Skip to main content

Twitter ‘lacked the ability to hunt for foreign intelligence agents,’ says whistleblower

Twitter ‘lacked the ability to hunt for foreign intelligence agents,’ says whistleblower


Peiter ‘Mudge’ Zatko gave the testimony to the Senate Judiciary Committee on Tuesday

Share this story

Illustration by Alex Castro / The Verge

Twitter’s lack of internal security controls was such that the company was simply unable to detect agents of foreign intelligence services who had infiltrated the company, former security chief Peiter ‘Mudge’ Zatko says.

Zatko made the claims in testimony given to the Senate Judiciary Committee on Tuesday, in a hearing on Twitter’s data security practices.

Opening questions from Sens. Dick Durbin (D-IL) and Chuck Grassley (R-IA) quickly homed in on claims that Twitter faced numerous insider threats, including from employees of the Indian government. Zatko said that the Indian government was not the only national government to embed agents within the company. At least one Chinese spy was employed by Twitter, Zatko said, but the full extent to which the company was compromised could not be known.

“We simply lacked the ability to hunt for foreign intelligence agents and expel them on our own,” he said.

Zatko also reiterated claims made in his SEC disclosure, alleging that a lack of access logging in the company’s internal systems meant it was effectively impossible to see what data had been viewed by any specific employee. Within the company, there were “thousands” of unauthorized data access attempts every week, Zatko told the hearing, but it was impossible to precisely quantify.

“We simply lacked the ability to hunt for foreign intelligence agents and expel them on our own.”

The Judiciary Committee hearing marked the first time Zatko has made a public appearance since his explosive whistleblower disclosure was filed with the SEC in July and reported by CNN and The Washington Post in August.

Besides infiltration by representatives of foreign intelligence services, Zatko alleged numerous security lapses within Twitter, including lax access controls that gave around half of Twitter’s 10,000 employees the ability to view potentially sensitive user data.

After a few weeks of relative quiet, new details given to the hearing will undoubtedly put Zatko back in the spotlight. In the time since the disclosures were made, lawyers for Elon Musk sought to subpoena Zatko to present evidence in the ongoing lawsuit over whether Musk will be compelled to buy Twitter or be allowed to back out of the deal.

But new reporting from The New Yorker, published on the day of the Judiciary Committee hearing, quotes many of Zatko’s friends and former colleagues as saying that they have been offered large sums of money to take part in “interviews” about Zatko’s personality, work ethic, and leadership style.

Despite the personal discomfort, Zatko told the Judiciary Committee that he was willing to “put it all on the line” to improve security at Twitter and in the industry as a whole.

Twitter had not responded to a request for comment by time of publication.

Today’s Storystream

Feed refreshed 39 minutes ago The tablet didn’t call that play by itself

The Verge
Mary Beth Griggs39 minutes ago
We’re about an hour away from a space crash.

At 7:14PM ET, a NASA spacecraft is going to smash into an asteroid! Coverage of the collision — called the Double Asteroid Redirection Test — is now live.

Emma RothTwo hours ago
There’s a surprise in the sky tonight.

Jupiter will be about 367 million miles away from Earth this evening. While that may seem like a long way, it’s the closest it’s been to our home planet since 1963.

During this time, Jupiter will be visible to the naked eye (but binoculars can help). You can check where and when you can get a glimpse of the gas giant from this website.

Asian America learns how to hit back

The desperate, confused, righteous campaign to stop Asian hate

Esther Wang12:00 PM UTC
Emma Roth7:16 PM UTC
Missing classic Mario?

One fan, who goes by the name Metroid Mike 64 on Twitter, just built a full-on 2D Mario game inside Super Mario Maker 2 complete with 40 levels and eight worlds.

Looking at the gameplay shared on Twitter is enough to make me want to break out my SNES, or at least buy Super Mario Maker 2 so I can play this epic retro revamp.

