U.S. markets close in 1 hour 26 minutes

  • S&P 500

    3,973.04
    -137.37 (-3.34%)
     

  • Dow 30

    31,402.68
    -978.66 (-3.02%)
     

  • Nasdaq

    11,752.19
    -514.22 (-4.19%)
     

  • Russell 2000

    1,846.24
    -59.85 (-3.14%)
     

  • Crude Oil

    87.32
    -0.46 (-0.52%)
     

  • Gold

    1,715.80
    -24.80 (-1.42%)
     

  • Silver

    19.45
    -0.41 (-2.04%)
     

  • EUR/USD

    0.9988
    -0.0133 (-1.32%)
     

  • 10-Yr Bond

    3.4350
    +0.0730 (+2.17%)
     

  • GBP/USD

    1.1515
    -0.0166 (-1.42%)
     

  • USD/JPY

    144.3550
    +1.5550 (+1.09%)
     

  • BTC-USD

    20,731.10
    -1,579.51 (-7.08%)
     

  • CMC Crypto 200

    490.01
    -32.68 (-6.25%)
     

  • FTSE 100

    7,385.86
    -87.17 (-1.17%)
     

  • Nikkei 225

    28,614.63
    +72.52 (+0.25%)
     

What we learned when Twitter whistleblower Mudge testified to Congress

Zack Whittaker
·5 min read

A ticking bomb of security vulnerabilities. Covering up security failures. Duping regulators and misleading lawmakers.

These are just some of the allegations when Twitter's ex-security lead turned whistleblower, Peiter Zatko, testified to the Senate Judiciary Committee on Tuesday, less than a month after the release of his explosive whistleblower complaint filed with federal regulators. Zatko, better known as Mudge, made his first comments since the public release of his complaint.

Twitter did not respond to a request for comment.

These are the key takeaways from Mudge's testimony to lawmakers and what we learned from Tuesday's hearing.

FBI warned Twitter it had a Chinese spy on staff

Sen. Chuck Grassley, the ranking member of the Senate Judiciary Committee, said in his opening remarks that the FBI warned Twitter that it may have a Chinese spy on its payroll.

A redacted version of Mudge's whistleblower complaint released last month said that Twitter received specific information from the U.S. government that "one or more particular company employees were working on behalf of another particular foreign intelligence agency." The nationality of the foreign intelligence agents were not disclosed at the time.

But Mudge told the panel that the spy was an agent of China's Ministry of State Security, or MSS, the country's main intelligence agency. He added that because Twitter engineers — about 4,000 employees — have broad access to company data, a foreign agent hired as an engineer would have access to personal user information and potentially other sensitive company information, such as Twitter's plans to censor information in a certain region or concede to demands of a government request. But because Twitter did not closely monitor or log employees' access, according to his complaint, Mudge said it was "very difficult" to identify what specific data was taken by Twitter employees as foreign agents.

The Chinese spy wasn't the only agent of a foreign government on Twitter's payroll. Mudge said in his complaint that the Indian government "succeeded in placing agents on the company payroll" who were granted "direct unsupervised access to the company’s systems and user data." In August, a former Twitter employee was found guilty of spying for the Saudi government and handing over user data of suspected dissidents.

Thousands of attempts to hack into Twitter weekly

A common theme in Mudge's complaint is that Twitter did not have the visibility to know what data engineers had access to, or what user data or company information they were accessing. But one system that tracked logins for Twitter engineers found that it was registering "thousands" of failed attempts to log in to Twitter's systems each week, Mudge told members of Congress.

Mudge said in his complaint that the company saw as many as 3,000 failed attempts each day, describing it as a "huge red flag." Mudge said then-Twitter chief technology officer Parag Agrawal — now chief executive — did not assign anyone to diagnose or fix the issue, the complaint added.

"This fundamental lack of logging inside Twitter is a remnant of being so far behind on their infrastructure, the engineering, and the engineers not being given the ability to put things in place to modernize," Mudge testified.

What Twitter knows about its users, and why spies want it

Given the focus of Twitter's apparent lax access controls to users' information, lawmakers asked Mudge what specific kind of data that Twitter collects from its users. Mudge said Twitter does not fully understand the scale of what data it collects.

He said among the data Twitter collects includes: a user's phone number, the current and past IP addresses that the user is connecting from, current and past email addresses, the person's approximate location based on IP addresses, and information about the person's device or browser they are accessing Twitter from, such as the make and model, and user's language.

