicknamed “Mudge”, has earned great respect among hackers and IT security experts. He was part of the influential hacker collective L0pht, later worked for the US Department of Defense and Google. Nobody doubts his professional qualities, his word carries weight in the scene. He is considered uncomfortable, companions appreciate him for it.
On Twitter, he apparently offended with his style. When Parag Agrawal replaced Dorsey at the helm in November, he threw out Zatko within weeks, allegedly because of poor performance and lack of leadership skills. Twitter has now said its complaints are exaggerated or false, and that many of the problems have long since been fixed.
In fact, some of the allegations do not seem to be very reliable. Among other things, Zatko accuses Twitter of employing an agent of the Indian government. This representation is distorted: an Indian law forces tech companies to appoint local officials who are personally liable if the government does not like the company’s decisions. On the other hand, Twitter complains – anticipatory collaboration, as Zatko alleges, looks different.
Nevertheless, allegations remain that Twitter cannot easily get rid of. At least for some claims there are other sources, including ex-employees, which support Zatko’s allegations. But there’s only one thing that can be said for sure: For Musk, the chaos is a blessing.
For months, the Tesla boss has been looking for arguments that would enable him to get out of the purchase contract. He zeroed in on the proportion of spam bots and fake accounts – user accounts that are only used for advertising or disinformation. Twitter says fewer than 5 percent of accounts aren’t made up of real people. Musk thinks that’s an understatement, but hasn’t provided any evidence other than his gut feeling. Even if his allegations are correct, that should not be enough to reverse the entire takeover in court.
Zatko also sees a big problem in Twitter’s spam bots. Although he claims his complaint has nothing to do with Musk, the billionaire and his tweets feature prominently in it. On closer inspection he contradicts Musk in terms of content: Twitter reports the proportion of spam bots correctly because it has an economic interest in doing so.
Musk doesn’t seem to mind, obviously enjoying the excitement. In a nod to the whistleblower, he shared an image on Twitter with the title of a song from the movie Pinocchio: “Give a Little Whistle.” This should not be understood as a general call to make grievances public: Critical journalists and former Tesla employees who went public with allegations is suing Musk relentlessly.