Twitter lacked ability to detect foreign intelligence agents working in company, whistleblower tells Congress

‘We simply lacked the ability to hunt for foreign intelligence agents’

Vishwam Sankaran
Wednesday 14 September 2022 13:26 BST
Comments
Whistleblower Lays Out Twitter's Data Security Troubles

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Twitter is vulnerable to the possibility of foreign intelligence agents working in the company and accessing user data due to a lack of internal security control measures, the company’s former security head Peiter “Mudge” Zatko has said.

“We simply lacked the ability to hunt for foreign intelligence agents and expel them on our own,” Mr Zatko said on Tuesday in his testimony to the Senate Judiciary Committee on Twitter’s data security practices.

The US Senate committee raised questions on claims made by the former Twitter security head that the microblogging platform faced multiple threats, including from the Indian government to employ its intelligence agents within the company.

One of the “disturbing things,” according to Mr Zatko was Twitter’s “lack of ability” to identify inappropriate access within their own systems.

“What I did notice when we did know of a person inside acting on behalf of foreign interest as an unregistered agent, it was extremely difficult to track the people,” he said.

“There was a lack of logging and an ability to see what they were doing, what information is being accessed, or to contain their activities, or to contain their activities, let alone set steps for remediation and constitution of any damage,” the former Twitter security chief said.

Mr Zatko claimed that Twitter “certainly lacked” the abilities to hunt for foreign intelligence agents working in the company and expose them on their own.

He alleged based on his experience at the company that due to a lack of access logging in Twitter’s internal systems, it would be virtually impossible to find what data had been accessed by specific employees, adding that “thousands” of unauthorized data access attempts were made every week.

Peiter Zatko
Peiter Zatko (Getty Images)

Foreign agents may have multiple goals within the company, Mr Zatko said, including to finding out what plans Twitter has for the governments of other countries, including whether it would concede to a government censorship request or its expansion goals in a particular environment.

“Because of these disclosures we’ve learned that data from Twitter users were potentially exposed to foreign intelligence agencies. For example, his disclosure indicates that India was able to place at least two suspect foreign assets within Twitter. The soldiers also note that the FBI notified twitter of at least one Chinese agent in the company,” senator Chuck Grassley said.

“In the hands of a foreign agent embedded in Twitter, a foreign adversary could use the technology to cut down pro-democracy dissidents within their country, but also spy on Americans,” Mr Grassley noted.

Citing an example, he said in 2019 two Twitter employees indicted by the FBI used their position within the company to access private user data “and then gave it to Saudi Arabia.”

“These foreign agents were able to access and provide personal information on more than 6,000 individuals of interest to the Saudi government,” Mr Grassley added.

Responding to Mr Zatko’s allegations, a Twitter spokesperson told The Independent that the company’s hiring process is independent of any foreign influence, adding that access to data is managed through measures including background checks, access controls and monitoring, and detection systems and processes.

“The hearing only confirms that Mr Zatko’s allegations are riddled with inconsistencies and inaccuracies,” the spokesperson said.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in