CNN.com - Transcripts

Transcript Providers

Return to Transcripts main page

New Day

New Reporting Indicates Twitter's Former Head of Security Blowing Whistle on Lax Internal Security at Company; New Security Allegations against Twitter May Affect Elon Musk's Pending Purchase of Company; Sen. Patrick Leahy (D-VT) is Interviewed on His New Book. Aired 8-8:30a ET

Aired August 23, 2022 - 08:00 ET

THIS IS A RUSH TRANSCRIPT. THIS COPY MAY NOT BE IN ITS FINAL FORM AND MAY BE UPDATED.

[08:00:08]

JOHN BERMAN, CNN ANCHOR: Twitter poses a threat to national security and democracy. The CNN exclusive this morning coming from a new whistleblower report.

I'm John Berman. Brianna is off. CNN chief White House correspondent Kaitlan Collins with me this morning with some big news.

KAITLAN COLLINS, CNN CHIEF WHITE HOUSE CORRESPONDENT: This is major news. And it's fascinating to see how Elon Musk is now responding to all this.

BERMAN: That's right, we do have a new response. This has national security, media, business implications, and it's all about alleged security vulnerabilities and recklessness. The disclosure obtained by CNN and also "The Washington Post" comes from Twitter's former head of security, Peiter Zatko's claims were sent last month to Congress and several federal agencies.

COLLINS: In this 200-page disclosure, Zatko portrays a chaotic environment at a mismanaged company that allows too many staffers access to central controls and sensitive information without adequate oversight. Zatko also alleges some of the company's senior most executives have tried to cover up Twitter's vulnerabilities. CNN's Donie O'Sullivan is here with the exclusive details. And Donie, what exactly are we seeing, what are the main headlines out of this disclosure?

DONIE O'SULLIVAN, CNN REPORTER: That's right, Kaitlan, a lot to break down in this. This disclosure is in the hands of multiple U.S. law enforcement agencies, including the SEC and Department of Justice. And today Zatko is speaking out for the first time to CNN. Have a look.

(BEGIN VIDEO TAPE)

O'SULLIVAN: Ready?

PEITER "MUDGE" ZATKO, TWITTER WHISTLEBLOWER: Yes.

O'SULLIVAN: Why are you coming forward? ZATKO: All my life I've been about finding places where I can go and

make a difference.

O'SULLIVAN: This is Peiter Zatko. Until January this year he was head of security at Twitter, but now he's a whistleblower. And he says Twitter security problems are so grave, they're a risk to national security and democracy.

ZATKO: I think Twitter is a critical resource to the entire world. I think it is an extremely important platform.

O'SULLIVAN: He has handed over information about the company to U.S. law enforcement agencies, including the SEC, FTC, and the Department of Justice.

UNIDENTIFIED MALE: May I ask your name.

ZATKO: I'm Mudge.

O'SULLIVAN: Zatko is better known in the hacking world by his nickname "Mudge." He's been a renowned cybersecurity expert for decades.

UNIDENTIFIED MALE: His roots are in hacking, figuring out how computers and software work.

O'SULLIVAN: That expertise might be why Jack Dorsey, then CEO of Twitter, hired Zatko after the company was hit by a massive attack in 2020, when hackers took over the accounts of some of the world's most famous people.

JOHN TYE, FOUNDER, WHISTLEBLOWER AID: Mudge is one of the top fiber fix executives at the company.

O'SULLIVAN: Zatko is represented by John Tye who founded Whistleblower Aid, the same group that represented Facebook whistleblower Frances Haugen.

TYE: We are in touch with law enforcement agencies. They're taking this seriously.

O'SULLIVAN: Twitter is pushing back, saying "Zatko is peddling a narrative about our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context." When we spoke to Zatko and his lawyer, they said that the lawful whistleblower disclosure process only allows them to talk about the issues in general terms. For specific allegations about Twitter, they referred us to Zatko's disclosure.

TYE: I'm not going to go into details. But I will say that Mudge stands by the disclosure and the allegations in there.

