Twitter’s former head of security alleged that the company misled regulators about its poor cybersecurity defenses and its negligence in attempting to root out fake accounts that spread disinformation, according to a whistleblower complaint filed with US officials.
The revelation could create serious legal and financial problems for the social media platform, which is currently attempting to force Tesla CEO Elon Musk to consummate his $44 billion offer to buy the company. Several members of Congress on Tuesday called on regulators to investigate the claims.
Peiter Zatko, who served as Twitter’s security chief until he was fired early this year, filed the complaints last month with the US Securities and Exchange Commission, the Federal Trade Commission and the Department of Justice. The legal nonprofit Whistleblower Aid, which is working with Zatko, confirmed the authenticity of a redacted copy of the complaint posted online by the Washington Post.
“This was a last resort for him,” said John Tye, the group’s co-founder and chief disclosure officer, in an interview Tuesday. He said Zatko exhausted all attempts to get his concerns resolved inside the company before his firing in January.
Among Zatko’s most serious accusations is that Twitter violated the terms of a 2011 FTC settlement by falsely claiming that it had put stronger measures in place to protect the security and privacy of its users. Zatko also accuses the company of deceptions involving its handling of “spam” or fake accounts, an allegation that is at the core of Musk’s attempt to back out of the Twitter takeover.
Better known by his hacker handle “Mudge,” Zatko is a highly respected cybersecurity expert who first gained prominence in the 1990s and later worked in senior positions at the Pentagon’s Defense Advanced Research Agency and Google.
He joined Twitter at the urging of then-CEO Jack Dorsey in late 2020, the same year the company suffered an embarrassing security breach involving hackers who broke into the Twitter accounts of world leaders, celebrities and tech moguls, including Musk, in an attempt to scam their followers out of bitcoin.
Twitter said in a prepared statement Tuesday that Zatko was fired for “ineffective leadership and poor performance” and said the “allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders.” The company called his complaint “a false narrative” that is “riddled with inconsistencies and inaccuracies and lacks important context.”
Zatko’s attorneys, Debra Katz and Alexis Ronickher, said Twitter’s claim about his poor performance is false and that he repeatedly raised concerns about “grossly inadequate information security systems” with top executives and Twitter’s board of directors. The lawyers said that in late 2021, after the board was given “whitewashed” information about those security problems, Zatko escalated his concerns, “clashed” with CEO Parag Agrawal and board member Omid Kordestani and was fired two weeks later.
The 84-page complaint describes a broken corporate culture at Twitter that lacked effective leadership and where Zatko said top executives practiced “deliberate ignorance” of pressing problems. His description of Dorsey’s leadership style is particularly scathing; he described the Twitter founder as “extremely disengaged” during the last months of his tenure as CEO to the point where he would not even speak during meetings on complex issues facing the company.
Zatko said he heard from colleagues that Dorsey would remain silent for “days or weeks.” Dorsey announced he was stepping down as Twitter CEO in November 2021.
The disclosure says Twitter offered no monetary incentives for improving security and platform integrity, although the company did offer $10 million bonuses last year for top executives who could generate short-term user growth.
Among Zatko’s accusations of cybersecurity malpractice: Software and security updates were disabled on more than a third of employees’ computers — unduly exposing them to malware — and it was common for people to install “whatever software they wanted on their work systems.” Such lapses are typically considered cardinal sins in cybersecurity.
Whistleblower Aid said it is legally precluded from sharing Zatko’s statement. The same group worked with former Facebook employee Frances Haugen, who testified to Congress last year after leaking internal documents and accusing the social media giant of choosing profit over safety.
“I wouldn’t say he’s happy about having to become a whistleblower, but he’s resolute in his decision,” Tye said. “And committed to getting to the bottom of this.”
Among the most alarming complaints is Zatko’s allegation that Twitter knowingly allowed the Indian government to place its agents on the company payroll where they had “direct unsupervised access to the company’s systems and user data.”
