How the Twitter whistleblower may impact Big Tech

Experts told The Post that the bombshell claims made by Twitter's former head of cybersecurity, who said the company was careless with user data and lied to the government about it, could give regulators a chance to crack down on large tech firms.

Peiter "Mudge" Zatko, a well-known hacker who was hired by then-CEO Jack Dorsey two years ago to fix Twitter's weak security, told the Securities and Exchange Commission that he was fired because company leaders told him to play down his safety concerns.

Zatko said that Twitter executives had also given low- and mid-level employees access to sensitive controls, which left the system open to espionage.

The Washington Post and CNN were the first to write about Zatko's claims.

Analysts in Zatko's field told The Post that his claims seem to be true and that he should be praised for coming forward.

“The whistleblower is doing the right thing here,” Bryan Hornung, CEO and founder of Xact IT Solutions, told The Post.

Peiter "Mudge" Zatko, Twitter's former head of security — Peiter “Mudge” Zatko, Twitter’s former head of security, said he was fired by the company after he expressed his concerns to the board of directors.

“Everything Zatko points out is exactly why companies get hacked at the level they do today.”

Hornung said it is common for American companies to overlook the importance of cybersecurity. Those that do are playing with fire.

“Businesses big and small think it will never happen to them,” he said.

“CEOs like to gamble with their data security and, ultimately, their business.”

Cybersecurity experts and legal analysts told The Post that Zatko's claims will likely lead regulators to look at Twitter more closely.

Prof. Steve Stransky, an expert in business litigation who teaches at Case Western Reserve University in Cleveland, told The Post that the Federal Trade Commission could find Twitter in violation of its consent decree obligations — again.

Peiter Zatko in 1998 — Zatko is a well-known hacker who testified before Congress in 1998. He has also worked for the federal government as well as other tech companies.

This year, Twitter was told to pay a $150 million fine and put in place new security measures because it broke a deal it made with the FTC in 2011 to protect user data.

Stransky told The Post that Twitter "could face new scrutiny from various state regulatory authorities," who may see Zatko's claims as proof that Twitter is breaking promises it has made to its customers about how it collects, uses, and protects customer data.

Peiter Zatko — Zatko alleges that Twitter’s lax cybersecurity infrastructure makes it vulnerable to espionage.

“In recent years, we have seen state regulatory authorities more willing to investigate social media companies over consumer protection issues, and Zatko’s allegations may be a catalyst for further investigation in this area.”

Aron Solomon, the head legal analyst at the digital marketing company Esquire Digital, thinks that Zatko could give the government a reason to limit Twitter and other big tech companies.

Solomon said, "This is a real risk for Twitter."

"There could be fines, but the biggest risk is that Twitter could give lawmakers a reason to make new laws that restrict what Big Tech (especially social media companies) can and can't do."

New government regulations could be a nightmare for big tech companies because they could "strike right at the business model of social media companies" because it's much harder to make money on a platform with too many rules.

Zatko was critical of his former boss, Twitter CEO Parag Agrawal. He said that Agrawal wasn't doing enough to keep user data safe and that he didn't care about the rise of bots and spam accounts.

Art Shaikh is the founder and CEO of the Chicago-based software company CircleIt. He says that spam and bot accounts are all over social media, which is a major point of disagreement between Twitter and Elon Musk.

Tech companies have a financial reason to get as many people to use their products as possible. However, spam and bots are also made "for more bad reasons, like tricking people," says Shaikh.

Shaikh told The Post, "Agrawal is a good CEO."

"However, this is a problem on social media in general, so it would be unfair to pick on him."

Shaikh thinks that Zatko's claim that Twitter is an easy target for foreign spies because it doesn't have strong security could get the company into even more trouble.

CNN says that earlier this month, Ahmad Abouammo, a former Twitter manager who has citizenship in both the US and Lebanon, was found guilty of working for Saudi Arabia.

Abouammo was accused of taking money from Saudi Arabia in order to give the government in Riyadh information about Saudi dissidents and critics of the regime's Twitter accounts.

Zatko also says that the government of India forced Twitter to put one of its agents on the company's payroll. This is despite the fact that the authorities in New Delhi have been accused of limiting civil liberties and public protests.

Shaikh said, "There could be effects on our national security."

"It's shocking to me that any company could be careless about security and data privacy. I've been fighting for security and privacy for a long time, and I've built my business on those ideas."