Notorious Mudge Hacker Becomes Head of Security at Twitter
Social media giant Twitter, under growing threat of regulation and plagued by serious security holes, appoints one of the world’s most notorious hackers to tackle everything from engineering missteps to disinformation.
The company appointed Peiter Zatko, widely known by its hacker Mudge, to the new post of chief security officer on Monday, giving him a broad mandate to recommend changes in structure and practices. Zatko is responding to CEO Jack Dorsey and is expected to take over management of key security functions after a 45-60 day review.
In an exclusive interview, Zatko said he would look at “information security, site integrity, physical security, platform integrity – which is starting to touch on abuse and manipulation of the platform – and the engineering “.
Zatko recently oversaw the security of the Unicorn Stripe of electronic payments. Previously, he worked on special projects at Google and oversaw the awarding of grants for cybersecurity projects to the renowned Pentagon Defense Research and Advanced Projects Agency (DARPA).
Zatko’s colorful career began in the 1990s, when he simultaneously conducted classified work for a government contractor and was a leader of Cult of the Dead Cow, a hacking group known for releasing Windows hacking in order to induce Microsoft to improve security.
I’m not sure if anyone can fix Twitter’s security, but he would be high on my list, said Dan Kaufman, who oversaw Zatko at DARPA and now heads the Advanced Products Group at Google.
Twitter faces many security challenges. A year ago, the US government accused two men of spying for Saudi Arabia while working on Twitter years earlier, claiming they had passed on private information about critics of the kingdom.
In July, a group of young hackers tricked employees into gaining access to internal tools, which allowed them to change account settings and then tweet from the accounts of the presidential candidate. Joe Biden era, Microsoft founder Bill Gates and Tesla CEO Elon Musk.
“The data breach this summer was an important reminder of how far Twitter needs to go in building some of the basic security functions needed to run a service targeted by adversaries far more knowledgeable than the teens arrested for this incident. Said Alex Stamos, a former Facebook security official and current Stanford researcher who has helped lead efforts to tackle election misinformation.
Stamos, who previously worked for Zatko’s security consultancy, called it perfect for a company lacking the financial might of Facebook and Google. “They’re going to have to come up with creative solutions to these problems, and if Mudge is famous for anything when it comes to security, it’s being creative.”
Zatko said he was determined to improve public conversations on Twitter. He praised a recent initiative to increase “friction” by getting users to comment instead of just retweet; a next step might be to force people to understand a long conversation before participating in it, he said.
Zatko said he appreciates Twitter’s openness to unconventional security approaches, such as its proposal to confuse bad actors by manipulating the data they receive from Twitter on how people interact with their posts.
They are willing to take risks, Zatko said of his new employer. With the challenges of algorithms and algorithmic biases, they’re not prepared to wait for someone else to solve the problem.