Former top executive says Twitter hired India agent; firm denies

India forced Twitter to hire one of its agents as a full-time employee who then had unsupervised access to the company’s systems, the former head of security at the social media firm has said in a whistleblower complaint filed with American authorities.

The complaint by former head of security Peiter Zatko, first reported by the Washington Post and CNN, makes a litany of other serious allegations against Twitter’s leadership, including current chief Parag Agarwal who is accused of lying to shareholders about the extent of security vulnerabilities.

Twitter has denied Zatko’s allegations, and described them as a false narrative.

Among these was what Zatko said “penetration by foreign intelligence” agents. “The Indian government forced Twitter to hire specific individual(s) who were government agents, who (because of Twitter’s basic architectural flaws) would have access to vast amounts of Twitter sensitive data,” he said in the complaint, copies of which were made available by Whistleblower Aid to the news websites that reported.

Zatko said the company was “squeezed” in several countries by local government, including India, Nigeria and Russia. “The threat of harm to Twitter employees was sufficient to cause Twitter to seriously consider complying with foreign government requests that Twitter would otherwise fundamentally oppose. The governments of India, Nigeria, and Russia sought, with varying success, to force Twitter to hire local FTEs (full-time employees) that could be used as leverage,” the complaint said.

“By knowingly permitting an Indian government agent direct unsupervised access to the company’s systems and user data, Twitter executives violated the company’s articulated commitments to its users,” the former head of security, who is more famously known as Mudge, said in the complaint.

Twitter said the Zatko’s comments were false, inaccurate, and lacking context.

“Zatko was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance. What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context,” a spokesperson said.

The “allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be,” the spokesperson added.

The Union ministry of electronics and information technology did not respond to requests for a comment.

This is not the first time there have been reports of Twitter employees working for foreign intelligence. In May, 2019, the US Justice department indicted two company staffers of abusing their credentials as employees to gain access to sensitive user information and passing it on to Saudi Arabia.

While details of how many people or when they were hired was not available from the redacted documents shared by Washington Post, the purported Indian government agent would have been active during Zatko’s term at Twitter, where he worked between November, 2020 and January, 2022.

Between this period, Twitter had several public confrontation with the Indian government when it refused to take down all posts flagged by the administration as unlawful. These posts included those by the Bharatiya Janata Party’s rivals as well as unidentified people and farmer groups. Some of these qualified as legitimate disinformation, and were taken down, while others, especially by news media handles, were left up.

The Union government also summoned Twitter executives and Delhi Police officials at one point reached the company’s offices after it tagged as “manipulated media” posts by BJP members who shared a purportedly edited video pertaining to the Opposition Congress.

The claims by Zatko are likely to impact Twitter’s ongoing legal battle with billionaire entrepreneur Elon Musk, who has accused the company of playing down its spam and fake account prevalence rates.

Zatko, who has worked at the United States Department of Defense and is regarded as among a group of trailblazing hackers and cybersecurity researchers who investigated computer network flaws since the early 90s, specifically accused current chief executive Agrawal, who, the complaint said “explicitly instructed” false and misleading information to be provided to the Board of Directors.

Agrawal, the complaint added, lied to Musk on multiple occasions about the problem of bots (automated accounts sending out spam) to Musk.

Twitter has sued Musk, who announced a $44 billion takeover plan earlier this year, but has since backed out of it accusing the company of hiding crucial business information, including the truth about legitimate and fake users. HindustanTimes