Over the past week and a half or so, a whole lot of bad stuff has come out about Twitter prior to Elon Musk taking over. A whole lot of bad stuff. Parts 1 and 2 were certainly eye-opening. While not necessarily being packed with shocking information, they did confirm a lot of people’s suspicions about how Twitter handled the Hunter Biden laptop story and how Twitter actively engaged in shadow banning of conservative and Republican accounts.
But as it turns out, there was actually documentation out there of major foul play at Twitter months ago. This past July, a whistleblower complaint was filed with the FTC, SEC, and DOJ on behalf of former Twitter security chief Peiter “Mudge” Zatko. When Zatko testified before Congress in September, we learned that Twitter had apparently been up to some extremely shady business.
Former Twitter security executive Peiter "Mudge" Zatko says that he broached the topic of a foreign asset working at Twitter to another executive, who brushed off Mr. Zatko's concern. pic.twitter.com/8lAbsXPPMB
— CSPAN (@cspan) September 13, 2022
But there was so much more where that came from, and it was contained in the actual whistleblower complaint. Buckle up, folks. You’re in for quite a ride.
I'm shocked: this is actually newsworthy. https://t.co/yvvgtfOnzJ
— Jeff B. is *BOX OFFICE POISON* (@EsotericCD) December 12, 2022
Not that the other Twitter stuff hasn’t been newsworthy — because it absolutely has been newsworthy — but this is … wow. This is pretty big stuff, guys:
The stuff uncovered in the Twitter whistleblower report is much crazier than anything in the "Twitter files" but it's much less politically/tribally salient so it got no attention. Going to do a thread on some of the craziest things, in no particular order.
— Avid Halaby (@AvidHalaby) December 12, 2022
Twitter didn't monitor employee computers at all, it was not uncommon for employees to install spyware on work devices pic.twitter.com/I2po3Ddr5Q
— Avid Halaby (@AvidHalaby) December 12, 2022
Recommended
Twitter does not have separate development, test, staging, and production environments. At least 5,000 employees had privileged access to production systems. pic.twitter.com/rEBJtaOm9Q
— Avid Halaby (@AvidHalaby) December 12, 2022
In 2020, Twitter had security incidents serious enough they had to be reported to the federal government on an almost weekly basis. Meanwhile, Parag Agarwal was lying about how secure Twitter was. pic.twitter.com/8oF4WAQTg1
— Avid Halaby (@AvidHalaby) December 12, 2022
On 1/6, Mudge (the whistleblower) wanted to take action to prevent potential sabotage by a rogue employee. He learned it was not possible for Twitter to secure its production environment. pic.twitter.com/cJpr2M1LPG
— Avid Halaby (@AvidHalaby) December 12, 2022
Mudge realized that a data center failure could potentially cause the permanent loss of all of Twitter's data. He shared this fact with senior leadership, who instructed him not to put it in writing for the Board. pic.twitter.com/XhnXRAMbPr
— Avid Halaby (@AvidHalaby) December 12, 2022
A few months later, that exact eventuality almost came true, and only herculean effort by Twitter engineers prevented "permanent, irreparable failure." pic.twitter.com/yGbXpXwNrD
— Avid Halaby (@AvidHalaby) December 12, 2022
Twitter had no software development lifecycle, and misled both the FTC and its Board about this fact for a decade. pic.twitter.com/7AElFxBaZj
— Avid Halaby (@AvidHalaby) December 12, 2022
Peep that bolded part: “reporting their efforts, not actual results.” That seems like … kind of a huge problem.
Mudge informed Agrawal that there were thousands of failed login attempts to Twitter's engineering system every day. Agrawal did nothing. pic.twitter.com/mLj1etuuEh
— Avid Halaby (@AvidHalaby) December 12, 2022
Agrawal did nothing good, anyway, as you’ll quickly pick up on as you continue through Halaby’s thread.
Twitter did not keep backups of employee computers. They used to, but then the system broke, was never fixed, and execs decided this was good because it meant they couldn't comply with regulators. pic.twitter.com/qZlUB35mCk
— Avid Halaby (@AvidHalaby) December 12, 2022
"Every new employee has access to data they do not need to have access to." pic.twitter.com/qpafM3l8Ho
— Avid Halaby (@AvidHalaby) December 12, 2022
Twitter is probably still vulnerable to Log4j to this day, lol. pic.twitter.com/Cb6MmQKO80
— Avid Halaby (@AvidHalaby) December 12, 2022
Twitter does not have licenses for the machine learning models it uses in its most basic products. pic.twitter.com/DX1W0Ij7TT
— Avid Halaby (@AvidHalaby) December 12, 2022
What the hell was going on at Twitter?!
Twitter knowingly allowed itself to be infiltrated by, or otherwise a tool of, many governments. pic.twitter.com/E3IKtwaPKC
— Avid Halaby (@AvidHalaby) December 12, 2022
Uh, excuse us?