External Link
Russell Brandom7:13 PM UTC
The US might still force TikTok into a data security deal with Oracle.

The New York Times says the White House is still working on TikTok’s Trump-era data security deal, which has been in a weird limbo for nearly two years now. The terms are basically the same: Oracle plays babysitter but the app doesn’t get banned. Maybe it will happen now, though?

Richard Lawler6:54 PM UTC
Don’t miss this dive into Guillermo del Toro’s stop-motion Pinocchio flick.

Andrew Webster and Charles Pulliam-Moore covered Netflix’s Tudum reveals (yes, it’s going to keep using that brand name) over the weekend as the streamer showed off things that haven’t been canceled yet.

Beyond The Way of the Househusband season two news and timing information about two The Witcher projects, you should make time for this incredible behind-the-scenes video showing the process of making Pinocchio.

External Link
Russell Brandom4:29 PM UTC
Edward Snowden has been granted Russian citizenship.

The NSA whistleblower has been living in Russia for the 9 years — first as a refugee, then on a series of temporary residency permits. He applied for Russian citizenship in November 2020, but has said he won’t renounce his status as a U.S. citizen.

External Link
Emma Roth4:13 PM UTC
Netflix’s gaming bet gets even bigger.

Even though fewer than one percent of Netflix subscribers have tried its mobile games, Netflix just opened up another studio in Finland after acquiring the Helsinki-based Next Games earlier this year.

The former vice president of Zynga Games, Marko Lastikka, will serve as the studio director. His track record includes working on SimCity BuildIt for EA and FarmVille 3.

External Link
Andrew J. Hawkins3:37 PM UTC
Vietnam’s EV aspirant is giving big Potemkin village vibes

Idle equipment, absent workers, deserted villages, an empty swimming pool. VinFast is Vietnam’s answer to Tesla, with the goal of making 1 million EVs in the next 5-6 years to sell to customers US, Canada and Europe. With these lofty goals, the company invited a bunch of social media influencers, as well as some auto journalists, on a “a four-day, multicity extravaganza” that seemed more weird than convincing, according to Bloomberg.

James Vincent3:17 PM UTC
Today, 39 years ago, the world didn’t end.

And it’s thanks to one man: Stanislav Petrov, a USSR military officer who, on September 26th, 1983, took the decision not to launch a retaliatory nuclear attack against the US. Petrov correctly guessed that satellite readings showing inbound nukes were faulty, and so likely saved the world from nuclear war. As journalist Tom Chivers put it on Twitter, “Happy Stanislav Petrov Day to those who celebrate!” Read more about Petrov’s life here.

Soviet Colonel who prevented 1983 nuclear response
Photo by Scott Peterson/Getty Images
The Verge
James Vincent3:03 PM UTC
Deepfakes were made for Disney.

You might have seen the news this weekend that the voice of James Earl Jones is being cloned using AI so his performance as Darth Vader in Star Wars can live on forever.

Reading the story, it struck me how perfect deepfakes are for Disney — a company that profits from original characters, fans' nostalgia, and an uncanny ability to twist copyright law to its liking. And now, with deepfakes, Disney’s most iconic performances will live on forever, ensuring the magic never dies.

External Link
Elizabeth Lopatto2:41 PM UTC
Hurricane Fiona ratcheted up tensions about crypto bros in Puerto Rico.

“An official emergency has been declared, which means in the tax program, your physical presence time is suspended,” a crypto investor posted on TikTok. “So I am headed out of the island.” Perhaps predictably, locals are furious.

The Verge
Richard Lawler2:09 PM UTC
Teen hacking suspect linked to GTA 6 leak and Uber security breach charged in London.

City of London police tweeted Saturday that the teenager arrested on suspicion of hacking has been charged with “two counts of breach of bail conditions and two counts of computer misuse.”

They haven’t confirmed any connection with the GTA 6 leak or Uber hack, but the details line up with those incidents, as well as a suspect arrested this spring for the Lapsus$ breaches.