A 2011 FTC complaint noted that Twitter’s systems were full of highly sensitive data that could allow a hostile government to find precise location data for specific users and target them for violence or arrest. Earlier this month, a former Twitter employee was found guilty after a trial in California of passing along sensitive Twitter user data to royal family members in Saudi Arabia in exchange for bribes.
The complaint said Twitter was also heavily reliant on funding by Chinese entities and that there were concerns within Twitter that the company was providing information to those entities that would enable them to learn the identify and sensitive information of Chinese users who secretly use Twitter, which is officially banned in China.
Zatko also describes willful ignorance by Twitter executives on counting the millions of accounts that are automated “spam bots” or otherwise have no value to advertisers because there is no person behind them. Zatko cited a “damning” 2021 outside report that found Twitter’s tools for tackling bots were neither sufficiently automated or sophisticated and instead relied on humans “not adequately staffed or resourced, to address the misinformation and disinformation problem.”
Alex Spiro, an attorney representing Musk in his effort to back out of his Twitter acquisition deal, said lawyers have issued a subpoena for Zatko. “We found his exit and that of other key employees curious in light of what we have been finding,” Spiro wrote in an email Tuesday. Spiro said Zatko and Musk have not been in contact at any time this year.
Tye said “he’s never met Elon Musk. Doesn’t know Elon Musk. They know people in common.” Asked if mutual friends could have shared information about Twitter’s bot problems with Musk, Tye said Zatko “has not communicated with any other party about his disclosures” since filing the complaints in July.
Whistleblower accuses Twitter of cybersecurity negligence
https://arab.news/25yzz
Whistleblower accuses Twitter of cybersecurity negligence
- Peiter Zatko served as Twitter’s security chief until he was fired early this year
- Better known by his hacker handle ‘Mudge,’ Zatko is a highly respected cybersecurity expert
Like Digital & Partners opens new office in Saudi Arabia
- Digital transformation agency expands with Riyadh premises
DUBAI: Like Digital & Partners, an independent digital transformation agency with offices in Dubai and London, has announced the opening of premises in Riyadh to mark its expansion into the Kingdom.
The move comes a month after the agency partnered with business expansion platform AstroLabs to extend its footprint in the region.
The new office in Riyadh will underscore its commitment to the region, it said in a statement.
Like Digital & Partners aims to create new jobs primarily in the fields of project management and user interface design. It plans to employ 10 to 15 staff members at its Riyadh office by the end of 2025.
Specializing in the hospitality industry, the agency has worked with resorts such as Atlantis and One&Only One Za’abeel. It aims to leverage this expertise and experience in the Kingdom, which is seeing an influx of new hotels and resorts, the agency said.
Karl Escritt, CEO of Like Digital & Partners, said: “As we continue our rapid expansion into the GCC (Gulf Cooperation Council) market and beyond, we are delighted to lay down roots in Riyadh, Saudi Arabia.
“Having dedicated years to nurturing our business in the Kingdom and developing our knowledge and expertise of the market, we are looking forward to further strengthening our ties and servicing new clients.”
Publicis Sapient appoints new managing director for Saudi Arabia
- Ashwaq Al-Shathri will be based in Riyadh, oversee company’s business growth in the Kingdom
DUBAI: Publicis Sapient, a digital business transformation company, has announced the appointment of Ashwaq Al-Shathri as country managing director for Saudi Arabia.
The appointment reflects the importance of the Kingdom and the Middle East for Publicis Sapient, the company said.
Based in the company’s Riyadh office, Al-Shathri will be responsible for accelerating business growth in Saudi Arabia and building the operational business and community.
She will lead the teams responsible for digital business transformation in the region, leveraging the company’s strategy, product, experience, engineering and data, and artificial intelligence capabilities.
Nigel Vaz, CEO of Publicis Sapient, said: “We’re committed to supporting KSA’s technology-driven transformation and realization of Vision 2030, while also, ultimately, helping position KSA as a leader in digital innovation on the global stage.”
