May 1998: Before the United States Senate Committee on Governmental Affairs, seven somewhat unusual witnesses are heard. Most have long hair and thick glasses and, exceptionally, the Senate has authorized them to testify under pseudonyms. The seven men are part of the hacker collective L0pht, a mythical group of computer security researchers based in Boston, Massachusetts, and are there to testify to the main risks that, according to them, weigh on the stability of the Internet.
The man who acts that day as the group’s spokesman calls himself “Mudge”. Twenty-four years after his first visit to the Senate, this Tuesday, September 13, 2022, he will be heard again by a parliamentary commission. This time he will testify under his civil name, Peiter Zatko. Head of information security for Twitter until the beginning of the year, he was fired, under circumstances that are still unclear. In August, he transmitted to various regulators and congressional committees in the United States a thick dossier in which he alleged serious failures by his former company, and requested that he be placed under whistleblower status.
He claims to have been fired after sounding the alarm, internally, about a series of serious malfunctions, such as the existence of multiple unsafe servers or the hiring of an agent of the Indian intelligence services via Twitter. Twitter, for its part, claims that Mr. Zatko is acting in a spirit of revenge, having been fired for professional shortcomings. In early September, the US press revealed that the social network had agreed to pay a severance bonus of more than 7 million euros to his former security manager – the details of this agreement are confidential.
Between these two parliamentary hearings, “Mudge’s” run was quite unconventional. His technical skills are almost universally recognized: he was one of the first to work on the so-called “buffer overflow”that take advantage of buffer overruns on a machine to execute malicious code.
But in a rather libertarian and anarchist environment, Mr. Zatko stands out as one of the well-known hackers who don’t hesitate to collaborate with big business and the US government to help them plug security holes. In the early 2000s, L0pht became a computer security company and “Mudge” took over; it was bought in 2004 by antivirus publisher Symantec.
In 2010, after having worked for several computer security companies, Mr. Zatko joined one of the most prestigious American research centers, Darpa (Defense Advanced Research Projects Agency), the research branch of the US Army. He decides on the assignment of innovative projects; in the official photograph of him, his long hair and glasses are gone, he poses, in a suit and tie, in front of the American flag. His wife, Sarah Lieberman, knows the agency well: the couple met when they both worked for a computer security company, but she previously worked as a mathematician at Darpa.
When he left the agency, he went through contracts with Motorola Mobility, then Google’s security team, before joining payments startup Stripe, founded by Twitter creator Jack Dorsey. The two men get along well; when dozens of celebrity Twitter accounts are hacked in 2020, Jack Dorsey offers him to come and lead the company’s security team, of which he remains CEO along with Stripe.
But the transplant doesn’t really work. Brilliant, a good communicator, “Mudge” can also be arrogant, several Twitter employees testify in the US press. He and Jack Dorsey have a trusting relationship; That’s not the case for Parag Agrawal, Twitter’s chief technology officer. In November 2021, when Jack Dorsey steps down as head of the company, he will be succeeded by Parag Agrawal. “Mudge” explains that he then offered his resignation, which Mr. Agrawal reportedly refused, reiterating his confidence in him. However, five months later, “Mudge” is fired.
Elon Musk’s shadow
What happened in this period? Twitter says its former IT security officer is untested. “Mudge”, assures that he has multiplied during these five months the alert messages about the security of the company’s infrastructures, and tried to alert the board of directors about elements that the CEO was looking for.
The very public conflict is also fueled by Elon Musk, who has spent several months trying to disassociate himself from his failed bid attempt on the social network. After offering to buy Twitter, the billionaire suddenly backed down, explaining that his target had lied about various items, including the volume of automated accounts on his platform. An explanation that does not convince all market specialists, some believing that it is rather financial settlement problems that push the latter to seek the cancellation of their offer.
Elon Musk relied on Zatko’s revelations to try to strengthen his appeal: In late August, Zatko’s lawyer told the World that the latter had had no contact with the billionaire, and that his approach had absolutely no connection with the procedure initiated by Elon Musk. A first hearing in this case is scheduled for October 17 in a Delaware court.
Meanwhile, Elon Musk’s shadow should still fall over the Senate hearing on September 13, though the hearing is likely to be devoted primarily to highly political issues. Democrats say Twitter has been lax in its moderation for years and not doing enough to counter conspiracy theories and calls for violence made by some of Donald Trump’s supporters; instead, elected Republicans believe, without real evidence, that conservatives are “censored” by the social network.
#hacktivism #Google #military #thousand #lives #Mudge #Twitter #whistleblower