O'SULLIVAN: CNN and "The Washington Post" obtained a copy of the disclosure from a senior Democratic official on Capitol Hill. In it, Zatko claims nearly half of Twitter's employees have access to some of the platform's main critical controls. ZATKO: There is an analogy of an airplane. So you get on an airplane

and every passenger and the attendant crew all have access to the cockpit, to the controls. That's entirely unnecessary. It might be easy, but it's too easy to accidentally or intentionally turn an engine off.

UNIDENTIFIED FEMALE: Twitter accounts belonging to a whole lot of famous people --

O'SULLIVAN: That kind of access contributed to the massive attack in the summer of 2020, when hackers, two of them teenagers, tricked a couple of Twitter employees into letting them into Twitter's systems. That gave them access to accounts including that of then presidential candidate Joe Biden.

UNIDENTIFIED MALE: I don't have to tell you the significance of being able to breach the Twitter accounts with many millions of followers including a leading politician, three months from a presidential election.

O'SULLIVAN: In the disclosure, you quote from a "Wired" magazine article that says but if a teenager had access to an administration panel can bring the company to its knees, just imagine what Vladimir Putin can do.

TYE: Foreign intelligence agencies have the resources to identify vulnerabilities that could have system effects across entire platforms, across the whole Internet.

O'SULLIVAN: Twitter told CNN that since the 2020 hack it had improved these access systems and had trained staff to protect themselves against hacking.

[08:05:04]

If you're running any system, the more people that have access to the main switches, that's a very risky situation.

ZATKO: Yes, absolutely. I'm talking in generalities. Just large tech companies need to know what the risks are, and then they also need to have an appetite to go fix it.

O'SULLIVAN: Zatko also claims Twitter has been misleading about how many fake accounts and bots are on its platform. That's an issue that Elon Musk has made central to his attempt to get out of a deal to buy the company.

ELON MUSK, CEO, TESLA AND SPACEX: I guess right now I'm sort of debating the number of bots on Twitter.

O'SULLIVAN: There will be suspicions of the timing of this. Are you guys carrying water for Elon Musk?

TYE: Absolutely not. We have been following the news just like everyone else, but that has nothing to do with his decisions or with the content of what was sent into U.S. law enforcement agencies. O'SULLIVAN: Mudge hasn't been talking to musk in the background?

TYE: Not at all.

O'SULLIVAN: Zatko says he was fired by Twitter in January of this year after he tried to raise the alarm internally. He points the finger at Twitter's CEO Parag Agrawal, saying he has worked to hide Twitter security vulnerabilities from the board.

I suspect Twitter might try to paint it like this, that Mudge got fired and he's trying to retaliate against the company.

TYE: Absolutely not. This is not any kind of personal issue for him. He was eventually fired in January of this year. But he hasn't given up on trying to do that job.

O'SULLIVAN: In response to the allegations, Twitter told CNN security and privacy had long been a priority at Twitter. As for Zatko, they said he, quote, "was fired from his senior executive role at Twitter more than six months ago for poor performance and leadership. He now appears to be opportunistically seeking to inflict harm on Twitter, its customers, and its shareholders."

ZATKO: Your whole perception of the world is made from what you are seeing, reading, and consuming online. And if you don't have an understanding of what's real, what's not, yes, I think this is pretty scary.

O'SULLIVAN: Are you nervous?

ZATKO: Yes. Yes. This wasn't my first choice. Yes, I just want to make the world a better place, a safer place. The levers I have to do it are through security, information, and privacy.

(END VIDEO TAPE)

O'SULLIVAN (on camera): Of course, there is a lot to this story. A big part of it will become the bots, Elon Musk. And we are just getting reaction from Elon Musk's lawyer, Alex Spiro, who told us this morning they have already issued a subpoena for Zatko, for the whistleblower. They found his exit and that of other key employees curious in light of what we have been finding. So even before this disclosure came to light this morning, Musk's lawyers have been wondering why was that guy kicked out of the company.

