Peiter “Mudge” Zatko told lawmakers that when he raised concerns about a foreign agent on the company's payroll in a foreign office, the company seemed "unwilling to put the effort in" to root out that individual.
The response from an executive, according to Zatko, was: “Well, since we already have one, what is the problem if we have more? Let's keep growing the office.”
Zatko said that a lack of internal tracking of employees' actions within Twitter increased the risk of foreign agents operating inside the company and exploiting its data. He claimed that it was typically only when an outside agency alerted Twitter to a foreign operative inside the company that it would become aware of that person.
It was extremely difficult to track the people, there was a lack of logging and ability to see what they were doing and what information was being accessed… let alone to set steps for remediation," he said.
He added that "there were thousands of failed attempts to access internal systems that were happening per week and nobody was noticing" because of the lack of logging of how its internal systems were being used.
"This fundamental lack of logging inside Twitter is a remnant of being so far behind on their infrastructure and the engineering," he said.