Tag Archive for: Reckless

Twitter whistleblower alleges reckless and negligent cybersecurity policies


By Donie O’Sullivan, Clare Duffy and Brian Fung, CNN Business

Twitter has major security problems that pose a threat to its own users’ personal information, to company shareholders, to national security, and to democracy, according to an explosive whistleblower disclosure obtained exclusively by CNN and The Washington Post.

The disclosure, sent last month to Congress and federal agencies, paints a picture of a chaotic and reckless environment at a mismanaged company that allows too many of its staff access to the platform’s central controls and most sensitive information without adequate oversight. It also alleges that some of the company’s senior-most executives have been trying to cover up Twitter’s serious vulnerabilities, and that one or more current employees may be working for a foreign intelligence service.

The whistleblower, who has agreed to be publicly identified, is Peiter “Mudge” Zatko, who was previously the company’s head of security, reporting directly to the CEO. Zatko further alleges that Twitter’s leadership has misled its own board and government regulators about its security vulnerabilities, including some that could allegedly open the door to foreign spying or manipulation, hacking and disinformation campaigns. The whistleblower also alleges Twitter does not reliably delete users’ data after they cancel their accounts, in some cases because the company has lost track of the information, and that it has misled regulators about whether it deletes the data as it is required to do. The whistleblower also says Twitter executives don’t have the resources to fully understand the true number of bots on the platform, and were not motivated to. Bots have recently become central to Elon Musk’s attempts to back out of a $44 billion deal to buy the company (although Twitter denies Musk’s claims).

Musk subpoenas friend, former Twitter CEO Dorsey in acquisition battle

Zatko was fired by Twitter in January for what the company claims was poor performance. According to Zatko, his public whistleblowing comes after he attempted to flag the security lapses to Twitter’s board and to help Twitter fix years of technical shortcomings and…

Source…

Reckless abuse (again) of surveillance spyware that was sold to governments

We keep seeing a common theme when it comes to spyware sold exclusively to governments, surveillance spyware which is marketed as lawful tools to help governments fight crime and terrorism; those remote intrusion solutions are increasingly used to spy on people who the governments consider to be a threat because those people are revealing the truth to the public. The latest example comes from Mexico, showing how powerful spyware was used to target journalists investigating high-level official corruption and human rights defenders investigating government-sponsored human rights abuses.

The surveillance spyware Pegasus (pdf), sold by the Israel-based NSO Group, is meant to remotely take complete control of mobile phones. While this isn’t the first time the stealthy Pegasus has been abused by governments for purposes other than preventing and investigating crimes, Citizen Lab said it is the first time a minor has been targeted with infection attempts using governmental spyware. Why target a kid? To spy on his mother.

To read this article in full or to leave a comment, please click here

Network World Security