Mudge said it was possible that engineers had access to this information and would be an attractive target for foreign intelligence agencies. One of the reasons he cited was that it would be helpful for governments to target particular groups and keep tabs on what Twitter knows about their agents or information operations.

Mudge also warned that Twitter user information could be used for harassment or targeting individuals as part of influence operations in the real-world, such as a family member or a colleague, and used as leverage to influence people close to them without their awareness. "It might be used with other data collection," Mudge told lawmakers, citing previous breaches, including massive thefts of health data and U.S. government personnel files, such as the breach of 22 million records from the U.S. Office of Personnel Management in 2012. Mudge told lawmakers that his own OPM file was stolen in the breach from when he worked for the federal government.

U.S. government agencies let companies 'grade their own homework'

Mudge's complaint and subsequent testimony lands just months after Twitter paid $150 million in a settlement with the Federal Trade Commission for violating its 2011 privacy agreement, after the company used email and phone data for securing their accounts but then used that same information for targeted advertising.

Mudge told lawmakers that while government agencies have a responsibility to enforce the law and that they have the right intent, he accused the FTC of being a "little over its head" by allowing companies to "grade their own homework." In response to a question by Sen. Richard Blumenthal, Mudge referenced the 2011 privacy agreement and asked, "How [has Twitter] been passing this?"

Speaking of the regulators and their enforcement powers, Mudge told lawmakers: "What I have seen, the tools in the toolbelt are not working."

Ex-security chief accuses Twitter of cybersecurity mismanagement in an explosive whistleblower complaint

Recommended Stories

  • How Lawmakers Are ‘Quiet Quitting’ Congress

    Photo Illustration by Elizabeth Brockway/The Daily Beast/GettyWhen the U.S. House moved to allow lawmakers to vote remotely in May 2020, it was an important step toward preserving the functioning of government during a dangerous and uncertain pandemic.More than two years later, the country has largely returned to a pre-COVID normal. Capitol Hill itself has even reopened its doors to visitors. And yet, remote voting remains in full effect—with lawmakers using the privilege more than ever.A compre

  • Honda launches plan to electrify motorcycle fleet

    Story at a glance Honda said it is targeting annual sales of 1 million units over the next five years and 3.5 million units, about 15 percent of total sales, by 2030. Most models will be commuter scooters for the Asian and European markets, while four “Fun EV” models are expected to debut in the…

  • King Charles and Queen Camilla Visit Ireland as They Continue U.K. Tour Following Queen's Death

    Among the crowds was a corgi, the favorite dog breed of Queen Elizabeth's, who got a pet from the new King

  • Twitter whistleblower faces the Senate. Then what?

    Tuesday's Senate testimony follows in the footsteps of years of congressional hearings on complaints about Silicon Valley, from election disinformation to Cambridge Analytica to Frances Haugen.

  • Helena Christensen Rules the NYFW Runway at 53 With Long Legs & a Golden Glow

    Helena Christensen is 53 years old and has no intentions of slowing down when it comes to strutting down the runway. The supermodel was seen setting the runway on fire with her gorgeous glow at the Vogue World show at New York Fashion Week on Monday. Wearing a stunning gold sequin gown that sparkle from […]

  • Smaller tech companies urge vote on antitrust bill

    Smaller tech companies that offer more privacy options than the dominant giants on Tuesday sent a letter urging Congress to pass a key antitrust bill. A dozen companies, including Proton, Mozilla and DuckDuckGo, asked House and Senate leaders to bring the American Innovation and Choice Online Act to a vote “as soon as possible,” arguing…

  • What's next for the UK as Queen Elizabeth II laid to rest

    The death of Queen Elizabeth II set in motion a tightly choreographed series of ceremonial and constitutional steps, as Britain undergoes a period of national mourning and enters the reign of King Charles III. A long-established 10-day plan, code-named Operation London Bridge, covered arrangements for the queen's final journey to London and state funeral. — The queen's coffin is taken by hearse from St. Giles Cathedral in Edinburgh to Edinburgh Airport.

  • Nicola Peltz and Brooklyn Beckham Make Their Runway Debut During Vogue World Show at NYFW

    Nicola Peltz and Brooklyn Beckham said their I Dos on April 9 during a dreamy wedding ceremony in Palm Beach, Florida

  • Twitter whistleblower bringing security warnings to Congress

    Peiter “Mudge” Zatko, the Twitter whistleblower who is warning of security flaws, privacy threats and lax controls at the social platform, will take his case to Congress on Tuesday. Senators who will hear Zatko’s testimony before the Senate Judiciary Committee are alarmed by his Twitter allegations at a time of heightened concern over the safety of powerful tech platforms. Zatko, a respected cybersecurity expert, was Twitter’s head of security until he was fired early this year.

