{"id":13586,"date":"2022-08-31T14:39:03","date_gmt":"2022-08-31T14:39:03","guid":{"rendered":"https:\/\/scienceandnerds.com\/2022\/08\/31\/the-security-flaws-that-make-twitters-insider-threat-so-scary\/"},"modified":"2022-08-31T14:39:04","modified_gmt":"2022-08-31T14:39:04","slug":"the-security-flaws-that-make-twitters-insider-threat-so-scary","status":"publish","type":"post","link":"https:\/\/scienceandnerds.com\/2022\/08\/31\/the-security-flaws-that-make-twitters-insider-threat-so-scary\/","title":{"rendered":"The security flaws that make Twitter\u2019s insider threat so scary"},"content":{"rendered":"

Source: https:\/\/www.theverge.com\/2022\/8\/30\/23327525\/twitter-zatko-whistleblower-insider-threat-free-expression<\/a>
\n
<\/br><\/code><\/p>\n

\n

Peiter \u201cMudge\u201d Zatko\u2019s whistleblower disclosure contained a lot of alarming claims about Twitter \u2014 from confusing bot measurements to executive misconduct \u2014 but one of the most alarming claims was that the company was actively infiltrated by agents of the Indian government. For a platform that has always presented itself as a haven for journalists and activists, it\u2019s a troubling claim and one that the company has not directly confronted in responses given to US media.<\/p>\n

But the allegations are less outlandish than it seems \u2014 and part of a much larger issue for international tech platforms.<\/p>\n

Zatko\u2019s SEC filing claims that, in the course of his time as Twitter\u2019s head of security, he was informed that the Indian government forced Twitter to employ one of its agents.<\/p>\n

In a section of the report titled \u201cpenetration by foreign intelligence and threats to democracy,\u201d the filing notes:<\/p>\n

\n

The Indian government forced Twitter to hire specific individual(s) who were government agents, who (because of Twitter\u2019s basic architectural flaws) would have access to vast amounts of Twitter sensitive data.<\/em><\/p>\n<\/blockquote>\n

The relationship between Twitter and the Indian government has been particularly fraught, coming to a head in a 2021 raid of the company\u2019s office in Delhi<\/a> in response to a perceived misuse of the platform\u2019s \u201cmanipulated media\u201d tag. Twitter\u2019s moderation in the country is a thorny issue, as false rumors have often been used to spark mob violence against the Muslim minority population<\/a>. For most speech advocates, those decisions are too sensitive to include an employee of the current right-wing government, which some see as implicitly endorsing the violence.<\/p>\n

As Zatko told it, the operational failure that led to a government agent being employed was compounded by a basic security failure. In the SEC filing, he alleged that \u201chalf of Twitter\u2019s 10,000 employees and growing\u201d had access to live production systems and sensitive user data. It\u2019s unclear whether that list included the alleged foreign agent, but such a sprawling access problem makes any mitigation efforts far harder.<\/p>\n

As yet, details are also fuzzy on the extent to which Twitter willingly made this concession. The platform has had a troubled run in India and is currently bringing a legal challenge against the Indian government<\/a> over orders to block certain content that was critical of the Modi administration. Competitor Facebook has also run into problems but of a different kind: in 2020, its India policy chief resigned after being strongly criticized for failing to tackle anti-Muslim hate speech<\/a> on the platform.<\/p>\n

The Indian press \u2014 well aware that surveillance and intimidation of journalists have steadily been increasing<\/a> in the country \u2014 has treated the allegations seriously, though reporters in the country seem to have had trouble obtaining any additional information from the platform. <\/p>\n

\n