“Put a dent in the universe.”
That’s the motto of Peiter “Mudge” Zatko, the whistleblower behind an explosive Twitter complaint leaked to The Washington Post and CNN this week. There’s no question he’s living up to it.
Among the lax security standards Twitter’s ex-security chief details in the report filed with the Securities and Exchange Commission is the claim that Twitter bowed to pressure from India to hire a government agent. Zatko says the platform then permitted the alleged spy to have “unsupervised access” to sensitive user data. He also says a government source specifically warned the company that at least one employee was simultaneously working as a foreign intelligence agent. It’s worth noting that only two weeks ago, a former Twitter manager was found guilty of being a Saudi mole and “unlawfully sharing Twitter user information.”
As if that level of foreign interference weren’t alarming enough, Zatko contends Twitter execs became dependent on Chinese money, allowing the CCP to gain information that could potentially put dissidents in China, Hong Kong, and Taiwan in danger. He also alleges that some of the company’s senior executives were aware that hostile nations like Russia were using the platform to run disinformation campaigns but took few steps to stop it.
The picture Zatko paints of the platform’s domestic security breaches is hardly rosier, with warnings that around half of Twitter staffers had unmonitored access to the platform’s central controls and user data and could choose at any moment to launch politically motivated sabotage against the company.
When Congress and the company’s board asked about these risks, Zatko claims Twitter’s leadership deliberately misled them. And when he brought his concerns to CEO Parag Agrawal, he says his reward for his candidness was getting fired, after less than two years on the job. All in all, Zatko charges, the company stands guilty of “extreme, egregious deficiencies,” lying to regulators, and violating its agreement with the Federal Trade Commission to uphold sound security practices.
The fallout Twitter faces now has been swift and severe. According to The Washington Post, Zatko has already taken several meetings on Capitol Hill, including a private meeting with staff members on the Judiciary Committee. And he’ll be testifying before Congress next month. Even Europe is taking notice, with EU agencies promising to look into potential data protection violations. Officials in France told TechCrunch that they are “currently investigating the complaint.”
And that’s to say nothing of Zatko’s claim that Twitter deliberately deceived Elon Musk about the number of bots on the platform—something that could have significant impact on the company’s $44 billion legal battle with the richest man in the world.
But just who is the man currently kicking a dent in the tech universe?
Arguably no one is in a better position than Zatko, 51, to know how vulnerable Silicon Valley is to hackers, given that he came to fame as hacker himself. Before Twitter founder Jack Dorsey hired him due, in part, for his reputation as a man willing to tell truth to power, before he led research projects for the Pentagon, before he joined Google’s advanced technology team, he was a cyberpunk legend known only as “Mudge.”
Born in Alabama to scientist parents, Mudge graduated at the top of his college class not with a degree in computer programming, but in music, his coding knowledge largely self-taught. Give his name a google and you’ll find grainy videos of him playing guitar on CNN, looking not unlike a young Ted Nugent. From there, he went on to join underground “hacktivist” collectives like Cult of the Dead Cow, a group famous in the late nineties for tossing CDs with instructions on how to hack Microsoft Windows to the crowd at cyber conferences like DefCon. A password-cracking program he wrote before he turned 30 is still in use today.
Later, Mudge turned his power to good, becoming a “white hat” hacker who used his expertise to help companies protect themselves against wunderkinds like him. His talents should have been tailor-made for Twitter, which hired him in 2020 after some punk not unlike his younger self, hacked the Twitter accounts of Barack Obama, Joe Biden, and Kanye West.
Zatko told The Washington Post that he took the top security job at Twitter specifically because of its role in shaping public discourse. “All news seems to be either from Twitter or goes to Twitter for the coloring and context and, as such, it not only paints public opinion, it can change governments,” he said. He revealed he felt duty bound to use his role to “improve the health” of our national conversation.
“There was no way I wasn’t going to step up to the plate and take some swings,” he said.
Twitter has tried to paint Zatko as a disgruntled former employee, saying in a statement that he was fired for poor performance and that his claims are “false, exaggerated or out of date.”
But former colleagues stand by Mudge. “He’s not doing this for fun. It doesn’t get him anything,” former NSA computer scientist Dave Aitel, told CNN. “That’s actually what integrity looks like when you have to see it up close.”