Most of the cybersecurity problems in ex-Twitter security chief Peiter Zatko’s 84-page whistleblower complaint aren’t unique to Twitter — but a handful of claims are worrisome enough to catch regulators' and competitors' attention.

The big picture: Only a handful of specific nightmare scenarios in the complaint will end up having staying power as Washington responds to Zatko's claims.

1. Twitter allegedly can't track and limit employees’ access to its networks. In the complaint, Zatko, who is also known by his hacker name Mudge, said he tried to cut off employees' ability to access — or potentially damage — Twitter's live systems during the Jan. 6 Capitol insurrection to prevent rogue employees from taking them offline.

• He discovered that was impossible.
• “There was no logging of who went into the environment or what they did,” the complaint said.
• The complaint also said that all engineers had "some form of critical access to the production environment."

2. Zatko claimed that Twitter came close to a weeks-long shutdown last spring.

• He said he had warned Twitter's board that the company lacked recovery plans if its data centers went down simultaneously and faced a "'black swan' existential threat."
• “Downtime estimates ranged from weeks of round-the-clock work to permanent irreparable failure,” the complaint said.
• Then, in spring 2021, that failure nearly happened, as "Twitter's primary data center began to experience problems from a runaway engineering process," and a...

Read Full Story: https://www.axios.com/2022/08/26/twitter-whistleblower-nightmare-scenarios