Al-Shathri’s appointment “will directly contribute to our continued business growth as we scale our expertise in the Middle East to better serve our clients and their customers and help them transform digitally,” said Srinivas Devulapalli, managing director of Publicis Sapient MENA (Middle East and North Africa).
Publicis Sapient is the digital business transformation hub of Publicis Groupe with 20,000 people and over 53 offices worldwide. Its global clients include Marriott, Goldman Sachs, McDonald’s, and Walmart, while regional clients include Omantel, Diriyah Gate, and Miral.
London mayoral candidate under scrutiny for joining Islamophobic Facebook group
- Conservative candidate Susan Hall has refused to leave groups containing Islamophobic content, instead joining a new one
- Campaigner criticizes move as ‘last-ditch attempt’ to win votes as London prepares to choose new mayor
LONDON: The London mayoral candidate for the Conservative Party has come under scrutiny for her involvement in Facebook groups known for hosting Islamophobic content.
A joint investigation by Greenpeace-funded outlet Unearthed and The Guardian revealed that Susan Hall was a member of at least six private Facebook groups containing Islamophobic hate speech and abusive remarks directed at her opponent, Sadiq Khan.
The exposé revealed that the groups, presented as local grassroots campaigns against London’s clean air policies, are run by Conservative Party operatives including staff and activists.
Despite public exposure, Hall has declined to exit any of these Facebook groups and instead joined another one on Tuesday, according to Unearthed.
Khan told The Guardian these revelations could have an impact on the safety of his family and staff and has urged police to take action.
Reporters who infiltrated the 36-group network uncovered numerous Islamophobic and racist posts, including derogatory remarks about Khan, labeling him a “terrorist sympathizer” and a “khaki punt.” Some commenters even expressed willingness to pay for harm to be inflicted on him.
Alongside posts inciting vandalism, the investigation identified at least one YouTube video alleging that “Islamists” were “taking over Britain.”
While Conservative staff or politicians did not appear to directly engage with these racist posts, a party spokesperson unequivocally condemned posts in the groups.
However, Ami McCarthy, a political campaigner at Greenpeace UK, criticized Hall’s decision to join another group as a “last-ditch attempt to boost her ratings,” arguing that a “respectable politician would have issued an apology and left the Facebook groups” after the exposure of racism, Islamophobia, and posts inciting criminal damage.
Londoners will cast their votes for the new mayor on Thursday, with current mayor Khan leading in the polls, according to YouGov.
Hall has previously faced similar controversies related to Islamophobia. In February, she was called upon to apologize by Khan’s Labour party after suggesting that Jewish Londoners were “frightened” of Khan and retweeting a post from a far-right figure calling Khan the “mayor of Londonistan.”
Last November, Secretary-General of the Muslim Council of Britain Zara Mohammed denounced Hall’s candidacy as “unacceptable,” highlighting the persistent nature of Islamophobia within the Conservative Party and its divisive impact on communities.
Iran files charges over BBC report on teen girl allegedly killed by security forces in 2022 protests
Iran files charges over BBC report on teen girl allegedly killed by security forces in 2022 protests
- Nika Shakarami’s death also sparked widespread outrage at the time
- Amini died after being detained by police over allegedly not wearing her mandatory hijab, or headscarf, to their liking
JERUSALEM: Iranian prosecutors filed criminal charges on Wednesday targeting activists and journalists following a BBC report that alleged security forces had “sexually assaulted and killed” a 16-year-old girl during protests over the death of Mahsa Amini in 2022.
Nika Shakarami’s death also sparked widespread outrage at the time.
Amini died after being detained by police over allegedly not wearing her mandatory hijab, or headscarf, to their liking. UN investigators have said Iran is responsible for the “physical violence” that led to Amini’s death.
In Shakarami’s case, authorities said she died after falling from a tall building, something immediately disputed by her mother, who said her daughter had been beaten.