  • R. Kelly attorney urges jury to put aside what they may have heard about him, see ‘humanity’ in accused superstar

    CHICAGO — The attorney for R. Kelly urged the jury in her closing argument Tuesday to put aside any preconceived notions they may have about the R&B superstar and see “the humanity” in him when deliberating charges of child pornography and obstruction of justice. Jennifer Bonjean began her final presentation to the jury by asking them to treat Kelly like a “John Doe,” as some of his accusers ...

  • Exclusive-Germany drawing up new China trade policy, vows 'no more naivety'

    Germany's economy minister said on Tuesday the government was working on a new trade policy with China to reduce dependence on Chinese raw materials, batteries and semiconductors, promising "no more naivety" in trade dealings with Beijing. Sources told Reuters last week the economy ministry was considering a raft of new measures to make business with China less attractive. This is the first time the minister has made clear the tougher line was being translated into policy measures.

  • Biden signs executive order targeting biotech as he talks up ‘cancer moonshot’

    President Joe Biden signs an executive order that aims to boost the biotech industry, with the move coming as he gives a speech in Boston on a cancer moonshot.

  • Twitter whistleblower cites security flaws before Congress

    The former security chief at Twitter told Congress that the social media platform is plagued by weak cyber defenses that make it vulnerable to exploitation by “teenagers, thieves and spies” and put the privacy of its users at risk. Peiter “Mudge” Zatko, a respected cybersecurity expert, appeared before the Senate Judiciary Committee to lay out his allegations Tuesday. “I am here today because Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors," Zatko said as he began his sworn testimony.

  • Unit designed to protect Moscow from NATO attack suffered heavy casualties, U.K. says

    A unit designed to defend Moscow from attack in the event of a war with NATO suffered heavy casualties at the hands of Ukraine, according to the U.K.

  • Cannabis Company Tilray Just Made a Major Blunder

    A Tilray press release last week seems to have caused some dismay among Germany's drug regulators.

  • Analysis-Why are Armenia and Azerbaijan fighting again, and why does it matter?

    Several dozen Armenian soldiers and an undisclosed number of Azeris were killed on Tuesday in the deadliest fighting between Azerbaijan and Armenia since a 2020 war. WHAT ARE ARMENIA AND AZERBAIJAN FIGHTING OVER? Armenia and Azerbaijan, two former Soviet countries in the south Caucasus, have been fighting for decades over Nagorno-Karabakh, a mountainous enclave internationally recognised as part of Azerbaijan but which until 2020 was populated and fully controlled by ethnic Armenians.

  • Fed likely to hike by 100 bps in September -Nomura

    In a research note published following a hotter-than-expected U.S. August Consumer Price Index report, the investment bank also said it was raising its forecast for the terminal rate by 50 basis points to 4.50%-4.75% by February 2023. The Federal Reserve will release its policy decision at the close of its two-day meeting next week, on Sept. 20-21.

  • Why Democrats Want to End Lucrative Retirement Loophole

    Congressional Democrats want to slam shut a tax loophole known as the "backdoor" Roth IRA. In one of several proposed changes that target the retirement accounts of wealthy Americans, Democrats on the House Ways and Means Committee want to prohibit people … Continue reading → The post Democrats Want to End This Lucrative Retirement Account Loophole appeared first on SmartAsset Blog.

  • Ukraine Latest: Putin Sets Key China, India, Turkey Meetings

    (Bloomberg) -- Vladimir Putin will hold bilateral meetings this week with leaders of China, India, Turkey and Iran, the Kremlin said, as the Russian leader seeks to use a summit in Uzbekistan to counter his diplomatic isolation. Most Read from BloombergUS Inflation Tops Forecasts, Cementing Odds of Big Fed HikeThe World’s Hottest Housing Markets Are Facing a Painful ResetStock Rout Deepens as Inflation Woes Hit Sentiment: Markets WrapUkrainian Successes Raise Russian Collapse to Realm of Possibi

  • U.S. inflation roars back in August, CPI shows, despite falling gas prices

    Falling gas prices last month delivered a second low inflation reading in a row as the consumer price index rose by just 0.1% in August. But inflation is still running near a 40-year high and is set to spur the Federal Reserve to sharply raise U.S. interest rates again this month.