BERMAN: That's new news. That's just in, that's a fresh response from this report that you're just putting up this morning for CNN, Donie. Stick around. We've had a lot to talk about with this. Obviously, there are national security and business implications.

So joining us now, CNN chief business correspondent Christine Romans and CNN contributor and author of "The Only Plane in the Sky," Garrett Graff. And Garrett, you're written extensively about national security. I do want to start with the national security implication here, because when a whistleblower says Twitter is a threat to national security and democracy, that sounds alarming. Why exactly, what do you see in this that is of such concern?

GARRETT GRAFF, CNN CONTRIBUTOR: I think there are two things that stand out to me. One is just the sheer credibility of the whistleblower. Peiter Zatko, that's the name he's using today, anyone in cybersecurity knows him as Mudge. This is one of the sort of original hackers in this space, testifying before Congress in the 1990s, was a member of the preeminent hacking collective L0pht of the 1990s, invented -- more or less invented one of the most basic security attacks of all time. this is a warning from Chuck Yeager saying I'm worried about the danger of that plane. This is -- this is someone you have to listen to.

Now, when you get into what his actual allegations are, what, again, really stands out is how long Twitter has been working on some of these internal controls, and they still fail. And, of course, Mudge was brought on after this incredibly worrisome hack of some of the most prominent -- most prominent accounts on Twitter. We're all really lucky that that attack was a cryptocurrency scam and not a foreign intelligence service or a hacker trying to start nuclear war. Twitter, in many ways, is where wars could start in this moment. And the information could move there faster, in an attack, than anyone would be able to respond to.

[08:10:08]

COLLINS: Look at the last administration, the White House said tweets were official White House statements, whatever Trump said on there. And I think that's when people look at the accounts that they accessed. Part of this also to me is not just in that sense, it's also for regular users, Donie. In the reporting that you have, it says that they are not reliably deleting data when people cancel their accounts.

O'SULLIVAN: That's a big part, particularly in Europe, when it comes to laws about data. Twitter is supposed to when they are asked, remove people's information totally from its systems. Twitter gave us a lot of responses over these past few days and back and forth about saying, yes, we start the process. But we never got a clear answer from Twitter to say, yes, we are absolutely deleting all of that stuff as we should be.

BERMAN: And then, Christine Romans, I said there are business implications here. We already heard some of them were Elon Musk's team responding to the report that just aired. It says there are more bots that are being reported. Twitter is so much in the news, and its future on the line here.

CHRISTINE ROMANS, CNN CHIEF BUSINESS CORRESPONDENT: Absolutely. There will be a five-day trial in October. Elon Musk trying to get out of buying Twitter for $44 billion in part because he says there are more automated accounts, spam accounts, than the company cops to. The company can sometimes be a little squishy and point out that, no, some of these accounts are good. If you get a weather alert or you get an alert about vaccine availability in your neighborhood, those are bots, but those are things that are good and for the public good. So that's one of the arguments they have. I think that this will be -- this will definitely be part of whatever

is going to be happening in October, when Elon Musk wants to take this company to court and say I am not going to -- I'm not going to buy you because you are misleading investors and the public.

COLLINS: But doesn't it give credence to what Elon Musk has been saying?

ROMANS: I think it adds more ammunition. This definitely is something that falls in Elon Musk's lap, no question. And as Donie has pointed out, this whistleblower has said Elon Musk had nothing to do with his decision to raise the alarm, and even the alarm was being raised before Elon Musk expressed any interest in Twitter.

BERMAN: Part of it that jumps out to me is that you're dealing with a cybersecurity expert, alleged, who can code things that I can't even think about in my head, Garrett.

GRAFF: Which isn't a very high bar.

(LAUGHTER)

BERMAN: Very fair, an admittedly low bar with that. But you're talking about the issue seems so simple, that there are too many people, at this company, who can get inside the account and send tweets, or get hacked and maybe in the process send tweets that are dangerous. Why would that be hard to fix?

