Twitter’s lack of internal security controls was such that the company was simply unable to detect agents of foreign intelligence services who had infiltrated the company, former security chief Peiter ‘Mudge’ Zatko says.
Zatko made the claims in testimony given to the Senate Judiciary Committee on Tuesday, in a hearing on Twitter’s data security practices.
Opening questions from Sens. Dick Durbin (D-IL) and Chuck Grassley (R-IA) quickly homed in on claims that Twitter faced numerous insider threats, including from employees of the Indian government. Zatko said that the Indian government was not the only national government to embed agents within the company. At least one Chinese spy was employed by Twitter, Zatko said, but the full extent to which the company was compromised could not be known.
“We simply lacked the ability to hunt for foreign intelligence agents and expel them on our own,” he said.
Zatko also reiterated claims made in his SEC disclosure, alleging that a lack of access logging in the company’s internal systems meant it was effectively impossible to see what data had been viewed by any specific employee. Within the company, there were “thousands” of unauthorized data access attempts every week, Zatko told the hearing, but it was impossible to precisely quantify.
But new reporting from The New Yorker, published on the day of the Judiciary Committee hearing, quotes many of Zatko’s friends and former colleagues as saying that they have been offered large sums of money to take part in “interviews” about Zatko’s personality, work ethic, and leadership style.
Despite the personal discomfort, Zatko told the Judiciary Committee that he was willing to “put it all on the line” to improve security at Twitter and in the industry as a whole.
Twitter had not responded to a request for comment by time of publication.