Indian Government forced Twitter to put 'agent' on payroll, says whistleblower

Washington: A former head of security at Twitter has filed whistleblower complaints with U.S. officials, alleging that the company misled regulators about its cybersecurity defences and its problems with fake accounts, according to reports by The Washington Post and CNN.

Peiter Zatko, Twitter's security chief until he was fired early this year, filed the complaints last month with the U.S. Securities and Exchange Commission, the Federal Trade Commission and the Department of Justice.

Among the most alarming complaints is Zatko's allegation that Twitter knowingly allowed the Indian government to place its agents on the company payroll where they had direct unsupervised access to the company's systems and user data.

The allegations come amid the company’s legal challenge with the Ministry of Electronics and IT (MeitY) over its content blocking orders.

“The company did not in fact disclose to users that it was believed by the executive team that the Indian government had succeeded in placing agents on the company payroll,” Peiter ‘Mudge’ Zatko, former head of safety at Twitter, said in his complaint filed with the US Securities and Exchange Commission (SEC).

He alleged that the company “knowingly” permitted an “Indian government agent direct unsupervised access to the company’s systems and user data”.

Zatko also accuses the company of deceptions involving its "handling of spam" or fake accounts, an allegation that is at the core of the attempted withdrawal of a 44 billion takeover bid for Twitter by billionaire Elon Musk.

Shares of Twitter Inc. slid 4% Tuesday.

Zatko didn't immediately respond to a request for comment Tuesday but told the Post he felt ethically bound to come forward.

Zatko, better known as Mudge, is a highly respected cybersecurity expert who first gained prominence in the 1990s and later worked in senior positions at the Pentagon's Defense Advanced Research Agency and Google. He joined Twitter at the urging of then-CEO Jack Dorsey in late 2020, the same year the company suffered an embarrassing security breach involving hackers who broke into the Twitter accounts of world leaders, celebrities and tech moguls, including Musk, in an attempt to scam their followers out of Bitcoin.

Twitter said in a prepared statement Tuesday that Zatko was fired for ineffective leadership and poor performance and that the allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders.

What we've seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context, the company said.

The legal nonprofit Whistleblower Aid, which is representing Zatko, confirmed the authenticity of the document Tuesday, but said it is legally precluded from sharing it. The same group worked with former Facebook employee Frances Haugen, who testified to Congress last year after leaking internal documents and accusing the social media giant of choosing profit over safety.

A spokesperson for the U.S. Senate's intelligence committee, Rachel Cohen, said the committee has received Zatko's complaint and "is in the process of setting up a meeting to discuss the allegations in further detail. We take this matter seriously.

Sen. Dick Durbin, an Illinois Democrat, said in a prepared statement that if the claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world.

A 2011 FTC complaint noted that Twitter's systems were full of highly sensitive data that could allow a hostile government to find precise geo-location data for a specific user or group and target them for violence or arrest. Earlier this month, a former Twitter employee was found guilty after a trial in California of passing along sensitive Twitter user data to royal family members in Saudi Arabia in exchange for bribes.

The complaint said Twitter was also heavily reliant on funding by Chinese entities and that there were concerns within Twitter that the company was providing information to those entities that would enable them to learn the identify and sensitive information of Chinese users who secretly use Twitter, which is officially banned in China.

Zatko also describes deliberate ignorance by Twitter executives on counting the millions of accounts that are automated spam bots" or otherwise have no value to advertisers because there is no person behind them.

Alex Spiro, an attorney representing Musk in his effort to back out of the deal to buy Twitter, said lawyers have issued a subpoena for Zatko.

We found his exit and that of other key employees curious in light of what we have been finding, Spiro wrote in an email Tuesday. (AP)