GRAFF: And one of the things that really stands out about that in these documents is the concerns that Twitter has internally that it has been penetrated by foreign intelligence services. And this is not an abstract threat. Just this month, actually, a Saudi national was convicted on criminal charges here in the United States of working for Saudi intelligence to target dissidents on its platform from inside Twitter. So there is an external threat to Twitter that is documented here. There is also a pretty serious internal threat of employees who might be compromised by foreign intelligence that Twitter is not taking seriously internally.

And in ways that Donie would understand from covering this, of course foreign intelligence services are going to be trying to target Facebook, Twitter, Amazon, Google. They would be silly not to. And so the fact that the Twitter does not appear to have a robust internal control program is one of the things that is most concerning in this.

COLLINS: Because it's the call coming from inside the house.

GRAFF: It's the call coming from inside the house.

COLLINS: That one or more employees may be working for them. And what is Twitter saying about that? I know you submitted 50 questions to Twitter about this. No shortage of outrage, but what are they saying?

O'SULLIVAN: To Garrett's point, this guy, this whistleblower, is a legend. Over the weekend, we were calling out a lot of cybersecurity experts, saying, what do you think of this guy? Is there anything we can -- where can we look at this guy, we might say he's overstating things? And people were saying, if he's saying there's something there, there is something there.

So Twitter is in this position now where their chief of security, who was hired by Jack Dorsey, is calling all of this out. Twitter is saying he's mischaracterizing it, that he doesn't have the full story, that he is making kind of definitive statements. I would out the evidence. But it's an uphill battle for them, I think.

BERMAN: It sounds like this is just the beginning of a lot more to come. Donie, terrific reporting. Thank you for breaking it right here on NEW DAY this morning. Garrett Graff, Christine Romans, thanks to both of you as well.

BERMAN: So just revealed in court documents, a message from former President Trump to Attorney General Merrick Garland following the FBI's search of Mar-a-Lago.

[08:15:06]

COLLINS: And new CNN reporting for all the borrowers out there, the White House is leaning toward canceling thousands of dollars of student debt for certain borrowers. We'll let you know which ones, next.

(COMMERCIAL BREAK)

BERMAN: Senate Minority Leader Mitch McConnell drawing a stark contrast with the growing faction in his own party about the false claims on election fraud and the importance of protecting democracy.

Listen.

(BEGIN VIDEO CLIP)

SEN. MITCH MCCONNELL (R-KY), MINORITY LEADER: I do think it's -- it's an important issue. And that we solve between the November 3rd and January 20th changing of one administration to another, there were those that were trying to prevent the orderly transfer of power for the first time in American history. That was not good. I think we have a very solid democracy, very little election fraud.

(EDN VIDEO CLIP)

BERMAN: Joining us now is Democratic Senator Patrick Leahy of Vermont. He is retiring after 48 years in office, and his new book "The Road Taken: A Memoir" is available today.

Senator Leahy's trying to get his microphone on right now, if we can.

[08:20:02]

But Senator Patrick Leahy of Vermont, the first and as of now the only Democrat ever elected to the Senate from the state of Vermont, Bernie Sanders who votes with Democrats, of course, an independent.

So, Patrick Leahy, a trailblazer when he was elected in 1974 and retiring after a 48-year career.

Do we have his microphone on, guys?

We're still looking, we're still working. You know what? Let's take a -- all right.

Senator Patrick Leahy is with us now and well worth the wait, Senator. Thank you so much for being with us this morning.

SEN. PATRICK LEAHY (D-VT): Thank you. Sorry about -- sorry about the microphone.

BERMAN: No apologies, after 48 years in the Senate.

Listen, I don't know if you heard Mitch McConnell talking about --

LEAHY: I did.

BERMAN: -- the threat to democracy, the real threat that he saw in those days between the election in 2020 and January 6th, 2021. What do you make of him saying that in contrast to what some members of his own party are saying?

LEAHY: Well, you know, I've known Mitch a long, long time. And I think he realized if he didn't speak up, they have real problems.