The BBC report published on Monday — relying on what it described as a report written for Iran’s paramilitary Revolutionary Guard — said Shakarami was detained by undercover security forces who molested her, then killed her with batons and electronic stun guns after she struggled against the assault.
Iran’s Mizan news agency, run by the country’s judiciary, said on Wednesday that the BBC story was “a fake, incorrect and full-of-mistakes report,” without addressing any of the alleged errors it contained.
It was the government’s first acknowledgment of the BBC report and it said “journalists and activists” have been summoned over the issue.
“The Tehran Prosecutor’s Office filed a criminal case against these people,” Mizan said, with charges including “spreading lies” and “propaganda against the system.” The first charge can carry up at a year and a half in prison and dozens of lashes, while the second can involve up to a year’s imprisonment.
Mizan did not identify those charges and it was unclear whether prosecutors had charged three BBC journalists who bylined the report. Those associated with the BBC’s Persian service have been targeted for years by Tehran and barred from working in the country since its disputed 2009 presidential election and Green Movement protests.
The BBC did not immediately respond to a request for comment. The broadcaster noted that in recent years, there have been faked documents floating around during widespread protests, purporting to be from the Iranian government.
However, it said it had “confidence that it is genuine,” despite an inconsistency in the report using an old acronym for the police.
Iranian Interior Minister Ahmad Vahidi on Wednesday tried to dismiss the BBC report as an effort to “divert attention” from ongoing protests at American universities over the Israel-Hamas war — despite the events dominating US television networks.
“The enemy and their media have resorted to false and far-fetched reports to conduct psychological operations,” Vahidi said, according to the state-run IRNA news agency.
Company on track ‘to build future of social media’: Million CEO
- Julien Hawari says app allows more pay, engagement, control
- App was launched in Mideast, North Africa region in February
LONDON: Julien Hawari, CEO of the emerging social media platform Million, is promising to build “the future” of the sector.
Interviewed recently during the World Economic Forum’s special meeting in Riyadh, Hawari said: “Today, if you look at legacy social media (Instagram, TikTok, X), content creators are not really making money on social media. To make money, they need a third-party relation, which is the sponsor, the advertiser.
“The problem with this model is that the moment you open the door to someone to pay you, you allow this person to impose their narrative. So you’re not doing your narrative, you’re doing the narrative of the brand.”
Hawari, who promises to build “the future of social media,” said Million’s subscription model enables creators to monetize various forms of content, including pay-per-view, live streaming and e-commerce, all within the platform itself.
Million, a UAE-based startup launched in February across the Middle East and North Africa region, aims to empower content creators by giving them greater control and facilitate direct engagement with their audiences.
Hawari said he is developing a platform where users do not “lose their authenticity with their fans and audience base” and where creators can earn a larger portion of the revenue generated.
“We have an engagement-to-earn model. The more time they (creators) spend on the platform, the more money they will get. Seventy percent of advertisement revenue that comes to the platform is redistributed to the users,” Hawari said.
He added that creators can also charge their audiences a monthly subscription fee, similar to existing exclusive content platforms like Patreon.
Million is currently open to all types of content creators, including those in food, fashion and sports. However, creators must apply and undergo a review process before being invited onto the platform.
Platform regulation, including creator vetting and content monitoring, is a significant aspect of Million.
“We’re extremely sensitive to our culture, our situation in this part of the world. So we use technology … to ensure that content is within the norm of the region,” Hawari explained.
He said Million seeks to capitalize on an industry projected to grow significantly over the next few years, with the content-creator economy estimated to surge from $100 billion in 2023 to $480 billion by 2027.
“(Million) is really the first (app) of its kind. And the growth and the potential that this app has is way beyond only this part of the world,” Hawari said.
“Every day we get more and more creators that are more and more starting to learn and understand how they’re going to use this platform to make a living because at the end of the day, it’s their image, it’s their business, it’s their rules. So they decide what they want to sell (and) at what price they want to sell it.”
