- Ex-Twitter security chief Peiter Zatko is behind an explosive whistleblower complaint against the company.
- Zatko is a celebrity in the hacker community, where he’s know as “Mudge.”
- He’s advised Bill Clinton on cybersecurity and testified to the Senate.
Twitter suffered a huge blow on Tuesday when a whistleblower complaint from Peiter Zatko, the company’s former head of security, was published by The Washington Post and CNN.
The wide-ranging complaint accused Twitter of lax security practices, lying about the number of bots on its platform to federal regulators and Tesla billionaire Elon Musk, and allowing a foreign agent to infiltrate the company.
Zatko is better known in the hacker community as “Mudge” and has been a prominent figure in cybersecurity for more than 20 years.
Twitter has pushed back against Zatko’s complaint, characterizing him as a disgruntled employee who was fired for “ineffective leadership and poor performance.”
Zatko says his disclosure was ethically motivated. “All my life I’ve been about finding places where I can go and make a difference,” Zatko told CNN in an interview after his complaint was published.
So who is Peiter Zatko?
Despite being interested in computers at elementary school, Zatko decided to study music at college, attending Berklee and graduating top of his class.
After college, Zatko was hired by BBN Technologies, an IT research and development company, to found its corporate security group, he told Berklee’s alumni magazine. He also played in a progressive rock band called Raymaker.
While at BBN, Zatko banded together with a group of hacker friends to form Boston-based think-tank L0pht, which set out to find and disclose vulnerabilities in companies’ software, including Microsoft Windows.
“We made them look bad and they hated us for it, but this was one of the main reasons that Microsoft started a security team,” Zatko told Berklee’s alumni magazine.
In 1998, Zatko testified to the Senate alongside his L0pht colleagues about critical internet infrastructure vulnerabilities. He said the group had discovered an exploit that would allow him and his colleagues to take the entire internet offline in 30 minutes.
Zatko went on to advise Bill Clinton’s administration on cybersecurity, and his work with the US government carried on past Clinton’s presidency.
“Before 9/11, I did [a] lot of work with the government, and after the attacks I did even more,” Zatko told Berklee’s alumni magazine. “I took a leave of absence from my company and did pro bono work for the government. I was a citizen with capabilities the country needed, and I felt it was my responsibility to help.”
The Defense Advanced Research Projects Agency (DARPA), a division of the US Department of Defense, hired Zatko in 2010 as a program manager.
Zatko joined Google in 2013, and in 2015 announced he was leaving the company because the White House had asked him to create a means of showing consumers how secure software was.
In 2016, Zatko and his wife Sarah designed a tool that applied safety scores to software. The couple built it from their basement, The Intercept reported.
Zatko joined Twitter as the company’s head of security in 2020 shortly after a high-profile hack compromised several celebrity accounts.
Zatko said in his whistleblower disclosure that then-CEO Jack Dorsey sought him out personally for the job. Zatko said Dorsey later displayed a “drastic loss of focus” as CEO, and had little communication with Zatko.
Dorsey left Twitter in November 2021 and was replaced as CEO by CTO Parag Agrawal.
Twitter fired Zatko in January 2022, and in July he filed his whistleblower complaint with the Federal Trade Commission, Securities and Exchange Commission, and Department of Justice.