The -- this is a danger to democracy, what we saw on January 6th. You had to be sitting in the U.S. Senate, and seeing police officers coming in with machine guns into the Senate chamber and rushing us out as you can hear the sound of the clashing outside, and then watching the reaction afterward.

I mean, Joe Biden got 5 million more votes than Donald Trump. But he also won the Electoral College. And to have this be contested and to tell people it's a fraudulent election when it was not, that does hurt democracy.

And the fact that the -- the kind of statements that have been going on and are continuing shows that we have a real threat to democracy, probably the greatest certainly in the 48 years I've been in the Senate.

BERMAN: You write in your book, "The Road Taken," which is wonderful, you actually talk about your own moments that day, and the real risk to your life. And I don't want to make light of this, but the risks you face because of a spiral staircase that you had a hard time walking down. Tell me about that.

LEAHY: Well, I was born blind in one eye, so it upsets my depth perception. It was easy to be on the rifle team in college, you only use one eye, but going down the spiral staircase and all of a sudden a police officer who knew me arrived beside me, took my arm and said don't worry, shamrock, we got you. Shamrock was the call signal they had for me as the first time I've been president pro tem, and walked down. But I also was -- as I'm walking to the safe -- safe room in the -- in

another building, I was thinking, I never believed something like this would happen in the U.S. Capitol.

BERMAN: In your book, you talk a lot about how the Senate has changed and there is a quote here that really jumped out to me. You said the Senate remained in the grips of polarization, dysfunction, though many senators chafed against it, it was always interested to me how often it was younger senators who were most interested in hearing about the distant times when the institution actually functioned. They longed for something so much better than they found.

These younger senators are coming to you and asking you to tell them stories about the old days?

LEAHY: Actually, they are.

I tried to invite senators of both parties to my offices. I've got as president pro tem have nice places on the Capitol, and just talk. And talk about what it was, how we might come together. I'm known as one who tries to form coalitions of Republicans and Democrats who get legislation through.

I know there is an urge to get back to the days where we might do that again. Neither party has the sole knowledge of what's best for the country. It's when we work together.

The Senate has never been perfect, but in the past, it has often been the conscience of the nation.

It is not being that now. And I would like to see as I leave the Senate, those in both parties who want to bring it back that way. If we don't, we're losing a pillar of democracy.

We're already seeing the Supreme Court being politicized in a way that you couldn't imagine, certainly not in my lifetime. And if the Senate ends the same way, I worry for the basic levels of democracy in our country.

BERMAN: Listen, I promised myself I'd ask you this question if I ever had a chance to talk to you.

[08:25:02]

You started a number of Batman movies. You had a very successful career in the U.S. Senate, but you've also been in Batman movies and I was trying to figure out how to ask the question.

So, let me just ask, you know, how cool was that?

LEAHY: I really enjoyed it. You know, I do a lot of photography. I watch how I do photography. I see on the screen. I got Heath Ledger as the Joker threatening me with a knife.

The director said, act frightened. I said, act? He scared the heck out of me. And, but, I enjoyed it. I've written things, books for "Batman" and I

use special edition of "Batman" comic when I was fighting to ban the export of land mines, and I gave every cent they paid me for that children's library in Montpelier, Vermont, the Kellogg-Hubbard Library, because that's where I had my first library card, when I was 4 years old.

So, it all revolves around that. I want children to read. I use this as an example to read.

But I got to tell you, it's a lot more fun than a late night session in the Senate.

BERMAN: Can't image -- can't imagine why.

Senator Patrick Leahy, the book is "The Road Taken," it is available today. Thank you so much for being with us.

LEAHY: Thank you. I enjoyed it.

BERMAN: So, devastating flooding in Dallas turns deadly as rainfall reaches once in a century levels. CNN is live on the ground.

COLLINS: And get this, dinosaur tracks discovered in Texas thanks to the excessive drought conditions. Yes. Dinosaur tracks.

(COMMERCIAL BREAK)

[08:30:00]