Peiter “Mudge” Zatko, the former head of security at Twitter, has accused Twitter of having hidden negligent security practices, misleading federal regulators about its safety, and failure to properly estimate the number of bots on its platform. The former Twitter executive filed a complaint with the Securities and Exchange Commission (SEC) last month, in which he has accused Twitter of deceiving shareholders and violating an agreement it made with the Federal Trade Commission (FTC) regarding certain security standards.

The scathing disclosure includes supporting exhibits which were sent to a number of US government agencies and congressional committees, including the SEC, the Federal Trade Commission and the Department of Justice.

Who is Peiter Zatko?

Zatko is a famous hacker and one of USA's top cybersecurity experts. He was hired by former Twitter head Jack Dorsey in 2020 after Twitter suffered a massive cyberattack, Zatko said in an interview with CNN. He was Twitter’s security lead from November 2020 to January 2022.

Before Twitter, Zatko oversaw security at the electronic payments company Stripe. He also worked on special projects at Google and oversaw handing out grants for projects on cybersecurity at the US Pentagon’s Defense Advanced Research and Projects Agency (DARPA).

Zatko's career began in the 1990s when he conducted simultaneous classified works for a government contractor and was among the leaders of a hacking group called the ‘Cult of the Dead Cow’. The group was notorious for releasing Windows hacking tools to force Microsoft into improving security.

What prompted him now?

Zatko was fired by Twitter in January by CEO Parag Agrawal for what the company claims was "poor performance and ineffective" leadership. However, as per a TIME report Zatko was fired after he began documenting repeated security violations for a formal investigation that was started based on his claim.

According to a CNN report, Zatko’s whistleblowing comes after he attempted to flag the security lapses to Twitter's board. He attempted to help Twitter fix years of technical shortcomings and alleged non-compliance with a privacy agreement with the Federal Trade Commission.

Zatko submitted his disclosures to US regulatory agencies in July last month, invoking federal whistleblower protections and he is being represented by Whistleblower Aid.

What are the accusations?

As per a TIME report, in the disclosures and supporting documents, Zatko accuses Twitter’s top executives of violating the FTC Act and SEC regulations. He accuses them of misleading users, investors, and board members about critical data security lapses. Zatko claims that the vulnerabilities led to frequent security breaches, exploitation, and infiltration by foreign governments.

He also accuses Twitter executives of “lying about bots” to Elon Musk and shareholders.

The disclosures allege the Twitter executives committed securities law violations by making “material misrepresentations and omissions” in SEC filings, and they asked him to mislead the board by minimizing security vulnerabilities.

Zatko also says that Twitter allowed too many employees to have “God mode” access to its systems, making the platform vulnerable to hackers and to influence by foreign agencies.

He alleges Twitter executives hired two people that he believes were foreign government agents and put them in positions with “direct unsupervised access” to internal Twitter data.

Zatko alleges that this was just one example of Twitter’s negligence and complicity with respect to efforts by foreign governments to infiltrate and surveil the platform and its operations.

The explosive allegations could have huge consequences on Twitter and its battle with Elon Musk over his bid to buy Twitter.

