CNN interviews Twitter whistleblower about what he saw inside the company Transcript

John Berma: (00:00) Twitter poses a threat to national security and democracy. The CNN exclusive this morning coming from a new whistleblower report. I'm John Berman, Brianna as off, CNN chief white house correspondent, Caitlin Collins with me this morning, with some big news. Caitlin Collins: (00:16) This is major news, and it's fascinating to see how Elon Musk is now re responding to all of this. John Berma: (00:22) That's right, we do have a new response that says national security media business implications, and it's all about alleged security vulnerabilities and recklessness. The disclosure obtained by CNN and also the Washington Post comes from Twitter's former head of security. Peiter Zatko claims, were sent last month to Congress and several federal agencies. Caitlin Collins: (00:44) In this 200 page disclosure, Zatko portrays a chaotic environment at a mismanaged company that allows too many staffers access to central controls and sensitive information without adequate oversight. Zatko also alleges that some of the companies senior most executives, have tried to cover up Twitter's vulnerabilities. Donie O'Sullivan is here with the exclusive details and Donie, what exactly are we seeing? What are the main headlines out of this disclosure? Donie O'Sullivan: (01:11) That's right Caitlin, a lot to break down in this. This disclosure is in the hands of multiple US law enforcement agencies, including the SEC and Department of Justice. And today Zatko is speaking out for the first time to CNN, have a look. Ready? Peiter Zatko: (01:31) Yes. Donie O'Sullivan: (01:32) Why are you coming forward? Peiter Zatko: (01:34) All of my life, I've been about finding places where I can go, and make a difference. Donie O'Sullivan: (01:39) This is Peeiter Zatko, until January of this year, he was head of security at Twitter, but now he's a whistleblower and he says, "Twitter's security problems are so grave. They are risk to national security and democracy." Peiter Zatko: (01:53) I think Twitter is a critical resource to the entire world. I think it's an extremely important platform. Donie O'Sullivan: (01:57) He's handed over information about the company to us law enforcement agencies, including the SEC, FTC, and the department of justice. Speaker 5: (02:05) May I ask your name, and middle- Peiter Zatko: (02:07) I'm mudge. Donie O'Sullivan: (02:09) Zatko is better known in the hacking world by his nickname mudge. He's been a renowned cybersecurity expert for decades. Speaker 12: (02:15) His roots are in hacking, figuring out how computers and software work. Donie O'Sullivan: (02:20) That expertise might be why Jack Dorsey, then CEO of Twitter, hired Zatko after the company was hit by a massive attack in 2020, when hackers took over the accounts of some of the world's most famous people. John Tye: (02:33) Mudge was one of the top five or six executives at the company. Donie O'Sullivan: (02:37) Zatko is represented by John Tye, who founded whistleblower aid, the same group that represented Facebook whistleblower, Francis Hogan. John Tye: (02:44) We are in touch with the law enforcement agencies. They're taking this seriously. Donie O'Sullivan: (02:47) Twitter is pushing back, saying Zatko is peddling a narrative about our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context. When we spoke to Zatko and his lawyer, they said that the lawful whistle blower disclosure process only allows them to talk about these issues in general terms. For specific allegations about Twitter, they referred us to Zatko's disclosure. John Tye: (03:11) I'm not going to go into details, but I will say that mudge stands by the disclosure and the allegations in there. Donie O'Sullivan: (03:17) CNN and the Washington Post obtained a copy of the disclosure from a senior democratic official on Capitol Hill, in it, Zatko claims nearly half of Twitter's employees have access to some of the platform's main critical controls. Peiter Zatko: (03:33) There's an analogy of an airplane. So you get on an airplane and every passenger and the attendant crew, all have access to the cockpit, to the controls, that's entirely unnecessary. It might be easy, but there it's too easy to accidentally or intentionally, turn an engine off. Speaker 7: (03:50) Twitter accounts belonging to a whole lot of famous people. Former President Obama- Donie O'Sullivan: (03:54) That kind of access contributed to the massive attack in the summer 2020, when hackers two of them teenagers, tricked a couple of Twitter employees into letting them into Twitter's systems, that gave them access to accounts, including that of then presidential candidate, Joe Biden. Speaker 8: (04:10) I don't have to tell you the significance of being able to breach the Twitter accounts with many millions of followers, including of leading politicians, three months from a presidential election. Donie O'Sullivan: (04:20) In the disclosure, you quote from a wired magazine article that says, "But if a teenager would access to an administration panel can bring the company to its knees. Just imagine what Vladimir Putin could do." John Tye: (04:34) Foreign intelligence agencies, have the resources to identify vulnerabilities, that