Twitter suffers from ‘appalling shortcomings’ in security which, in turn, constitute a threat to the privacy of users, to the company’s shareholders, to “national security and to democracy.” That is the message that she has conveyed in an explosive interview on CNN (and on an even more explosive denunciation to US authorities) the well-known ‘ethical hacker’ Peiter Zatko, alias ‘Mudge’who until last January served as head of security for the social network.

Accusations of an “abnormally high” rate of cybersecurity incidentsof having bowed to the demand of the Indian government to hire government agents and grant them access to private information, of having violated agreements with the Federal Trade Commission that forced the company to reinforce its security, and so on.

Oh, and the claim that Twitter has lied to Musk’s face when it comes to the whole bot thing. But, who is he and where did this Zatko come from who now breaks out with such claims?

The hacker who met with Bill Clinton

In 1995, at just 25 years old, ‘Mudge’ was one of the first experts to spread the existence of a new vulnerability known as ‘buffer overflow‘, and later he would also publish some of the first research on hacking techniques popular today such as code injection or side channel attacks. Around that time he joined the mythical hacking groups ‘Cult of the Dead Cow’ and L0pht.

His membership in L0pht was especially relevant for him, as it allowed him to become one of the initial authors of the L0phtCrack security tool and one of the first hackers to testify as an expert before a US Senate committee (1998) and later with the US President, when the first major DDoS attacks became the subject of national debate (2000).

‘Mudge’ is the one with the hair, by the way:

In 1998, ‘Mudge’ and six other members of L0pht testified before a Senate committee that they were capable of bringing down the Internet in half an hour. They denounced that nobody was taking this possibility seriously.

Also, L0pht would end up reconverting in 1999 into @Stake, a consultancy of cybersecurity, of which he would end up becoming vice president of R&D and, starting a career in private industry that would end up allowing him work 3 years in the military research agency DARPA (dependent on the Pentagon), since in 2013 it jumped to Silicon Valley, specifically to Google ATAP, Google’s advanced technology and projects group.

Later, he would become the security manager of the payment processor Stripe, before —after the massive cyberattack suffered by the social network in 2020— the former CEO of Twitter, Jack Dorsey, will sign him and put the security of the microblogging network in your hands in November 2020.

The cybersecurity expert who now denounces Twitter

At the time, it was noted in the press that, in his new position, Zatko would report directly to Dorsey, and that would take responsibility for all cybersecurity tasks “from incident response to ensuring the ‘integrity’ of the platform.”

But, exactly one year later, Jack Dorsey resigned as CEO of Twitter, and was succeeded by the current head of Twitter, Parag Agrawal who, just two months later, fired Zatko accusing him of ‘poor performance and ineffective‘.

The version of the old hacker is, however, very different: claims it was retaliation for beginning to document multiple security breaches the company was experiencing, after some time trying to convince managers to correct the effects of years of technical deficiencies.

already on the street, last month Zatko submitted the information it had to two US regulatory agencies (the Federal Trade Commission and the Securities and Exchange Commission), invoking the federal regulations that protect ‘whistleblowers’ (internal whistleblowers of companies or the administration). He has also had, in this sense, the support of the non-profit organization Whistleblower Aid, the same one that supports former Facebook director Frances Haugen.

The founder of this group has come to the fore to clarify that this complaint process it started before the disputes between Musk and Twitter came to lighta necessary clarification given that Zatko’s testimony supports the accusations of the CEO of Tesla about the manipulation of the real number of bots by the social network, something that can be decisive in the multimillion-dollar legal process in which they are immersed.

An internal message from Agrawal to his employees, conveniently leaked a few hours ago, includes the CEO’s argument about Zatko’s dismissal and accuses him of now holding “a false narrative that is riddled with inconsistencies and inaccuracies, and presented without significant context”.

Image | Based on originals by Pieter Zatko (via Twitter) e Iconscout.com