Twitter knew that they were selling information to China that would allow them to identify people circumventing the country’s Twitter block, but continued anyway, because they needed the money https://t.co/HdmGO3oyhR
— Alex Griswold (@HashtagGriswold) December 12, 2022
Twitter was providing user data to the Chinese government. And the Nigerian government. And the Indian government. And … the Russian government. So all that business with the Hunter Biden laptop story about being concerned about “Russian disinformation” was BS, because Parag Agrawal was more than happy to do the Russian government’s bidding.
After Agrawal became CEO, he wanted to present materially misleading information to the Board, overriding Mudge's objections. Other employees raised similar objections. Ultimately it seems the material was shared anyway, and Mudge described the presentation to the Board as fraud. pic.twitter.com/40XtwYSYVI
— Avid Halaby (@AvidHalaby) December 12, 2022
Internal review after the meeting confirmed this assessment. Mudge began working on a report to correct the record with the Board. As his report neared completion, he was fired. pic.twitter.com/AMHXZNf2Rx
— Avid Halaby (@AvidHalaby) December 12, 2022
Couldn’t have Zatko telling the truth about what was really going on at Twitter, could they?
That's all I have the energy for tonight, I highly recommend reading the full report. PDF here: https://t.co/1zjx15Cw7c
— Avid Halaby (@AvidHalaby) December 12, 2022
The stuff in the whistleblower complaint is insane. Just absolutely nuts.
Hey @elonmusk will you release ex-Twitter security chief Peiter "Mudge" Zatko from his confidentiality agreement? He was clearly right about everything in his whistle blower complaint. How did his hiring in late '20 intersect w/ everything else? https://t.co/Hz7A4ZUcyT pic.twitter.com/Gra4Zn3Zdg
— Matt Beebe (@TheMattBeebe) December 11, 2022
What really transpired during Mudge's tenure at Twitter, from hiring — driven in response to the "largest hack of a social media platform in history" in July 2020 by teenagers simply asking users for passwords and going from there, to his subsequent firing is an untold story. pic.twitter.com/DP1TIdm7Dd
— Matt Beebe (@TheMattBeebe) December 11, 2022
And it would be great to better understand to what extent Parag's tremendous ego, propensity to shade the truth, and personal responsibility for technical failures (as former CTO) played in setting the stage for the events that transpired up to the 2020 and beyond. pic.twitter.com/kfSMPgwiPG
— Matt Beebe (@TheMattBeebe) December 11, 2022
As an aside, it's extremely easy to see how @elonmusk was able to fire a huge % of Twitter staff & have zero negative impact — most of them didn't know what they were doing. Twitter was a hot-mess internally due to Jack's increasing disengagement and Parag's unparalleled hubris. pic.twitter.com/uwOlGFaFWj
— Matt Beebe (@TheMattBeebe) December 11, 2022
Zatko's report & my excerpts contextualize the culture at Twitter & shed some light on mgmt failures; similarly, the #TwitterFiles releases show the extent to which ideologues abused trust and amassed power.
But the question remains – who really had access to what? Let's explore:— Matt Beebe (@TheMattBeebe) December 11, 2022
Wait, what?!??! Over-broad permissions to access sensitive areas, no auditing, and effectively ZERO controls around user privacy and data security. Mind blowing. pic.twitter.com/z2Nsi96WFH
— Matt Beebe (@TheMattBeebe) December 11, 2022
Don't worry though, we're trustworthy… don't worry, it was just a small number of privileged users… pic.twitter.com/RCgdXMsE0g
— Matt Beebe (@TheMattBeebe) December 11, 2022
Oh? REALLY?!?? "Twitter employees were repeatedly found to be intentionally installing spyware on their work computers AT THE REQUEST OF EXTERNAL ORGANIZATIONS" AYFKM?? pic.twitter.com/zm9exnwhlY
— Matt Beebe (@TheMattBeebe) December 11, 2022
"…multiple episodes suggesting that Twitter had been penetrated by foreign intelligence agencies and/or was complicit in threats to democratic governance" pic.twitter.com/6Nm4ds0rtk
— Matt Beebe (@TheMattBeebe) December 11, 2022
This. This takes the cake though: pic.twitter.com/K18u47eKQZ
— Matt Beebe (@TheMattBeebe) December 11, 2022
So yeah.. the question remains: who had access to what? And maybe even more essential: why?
— Matt Beebe (@TheMattBeebe) December 11, 2022
From what we can gather, a lot of people had access to a lot of things they should never have had access to.
One would think that a whistleblower complaint as explosive as Zatko’s would’ve been a much bigger story. But then, one would have to be unfamiliar with how things work in the American mainstream media.
Uhhhhh how did the absolute worst stuff about Twitter fly this low under the radar? https://t.co/NcKvqlci83
— Noam Blum (@neontaster) December 12, 2022
Because they were friends/sources with all the tech journalists who should have been the ones reporting on this. https://t.co/d5i9TY1HJQ
— Stephen L. Miller (@redsteeze) December 12, 2022
***
Related:
***
Help us keep owning the libs! Join Twitchy VIP and use promo code AMERICAFIRST to receive a 25% discount off your membership!
Join the conversation as a VIP Member