could have systemic effects across entire platform, across the whole internet. Donie O'Sullivan: (04:47) Twitter told CNN that since the 2020 hack, it had improved these access systems, and had trained staff to protect themselves against hacking. If you're running any system, the more people that have access to the main switches, that's a very risky situation. Speaker 4: (05:03) Yes, absolutely. I'm talking in generalities, just large tech companies need to know what the risks are and then they also need to have an appetite to go fix it. Donie O'Sullivan: (05:14) Zatko also claims Twitter has been misleading about how many fake accounts and bots are on its platform. That's an issue that Elon Musk has made central to his attempt to get out of a deal, to buy the company. Elon Musk: (05:25) I guess right now, I'm sort of debating the number of bots on Twitter. Donie O'Sullivan: (05:31) There will be suspicions of the timing of this. Are you guys carrying water, for Elon Musk? John Tye: (05:36) Absolutely not. We've been following the news just like everyone else, but that has nothing to do with his decisions or with the content of what was sent in to US law enforcement agencies. Donie O'Sullivan: (05:47) Mudge hasn't been talking to Musk in the background or anything like that. Peiter Zatko: (05:50) Not at all. Donie O'Sullivan: (05:51) Zatko says he was fired by Twitter in January of this year, after he tried to raise the alarm internally. He points the finger at Twitter CEO, Parag Agrawal saying he has worked to hide Twitter security vulnerabilities from the board. I suspect that Twitter might try to paint it like this that Mudge got fired, and he's trying to retaliate against the company. John Tye: (06:13) Absolutely not, this is not any kind of personal issue for him. He was eventually fired in January of this year, but he hasn't given up on trying to do that job. Donie O'Sullivan: (06:22) In response to the allegations, Twitter told CNN security and privacy had long been a priority at Twitter, as for Zatko, they said he quote, "was fired from his senior executive role at Twitter more than six months ago for poor performance and leadership. He now appears to be opportunistically seeking to inflict harm on Twitter, its customers, and its shareholders." Peiter Zatko: (06:44) Your whole perception of the world is made from what you are seeing, reading, and consuming online. And if you don't have an understanding of what's real, what's not, yeah I think this is pretty scary. Donie O'Sullivan: (07:00) Are you nervous? Peiter Zatko: (07:02) Yeah, this wasn't my first choice. I just want to make the world a better place, a safer place. The levers that I have to do it are through security information and privacy. Donie O'Sullivan: (07:14) Of course, there's a lot to this story. A big part of us will become the bot, Elon Musk. And we are just getting a reaction from Elon Musk's lawyer, Alex burro, who told us this morning that they've already actually issued a subpoena, for Zatko, for the whistleblower. They found his exit, and that of other key employees, curious in light of what we have been finding. So even before this disclosure came to light this morning, Musk's lawyers have been wondering, why was that guy kicked out at the company? John Berma: (07:42) And that's new news. I mean, that's just in, that's a fresh response from this report that you're just putting up this morning for CNN Donie, stick around. We've got a lot to talk about with this. Obviously there are a national security and business implications. So joining us now seeing a chief business correspondent, Christine Romans, and CNN contributor and author of the only plane in the sky, Garrett Graff, and Garrett you've written extensively about national security. And I do want to start with the national security implication here, because when a whistleblower says, that Twitter's a threat to national security and democracy, that sounds alarming. Why exactly? What do you see in this that is of such concern? Garrett Graff: (08:19) So I think there are two things that really stand out to me. One is just the sheer credibility of the whistleblower. I mean, Peiter Zatko, that's the name he's using today. Anyone in cybersecurity knows him as much. I mean, this is one of the sort of original hackers in this space, testified before Congress in the 1990s, was a member of the preeminent hacking collective loft of the 1990s, invented more or less, invented one of the most basic security attacks of all time. This is a warning from Chuck Yeager saying, "I'm worried about the danger of that plane." I mean, this is, this is someone that you have to listen to. Now, when you get into what his actual allegations are, what again really stands out, is how long Twitter has been working on some of these internal controls, and they still fail. And of course Mudge was brought on after this incredibly worrisome hack of some of the most prominent accounts on Twitter. We were all really lucky that attack was a cryptocurrency scam, and not a foreign intelligence service or a hacker trying to start nuclear war. I mean, Twitter in many ways, is where wars could start in this moment, and the information could move there faster in an attack than anyone would be able to respond to.