Twitter Whistleblower Says There Was at Least One Chinese Spy Working at the Company

Peiter “Mudge” Zatko accused Twitter of employing an undercover Chinese intelligence agent inside the company.
Peiter “Mudge” Zatko, former head of security at Twitter, is sworn-in as he testifies before the Senate Judiciary Committee on data security at Twitter, on Capitol Hill, September 13, 2022 in Washington, DC.
Screen Shot 2021-02-24 at 3
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

In testimony to a Senate committee, a Twitter whistleblower said that the Chinese government had placed at least one agent of the country’s intelligence agency undercover as a Twitter employee.

Former Twitter head of security Peiter Zatko made the allegation during his testimony in front of the Senate’s Judiciary Committee on Tuesday. Last month, Zatko, who is best known by his hacker handle Mudge, filed a whistleblower complaint accusing Twitter of having a series of grave cybersecurity issues, including insider threats, lack of monitoring, and the presence of an Indian government agent working inside of Twitter.

Advertisement

Now, Zatko said that India was not the only foreign government that put one of its agents inside of Twitter.

“I had been told because the corporate security physical security team had been contacted and told that there was at least one agent of the MSS which is one of China's intelligence services on the payroll inside Twitter,” Mudge said. “While it was disturbing to hear, I and many others had recognized the state of the environment at Twitter, we're really thinking if you are not placing foreign agents inside Twitter, because it's very difficult to detect them, it is very valuable to a foreign agent to be inside there. As a foreign intelligence [agency], you're most likely not doing your job.”

Do you work, or used to work at Twitter? Do you have any information about this case? You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email lorenzofb@vice.com

Zatko also said that he had a conversation about this insider threat with an executive. 

“I'm reminded of one conversation with an executive when I said, ‘I am confident that we have a foreign agent,’ and their response was, ‘Well, since we already have one, what does it matter if we have more? Let's keep growing the office,” Zatko said during the hearing. 

Twitter did not immediately respond to a request for comment.

Zatko said that a foreign agent would have access to all Twitter data because the company doesn't have a testing environment and all engineers work on live systems.

Advertisement

He also explained that there are several reasons why a foreign government would want to put undercover agents inside of Twitter.

“To not just identify people of interest or track groups of interest, but also to maybe look at whether or not Twitter has identified your agents or your information operations, what other governments has Twitter possibly identified,” Zaikto said.

“And remember, you know, outside of the ability to access large amounts of data on the engineering side, you would want to know what Twitter's plan is as far as whether they will cede to your demands for control of information within their environments or not, in order to change different types of political pressures such as strong arming, and as we saw, that that country was even threatening to put Twitter employees in jail if Twitter didn't change particular activities on the platform,” he added referring to Saudi Arabia.

In 2014, Ahmad Abouammo, a Twitter employee, illegally accessed the personal data of a user that was a critic of the Saudi Arabian government on behalf of the regime. The Saudi government paid him to siphon data out of the company, and he was found guilty of spying for the regime earlier this year.

Sign up for Motherboard’s daily newsletter for a regular dose of our original reporting, plus behind-the-scenes content about our biggest stories.