HYGO News bringing you breaking news

Kennedy to whistleblower: half Twitter employees have access to Senator Grassley’s account!

On 9/13/2022, Peiter “Mudge” Zatko, Twitter’s former head of cybersecurity who has alleged major security vulnerabilities and oversights at the company, testified in Senate hearing.

The cybersecurity veteran detailed a litany of security concerns in a whistleblower complaint that first became public in August, including that the company suffered a significant breach about once a week in 2020 and that it has had little protections against so-called insider threats, in which a company is vulnerable to its own employees.

Kennedy: Mr. Zatko give me 30 seconds. Well strike that. Senator Grassley is an active user on Twitter. I’ll use his account as an example. Give me 30 seconds on the type of information Twitter has on Senator Grassley or someone like him.

Zatko: what’s the phone number? What’s the latest IP address they’ve they’ve connected from? Are there other IP address they’ve connected from? Is this the current email? How long have they been using that email with the account? What are the prior emails for it, from the IP address? There’s where do we think they live? Where do we think they’re connected to right now? Are they still connected, even if they’re not actively using the information, what type of device are they connected with? What type of web browser are they using? Which brand is it possibly? Which computer, what language did they connect in it?

Kennedy: Let me try that again. I’m gonna be sure understand. Okay. I’m not trying to trick you from what, from your testimony. I understand that half of all of the engineers and half of the employees at Twitter have access to Senator Grassley’s account, is that correct?

Zatko: Based upon what I saw technically, yes. Okay.
Kennedy: if they go into Senator Grassley’s account, Twitter doesn’t know that engineer has done that, is that correct?
Zatko: It would be difficult to find the logs showing that is my understanding. Correct.
Kennedy: So you don’t have a log in and logout system.

Zatko: There was not an easy ability for me to find which engineers had logged into which systems and what data that they had accessed.

Kennedy: Okay. So this engineer who, who can secretly go into Senator Grassley’s account and get all this information Twitter has no idea what the hell he’s that, that engineer’s gonna do? What? That information does it. So, so that engineered Twitter could sell it for example, couldn’t he,

Zatko: Could sell access. I’ve I’ve seen numerous accounts on underground forums offering to sell such access, whether those are valid or not, but I’ve seen the offers to sell access to accounts, to delete accounts, to unban accounts. Well,

Kennedy: That engineer could just call one of his buddies and say, Hey, you don’t like Senator Grassley. Let me give you some information here. And, and you may want to use it against him. Could that engineer do that? Would Twitter know that the engineer had done that?
Zatko: Not necessarily.
Kennedy: Now did Mr. Dorsey know all this?

Zatko: I did explain this to Mr. Dorsey. my understanding is he did not understand this prior to bringing me in. And that was one of the reasons that he wanted.

Kennedy: Does he understand it now?
Zatko: I believe after seeing this here,
Kennedy: How about your CEO? Does he understand this?

Zatko: I believe since he has been there for 10 years and what rose up through the ranks in engineering and he has talked to the engineers and he, and they have told … I believe yes

Kennedy: All right. You’ve got an executive from MasterCard, Mimi Alemayehou for MasterCard. Does this board member know that?

Zatko: I do not know if she knows that.
Kennedy: Is this the kind of thing that a reasonable board member would inquire about?
Zatko: I would think so, but I’ve also seen that what was presented to the board was not representative
Kennedy: during your time there, did the board ever ask
Zatko: The board did not ask these directly, no.
Kennedy: Even after all these problems with foreign agents,
Zatko: Not when I was there during the board meetings.
Kennedy: Just sat there?
Zatko: they focused on other topics
Kennedy: Right? Dr. Lee, he’s a professor at Stanford. Does he know all this?
Zatko: Same response. I did not see any questions on this specific topic while I was …
Kennedy: Patrick Pichette.
Zatko: Patrick Pichette was the one who, when I brought up this instance, he hit the roof. He was very upset. He did.
Kennedy: Did he fix it?
Zatko: No. He asked for follow on information and …
Kennedy: Why hadn’t Twitter fix this?
Zatko: There were other priorities.
Kennedy:It’s about the money. Isn’t it?
Zatko: It’s about whatever crisis and the other priorities.
Kennedy: To fix this would cost the money. Wouldn’t it?
Zatko: It would take away focus on other priorities.
Kennedy: Cost them money. Wouldn’t it?
Zatko: Most likely, yes. Yeah.

https://facebook.com/HygoNewsUSA/videos/797286901476022/
Kennedy to whistleblower: half Twitter employees have access to Senator Grassley’s account!

xdavid

,