India forced Twitter to put agent on payroll, says whistleblower

Indian govt had forced Twitter to put one of its agents on the payroll with access to user data, alleges ex -security chief

A former Twitter Inc security chief has alleged that the Indian government forced the social media firm to put a government agent on the payroll, according to a whistleblower disclosure with US regulators.

Peiter ‘Mudge’ Zatko raised the issue with the US Securities and Exchange Commission among other security lapse claims at Twitter.

He said the government agent would have had access to sensitive user data due to Twitter’s weak security infrastructure, according to a redacted version of the complaint uploaded by the Washington Post newspaper and verified by Zatko’s attorney at Whistleblower Aid.

A company source told Reuters that the allegations about the India government had surfaced previously within Twitter, without elaborating further.

Representatives for India’s IT ministry did not immediately respond to requests for comment.

“What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context,” a Twitter spokesperson said in a statement regarding Zatko’s allegations.

Twitter is engaged in a legal challenge against the Indian government after it asked a local court in July to overturn some government orders to remove content from the social media platform, and alleged abuse of power by officials.

The next hearing in the case is set for Thursday.

“The company did not in fact disclose to users that it was believed by the executive team that the Indian government had succeeded in placing agents on the company payroll,” Zatko's complaint noted.

The Washington Post report said supporting information for Zatko's claims had gone to the National Security Division of the US Justice Department and the US Senate Select Committee on Intelligence.

‘Twitter misled regulators on bot accounts’

Twitter Inc misled federal regulators about its defenses against hackers and spam accounts, Peiter Zatko said in a whistleblower complaint.

In an 84-page complaint, Zatko, a famed hacker more widely known as “Mudge,” alleged Twitter falsely claimed it had a solid security plan and said he had warned colleagues that half the company's servers were running out-of-date and vulnerable software, according to documents relayed by congressional investigators.

Earlier this month, a US court convicted a former Twitter manager accused of spying for Saudi Arabia on six criminal counts, including acting as an agent for the country and trying to disguise a payment from an official tied to Saudi's royal family.

The whistleblower filing comes as the social media company is embroiled in a legal battle with Tesla Inc Chief Executive Elon Musk after the world's richest person said in July he was ending an agreement to buy the company in a $44-billion deal alleging it had violated the deal contract.
 

The claims:

1. The government agent would have had access to sensitive user data due to Twitter’s weak security infrastructure
2. Twitter Inc misled federal regulators about its defenses against hackers and spam accounts
3. Twitter executives don't have the resources to fully understand the true number of bots on the platform