Exposing the Gruelling Cybersecurity Reality

Surely, human beings are the smartest ever species, but that doesn’t save them from making a mistake every now and then. This fact, in particular, has popped up on the surface quite a few times throughout our history, with each appearance practically forcing us to look for a defensive cover. The world, on its part, will solve the stated conundrum once it brings dedicated regulatory bodies into the fold. You see, having a well-defined authority across all areas was a game-changer, as it instantly concealed a lot of our shortcomings, thus giving us a shot at some great possibilities. However, the whole utopia was pretty short-lived, and if we can be honest for a second, we will see how it was all technology’s fault. The moment technology and its layered nature took over the scene; it allowed people to exploit others for their own benefit, while also having to face no consequences whatsoever. The scale on which this dynamic materialized will soon overwhelm our governing forces and send them back to the drawing board. Fortunately, though, they will come back with a new plan. This has turned increasingly evident over the recent past, and one accusation against Twitter might just give the stated plan some room to become more complete moving forward.

Twitter’s former head of security, Peiter “Mudge” Zatko has officially filed a whistleblower complaint against the company, claiming that the social media giant misled regulators about its security measures. Filed with the Securities and Exchange Commission, the Department of Justice, and the Federal Trade Commission, the complaint goes on to talk about how the company was also violating the terms that were agreed back in 2011 as a part of one settlement between Twitter and FTC. According to those terms, Twitter was supposed to implement and monitor security safeguards to protect its users, but going by Zatko’s words, almost half of Twitter’s servers are running out-of-date and vulnerable software, and that thousands of employees still have wide-ranging internal access to core company software. The latter element has also been notably responsible for some huge security breaches in the past. One fitting example here would be a breach that occurred in 2020, when bad actors were able to capture the accounts of some of the most high-profile users on the platform, including Barack Obama’s and Elon Musk’s, by exploiting employees’ access to internal systems and tools.

“Twitter is grossly negligent in several areas of information security. If these problems are not corrected, regulators, media and users of the platform will be shocked when they inevitably learn about Twitter’s severe lack of security basics,” said Zatko.

Beyond that, Zatko even accused Twitter of prioritizing user growth over reducing spam. The former security head backed up his allegation by stating how the company has specific bonuses in place to incentivize bringing new users, whereas it doesn’t have any such initiative for reducing spam. Now, while Twitter, since 2019, has started counting the bots that can view and click on ads, Zatko wants to know the overall number of bots on the platform rather than just the monetizable ones.

In response to the sensational complaint, Senate and Congressional committee leaders have already started their investigation of Zatko’s claims.

 

Hot Topics

Related Articles