May 1998: Before the Committee on Government Affairs of the United States Senate, seven rather unusual witnesses were heard. Most wore long hair and thick glasses, and, unusually, the Senate allowed them to testify under pseudonyms. The seven men are part of the L0pht hacker collective, a mythical group of computer security researchers based in Boston (Massachusetts), and they are there to witness the great risks that, according to them, weigh the stability of the Internet.
The man who acted that day as the group’s spokesman called himself “Mudge”. Twenty-four years after his first visit to the Senate, this Tuesday, September 13, 2022, he will be heard again by the parliamentary committee. This time, he will testify under his civil name, Peiter Zatko. Twitter’s head of computer security until the beginning of the year, he was dismissed, in circumstances that are still unclear. In August, he forwarded to several regulators and US parliamentary committees a thick file alleging serious failures on the part of his former company, and requesting his placement under whistleblower status. .
He admitted to being fired after sounding the alarm, internally, of a whole series of serious malfunctions, such as the existence of many unsecured servers or the hiring of Twitter by an agent of the Indian intelligence services. Twitter, for its part, claimed that Mr. Zatko was acting in a spirit of revenge, after being fired for professional deficiencies. At the beginning of September, the American press revealed that the social network agreed to pay a dismissal bonus of more than 7 million euros to its former security manager – the details of this agreement are confidential.
Between these two parliamentary hearings, the career of “Mudge” was unusual. His technical skills are recognized by almost everyone – he was one of the first to work on the so-called “buffer overflow”which exploits buffer overruns on a machine to execute malicious code.
But in a relatively libertarian and anarchist environment, Mr. Zatko stands out as one of the known hackers who does not hesitate to cooperate with large companies, and the American government, to help them put security holes. In the early 2000s, L0pht became a computer security company, and “Mudge” took over – it was bought in 2004 by antivirus publisher Symantec.
In 2010, after working for several computer security companies, Mr. Zatko joined one of the most famous American research centers, Darpa (Defense Advanced Research Projects Agency), the research branch of the American army. It decides the allocation of new projects; in his official photo, his long hair and glasses gone, he poses, in a suit and tie, in front of the American flag. His wife, Sarah Lieberman, knows the agency well: the couple met when they both worked for a computer security company, but she previously worked as a mathematician at Darpa.
When he left the agency, he went through contracts with Motorola Mobility, then with the Google security team, before joining the payments startup Stripe, founded by the creator of Twitter, Jack Dorsey. The two men get along well; if many celebrity Twitter accounts were hacked in 2020, Jack Dorsey offered him to come and lead the company’s security team, where he is still the CEO with Stripe.
But a transplant is never necessary. The brilliant, good communicator, “Mudge” can also be proud, confirmed many employees of Twitter in the American press. He and Jack Dorsey have a relationship of trust; that’s not the case for Parag Agrawal, Twitter’s chief technology officer. In November 2021, when Jack Dorsey left the management of the company, he was replaced by Parag Agrawal. “Mudge” explained that he had offered his resignation, which Mr. Agrawal would have refused, reiterating his confidence in him. Five months later, “Mudge” was fired anyway.
The shadow of Elon Musk
What happened this time? Twitter says its former IT security officer has not been tested. “Mudge”, he assured that he increased during these five months the security warning messages of the company’s infrastructure, and tried to alert the board of directors of the elements that the CEO was looking for.
The conflict, very publicly, was also initiated by Elon Musk, who has been trying for several months to extricate himself from his failed attempt to take over the social network. After offering to buy Twitter, the billionaire suddenly backtracked, explaining that his target lied about several elements, including the number of automated accounts on his platform. An explanation that does not convince all market specialists, some believe that it is rather problems with the financial arrangement that pushed the latter to seek the cancellation of its offer.
Elon Musk relied on Mr. Zatko’s revelations to try to bolster his appeal – at the end of August, Mr. Zatko’s lawyer told the world that the latter has no contact with the billionaire, and that his method has no connection with the method launched by Elon Musk. The first hearing in this case is scheduled for October 17 in Delaware court.
In the meantime, the shadow of Elon Musk should still fall in the hearing of the Senate, this September 13, although it is likely that the hearing will be more dedicated to political questions. Democrats say Twitter has neglected its moderation for years, and failed to do enough against conspiracy theories and calls for violence made by some Donald Trump supporters; on the contrary, elected Republicans believe, without real evidence, that conservatives are “censored” on the social network.